diff options
Diffstat (limited to 'src/revocation')
-rw-r--r-- | src/revocation/.gitignore | 5 | ||||
-rw-r--r-- | src/revocation/Makefile.am | 112 | ||||
-rw-r--r-- | src/revocation/gnunet-revocation-tvg.c | 196 | ||||
-rw-r--r-- | src/revocation/gnunet-revocation.c | 581 | ||||
-rw-r--r-- | src/revocation/gnunet-service-revocation.c | 1032 | ||||
-rw-r--r-- | src/revocation/plugin_block_revocation.c | 297 | ||||
-rw-r--r-- | src/revocation/revocation.conf.in | 19 | ||||
-rw-r--r-- | src/revocation/revocation.h | 125 | ||||
-rw-r--r-- | src/revocation/revocation_api.c | 773 | ||||
-rw-r--r-- | src/revocation/test_local_revocation.py.in | 129 | ||||
-rw-r--r-- | src/revocation/test_revocation.c | 419 | ||||
-rw-r--r-- | src/revocation/test_revocation.conf | 31 |
12 files changed, 0 insertions, 3719 deletions
diff --git a/src/revocation/.gitignore b/src/revocation/.gitignore deleted file mode 100644 index 1432f7922..000000000 --- a/src/revocation/.gitignore +++ /dev/null | |||
@@ -1,5 +0,0 @@ | |||
1 | gnunet-service-revocation | ||
2 | gnunet-revocation | ||
3 | test_revocation | ||
4 | test_local_revocation.py | ||
5 | gnunet-revocation-tvg | ||
diff --git a/src/revocation/Makefile.am b/src/revocation/Makefile.am deleted file mode 100644 index d0c58584e..000000000 --- a/src/revocation/Makefile.am +++ /dev/null | |||
@@ -1,112 +0,0 @@ | |||
1 | # This Makefile.am is in the public domain | ||
2 | AM_CPPFLAGS = -I$(top_srcdir)/src/include | ||
3 | |||
4 | plugindir = $(libdir)/gnunet | ||
5 | |||
6 | if USE_COVERAGE | ||
7 | AM_CFLAGS = --coverage -O0 | ||
8 | XLIB = -lgcov | ||
9 | endif | ||
10 | |||
11 | pkgcfgdir= $(pkgdatadir)/config.d/ | ||
12 | |||
13 | libexecdir= $(pkglibdir)/libexec/ | ||
14 | |||
15 | pkgcfg_DATA = \ | ||
16 | revocation.conf | ||
17 | |||
18 | bin_PROGRAMS = \ | ||
19 | gnunet-revocation \ | ||
20 | gnunet-revocation-tvg | ||
21 | |||
22 | |||
23 | plugin_LTLIBRARIES = \ | ||
24 | libgnunet_plugin_block_revocation.la | ||
25 | |||
26 | libgnunet_plugin_block_revocation_la_SOURCES = \ | ||
27 | plugin_block_revocation.c | ||
28 | libgnunet_plugin_block_revocation_la_LIBADD = \ | ||
29 | libgnunetrevocation.la \ | ||
30 | $(top_builddir)/src/block/libgnunetblockgroup.la \ | ||
31 | $(top_builddir)/src/block/libgnunetblock.la \ | ||
32 | $(top_builddir)/src/util/libgnunetutil.la \ | ||
33 | $(top_builddir)/src/identity/libgnunetidentity.la \ | ||
34 | $(LTLIBINTL) | ||
35 | libgnunet_plugin_block_revocation_la_LDFLAGS = \ | ||
36 | $(GN_PLUGIN_LDFLAGS) | ||
37 | |||
38 | |||
39 | gnunet_revocation_SOURCES = \ | ||
40 | gnunet-revocation.c | ||
41 | gnunet_revocation_LDADD = \ | ||
42 | libgnunetrevocation.la \ | ||
43 | $(top_builddir)/src/identity/libgnunetidentity.la \ | ||
44 | $(top_builddir)/src/util/libgnunetutil.la \ | ||
45 | $(GN_LIBINTL) | ||
46 | |||
47 | gnunet_revocation_tvg_SOURCES = \ | ||
48 | gnunet-revocation-tvg.c | ||
49 | gnunet_revocation_tvg_LDADD = \ | ||
50 | libgnunetrevocation.la \ | ||
51 | $(top_builddir)/src/identity/libgnunetidentity.la \ | ||
52 | $(top_builddir)/src/util/libgnunetutil.la \ | ||
53 | $(GN_LIBINTL) | ||
54 | |||
55 | |||
56 | lib_LTLIBRARIES = libgnunetrevocation.la | ||
57 | |||
58 | libgnunetrevocation_la_SOURCES = \ | ||
59 | revocation_api.c revocation.h | ||
60 | libgnunetrevocation_la_LIBADD = \ | ||
61 | $(top_builddir)/src/util/libgnunetutil.la \ | ||
62 | $(top_builddir)/src/identity/libgnunetidentity.la \ | ||
63 | $(LIBGCRYPT_LIBS) \ | ||
64 | $(GN_LIBINTL) $(XLIB) -lgcrypt | ||
65 | libgnunetrevocation_la_LDFLAGS = \ | ||
66 | $(GN_LIB_LDFLAGS) \ | ||
67 | -version-info 0:0:0 | ||
68 | |||
69 | libexec_PROGRAMS = \ | ||
70 | gnunet-service-revocation | ||
71 | |||
72 | |||
73 | gnunet_service_revocation_SOURCES = \ | ||
74 | gnunet-service-revocation.c | ||
75 | gnunet_service_revocation_LDADD = \ | ||
76 | libgnunetrevocation.la \ | ||
77 | $(top_builddir)/src/core/libgnunetcore.la \ | ||
78 | $(top_builddir)/src/setu/libgnunetsetu.la \ | ||
79 | $(top_builddir)/src/statistics/libgnunetstatistics.la \ | ||
80 | $(top_builddir)/src/identity/libgnunetidentity.la \ | ||
81 | $(top_builddir)/src/util/libgnunetutil.la \ | ||
82 | -lm \ | ||
83 | $(GN_LIBINTL) | ||
84 | |||
85 | test_revocation_SOURCES = \ | ||
86 | test_revocation.c | ||
87 | test_revocation_LDADD = \ | ||
88 | $(top_builddir)/src/identity/libgnunetidentity.la \ | ||
89 | libgnunetrevocation.la \ | ||
90 | $(top_builddir)/src//core/libgnunetcore.la \ | ||
91 | $(top_builddir)/src/util/libgnunetutil.la \ | ||
92 | $(top_builddir)/src/testbed/libgnunettestbed.la | ||
93 | |||
94 | check_PROGRAMS = \ | ||
95 | test_revocation | ||
96 | |||
97 | check_SCRIPTS = \ | ||
98 | test_local_revocation.py | ||
99 | |||
100 | if ENABLE_TEST_RUN | ||
101 | AM_TESTS_ENVIRONMENT=export GNUNET_PREFIX=$${GNUNET_PREFIX:-@libdir@};export PATH=$${GNUNET_PREFIX:-@prefix@}/bin:$$PATH;unset XDG_DATA_HOME;unset XDG_CONFIG_HOME; | ||
102 | TESTS = \ | ||
103 | $(check_SCRIPTS) \ | ||
104 | $(check_PROGRAMS) | ||
105 | endif | ||
106 | |||
107 | test_local_revocation.py: test_local_revocation.py.in Makefile | ||
108 | $(AWK) -v bdir="$(bindir)" -v py="$(PYTHON)" -v awkay="$(AWK_BINARY)" -v pfx="$(prefix)" -v prl="$(PERL)" -v sysconfdirectory="$(sysconfdir)" -v pkgdatadirectory="$(pkgdatadir)" -f $(top_srcdir)/bin/dosubst.awk < $(srcdir)/test_local_revocation.py.in > test_local_revocation.py | ||
109 | chmod +x test_local_revocation.py | ||
110 | |||
111 | EXTRA_DIST = test_revocation.conf \ | ||
112 | test_local_revocation.py.in | ||
diff --git a/src/revocation/gnunet-revocation-tvg.c b/src/revocation/gnunet-revocation-tvg.c deleted file mode 100644 index a34a6bc98..000000000 --- a/src/revocation/gnunet-revocation-tvg.c +++ /dev/null | |||
@@ -1,196 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2020 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file util/gnunet-revocation-tvg.c | ||
23 | * @brief Generate test vectors for revocation. | ||
24 | * @author Martin Schanzenbach | ||
25 | */ | ||
26 | #include "platform.h" | ||
27 | #include "gnunet_util_lib.h" | ||
28 | #include "gnunet_signatures.h" | ||
29 | #include "gnunet_revocation_service.h" | ||
30 | #include "gnunet_dnsparser_lib.h" | ||
31 | #include "gnunet_testing_lib.h" | ||
32 | #include "revocation.h" | ||
33 | #include <inttypes.h> | ||
34 | |||
35 | #define TEST_EPOCHS 2 | ||
36 | #define TEST_DIFFICULTY 5 | ||
37 | |||
38 | static char* d_pkey = | ||
39 | "6fea32c05af58bfa979553d188605fd57d8bf9cc263b78d5f7478c07b998ed70"; | ||
40 | |||
41 | int parsehex(char *src, char *dst, size_t dstlen, int invert) | ||
42 | { | ||
43 | char *line = src; | ||
44 | char *data = line; | ||
45 | int off; | ||
46 | int read_byte; | ||
47 | int data_len = 0; | ||
48 | |||
49 | while (sscanf(data, " %02x%n", &read_byte, &off) == 1) { | ||
50 | if (invert) | ||
51 | dst[dstlen - 1 - data_len++] = read_byte; | ||
52 | else | ||
53 | dst[data_len++] = read_byte; | ||
54 | data += off; | ||
55 | } | ||
56 | return data_len; | ||
57 | } | ||
58 | |||
59 | |||
60 | static void | ||
61 | print_bytes_ (void *buf, | ||
62 | size_t buf_len, | ||
63 | int fold, | ||
64 | int in_be) | ||
65 | { | ||
66 | int i; | ||
67 | |||
68 | for (i = 0; i < buf_len; i++) | ||
69 | { | ||
70 | if ((0 != i) && (0 != fold) && (i % fold == 0)) | ||
71 | printf ("\n"); | ||
72 | if (in_be) | ||
73 | printf ("%02x", ((unsigned char*) buf)[buf_len - 1 - i]); | ||
74 | else | ||
75 | printf ("%02x", ((unsigned char*) buf)[i]); | ||
76 | } | ||
77 | printf ("\n"); | ||
78 | } | ||
79 | |||
80 | static void | ||
81 | print_bytes (void *buf, | ||
82 | size_t buf_len, | ||
83 | int fold) | ||
84 | { | ||
85 | print_bytes_ (buf, buf_len, fold, 0); | ||
86 | } | ||
87 | |||
88 | |||
89 | |||
90 | /** | ||
91 | * Main function that will be run. | ||
92 | * | ||
93 | * @param cls closure | ||
94 | * @param args remaining command-line arguments | ||
95 | * @param cfgfile name of the configuration file used (for saving, can be NULL!) | ||
96 | * @param cfg configuration | ||
97 | */ | ||
98 | static void | ||
99 | run (void *cls, | ||
100 | char *const *args, | ||
101 | const char *cfgfile, | ||
102 | const struct GNUNET_CONFIGURATION_Handle *cfg) | ||
103 | { | ||
104 | struct GNUNET_IDENTITY_PrivateKey id_priv; | ||
105 | struct GNUNET_IDENTITY_PublicKey id_pub; | ||
106 | struct GNUNET_REVOCATION_PowP *pow; | ||
107 | struct GNUNET_REVOCATION_PowCalculationHandle *ph; | ||
108 | struct GNUNET_TIME_Relative exp; | ||
109 | char ztld[128]; | ||
110 | |||
111 | id_priv.type = htonl (GNUNET_IDENTITY_TYPE_ECDSA); | ||
112 | GNUNET_CRYPTO_ecdsa_key_create (&id_priv.ecdsa_key); | ||
113 | parsehex(d_pkey,(char*)&id_priv.ecdsa_key, sizeof (id_priv.ecdsa_key), 1); | ||
114 | GNUNET_IDENTITY_key_get_public (&id_priv, | ||
115 | &id_pub); | ||
116 | GNUNET_STRINGS_data_to_string (&id_pub, | ||
117 | GNUNET_IDENTITY_key_get_length (&id_pub), | ||
118 | ztld, | ||
119 | sizeof (ztld)); | ||
120 | fprintf (stdout, "Zone private key (d, big-endian scalar):\n"); | ||
121 | print_bytes_ (&id_priv.ecdsa_key, sizeof(id_priv.ecdsa_key), 8, 1); | ||
122 | fprintf (stdout, "\n"); | ||
123 | fprintf (stdout, "Zone identifier (ztype|zkey):\n"); | ||
124 | print_bytes (&id_pub, GNUNET_IDENTITY_key_get_length (&id_pub), 8); | ||
125 | fprintf (stdout, "\n"); | ||
126 | fprintf (stdout, "Encoded zone identifier (zkl = zTLD):\n"); | ||
127 | fprintf (stdout, "%s\n", ztld); | ||
128 | fprintf (stdout, "\n"); | ||
129 | pow = GNUNET_malloc (GNUNET_REVOCATION_MAX_PROOF_SIZE); | ||
130 | GNUNET_REVOCATION_pow_init (&id_priv, | ||
131 | pow); | ||
132 | ph = GNUNET_REVOCATION_pow_start (pow, | ||
133 | TEST_EPOCHS, | ||
134 | TEST_DIFFICULTY); | ||
135 | fprintf (stdout, "Difficulty (%d base difficulty + %d epochs): %d\n\n", | ||
136 | TEST_DIFFICULTY, | ||
137 | TEST_EPOCHS, | ||
138 | TEST_DIFFICULTY + TEST_EPOCHS); | ||
139 | uint64_t pow_passes = 0; | ||
140 | while (GNUNET_YES != GNUNET_REVOCATION_pow_round (ph)) | ||
141 | { | ||
142 | pow_passes++; | ||
143 | } | ||
144 | struct GNUNET_REVOCATION_SignaturePurposePS *purp; | ||
145 | purp = REV_create_signature_message (pow); | ||
146 | fprintf (stdout, "Signed message:\n"); | ||
147 | print_bytes (purp, | ||
148 | ntohl (purp->purpose.size), | ||
149 | 8); | ||
150 | printf ("\n"); | ||
151 | GNUNET_free (purp); | ||
152 | |||
153 | exp = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_YEARS, | ||
154 | TEST_EPOCHS); | ||
155 | GNUNET_assert (GNUNET_OK == GNUNET_REVOCATION_check_pow (pow, | ||
156 | TEST_DIFFICULTY, | ||
157 | exp)); | ||
158 | fprintf (stdout, "Proof:\n"); | ||
159 | print_bytes (pow, | ||
160 | GNUNET_REVOCATION_proof_get_size (pow), | ||
161 | 8); | ||
162 | GNUNET_free (ph); | ||
163 | } | ||
164 | |||
165 | |||
166 | /** | ||
167 | * The main function of the test vector generation tool. | ||
168 | * | ||
169 | * @param argc number of arguments from the command line | ||
170 | * @param argv command line arguments | ||
171 | * @return 0 ok, 1 on error | ||
172 | */ | ||
173 | int | ||
174 | main (int argc, | ||
175 | char *const *argv) | ||
176 | { | ||
177 | const struct GNUNET_GETOPT_CommandLineOption options[] = { | ||
178 | GNUNET_GETOPT_OPTION_END | ||
179 | }; | ||
180 | |||
181 | GNUNET_assert (GNUNET_OK == | ||
182 | GNUNET_log_setup ("gnunet-revocation-tvg", | ||
183 | "INFO", | ||
184 | NULL)); | ||
185 | if (GNUNET_OK != | ||
186 | GNUNET_PROGRAM_run (argc, argv, | ||
187 | "gnunet-revocation-tvg", | ||
188 | "Generate test vectors for revocation", | ||
189 | options, | ||
190 | &run, NULL)) | ||
191 | return 1; | ||
192 | return 0; | ||
193 | } | ||
194 | |||
195 | |||
196 | /* end of gnunet-revocation-tvg.c */ | ||
diff --git a/src/revocation/gnunet-revocation.c b/src/revocation/gnunet-revocation.c deleted file mode 100644 index a7f96385c..000000000 --- a/src/revocation/gnunet-revocation.c +++ /dev/null | |||
@@ -1,581 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2013 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file revocation/gnunet-revocation.c | ||
23 | * @brief tool for revoking public keys | ||
24 | * @author Christian Grothoff | ||
25 | */ | ||
26 | #include "platform.h" | ||
27 | #include "gnunet_util_lib.h" | ||
28 | #include "gnunet_revocation_service.h" | ||
29 | #include "gnunet_identity_service.h" | ||
30 | |||
31 | /** | ||
32 | * Pow passes | ||
33 | */ | ||
34 | static unsigned int pow_passes = 1; | ||
35 | |||
36 | /** | ||
37 | * Final status code. | ||
38 | */ | ||
39 | static int ret; | ||
40 | |||
41 | /** | ||
42 | * Was "-p" specified? | ||
43 | */ | ||
44 | static int perform; | ||
45 | |||
46 | /** | ||
47 | * -f option. | ||
48 | */ | ||
49 | static char *filename; | ||
50 | |||
51 | /** | ||
52 | * -R option | ||
53 | */ | ||
54 | static char *revoke_ego; | ||
55 | |||
56 | /** | ||
57 | * -t option. | ||
58 | */ | ||
59 | static char *test_ego; | ||
60 | |||
61 | /** | ||
62 | * -e option. | ||
63 | */ | ||
64 | static unsigned int epochs = 1; | ||
65 | |||
66 | /** | ||
67 | * Handle for revocation query. | ||
68 | */ | ||
69 | static struct GNUNET_REVOCATION_Query *q; | ||
70 | |||
71 | /** | ||
72 | * Handle for revocation. | ||
73 | */ | ||
74 | static struct GNUNET_REVOCATION_Handle *h; | ||
75 | |||
76 | /** | ||
77 | * Handle for our ego lookup. | ||
78 | */ | ||
79 | static struct GNUNET_IDENTITY_EgoLookup *el; | ||
80 | |||
81 | /** | ||
82 | * Our configuration. | ||
83 | */ | ||
84 | static const struct GNUNET_CONFIGURATION_Handle *cfg; | ||
85 | |||
86 | /** | ||
87 | * Number of matching bits required for revocation. | ||
88 | */ | ||
89 | static unsigned long long matching_bits; | ||
90 | |||
91 | /** | ||
92 | * Epoch length | ||
93 | */ | ||
94 | static struct GNUNET_TIME_Relative epoch_duration; | ||
95 | |||
96 | /** | ||
97 | * Task used for proof-of-work calculation. | ||
98 | */ | ||
99 | static struct GNUNET_SCHEDULER_Task *pow_task; | ||
100 | |||
101 | /** | ||
102 | * Proof-of-work object | ||
103 | */ | ||
104 | static struct GNUNET_REVOCATION_PowP *proof_of_work; | ||
105 | |||
106 | /** | ||
107 | * Function run if the user aborts with CTRL-C. | ||
108 | * | ||
109 | * @param cls closure | ||
110 | */ | ||
111 | static void | ||
112 | do_shutdown (void *cls) | ||
113 | { | ||
114 | fprintf (stderr, "%s", _ ("Shutting down...\n")); | ||
115 | if (NULL != el) | ||
116 | { | ||
117 | GNUNET_IDENTITY_ego_lookup_cancel (el); | ||
118 | el = NULL; | ||
119 | } | ||
120 | if (NULL != q) | ||
121 | { | ||
122 | GNUNET_REVOCATION_query_cancel (q); | ||
123 | q = NULL; | ||
124 | } | ||
125 | if (NULL != h) | ||
126 | { | ||
127 | GNUNET_REVOCATION_revoke_cancel (h); | ||
128 | h = NULL; | ||
129 | } | ||
130 | } | ||
131 | |||
132 | |||
133 | /** | ||
134 | * Print the result from a revocation query. | ||
135 | * | ||
136 | * @param cls NULL | ||
137 | * @param is_valid #GNUNET_YES if the key is still valid, #GNUNET_NO if not, #GNUNET_SYSERR on error | ||
138 | */ | ||
139 | static void | ||
140 | print_query_result (void *cls, int is_valid) | ||
141 | { | ||
142 | q = NULL; | ||
143 | switch (is_valid) | ||
144 | { | ||
145 | case GNUNET_YES: | ||
146 | fprintf (stdout, _ ("Key `%s' is valid\n"), test_ego); | ||
147 | break; | ||
148 | |||
149 | case GNUNET_NO: | ||
150 | fprintf (stdout, _ ("Key `%s' has been revoked\n"), test_ego); | ||
151 | break; | ||
152 | |||
153 | case GNUNET_SYSERR: | ||
154 | fprintf (stdout, "%s", _ ("Internal error\n")); | ||
155 | break; | ||
156 | |||
157 | default: | ||
158 | GNUNET_break (0); | ||
159 | break; | ||
160 | } | ||
161 | GNUNET_SCHEDULER_shutdown (); | ||
162 | } | ||
163 | |||
164 | |||
165 | /** | ||
166 | * Print the result from a revocation request. | ||
167 | * | ||
168 | * @param cls NULL | ||
169 | * @param is_valid #GNUNET_YES if the key is still valid, #GNUNET_NO if not, #GNUNET_SYSERR on error | ||
170 | */ | ||
171 | static void | ||
172 | print_revocation_result (void *cls, int is_valid) | ||
173 | { | ||
174 | h = NULL; | ||
175 | switch (is_valid) | ||
176 | { | ||
177 | case GNUNET_YES: | ||
178 | if (NULL != revoke_ego) | ||
179 | fprintf (stdout, | ||
180 | _ ("Key for ego `%s' is still valid, revocation failed (!)\n"), | ||
181 | revoke_ego); | ||
182 | else | ||
183 | fprintf (stdout, "%s", _ ("Revocation failed (!)\n")); | ||
184 | break; | ||
185 | |||
186 | case GNUNET_NO: | ||
187 | if (NULL != revoke_ego) | ||
188 | fprintf (stdout, | ||
189 | _ ("Key for ego `%s' has been successfully revoked\n"), | ||
190 | revoke_ego); | ||
191 | else | ||
192 | fprintf (stdout, "%s", _ ("Revocation successful.\n")); | ||
193 | break; | ||
194 | |||
195 | case GNUNET_SYSERR: | ||
196 | fprintf (stdout, | ||
197 | "%s", | ||
198 | _ ("Internal error, key revocation might have failed\n")); | ||
199 | break; | ||
200 | |||
201 | default: | ||
202 | GNUNET_break (0); | ||
203 | break; | ||
204 | } | ||
205 | GNUNET_SCHEDULER_shutdown (); | ||
206 | } | ||
207 | |||
208 | |||
209 | /** | ||
210 | * Perform the revocation. | ||
211 | */ | ||
212 | static void | ||
213 | perform_revocation () | ||
214 | { | ||
215 | h = GNUNET_REVOCATION_revoke (cfg, | ||
216 | proof_of_work, | ||
217 | &print_revocation_result, | ||
218 | NULL); | ||
219 | } | ||
220 | |||
221 | |||
222 | /** | ||
223 | * Write the current state of the revocation data | ||
224 | * to disk. | ||
225 | * | ||
226 | * @param rd data to sync | ||
227 | */ | ||
228 | static void | ||
229 | sync_pow () | ||
230 | { | ||
231 | size_t psize = GNUNET_REVOCATION_proof_get_size (proof_of_work); | ||
232 | if ((NULL != filename) && | ||
233 | (GNUNET_OK != | ||
234 | GNUNET_DISK_fn_write (filename, | ||
235 | proof_of_work, | ||
236 | psize, | ||
237 | GNUNET_DISK_PERM_USER_READ | ||
238 | | GNUNET_DISK_PERM_USER_WRITE))) | ||
239 | GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, "write", filename); | ||
240 | } | ||
241 | |||
242 | |||
243 | /** | ||
244 | * Perform the proof-of-work calculation. | ||
245 | * | ||
246 | * @param cls the `struct RevocationData` | ||
247 | */ | ||
248 | static void | ||
249 | calculate_pow_shutdown (void *cls) | ||
250 | { | ||
251 | struct GNUNET_REVOCATION_PowCalculationHandle *ph = cls; | ||
252 | fprintf (stderr, "%s", _ ("Cancelling calculation.\n")); | ||
253 | sync_pow (); | ||
254 | if (NULL != pow_task) | ||
255 | { | ||
256 | GNUNET_SCHEDULER_cancel (pow_task); | ||
257 | pow_task = NULL; | ||
258 | } | ||
259 | if (NULL != ph) | ||
260 | GNUNET_REVOCATION_pow_stop (ph); | ||
261 | } | ||
262 | |||
263 | |||
264 | /** | ||
265 | * Perform the proof-of-work calculation. | ||
266 | * | ||
267 | * @param cls the `struct RevocationData` | ||
268 | */ | ||
269 | static void | ||
270 | calculate_pow (void *cls) | ||
271 | { | ||
272 | struct GNUNET_REVOCATION_PowCalculationHandle *ph = cls; | ||
273 | size_t psize; | ||
274 | |||
275 | /* store temporary results */ | ||
276 | pow_task = NULL; | ||
277 | if (0 == (pow_passes % 128)) | ||
278 | sync_pow (); | ||
279 | /* actually do POW calculation */ | ||
280 | if (GNUNET_OK == GNUNET_REVOCATION_pow_round (ph)) | ||
281 | { | ||
282 | psize = GNUNET_REVOCATION_proof_get_size (proof_of_work); | ||
283 | if (NULL != filename) | ||
284 | { | ||
285 | (void) GNUNET_DISK_directory_remove (filename); | ||
286 | if (GNUNET_OK != | ||
287 | GNUNET_DISK_fn_write (filename, | ||
288 | proof_of_work, | ||
289 | psize, | ||
290 | GNUNET_DISK_PERM_USER_READ | ||
291 | | GNUNET_DISK_PERM_USER_WRITE)) | ||
292 | GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, "write", filename); | ||
293 | } | ||
294 | if (perform) | ||
295 | { | ||
296 | perform_revocation (); | ||
297 | } | ||
298 | else | ||
299 | { | ||
300 | fprintf (stderr, "%s", "\n"); | ||
301 | fprintf (stderr, | ||
302 | _ ("Revocation certificate for `%s' stored in `%s'\n"), | ||
303 | revoke_ego, | ||
304 | filename); | ||
305 | GNUNET_SCHEDULER_shutdown (); | ||
306 | } | ||
307 | return; | ||
308 | } | ||
309 | pow_passes++; | ||
310 | pow_task = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_MILLISECONDS, | ||
311 | &calculate_pow, | ||
312 | ph); | ||
313 | |||
314 | } | ||
315 | |||
316 | |||
317 | /** | ||
318 | * Function called with the result from the ego lookup. | ||
319 | * | ||
320 | * @param cls closure | ||
321 | * @param ego the ego, NULL if not found | ||
322 | */ | ||
323 | static void | ||
324 | ego_callback (void *cls, struct GNUNET_IDENTITY_Ego *ego) | ||
325 | { | ||
326 | struct GNUNET_IDENTITY_PublicKey key; | ||
327 | const struct GNUNET_IDENTITY_PrivateKey *privkey; | ||
328 | struct GNUNET_REVOCATION_PowCalculationHandle *ph = NULL; | ||
329 | size_t psize; | ||
330 | |||
331 | el = NULL; | ||
332 | if (NULL == ego) | ||
333 | { | ||
334 | fprintf (stdout, _ ("Ego `%s' not found.\n"), revoke_ego); | ||
335 | GNUNET_SCHEDULER_shutdown (); | ||
336 | return; | ||
337 | } | ||
338 | GNUNET_IDENTITY_ego_get_public_key (ego, &key); | ||
339 | privkey = GNUNET_IDENTITY_ego_get_private_key (ego); | ||
340 | proof_of_work = GNUNET_malloc (GNUNET_REVOCATION_MAX_PROOF_SIZE); | ||
341 | if ((NULL != filename) && (GNUNET_YES == GNUNET_DISK_file_test (filename)) && | ||
342 | (0 < (psize = | ||
343 | GNUNET_DISK_fn_read (filename, proof_of_work, | ||
344 | GNUNET_REVOCATION_MAX_PROOF_SIZE)))) | ||
345 | { | ||
346 | ssize_t ksize = GNUNET_IDENTITY_key_get_length (&key); | ||
347 | if (0 > ksize) | ||
348 | { | ||
349 | fprintf (stderr, | ||
350 | _ ("Error: Key is invalid\n")); | ||
351 | return; | ||
352 | } | ||
353 | if (((psize - sizeof (*proof_of_work)) < ksize) || // Key too small | ||
354 | (0 != memcmp (&proof_of_work[1], &key, ksize))) // Keys do not match | ||
355 | { | ||
356 | fprintf (stderr, | ||
357 | _ ("Error: revocation certificate in `%s' is not for `%s'\n"), | ||
358 | filename, | ||
359 | revoke_ego); | ||
360 | return; | ||
361 | } | ||
362 | if (GNUNET_YES == | ||
363 | GNUNET_REVOCATION_check_pow (proof_of_work, | ||
364 | (unsigned int) matching_bits, | ||
365 | epoch_duration)) | ||
366 | { | ||
367 | fprintf (stderr, "%s", _ ("Revocation certificate ready\n")); | ||
368 | if (perform) | ||
369 | perform_revocation (); | ||
370 | else | ||
371 | GNUNET_SCHEDULER_shutdown (); | ||
372 | return; | ||
373 | } | ||
374 | /** | ||
375 | * Certificate not yet ready | ||
376 | */ | ||
377 | fprintf (stderr, | ||
378 | "%s", | ||
379 | _ ("Continuing calculation where left off...\n")); | ||
380 | ph = GNUNET_REVOCATION_pow_start (proof_of_work, | ||
381 | epochs, | ||
382 | matching_bits); | ||
383 | } | ||
384 | fprintf (stderr, | ||
385 | "%s", | ||
386 | _ ("Revocation certificate not ready, calculating proof of work\n")); | ||
387 | if (NULL == ph) | ||
388 | { | ||
389 | GNUNET_REVOCATION_pow_init (privkey, | ||
390 | proof_of_work); | ||
391 | ph = GNUNET_REVOCATION_pow_start (proof_of_work, | ||
392 | epochs, /* Epochs */ | ||
393 | matching_bits); | ||
394 | } | ||
395 | pow_task = GNUNET_SCHEDULER_add_now (&calculate_pow, ph); | ||
396 | GNUNET_SCHEDULER_add_shutdown (&calculate_pow_shutdown, ph); | ||
397 | } | ||
398 | |||
399 | |||
400 | /** | ||
401 | * Main function that will be run by the scheduler. | ||
402 | * | ||
403 | * @param cls closure | ||
404 | * @param args remaining command-line arguments | ||
405 | * @param cfgfile name of the configuration file used (for saving, can be NULL!) | ||
406 | * @param c configuration | ||
407 | */ | ||
408 | static void | ||
409 | run (void *cls, | ||
410 | char *const *args, | ||
411 | const char *cfgfile, | ||
412 | const struct GNUNET_CONFIGURATION_Handle *c) | ||
413 | { | ||
414 | struct GNUNET_IDENTITY_PublicKey pk; | ||
415 | size_t psize; | ||
416 | |||
417 | cfg = c; | ||
418 | if (NULL != test_ego) | ||
419 | { | ||
420 | if (GNUNET_OK != | ||
421 | GNUNET_IDENTITY_public_key_from_string (test_ego, | ||
422 | &pk)) | ||
423 | { | ||
424 | fprintf (stderr, _ ("Public key `%s' malformed\n"), test_ego); | ||
425 | return; | ||
426 | } | ||
427 | GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); | ||
428 | q = GNUNET_REVOCATION_query (cfg, &pk, &print_query_result, NULL); | ||
429 | if (NULL != revoke_ego) | ||
430 | fprintf ( | ||
431 | stderr, | ||
432 | "%s", | ||
433 | _ ( | ||
434 | "Testing and revoking at the same time is not allowed, only executing test.\n")); | ||
435 | return; | ||
436 | } | ||
437 | if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_number (cfg, | ||
438 | "REVOCATION", | ||
439 | "WORKBITS", | ||
440 | &matching_bits)) | ||
441 | { | ||
442 | GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, | ||
443 | "REVOCATION", | ||
444 | "WORKBITS"); | ||
445 | return; | ||
446 | } | ||
447 | if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_time (cfg, | ||
448 | "REVOCATION", | ||
449 | "EPOCH_DURATION", | ||
450 | &epoch_duration)) | ||
451 | { | ||
452 | GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, | ||
453 | "REVOCATION", | ||
454 | "EPOCH_DURATION"); | ||
455 | return; | ||
456 | } | ||
457 | |||
458 | if (NULL != revoke_ego) | ||
459 | { | ||
460 | if (! perform && (NULL == filename)) | ||
461 | { | ||
462 | fprintf (stderr, | ||
463 | "%s", | ||
464 | _ ("No filename to store revocation certificate given.\n")); | ||
465 | return; | ||
466 | } | ||
467 | /* main code here */ | ||
468 | el = GNUNET_IDENTITY_ego_lookup (cfg, revoke_ego, &ego_callback, NULL); | ||
469 | GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); | ||
470 | return; | ||
471 | } | ||
472 | if ((NULL != filename) && (perform)) | ||
473 | { | ||
474 | size_t bread; | ||
475 | proof_of_work = GNUNET_malloc (GNUNET_REVOCATION_MAX_PROOF_SIZE); | ||
476 | if (0 < (bread = GNUNET_DISK_fn_read (filename, | ||
477 | proof_of_work, | ||
478 | GNUNET_REVOCATION_MAX_PROOF_SIZE))) | ||
479 | { | ||
480 | fprintf (stderr, | ||
481 | _ ("Failed to read revocation certificate from `%s'\n"), | ||
482 | filename); | ||
483 | return; | ||
484 | } | ||
485 | psize = GNUNET_REVOCATION_proof_get_size (proof_of_work); | ||
486 | if (bread != psize) | ||
487 | { | ||
488 | fprintf (stderr, | ||
489 | _ ("Revocation certificate corrupted in `%s'\n"), | ||
490 | filename); | ||
491 | return; | ||
492 | } | ||
493 | GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); | ||
494 | if (GNUNET_YES != | ||
495 | GNUNET_REVOCATION_check_pow (proof_of_work, | ||
496 | (unsigned int) matching_bits, | ||
497 | epoch_duration)) | ||
498 | { | ||
499 | struct GNUNET_REVOCATION_PowCalculationHandle *ph; | ||
500 | ph = GNUNET_REVOCATION_pow_start (proof_of_work, | ||
501 | epochs, /* Epochs */ | ||
502 | matching_bits); | ||
503 | |||
504 | pow_task = GNUNET_SCHEDULER_add_now (&calculate_pow, ph); | ||
505 | GNUNET_SCHEDULER_add_shutdown (&calculate_pow_shutdown, ph); | ||
506 | return; | ||
507 | } | ||
508 | perform_revocation (); | ||
509 | return; | ||
510 | } | ||
511 | fprintf (stderr, "%s", _ ("No action specified. Nothing to do.\n")); | ||
512 | } | ||
513 | |||
514 | |||
515 | /** | ||
516 | * The main function of gnunet-revocation. | ||
517 | * | ||
518 | * @param argc number of arguments from the command line | ||
519 | * @param argv command line arguments | ||
520 | * @return 0 ok, 1 on error | ||
521 | */ | ||
522 | int | ||
523 | main (int argc, char *const *argv) | ||
524 | { | ||
525 | struct GNUNET_GETOPT_CommandLineOption options[] = { | ||
526 | GNUNET_GETOPT_option_string ('f', | ||
527 | "filename", | ||
528 | "NAME", | ||
529 | gettext_noop ( | ||
530 | "use NAME for the name of the revocation file"), | ||
531 | &filename), | ||
532 | |||
533 | GNUNET_GETOPT_option_string ( | ||
534 | 'R', | ||
535 | "revoke", | ||
536 | "NAME", | ||
537 | gettext_noop ( | ||
538 | "revoke the private key associated for the the private key associated with the ego NAME "), | ||
539 | &revoke_ego), | ||
540 | |||
541 | GNUNET_GETOPT_option_flag ( | ||
542 | 'p', | ||
543 | "perform", | ||
544 | gettext_noop ( | ||
545 | "actually perform revocation, otherwise we just do the precomputation"), | ||
546 | &perform), | ||
547 | |||
548 | GNUNET_GETOPT_option_string ('t', | ||
549 | "test", | ||
550 | "KEY", | ||
551 | gettext_noop ( | ||
552 | "test if the public key KEY has been revoked"), | ||
553 | &test_ego), | ||
554 | GNUNET_GETOPT_option_uint ('e', | ||
555 | "epochs", | ||
556 | "EPOCHS", | ||
557 | gettext_noop ( | ||
558 | "number of epochs to calculate for"), | ||
559 | &epochs), | ||
560 | |||
561 | GNUNET_GETOPT_OPTION_END | ||
562 | }; | ||
563 | |||
564 | if (GNUNET_OK != GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, &argv)) | ||
565 | return 2; | ||
566 | |||
567 | ret = (GNUNET_OK == GNUNET_PROGRAM_run (argc, | ||
568 | argv, | ||
569 | "gnunet-revocation", | ||
570 | gettext_noop ("help text"), | ||
571 | options, | ||
572 | &run, | ||
573 | NULL)) | ||
574 | ? ret | ||
575 | : 1; | ||
576 | GNUNET_free_nz ((void *) argv); | ||
577 | return ret; | ||
578 | } | ||
579 | |||
580 | |||
581 | /* end of gnunet-revocation.c */ | ||
diff --git a/src/revocation/gnunet-service-revocation.c b/src/revocation/gnunet-service-revocation.c deleted file mode 100644 index 4494ade83..000000000 --- a/src/revocation/gnunet-service-revocation.c +++ /dev/null | |||
@@ -1,1032 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2013, 2014, 2016 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file revocation/gnunet-service-revocation.c | ||
23 | * @brief key revocation service | ||
24 | * @author Christian Grothoff | ||
25 | * | ||
26 | * The purpose of this service is to allow users to permanently revoke | ||
27 | * (compromised) keys. This is done by flooding the network with the | ||
28 | * revocation requests. To reduce the attack potential offered by such | ||
29 | * flooding, revocations must include a proof of work. We use the | ||
30 | * set service for efficiently computing the union of revocations of | ||
31 | * peers that connect. | ||
32 | * | ||
33 | * TODO: | ||
34 | * - optimization: avoid sending revocation back to peer that we got it from; | ||
35 | * - optimization: have randomized delay in sending revocations to other peers | ||
36 | * to make it rare to traverse each link twice (NSE-style) | ||
37 | */ | ||
38 | #include "platform.h" | ||
39 | #include <math.h> | ||
40 | #include "gnunet_util_lib.h" | ||
41 | #include "gnunet_block_lib.h" | ||
42 | #include "gnunet_constants.h" | ||
43 | #include "gnunet_protocols.h" | ||
44 | #include "gnunet_signatures.h" | ||
45 | #include "gnunet_statistics_service.h" | ||
46 | #include "gnunet_core_service.h" | ||
47 | #include "gnunet_revocation_service.h" | ||
48 | #include "gnunet_setu_service.h" | ||
49 | #include "revocation.h" | ||
50 | #include <gcrypt.h> | ||
51 | |||
52 | |||
53 | /** | ||
54 | * Per-peer information. | ||
55 | */ | ||
56 | struct PeerEntry | ||
57 | { | ||
58 | /** | ||
59 | * Queue for sending messages to this peer. | ||
60 | */ | ||
61 | struct GNUNET_MQ_Handle *mq; | ||
62 | |||
63 | /** | ||
64 | * What is the identity of the peer? | ||
65 | */ | ||
66 | struct GNUNET_PeerIdentity id; | ||
67 | |||
68 | /** | ||
69 | * Tasked used to trigger the set union operation. | ||
70 | */ | ||
71 | struct GNUNET_SCHEDULER_Task *transmit_task; | ||
72 | |||
73 | /** | ||
74 | * Handle to active set union operation (over revocation sets). | ||
75 | */ | ||
76 | struct GNUNET_SETU_OperationHandle *so; | ||
77 | }; | ||
78 | |||
79 | |||
80 | /** | ||
81 | * Set from all revocations known to us. | ||
82 | */ | ||
83 | static struct GNUNET_SETU_Handle *revocation_set; | ||
84 | |||
85 | /** | ||
86 | * Hash map with all revoked keys, maps the hash of the public key | ||
87 | * to the respective `struct RevokeMessage`. | ||
88 | */ | ||
89 | static struct GNUNET_CONTAINER_MultiHashMap *revocation_map; | ||
90 | |||
91 | /** | ||
92 | * Handle to our current configuration. | ||
93 | */ | ||
94 | static const struct GNUNET_CONFIGURATION_Handle *cfg; | ||
95 | |||
96 | /** | ||
97 | * Handle to the statistics service. | ||
98 | */ | ||
99 | static struct GNUNET_STATISTICS_Handle *stats; | ||
100 | |||
101 | /** | ||
102 | * Handle to the core service (for flooding) | ||
103 | */ | ||
104 | static struct GNUNET_CORE_Handle *core_api; | ||
105 | |||
106 | /** | ||
107 | * Map of all connected peers. | ||
108 | */ | ||
109 | static struct GNUNET_CONTAINER_MultiPeerMap *peers; | ||
110 | |||
111 | /** | ||
112 | * The peer identity of this peer. | ||
113 | */ | ||
114 | static struct GNUNET_PeerIdentity my_identity; | ||
115 | |||
116 | /** | ||
117 | * File handle for the revocation database. | ||
118 | */ | ||
119 | static struct GNUNET_DISK_FileHandle *revocation_db; | ||
120 | |||
121 | /** | ||
122 | * Handle for us listening to incoming revocation set union requests. | ||
123 | */ | ||
124 | static struct GNUNET_SETU_ListenHandle *revocation_union_listen_handle; | ||
125 | |||
126 | /** | ||
127 | * Amount of work required (W-bit collisions) for REVOCATION proofs, in collision-bits. | ||
128 | */ | ||
129 | static unsigned long long revocation_work_required; | ||
130 | |||
131 | /** | ||
132 | * Length of an expiration expoch | ||
133 | */ | ||
134 | static struct GNUNET_TIME_Relative epoch_duration; | ||
135 | |||
136 | /** | ||
137 | * Our application ID for set union operations. Must be the | ||
138 | * same for all (compatible) peers. | ||
139 | */ | ||
140 | static struct GNUNET_HashCode revocation_set_union_app_id; | ||
141 | |||
142 | |||
143 | /** | ||
144 | * Create a new PeerEntry and add it to the peers multipeermap. | ||
145 | * | ||
146 | * @param peer the peer identity | ||
147 | * @return a pointer to the new PeerEntry | ||
148 | */ | ||
149 | static struct PeerEntry * | ||
150 | new_peer_entry (const struct GNUNET_PeerIdentity *peer) | ||
151 | { | ||
152 | struct PeerEntry *peer_entry; | ||
153 | |||
154 | peer_entry = GNUNET_new (struct PeerEntry); | ||
155 | peer_entry->id = *peer; | ||
156 | GNUNET_assert (GNUNET_OK == | ||
157 | GNUNET_CONTAINER_multipeermap_put (peers, | ||
158 | &peer_entry->id, | ||
159 | peer_entry, | ||
160 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)); | ||
161 | return peer_entry; | ||
162 | } | ||
163 | |||
164 | |||
165 | /** | ||
166 | * An revoke message has been received, check that it is well-formed. | ||
167 | * | ||
168 | * @param rm the message to verify | ||
169 | * @return #GNUNET_YES if the message is verified | ||
170 | * #GNUNET_NO if the key/signature don't verify | ||
171 | */ | ||
172 | static enum GNUNET_GenericReturnValue | ||
173 | verify_revoke_message (const struct RevokeMessage *rm) | ||
174 | { | ||
175 | const struct GNUNET_REVOCATION_PowP *pow | ||
176 | = (const struct GNUNET_REVOCATION_PowP *) &rm[1]; | ||
177 | |||
178 | if (GNUNET_YES != | ||
179 | GNUNET_REVOCATION_check_pow (pow, | ||
180 | (unsigned int) revocation_work_required, | ||
181 | epoch_duration)) | ||
182 | { | ||
183 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
184 | "Proof of work invalid!\n"); | ||
185 | GNUNET_break_op (0); | ||
186 | return GNUNET_NO; | ||
187 | } | ||
188 | return GNUNET_YES; | ||
189 | } | ||
190 | |||
191 | |||
192 | /** | ||
193 | * Handle client connecting to the service. | ||
194 | * | ||
195 | * @param cls NULL | ||
196 | * @param client the new client | ||
197 | * @param mq the message queue of @a client | ||
198 | * @return @a client | ||
199 | */ | ||
200 | static void * | ||
201 | client_connect_cb (void *cls, | ||
202 | struct GNUNET_SERVICE_Client *client, | ||
203 | struct GNUNET_MQ_Handle *mq) | ||
204 | { | ||
205 | return client; | ||
206 | } | ||
207 | |||
208 | |||
209 | /** | ||
210 | * Handle client connecting to the service. | ||
211 | * | ||
212 | * @param cls NULL | ||
213 | * @param client the new client | ||
214 | * @param app_cls must alias @a client | ||
215 | */ | ||
216 | static void | ||
217 | client_disconnect_cb (void *cls, | ||
218 | struct GNUNET_SERVICE_Client *client, | ||
219 | void *app_cls) | ||
220 | { | ||
221 | GNUNET_assert (client == app_cls); | ||
222 | } | ||
223 | |||
224 | |||
225 | /** | ||
226 | * Handle QUERY message from client. | ||
227 | * | ||
228 | * @param cls client who sent the message | ||
229 | * @param qm the message received | ||
230 | */ | ||
231 | static void | ||
232 | handle_query_message (void *cls, | ||
233 | const struct QueryMessage *qm) | ||
234 | { | ||
235 | struct GNUNET_SERVICE_Client *client = cls; | ||
236 | struct GNUNET_MQ_Envelope *env; | ||
237 | struct QueryResponseMessage *qrm; | ||
238 | struct GNUNET_HashCode hc; | ||
239 | int res; | ||
240 | |||
241 | GNUNET_CRYPTO_hash (&qm->key, | ||
242 | sizeof(struct GNUNET_IDENTITY_PublicKey), | ||
243 | &hc); | ||
244 | res = GNUNET_CONTAINER_multihashmap_contains (revocation_map, | ||
245 | &hc); | ||
246 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
247 | (GNUNET_NO == res) | ||
248 | ? "Received revocation check for valid key `%s' from client\n" | ||
249 | : "Received revocation check for revoked key `%s' from client\n", | ||
250 | GNUNET_h2s (&hc)); | ||
251 | env = GNUNET_MQ_msg (qrm, | ||
252 | GNUNET_MESSAGE_TYPE_REVOCATION_QUERY_RESPONSE); | ||
253 | qrm->is_valid = htonl ((GNUNET_YES == res) ? GNUNET_NO : GNUNET_YES); | ||
254 | GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq (client), | ||
255 | env); | ||
256 | GNUNET_SERVICE_client_continue (client); | ||
257 | } | ||
258 | |||
259 | |||
260 | /** | ||
261 | * Flood the given revocation message to all neighbours. | ||
262 | * | ||
263 | * @param cls the `struct RevokeMessage` to flood | ||
264 | * @param target a neighbour | ||
265 | * @param value our `struct PeerEntry` for the neighbour | ||
266 | * @return #GNUNET_OK (continue to iterate) | ||
267 | */ | ||
268 | static enum GNUNET_GenericReturnValue | ||
269 | do_flood (void *cls, | ||
270 | const struct GNUNET_PeerIdentity *target, | ||
271 | void *value) | ||
272 | { | ||
273 | const struct RevokeMessage *rm = cls; | ||
274 | struct PeerEntry *pe = value; | ||
275 | struct GNUNET_MQ_Envelope *e; | ||
276 | struct RevokeMessage *cp; | ||
277 | |||
278 | if (NULL == pe->mq) | ||
279 | return GNUNET_OK; /* peer connected to us via SET, | ||
280 | but we have no direct CORE | ||
281 | connection for flooding */ | ||
282 | e = GNUNET_MQ_msg_extra (cp, | ||
283 | htonl (rm->pow_size), | ||
284 | GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE); | ||
285 | *cp = *rm; | ||
286 | memcpy (&cp[1], | ||
287 | &rm[1], | ||
288 | htonl (rm->pow_size)); | ||
289 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
290 | "Flooding revocation to `%s'\n", | ||
291 | GNUNET_i2s (target)); | ||
292 | GNUNET_MQ_send (pe->mq, | ||
293 | e); | ||
294 | return GNUNET_OK; | ||
295 | } | ||
296 | |||
297 | |||
298 | /** | ||
299 | * Publicize revocation message. Stores the message locally in the | ||
300 | * database and passes it to all connected neighbours (and adds it to | ||
301 | * the set for future connections). | ||
302 | * | ||
303 | * @param rm message to publicize | ||
304 | * @return #GNUNET_OK on success, #GNUNET_NO if we encountered an error, | ||
305 | * #GNUNET_SYSERR if the message was malformed | ||
306 | */ | ||
307 | static enum GNUNET_GenericReturnValue | ||
308 | publicize_rm (const struct RevokeMessage *rm) | ||
309 | { | ||
310 | struct RevokeMessage *cp; | ||
311 | struct GNUNET_HashCode hc; | ||
312 | struct GNUNET_SETU_Element e; | ||
313 | ssize_t pklen; | ||
314 | const struct GNUNET_REVOCATION_PowP *pow | ||
315 | = (const struct GNUNET_REVOCATION_PowP *) &rm[1]; | ||
316 | const struct GNUNET_IDENTITY_PublicKey *pk | ||
317 | = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
318 | |||
319 | pklen = GNUNET_IDENTITY_key_get_length (pk); | ||
320 | if (0 > pklen) | ||
321 | { | ||
322 | GNUNET_break_op (0); | ||
323 | return GNUNET_SYSERR; | ||
324 | } | ||
325 | GNUNET_CRYPTO_hash (pk, | ||
326 | pklen, | ||
327 | &hc); | ||
328 | if (GNUNET_YES == | ||
329 | GNUNET_CONTAINER_multihashmap_contains (revocation_map, | ||
330 | &hc)) | ||
331 | { | ||
332 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
333 | "Duplicate revocation received from peer. Ignored.\n"); | ||
334 | return GNUNET_OK; | ||
335 | } | ||
336 | if (GNUNET_OK != | ||
337 | verify_revoke_message (rm)) | ||
338 | { | ||
339 | GNUNET_break_op (0); | ||
340 | return GNUNET_SYSERR; | ||
341 | } | ||
342 | /* write to disk */ | ||
343 | if (sizeof(struct RevokeMessage) != | ||
344 | GNUNET_DISK_file_write (revocation_db, | ||
345 | rm, | ||
346 | sizeof(struct RevokeMessage))) | ||
347 | { | ||
348 | GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, | ||
349 | "write"); | ||
350 | return GNUNET_NO; | ||
351 | } | ||
352 | if (GNUNET_OK != | ||
353 | GNUNET_DISK_file_sync (revocation_db)) | ||
354 | { | ||
355 | GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, | ||
356 | "sync"); | ||
357 | return GNUNET_NO; | ||
358 | } | ||
359 | /* keep copy in memory */ | ||
360 | cp = (struct RevokeMessage *) GNUNET_copy_message (&rm->header); | ||
361 | GNUNET_break (GNUNET_OK == | ||
362 | GNUNET_CONTAINER_multihashmap_put (revocation_map, | ||
363 | &hc, | ||
364 | cp, | ||
365 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)); | ||
366 | /* add to set for future connections */ | ||
367 | e.size = htons (rm->header.size); | ||
368 | e.element_type = GNUNET_BLOCK_TYPE_REVOCATION; | ||
369 | e.data = rm; | ||
370 | if (GNUNET_OK != | ||
371 | GNUNET_SETU_add_element (revocation_set, | ||
372 | &e, | ||
373 | NULL, | ||
374 | NULL)) | ||
375 | { | ||
376 | GNUNET_break (0); | ||
377 | return GNUNET_OK; | ||
378 | } | ||
379 | else | ||
380 | { | ||
381 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
382 | "Added revocation info to SET\n"); | ||
383 | } | ||
384 | /* flood to neighbours */ | ||
385 | GNUNET_CONTAINER_multipeermap_iterate (peers, | ||
386 | &do_flood, | ||
387 | cp); | ||
388 | return GNUNET_OK; | ||
389 | } | ||
390 | |||
391 | |||
392 | static int | ||
393 | check_revoke_message (void *cls, | ||
394 | const struct RevokeMessage *rm) | ||
395 | { | ||
396 | uint16_t size; | ||
397 | |||
398 | size = ntohs (rm->header.size); | ||
399 | if (size <= sizeof(struct RevokeMessage) || | ||
400 | (size > UINT16_MAX)) | ||
401 | { | ||
402 | GNUNET_break (0); | ||
403 | return GNUNET_SYSERR; | ||
404 | } | ||
405 | return GNUNET_OK; | ||
406 | |||
407 | } | ||
408 | |||
409 | |||
410 | /** | ||
411 | * Handle REVOKE message from client. | ||
412 | * | ||
413 | * @param cls client who sent the message | ||
414 | * @param rm the message received | ||
415 | */ | ||
416 | static void | ||
417 | handle_revoke_message (void *cls, | ||
418 | const struct RevokeMessage *rm) | ||
419 | { | ||
420 | struct GNUNET_SERVICE_Client *client = cls; | ||
421 | struct GNUNET_MQ_Envelope *env; | ||
422 | struct RevocationResponseMessage *rrm; | ||
423 | int ret; | ||
424 | |||
425 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
426 | "Received REVOKE message from client\n"); | ||
427 | if (GNUNET_SYSERR == (ret = publicize_rm (rm))) | ||
428 | { | ||
429 | GNUNET_break_op (0); | ||
430 | GNUNET_SERVICE_client_drop (client); | ||
431 | return; | ||
432 | } | ||
433 | env = GNUNET_MQ_msg (rrm, | ||
434 | GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE_RESPONSE); | ||
435 | rrm->is_valid = htonl ((GNUNET_OK == ret) ? GNUNET_NO : GNUNET_YES); | ||
436 | GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq (client), | ||
437 | env); | ||
438 | GNUNET_SERVICE_client_continue (client); | ||
439 | } | ||
440 | |||
441 | |||
442 | static int | ||
443 | check_p2p_revoke (void *cls, | ||
444 | const struct RevokeMessage *rm) | ||
445 | { | ||
446 | uint16_t size; | ||
447 | |||
448 | size = ntohs (rm->header.size); | ||
449 | if (size <= sizeof(struct RevokeMessage)) | ||
450 | { | ||
451 | GNUNET_break (0); | ||
452 | return GNUNET_SYSERR; | ||
453 | } | ||
454 | return GNUNET_OK; | ||
455 | |||
456 | } | ||
457 | |||
458 | |||
459 | /** | ||
460 | * Core handler for flooded revocation messages. | ||
461 | * | ||
462 | * @param cls closure unused | ||
463 | * @param rm revocation message | ||
464 | */ | ||
465 | static void | ||
466 | handle_p2p_revoke (void *cls, | ||
467 | const struct RevokeMessage *rm) | ||
468 | { | ||
469 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
470 | "Received REVOKE message\n"); | ||
471 | GNUNET_break_op (GNUNET_SYSERR != | ||
472 | publicize_rm (rm)); | ||
473 | } | ||
474 | |||
475 | |||
476 | /** | ||
477 | * Callback for set operation results. Called for each element in the | ||
478 | * result set. Each element contains a revocation, which we should | ||
479 | * validate and then add to our revocation list (and set). | ||
480 | * | ||
481 | * @param cls closure | ||
482 | * @param element a result element, only valid if status is #GNUNET_SETU_STATUS_OK | ||
483 | * @param current_size current set size | ||
484 | * @param status see `enum GNUNET_SETU_Status` | ||
485 | */ | ||
486 | static void | ||
487 | add_revocation (void *cls, | ||
488 | const struct GNUNET_SETU_Element *element, | ||
489 | uint64_t current_size, | ||
490 | enum GNUNET_SETU_Status status) | ||
491 | { | ||
492 | struct PeerEntry *peer_entry = cls; | ||
493 | const struct RevokeMessage *rm; | ||
494 | |||
495 | switch (status) | ||
496 | { | ||
497 | case GNUNET_SETU_STATUS_ADD_LOCAL: | ||
498 | if (element->size != sizeof(struct RevokeMessage)) | ||
499 | { | ||
500 | GNUNET_break_op (0); | ||
501 | return; | ||
502 | } | ||
503 | if (GNUNET_BLOCK_TYPE_REVOCATION != element->element_type) | ||
504 | { | ||
505 | GNUNET_STATISTICS_update (stats, | ||
506 | gettext_noop ( | ||
507 | "# unsupported revocations received via set union"), | ||
508 | 1, | ||
509 | GNUNET_NO); | ||
510 | return; | ||
511 | } | ||
512 | rm = element->data; | ||
513 | (void) handle_p2p_revoke (NULL, | ||
514 | rm); | ||
515 | GNUNET_STATISTICS_update (stats, | ||
516 | gettext_noop ( | ||
517 | "# revocation messages received via set union"), | ||
518 | 1, GNUNET_NO); | ||
519 | break; | ||
520 | case GNUNET_SETU_STATUS_FAILURE: | ||
521 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
522 | _ ("Error computing revocation set union with %s\n"), | ||
523 | GNUNET_i2s (&peer_entry->id)); | ||
524 | peer_entry->so = NULL; | ||
525 | GNUNET_STATISTICS_update (stats, | ||
526 | gettext_noop ("# revocation set unions failed"), | ||
527 | 1, | ||
528 | GNUNET_NO); | ||
529 | break; | ||
530 | case GNUNET_SETU_STATUS_DONE: | ||
531 | peer_entry->so = NULL; | ||
532 | GNUNET_STATISTICS_update (stats, | ||
533 | gettext_noop ( | ||
534 | "# revocation set unions completed"), | ||
535 | 1, | ||
536 | GNUNET_NO); | ||
537 | break; | ||
538 | default: | ||
539 | GNUNET_break (0); | ||
540 | break; | ||
541 | } | ||
542 | } | ||
543 | |||
544 | |||
545 | /** | ||
546 | * The timeout for performing the set union has expired, | ||
547 | * run the set operation on the revocation certificates. | ||
548 | * | ||
549 | * @param cls NULL | ||
550 | */ | ||
551 | static void | ||
552 | transmit_task_cb (void *cls) | ||
553 | { | ||
554 | struct PeerEntry *peer_entry = cls; | ||
555 | |||
556 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
557 | "Starting set exchange with peer `%s'\n", | ||
558 | GNUNET_i2s (&peer_entry->id)); | ||
559 | peer_entry->transmit_task = NULL; | ||
560 | GNUNET_assert (NULL == peer_entry->so); | ||
561 | peer_entry->so = GNUNET_SETU_prepare (&peer_entry->id, | ||
562 | &revocation_set_union_app_id, | ||
563 | NULL, | ||
564 | (struct GNUNET_SETU_Option[]) { { 0 } }, | ||
565 | &add_revocation, | ||
566 | peer_entry); | ||
567 | if (GNUNET_OK != | ||
568 | GNUNET_SETU_commit (peer_entry->so, | ||
569 | revocation_set)) | ||
570 | { | ||
571 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
572 | _ ("SET service crashed, terminating revocation service\n")); | ||
573 | GNUNET_SCHEDULER_shutdown (); | ||
574 | return; | ||
575 | } | ||
576 | } | ||
577 | |||
578 | |||
579 | /** | ||
580 | * Method called whenever a peer connects. Sets up the PeerEntry and | ||
581 | * schedules the initial revocation set exchange with this peer. | ||
582 | * | ||
583 | * @param cls closure | ||
584 | * @param peer peer identity this notification is about | ||
585 | */ | ||
586 | static void * | ||
587 | handle_core_connect (void *cls, | ||
588 | const struct GNUNET_PeerIdentity *peer, | ||
589 | struct GNUNET_MQ_Handle *mq) | ||
590 | { | ||
591 | struct PeerEntry *peer_entry; | ||
592 | struct GNUNET_HashCode my_hash; | ||
593 | struct GNUNET_HashCode peer_hash; | ||
594 | |||
595 | if (0 == GNUNET_memcmp (peer, | ||
596 | &my_identity)) | ||
597 | { | ||
598 | return NULL; | ||
599 | } | ||
600 | |||
601 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
602 | "Peer `%s' connected to us\n", | ||
603 | GNUNET_i2s (peer)); | ||
604 | GNUNET_STATISTICS_update (stats, | ||
605 | "# peers connected", | ||
606 | 1, | ||
607 | GNUNET_NO); | ||
608 | peer_entry = GNUNET_CONTAINER_multipeermap_get (peers, | ||
609 | peer); | ||
610 | if (NULL != peer_entry) | ||
611 | { | ||
612 | /* This can happen if "core"'s notification is a tad late | ||
613 | and CADET+SET were faster and already produced a | ||
614 | #handle_revocation_union_request() for us to deal | ||
615 | with. This should be rare, but isn't impossible. */ | ||
616 | peer_entry->mq = mq; | ||
617 | return peer_entry; | ||
618 | } | ||
619 | peer_entry = new_peer_entry (peer); | ||
620 | peer_entry->mq = mq; | ||
621 | GNUNET_CRYPTO_hash (&my_identity, | ||
622 | sizeof(my_identity), | ||
623 | &my_hash); | ||
624 | GNUNET_CRYPTO_hash (peer, | ||
625 | sizeof(*peer), | ||
626 | &peer_hash); | ||
627 | if (0 < GNUNET_CRYPTO_hash_cmp (&my_hash, | ||
628 | &peer_hash)) | ||
629 | { | ||
630 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
631 | "Starting SET operation with peer `%s'\n", | ||
632 | GNUNET_i2s (peer)); | ||
633 | peer_entry->transmit_task = | ||
634 | GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_SECONDS, | ||
635 | &transmit_task_cb, | ||
636 | peer_entry); | ||
637 | } | ||
638 | return peer_entry; | ||
639 | } | ||
640 | |||
641 | |||
642 | /** | ||
643 | * Method called whenever a peer disconnects. Deletes the PeerEntry and cancels | ||
644 | * any pending transmission requests to that peer. | ||
645 | * | ||
646 | * @param cls closure | ||
647 | * @param peer peer identity this notification is about | ||
648 | * @param internal_cls our `struct PeerEntry` for this peer | ||
649 | */ | ||
650 | static void | ||
651 | handle_core_disconnect (void *cls, | ||
652 | const struct GNUNET_PeerIdentity *peer, | ||
653 | void *internal_cls) | ||
654 | { | ||
655 | struct PeerEntry *peer_entry = internal_cls; | ||
656 | |||
657 | if (0 == GNUNET_memcmp (peer, | ||
658 | &my_identity)) | ||
659 | return; | ||
660 | GNUNET_assert (NULL != peer_entry); | ||
661 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
662 | "Peer `%s' disconnected from us\n", | ||
663 | GNUNET_i2s (peer)); | ||
664 | GNUNET_assert (GNUNET_YES == | ||
665 | GNUNET_CONTAINER_multipeermap_remove (peers, | ||
666 | peer, | ||
667 | peer_entry)); | ||
668 | if (NULL != peer_entry->transmit_task) | ||
669 | { | ||
670 | GNUNET_SCHEDULER_cancel (peer_entry->transmit_task); | ||
671 | peer_entry->transmit_task = NULL; | ||
672 | } | ||
673 | if (NULL != peer_entry->so) | ||
674 | { | ||
675 | GNUNET_SETU_operation_cancel (peer_entry->so); | ||
676 | peer_entry->so = NULL; | ||
677 | } | ||
678 | GNUNET_free (peer_entry); | ||
679 | GNUNET_STATISTICS_update (stats, | ||
680 | "# peers connected", | ||
681 | -1, | ||
682 | GNUNET_NO); | ||
683 | } | ||
684 | |||
685 | |||
686 | /** | ||
687 | * Free all values in a hash map. | ||
688 | * | ||
689 | * @param cls NULL | ||
690 | * @param key the key | ||
691 | * @param value value to free | ||
692 | * @return #GNUNET_OK (continue to iterate) | ||
693 | */ | ||
694 | static int | ||
695 | free_entry (void *cls, | ||
696 | const struct GNUNET_HashCode *key, | ||
697 | void *value) | ||
698 | { | ||
699 | GNUNET_free (value); | ||
700 | return GNUNET_OK; | ||
701 | } | ||
702 | |||
703 | |||
704 | /** | ||
705 | * Task run during shutdown. | ||
706 | * | ||
707 | * @param cls unused | ||
708 | */ | ||
709 | static void | ||
710 | shutdown_task (void *cls) | ||
711 | { | ||
712 | if (NULL != revocation_set) | ||
713 | { | ||
714 | GNUNET_SETU_destroy (revocation_set); | ||
715 | revocation_set = NULL; | ||
716 | } | ||
717 | if (NULL != revocation_union_listen_handle) | ||
718 | { | ||
719 | GNUNET_SETU_listen_cancel (revocation_union_listen_handle); | ||
720 | revocation_union_listen_handle = NULL; | ||
721 | } | ||
722 | if (NULL != core_api) | ||
723 | { | ||
724 | GNUNET_CORE_disconnect (core_api); | ||
725 | core_api = NULL; | ||
726 | } | ||
727 | if (NULL != stats) | ||
728 | { | ||
729 | GNUNET_STATISTICS_destroy (stats, GNUNET_NO); | ||
730 | stats = NULL; | ||
731 | } | ||
732 | if (NULL != peers) | ||
733 | { | ||
734 | GNUNET_CONTAINER_multipeermap_destroy (peers); | ||
735 | peers = NULL; | ||
736 | } | ||
737 | if (NULL != revocation_db) | ||
738 | { | ||
739 | GNUNET_DISK_file_close (revocation_db); | ||
740 | revocation_db = NULL; | ||
741 | } | ||
742 | GNUNET_CONTAINER_multihashmap_iterate (revocation_map, | ||
743 | &free_entry, | ||
744 | NULL); | ||
745 | GNUNET_CONTAINER_multihashmap_destroy (revocation_map); | ||
746 | } | ||
747 | |||
748 | |||
749 | /** | ||
750 | * Called on core init/fail. | ||
751 | * | ||
752 | * @param cls service closure | ||
753 | * @param identity the public identity of this peer | ||
754 | */ | ||
755 | static void | ||
756 | core_init (void *cls, | ||
757 | const struct GNUNET_PeerIdentity *identity) | ||
758 | { | ||
759 | if (NULL == identity) | ||
760 | { | ||
761 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
762 | "Connection to core FAILED!\n"); | ||
763 | GNUNET_SCHEDULER_shutdown (); | ||
764 | return; | ||
765 | } | ||
766 | my_identity = *identity; | ||
767 | } | ||
768 | |||
769 | |||
770 | /** | ||
771 | * Called when another peer wants to do a set operation with the | ||
772 | * local peer. If a listen error occurs, the 'request' is NULL. | ||
773 | * | ||
774 | * @param cls closure | ||
775 | * @param other_peer the other peer | ||
776 | * @param context_msg message with application specific information from | ||
777 | * the other peer | ||
778 | * @param request request from the other peer (never NULL), use GNUNET_SETU_accept() | ||
779 | * to accept it, otherwise the request will be refused | ||
780 | * Note that we can't just return value from the listen callback, | ||
781 | * as it is also necessary to specify the set we want to do the | ||
782 | * operation with, which sometimes can be derived from the context | ||
783 | * message. It's necessary to specify the timeout. | ||
784 | */ | ||
785 | static void | ||
786 | handle_revocation_union_request (void *cls, | ||
787 | const struct GNUNET_PeerIdentity *other_peer, | ||
788 | const struct GNUNET_MessageHeader *context_msg, | ||
789 | struct GNUNET_SETU_Request *request) | ||
790 | { | ||
791 | struct PeerEntry *peer_entry; | ||
792 | |||
793 | if (NULL == request) | ||
794 | { | ||
795 | GNUNET_break (0); | ||
796 | return; | ||
797 | } | ||
798 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
799 | "Received set exchange request from peer `%s'\n", | ||
800 | GNUNET_i2s (other_peer)); | ||
801 | peer_entry = GNUNET_CONTAINER_multipeermap_get (peers, | ||
802 | other_peer); | ||
803 | if (NULL == peer_entry) | ||
804 | { | ||
805 | peer_entry = new_peer_entry (other_peer); | ||
806 | } | ||
807 | if (NULL != peer_entry->so) | ||
808 | { | ||
809 | GNUNET_break_op (0); | ||
810 | return; | ||
811 | } | ||
812 | peer_entry->so = GNUNET_SETU_accept (request, | ||
813 | (struct GNUNET_SETU_Option[]) { { 0 } }, | ||
814 | &add_revocation, | ||
815 | peer_entry); | ||
816 | if (GNUNET_OK != | ||
817 | GNUNET_SETU_commit (peer_entry->so, | ||
818 | revocation_set)) | ||
819 | { | ||
820 | GNUNET_break (0); | ||
821 | GNUNET_SCHEDULER_shutdown (); | ||
822 | return; | ||
823 | } | ||
824 | } | ||
825 | |||
826 | |||
827 | /** | ||
828 | * Handle network size estimate clients. | ||
829 | * | ||
830 | * @param cls closure | ||
831 | * @param server the initialized server | ||
832 | * @param c configuration to use | ||
833 | */ | ||
834 | static void | ||
835 | run (void *cls, | ||
836 | const struct GNUNET_CONFIGURATION_Handle *c, | ||
837 | struct GNUNET_SERVICE_Handle *service) | ||
838 | { | ||
839 | struct GNUNET_MQ_MessageHandler core_handlers[] = { | ||
840 | GNUNET_MQ_hd_var_size (p2p_revoke, | ||
841 | GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE, | ||
842 | struct RevokeMessage, | ||
843 | NULL), | ||
844 | GNUNET_MQ_handler_end () | ||
845 | }; | ||
846 | char *fn; | ||
847 | uint64_t left; | ||
848 | struct RevokeMessage *rm; | ||
849 | struct GNUNET_HashCode hc; | ||
850 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
851 | |||
852 | GNUNET_CRYPTO_hash ("revocation-set-union-application-id", | ||
853 | strlen ("revocation-set-union-application-id"), | ||
854 | &revocation_set_union_app_id); | ||
855 | if (GNUNET_OK != | ||
856 | GNUNET_CONFIGURATION_get_value_filename (c, | ||
857 | "REVOCATION", | ||
858 | "DATABASE", | ||
859 | &fn)) | ||
860 | { | ||
861 | GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, | ||
862 | "REVOCATION", | ||
863 | "DATABASE"); | ||
864 | GNUNET_SCHEDULER_shutdown (); | ||
865 | return; | ||
866 | } | ||
867 | cfg = c; | ||
868 | revocation_map = GNUNET_CONTAINER_multihashmap_create (16, | ||
869 | GNUNET_NO); | ||
870 | if (GNUNET_OK != | ||
871 | GNUNET_CONFIGURATION_get_value_number (cfg, | ||
872 | "REVOCATION", | ||
873 | "WORKBITS", | ||
874 | &revocation_work_required)) | ||
875 | { | ||
876 | GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, | ||
877 | "REVOCATION", | ||
878 | "WORKBITS"); | ||
879 | GNUNET_SCHEDULER_shutdown (); | ||
880 | GNUNET_free (fn); | ||
881 | return; | ||
882 | } | ||
883 | if (revocation_work_required >= sizeof(struct GNUNET_HashCode) * 8) | ||
884 | { | ||
885 | GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, | ||
886 | "REVOCATION", | ||
887 | "WORKBITS", | ||
888 | _ ("Value is too large.\n")); | ||
889 | GNUNET_SCHEDULER_shutdown (); | ||
890 | GNUNET_free (fn); | ||
891 | return; | ||
892 | } | ||
893 | if (GNUNET_OK != | ||
894 | GNUNET_CONFIGURATION_get_value_time (cfg, | ||
895 | "REVOCATION", | ||
896 | "EPOCH_DURATION", | ||
897 | &epoch_duration)) | ||
898 | { | ||
899 | GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, | ||
900 | "REVOCATION", | ||
901 | "EPOCH_DURATION"); | ||
902 | GNUNET_SCHEDULER_shutdown (); | ||
903 | GNUNET_free (fn); | ||
904 | return; | ||
905 | } | ||
906 | |||
907 | revocation_set = GNUNET_SETU_create (cfg); | ||
908 | revocation_union_listen_handle | ||
909 | = GNUNET_SETU_listen (cfg, | ||
910 | &revocation_set_union_app_id, | ||
911 | &handle_revocation_union_request, | ||
912 | NULL); | ||
913 | revocation_db = GNUNET_DISK_file_open (fn, | ||
914 | GNUNET_DISK_OPEN_READWRITE | ||
915 | | GNUNET_DISK_OPEN_CREATE, | ||
916 | GNUNET_DISK_PERM_USER_READ | ||
917 | | GNUNET_DISK_PERM_USER_WRITE | ||
918 | | GNUNET_DISK_PERM_GROUP_READ | ||
919 | | GNUNET_DISK_PERM_OTHER_READ); | ||
920 | if (NULL == revocation_db) | ||
921 | { | ||
922 | GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, | ||
923 | "REVOCATION", | ||
924 | "DATABASE", | ||
925 | _ ("Could not open revocation database file!")); | ||
926 | GNUNET_SCHEDULER_shutdown (); | ||
927 | GNUNET_free (fn); | ||
928 | return; | ||
929 | } | ||
930 | if (GNUNET_OK != | ||
931 | GNUNET_DISK_file_size (fn, &left, GNUNET_YES, GNUNET_YES)) | ||
932 | left = 0; | ||
933 | while (left > sizeof(struct RevokeMessage)) | ||
934 | { | ||
935 | rm = GNUNET_new (struct RevokeMessage); | ||
936 | if (sizeof(struct RevokeMessage) != | ||
937 | GNUNET_DISK_file_read (revocation_db, | ||
938 | rm, | ||
939 | sizeof(struct RevokeMessage))) | ||
940 | { | ||
941 | GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, | ||
942 | "read", | ||
943 | fn); | ||
944 | GNUNET_free (rm); | ||
945 | GNUNET_SCHEDULER_shutdown (); | ||
946 | GNUNET_free (fn); | ||
947 | return; | ||
948 | } | ||
949 | struct GNUNET_REVOCATION_PowP *pow = (struct | ||
950 | GNUNET_REVOCATION_PowP *) &rm[1]; | ||
951 | ssize_t ksize; | ||
952 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
953 | ksize = GNUNET_IDENTITY_key_get_length (pk); | ||
954 | if (0 > ksize) | ||
955 | { | ||
956 | GNUNET_break_op (0); | ||
957 | GNUNET_free (rm); | ||
958 | GNUNET_free (fn); | ||
959 | return; | ||
960 | } | ||
961 | GNUNET_CRYPTO_hash (pk, | ||
962 | ksize, | ||
963 | &hc); | ||
964 | GNUNET_break (GNUNET_OK == | ||
965 | GNUNET_CONTAINER_multihashmap_put (revocation_map, | ||
966 | &hc, | ||
967 | rm, | ||
968 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)); | ||
969 | } | ||
970 | GNUNET_free (fn); | ||
971 | |||
972 | GNUNET_SCHEDULER_add_shutdown (&shutdown_task, | ||
973 | NULL); | ||
974 | peers = GNUNET_CONTAINER_multipeermap_create (128, | ||
975 | GNUNET_YES); | ||
976 | /* Connect to core service and register core handlers */ | ||
977 | core_api = GNUNET_CORE_connect (cfg, /* Main configuration */ | ||
978 | NULL, /* Closure passed to functions */ | ||
979 | &core_init, /* Call core_init once connected */ | ||
980 | &handle_core_connect, /* Handle connects */ | ||
981 | &handle_core_disconnect, /* Handle disconnects */ | ||
982 | core_handlers); /* Register these handlers */ | ||
983 | if (NULL == core_api) | ||
984 | { | ||
985 | GNUNET_SCHEDULER_shutdown (); | ||
986 | return; | ||
987 | } | ||
988 | stats = GNUNET_STATISTICS_create ("revocation", | ||
989 | cfg); | ||
990 | } | ||
991 | |||
992 | |||
993 | /** | ||
994 | * Define "main" method using service macro. | ||
995 | */ | ||
996 | GNUNET_SERVICE_MAIN | ||
997 | ("revocation", | ||
998 | GNUNET_SERVICE_OPTION_NONE, | ||
999 | &run, | ||
1000 | &client_connect_cb, | ||
1001 | &client_disconnect_cb, | ||
1002 | NULL, | ||
1003 | GNUNET_MQ_hd_fixed_size (query_message, | ||
1004 | GNUNET_MESSAGE_TYPE_REVOCATION_QUERY, | ||
1005 | struct QueryMessage, | ||
1006 | NULL), | ||
1007 | GNUNET_MQ_hd_var_size (revoke_message, | ||
1008 | GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE, | ||
1009 | struct RevokeMessage, | ||
1010 | NULL), | ||
1011 | GNUNET_MQ_handler_end ()); | ||
1012 | |||
1013 | |||
1014 | #if defined(__linux__) && defined(__GLIBC__) | ||
1015 | #include <malloc.h> | ||
1016 | |||
1017 | /** | ||
1018 | * MINIMIZE heap size (way below 128k) since this process doesn't need much. | ||
1019 | */ | ||
1020 | void __attribute__ ((constructor)) | ||
1021 | GNUNET_REVOCATION_memory_init () | ||
1022 | { | ||
1023 | mallopt (M_TRIM_THRESHOLD, 4 * 1024); | ||
1024 | mallopt (M_TOP_PAD, 1 * 1024); | ||
1025 | malloc_trim (0); | ||
1026 | } | ||
1027 | |||
1028 | |||
1029 | #endif | ||
1030 | |||
1031 | |||
1032 | /* end of gnunet-service-revocation.c */ | ||
diff --git a/src/revocation/plugin_block_revocation.c b/src/revocation/plugin_block_revocation.c deleted file mode 100644 index 12ec555e4..000000000 --- a/src/revocation/plugin_block_revocation.c +++ /dev/null | |||
@@ -1,297 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet | ||
3 | Copyright (C) 2017 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file block/plugin_block_revocation.c | ||
23 | * @brief revocation for a block plugin | ||
24 | * @author Christian Grothoff | ||
25 | */ | ||
26 | |||
27 | #include "platform.h" | ||
28 | #include "gnunet_signatures.h" | ||
29 | #include "gnunet_block_plugin.h" | ||
30 | #include "gnunet_block_group_lib.h" | ||
31 | #include "revocation.h" | ||
32 | #include "gnunet_revocation_service.h" | ||
33 | |||
34 | #define DEBUG_REVOCATION GNUNET_EXTRA_LOGGING | ||
35 | |||
36 | /** | ||
37 | * Context used inside the plugin. | ||
38 | */ | ||
39 | struct InternalContext | ||
40 | { | ||
41 | unsigned int matching_bits; | ||
42 | struct GNUNET_TIME_Relative epoch_duration; | ||
43 | }; | ||
44 | |||
45 | |||
46 | /** | ||
47 | * Function called to validate a query. | ||
48 | * | ||
49 | * @param cls closure | ||
50 | * @param ctx block context | ||
51 | * @param type block type | ||
52 | * @param query original query (hash) | ||
53 | * @param xquery extrended query data (can be NULL, depending on type) | ||
54 | * @param xquery_size number of bytes in @a xquery | ||
55 | * @return #GNUNET_OK if the query is fine, #GNUNET_NO if not | ||
56 | */ | ||
57 | static enum GNUNET_GenericReturnValue | ||
58 | block_plugin_revocation_check_query (void *cls, | ||
59 | enum GNUNET_BLOCK_Type type, | ||
60 | const struct GNUNET_HashCode *query, | ||
61 | const void *xquery, | ||
62 | size_t xquery_size) | ||
63 | { | ||
64 | (void) cls; | ||
65 | (void) query; | ||
66 | (void) xquery; | ||
67 | if (GNUNET_BLOCK_TYPE_REVOCATION != type) | ||
68 | { | ||
69 | GNUNET_break (0); | ||
70 | return GNUNET_SYSERR; | ||
71 | } | ||
72 | if (0 != xquery_size) | ||
73 | return GNUNET_NO; | ||
74 | return GNUNET_OK; | ||
75 | } | ||
76 | |||
77 | |||
78 | /** | ||
79 | * Function called to validate a block for storage. | ||
80 | * | ||
81 | * @param cls closure | ||
82 | * @param type block type | ||
83 | * @param block block data to validate | ||
84 | * @param block_size number of bytes in @a block | ||
85 | * @return #GNUNET_OK if the block is fine, #GNUNET_NO if not | ||
86 | */ | ||
87 | static enum GNUNET_GenericReturnValue | ||
88 | block_plugin_revocation_check_block (void *cls, | ||
89 | enum GNUNET_BLOCK_Type type, | ||
90 | const void *block, | ||
91 | size_t block_size) | ||
92 | { | ||
93 | struct InternalContext *ic = cls; | ||
94 | const struct RevokeMessage *rm = block; | ||
95 | const struct GNUNET_REVOCATION_PowP *pow | ||
96 | = (const struct GNUNET_REVOCATION_PowP *) &rm[1]; | ||
97 | struct GNUNET_IDENTITY_PublicKey pk; | ||
98 | ssize_t pklen; | ||
99 | size_t left; | ||
100 | |||
101 | if (GNUNET_BLOCK_TYPE_REVOCATION != type) | ||
102 | { | ||
103 | GNUNET_break (0); | ||
104 | return GNUNET_SYSERR; | ||
105 | } | ||
106 | if (block_size < sizeof(*rm) + sizeof(*pow)) | ||
107 | { | ||
108 | GNUNET_break_op (0); | ||
109 | return GNUNET_NO; | ||
110 | } | ||
111 | if (block_size != sizeof(*rm) + ntohl (rm->pow_size)) | ||
112 | { | ||
113 | GNUNET_break_op (0); | ||
114 | return GNUNET_NO; | ||
115 | } | ||
116 | left = block_size - sizeof (*rm) - sizeof (*pow); | ||
117 | pklen = GNUNET_IDENTITY_read_key_from_buffer (&pk, | ||
118 | &pow[1], | ||
119 | left); | ||
120 | if (0 > pklen) | ||
121 | { | ||
122 | GNUNET_break_op (0); | ||
123 | return GNUNET_NO; | ||
124 | } | ||
125 | if (GNUNET_YES != | ||
126 | GNUNET_REVOCATION_check_pow (pow, | ||
127 | ic->matching_bits, | ||
128 | ic->epoch_duration)) | ||
129 | { | ||
130 | GNUNET_break_op (0); | ||
131 | return GNUNET_NO; | ||
132 | } | ||
133 | return GNUNET_OK; | ||
134 | } | ||
135 | |||
136 | |||
137 | /** | ||
138 | * Function called to validate a reply to a request. Note that it is assumed | ||
139 | * that the reply has already been matched to the key (and signatures checked) | ||
140 | * as it would be done with the GetKeyFunction and the | ||
141 | * BlockEvaluationFunction. | ||
142 | * | ||
143 | * @param cls closure | ||
144 | * @param type block type | ||
145 | * @param group which block group to use for evaluation | ||
146 | * @param query original query (hash) | ||
147 | * @param xquery extrended query data (can be NULL, depending on type) | ||
148 | * @param xquery_size number of bytes in @a xquery | ||
149 | * @param reply_block response to validate | ||
150 | * @param reply_block_size number of bytes in @a reply_block | ||
151 | * @return characterization of result | ||
152 | */ | ||
153 | static enum GNUNET_BLOCK_ReplyEvaluationResult | ||
154 | block_plugin_revocation_check_reply ( | ||
155 | void *cls, | ||
156 | enum GNUNET_BLOCK_Type type, | ||
157 | struct GNUNET_BLOCK_Group *group, | ||
158 | const struct GNUNET_HashCode *query, | ||
159 | const void *xquery, | ||
160 | size_t xquery_size, | ||
161 | const void *reply_block, | ||
162 | size_t reply_block_size) | ||
163 | { | ||
164 | (void) cls; | ||
165 | (void) group; | ||
166 | (void) query; | ||
167 | (void) xquery; | ||
168 | (void) xquery_size; | ||
169 | (void) reply_block; | ||
170 | (void) reply_block_size; | ||
171 | if (GNUNET_BLOCK_TYPE_REVOCATION != type) | ||
172 | { | ||
173 | GNUNET_break (0); | ||
174 | return GNUNET_BLOCK_REPLY_TYPE_NOT_SUPPORTED; | ||
175 | } | ||
176 | return GNUNET_BLOCK_REPLY_OK_LAST; | ||
177 | } | ||
178 | |||
179 | |||
180 | /** | ||
181 | * Function called to obtain the key for a block. | ||
182 | * | ||
183 | * @param cls closure | ||
184 | * @param type block type | ||
185 | * @param block block to get the key for | ||
186 | * @param block_size number of bytes in block | ||
187 | * @param key set to the key (query) for the given block | ||
188 | * @return #GNUNET_OK on success, #GNUNET_SYSERR if type not supported | ||
189 | * (or if extracting a key from a block of this type does not work) | ||
190 | */ | ||
191 | static enum GNUNET_GenericReturnValue | ||
192 | block_plugin_revocation_get_key (void *cls, | ||
193 | enum GNUNET_BLOCK_Type type, | ||
194 | const void *block, | ||
195 | size_t block_size, | ||
196 | struct GNUNET_HashCode *key) | ||
197 | { | ||
198 | const struct RevokeMessage *rm = block; | ||
199 | const struct GNUNET_REVOCATION_PowP *pow | ||
200 | = (const struct GNUNET_REVOCATION_PowP *) &rm[1]; | ||
201 | struct GNUNET_IDENTITY_PublicKey pk; | ||
202 | ssize_t pklen; | ||
203 | size_t left; | ||
204 | |||
205 | if (GNUNET_BLOCK_TYPE_REVOCATION != type) | ||
206 | { | ||
207 | GNUNET_break (0); | ||
208 | return GNUNET_SYSERR; | ||
209 | } | ||
210 | if (block_size < sizeof(*rm) + sizeof(*pow)) | ||
211 | { | ||
212 | GNUNET_break_op (0); | ||
213 | return GNUNET_NO; | ||
214 | } | ||
215 | if (block_size != sizeof(*rm) + ntohl (rm->pow_size)) | ||
216 | { | ||
217 | GNUNET_break_op (0); | ||
218 | return GNUNET_NO; | ||
219 | } | ||
220 | left = block_size - sizeof (*rm) - sizeof (*pow); | ||
221 | pklen = GNUNET_IDENTITY_read_key_from_buffer (&pk, | ||
222 | &pow[1], | ||
223 | left); | ||
224 | if (0 > pklen) | ||
225 | { | ||
226 | GNUNET_break_op (0); | ||
227 | return GNUNET_NO; | ||
228 | } | ||
229 | GNUNET_CRYPTO_hash (&pow[1], | ||
230 | pklen, | ||
231 | key); | ||
232 | return GNUNET_OK; | ||
233 | } | ||
234 | |||
235 | |||
236 | /** | ||
237 | * Entry point for the plugin. | ||
238 | * | ||
239 | * @param cls the configuration to use | ||
240 | */ | ||
241 | void * | ||
242 | libgnunet_plugin_block_revocation_init (void *cls) | ||
243 | { | ||
244 | static const enum GNUNET_BLOCK_Type types[] = { | ||
245 | GNUNET_BLOCK_TYPE_REVOCATION, | ||
246 | GNUNET_BLOCK_TYPE_ANY /* end of list */ | ||
247 | }; | ||
248 | const struct GNUNET_CONFIGURATION_Handle *cfg = cls; | ||
249 | struct GNUNET_BLOCK_PluginFunctions *api; | ||
250 | struct InternalContext *ic; | ||
251 | unsigned long long matching_bits; | ||
252 | struct GNUNET_TIME_Relative epoch_duration; | ||
253 | |||
254 | if (GNUNET_OK != | ||
255 | GNUNET_CONFIGURATION_get_value_number (cfg, | ||
256 | "REVOCATION", | ||
257 | "WORKBITS", | ||
258 | &matching_bits)) | ||
259 | return NULL; | ||
260 | if (GNUNET_OK != | ||
261 | GNUNET_CONFIGURATION_get_value_time (cfg, | ||
262 | "REVOCATION", | ||
263 | "EPOCH_DURATION", | ||
264 | &epoch_duration)) | ||
265 | return NULL; | ||
266 | |||
267 | api = GNUNET_new (struct GNUNET_BLOCK_PluginFunctions); | ||
268 | api->get_key = &block_plugin_revocation_get_key; | ||
269 | api->check_query = &block_plugin_revocation_check_query; | ||
270 | api->check_block = &block_plugin_revocation_check_block; | ||
271 | api->check_reply = &block_plugin_revocation_check_reply; | ||
272 | api->create_group = NULL; | ||
273 | api->types = types; | ||
274 | ic = GNUNET_new (struct InternalContext); | ||
275 | ic->matching_bits = (unsigned int) matching_bits; | ||
276 | ic->epoch_duration = epoch_duration; | ||
277 | api->cls = ic; | ||
278 | return api; | ||
279 | } | ||
280 | |||
281 | |||
282 | /** | ||
283 | * Exit point from the plugin. | ||
284 | */ | ||
285 | void * | ||
286 | libgnunet_plugin_block_revocation_done (void *cls) | ||
287 | { | ||
288 | struct GNUNET_BLOCK_PluginFunctions *api = cls; | ||
289 | struct InternalContext *ic = api->cls; | ||
290 | |||
291 | GNUNET_free (ic); | ||
292 | GNUNET_free (api); | ||
293 | return NULL; | ||
294 | } | ||
295 | |||
296 | |||
297 | /* end of plugin_block_revocation.c */ | ||
diff --git a/src/revocation/revocation.conf.in b/src/revocation/revocation.conf.in deleted file mode 100644 index d2d7de46e..000000000 --- a/src/revocation/revocation.conf.in +++ /dev/null | |||
@@ -1,19 +0,0 @@ | |||
1 | [revocation] | ||
2 | START_ON_DEMAND = @START_ON_DEMAND@ | ||
3 | IMMEDIATE_START = YES | ||
4 | @JAVAPORT@PORT = 2112 | ||
5 | HOSTNAME = localhost | ||
6 | BINARY = gnunet-service-revocation | ||
7 | ACCEPT_FROM = 127.0.0.1; | ||
8 | ACCEPT_FROM6 = ::1; | ||
9 | UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-revocation.sock | ||
10 | UNIX_MATCH_UID = NO | ||
11 | UNIX_MATCH_GID = YES | ||
12 | |||
13 | # 2^25 hash operations take about 16-24h on a first-generation i7 | ||
14 | # (using only a single-core) with SCRYPT. | ||
15 | # DO NOT CHANGE THIS VALUE, doing so will break the protocol! | ||
16 | WORKBITS = 22 | ||
17 | EPOCH_DURATION = 365 d | ||
18 | |||
19 | DATABASE = $GNUNET_DATA_HOME/revocation.dat | ||
diff --git a/src/revocation/revocation.h b/src/revocation/revocation.h deleted file mode 100644 index 490abf180..000000000 --- a/src/revocation/revocation.h +++ /dev/null | |||
@@ -1,125 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2013 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @author Christian Grothoff | ||
23 | * @file revocation/revocation.h | ||
24 | * @brief messages for key revocation | ||
25 | */ | ||
26 | #ifndef REVOCATION_H | ||
27 | #define REVOCATION_H | ||
28 | |||
29 | #include "gnunet_util_lib.h" | ||
30 | #include "gnunet_revocation_service.h" | ||
31 | |||
32 | GNUNET_NETWORK_STRUCT_BEGIN | ||
33 | |||
34 | /** | ||
35 | * Query key revocation status. | ||
36 | */ | ||
37 | struct QueryMessage | ||
38 | { | ||
39 | /** | ||
40 | * Type: #GNUNET_MESSAGE_TYPE_REVOCATION_QUERY | ||
41 | */ | ||
42 | struct GNUNET_MessageHeader header; | ||
43 | |||
44 | /** | ||
45 | * For alignment. | ||
46 | */ | ||
47 | uint32_t reserved GNUNET_PACKED; | ||
48 | |||
49 | /** | ||
50 | * Key to check. | ||
51 | */ | ||
52 | struct GNUNET_IDENTITY_PublicKey key; | ||
53 | }; | ||
54 | |||
55 | |||
56 | /** | ||
57 | * Key revocation response. | ||
58 | */ | ||
59 | struct QueryResponseMessage | ||
60 | { | ||
61 | /** | ||
62 | * Type: #GNUNET_MESSAGE_TYPE_REVOCATION_QUERY_RESPONSE | ||
63 | */ | ||
64 | struct GNUNET_MessageHeader header; | ||
65 | |||
66 | /** | ||
67 | * #GNUNET_NO if revoked, #GNUNET_YES if valid. | ||
68 | */ | ||
69 | uint32_t is_valid GNUNET_PACKED; | ||
70 | }; | ||
71 | |||
72 | |||
73 | /** | ||
74 | * Revoke key. These messages are exchanged between peers (during | ||
75 | * flooding) but also sent by the client to the service. When the | ||
76 | * client sends it to the service, the message is answered by a | ||
77 | * #GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE_RESPONSE (which is just | ||
78 | * in a `struct GNUNET_MessageHeader`. | ||
79 | */ | ||
80 | struct RevokeMessage | ||
81 | { | ||
82 | /** | ||
83 | * Type: #GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE | ||
84 | */ | ||
85 | struct GNUNET_MessageHeader header; | ||
86 | |||
87 | /** | ||
88 | * Length of PoW with signature. | ||
89 | */ | ||
90 | uint32_t pow_size GNUNET_PACKED; | ||
91 | |||
92 | /** Followed by the PoW **/ | ||
93 | }; | ||
94 | |||
95 | |||
96 | /** | ||
97 | * Key revocation response. | ||
98 | */ | ||
99 | struct RevocationResponseMessage | ||
100 | { | ||
101 | /** | ||
102 | * Type: #GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE_RESPONSE | ||
103 | */ | ||
104 | struct GNUNET_MessageHeader header; | ||
105 | |||
106 | /** | ||
107 | * #GNUNET_NO if revocation failed for internal reasons (e.g. disk full) | ||
108 | * #GNUNET_YES on success | ||
109 | */ | ||
110 | uint32_t is_valid GNUNET_PACKED; | ||
111 | }; | ||
112 | |||
113 | |||
114 | GNUNET_NETWORK_STRUCT_END | ||
115 | |||
116 | /** | ||
117 | * Create the revocation metadata to sign for a revocation message | ||
118 | * | ||
119 | * @param pow the PoW to sign | ||
120 | * @return the signature purpose | ||
121 | */ | ||
122 | struct GNUNET_REVOCATION_SignaturePurposePS * | ||
123 | REV_create_signature_message (const struct GNUNET_REVOCATION_PowP *pow); | ||
124 | |||
125 | #endif | ||
diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c deleted file mode 100644 index b8c458e4f..000000000 --- a/src/revocation/revocation_api.c +++ /dev/null | |||
@@ -1,773 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet | ||
3 | Copyright (C) 2013, 2016 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | /** | ||
21 | * @file revocation/revocation_api.c | ||
22 | * @brief API to perform and access key revocations | ||
23 | * @author Christian Grothoff | ||
24 | */ | ||
25 | #include "platform.h" | ||
26 | #include "gnunet_revocation_service.h" | ||
27 | #include "gnunet_signatures.h" | ||
28 | #include "gnunet_protocols.h" | ||
29 | #include "revocation.h" | ||
30 | #include <inttypes.h> | ||
31 | |||
32 | /** | ||
33 | * Handle for the key revocation query. | ||
34 | */ | ||
35 | struct GNUNET_REVOCATION_Query | ||
36 | { | ||
37 | /** | ||
38 | * Message queue to the service. | ||
39 | */ | ||
40 | struct GNUNET_MQ_Handle *mq; | ||
41 | |||
42 | /** | ||
43 | * Function to call with the result. | ||
44 | */ | ||
45 | GNUNET_REVOCATION_Callback func; | ||
46 | |||
47 | /** | ||
48 | * Closure for @e func. | ||
49 | */ | ||
50 | void *func_cls; | ||
51 | }; | ||
52 | |||
53 | |||
54 | /** | ||
55 | * Helper struct that holds a found pow nonce | ||
56 | * and the corresponding number of leading zeros. | ||
57 | */ | ||
58 | struct BestPow | ||
59 | { | ||
60 | /** | ||
61 | * PoW nonce | ||
62 | */ | ||
63 | uint64_t pow; | ||
64 | |||
65 | /** | ||
66 | * Corresponding zero bits in hash | ||
67 | */ | ||
68 | unsigned int bits; | ||
69 | }; | ||
70 | |||
71 | |||
72 | /** | ||
73 | * The handle to a PoW calculation. | ||
74 | * Used in iterative PoW rounds. | ||
75 | */ | ||
76 | struct GNUNET_REVOCATION_PowCalculationHandle | ||
77 | { | ||
78 | /** | ||
79 | * Current set of found PoWs | ||
80 | */ | ||
81 | struct BestPow best[POW_COUNT]; | ||
82 | |||
83 | /** | ||
84 | * The final PoW result data structure. | ||
85 | */ | ||
86 | struct GNUNET_REVOCATION_PowP *pow; | ||
87 | |||
88 | /** | ||
89 | * The current nonce to try | ||
90 | */ | ||
91 | uint64_t current_pow; | ||
92 | |||
93 | /** | ||
94 | * Epochs how long the PoW should be valid. | ||
95 | * This is added on top of the difficulty in the PoW. | ||
96 | */ | ||
97 | unsigned int epochs; | ||
98 | |||
99 | /** | ||
100 | * The difficulty (leading zeros) to achieve. | ||
101 | */ | ||
102 | unsigned int difficulty; | ||
103 | |||
104 | }; | ||
105 | |||
106 | static struct GNUNET_CRYPTO_PowSalt salt = { "GnsRevocationPow" }; | ||
107 | |||
108 | /** | ||
109 | * Generic error handler, called with the appropriate | ||
110 | * error code and the same closure specified at the creation of | ||
111 | * the message queue. | ||
112 | * Not every message queue implementation supports an error handler. | ||
113 | * | ||
114 | * @param cls closure with the `struct GNUNET_NSE_Handle *` | ||
115 | * @param error error code | ||
116 | */ | ||
117 | static void | ||
118 | query_mq_error_handler (void *cls, | ||
119 | enum GNUNET_MQ_Error error) | ||
120 | { | ||
121 | struct GNUNET_REVOCATION_Query *q = cls; | ||
122 | |||
123 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
124 | "Revocation query MQ error\n"); | ||
125 | q->func (q->func_cls, | ||
126 | GNUNET_SYSERR); | ||
127 | GNUNET_REVOCATION_query_cancel (q); | ||
128 | } | ||
129 | |||
130 | |||
131 | /** | ||
132 | * Handle response to our revocation query. | ||
133 | * | ||
134 | * @param cls our `struct GNUNET_REVOCATION_Query` handle | ||
135 | * @param qrm response we got | ||
136 | */ | ||
137 | static void | ||
138 | handle_revocation_query_response (void *cls, | ||
139 | const struct QueryResponseMessage *qrm) | ||
140 | { | ||
141 | struct GNUNET_REVOCATION_Query *q = cls; | ||
142 | |||
143 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
144 | "Revocation query result: %d\n", | ||
145 | (uint32_t) ntohl (qrm->is_valid)); | ||
146 | q->func (q->func_cls, | ||
147 | ntohl (qrm->is_valid)); | ||
148 | GNUNET_REVOCATION_query_cancel (q); | ||
149 | } | ||
150 | |||
151 | |||
152 | /** | ||
153 | * Check if a key was revoked. | ||
154 | * | ||
155 | * @param cfg the configuration to use | ||
156 | * @param key key to check for revocation | ||
157 | * @param func function to call with the result of the check | ||
158 | * @param func_cls closure to pass to @a func | ||
159 | * @return handle to use in #GNUNET_REVOCATION_query_cancel to stop REVOCATION from invoking the callback | ||
160 | */ | ||
161 | struct GNUNET_REVOCATION_Query * | ||
162 | GNUNET_REVOCATION_query (const struct GNUNET_CONFIGURATION_Handle *cfg, | ||
163 | const struct GNUNET_IDENTITY_PublicKey *key, | ||
164 | GNUNET_REVOCATION_Callback func, | ||
165 | void *func_cls) | ||
166 | { | ||
167 | struct GNUNET_REVOCATION_Query *q | ||
168 | = GNUNET_new (struct GNUNET_REVOCATION_Query); | ||
169 | struct GNUNET_MQ_MessageHandler handlers[] = { | ||
170 | GNUNET_MQ_hd_fixed_size (revocation_query_response, | ||
171 | GNUNET_MESSAGE_TYPE_REVOCATION_QUERY_RESPONSE, | ||
172 | struct QueryResponseMessage, | ||
173 | q), | ||
174 | GNUNET_MQ_handler_end () | ||
175 | }; | ||
176 | struct QueryMessage *qm; | ||
177 | struct GNUNET_MQ_Envelope *env; | ||
178 | |||
179 | q->mq = GNUNET_CLIENT_connect (cfg, | ||
180 | "revocation", | ||
181 | handlers, | ||
182 | &query_mq_error_handler, | ||
183 | q); | ||
184 | if (NULL == q->mq) | ||
185 | { | ||
186 | GNUNET_free (q); | ||
187 | return NULL; | ||
188 | } | ||
189 | q->func = func; | ||
190 | q->func_cls = func_cls; | ||
191 | env = GNUNET_MQ_msg (qm, | ||
192 | GNUNET_MESSAGE_TYPE_REVOCATION_QUERY); | ||
193 | qm->reserved = htonl (0); | ||
194 | qm->key = *key; | ||
195 | GNUNET_MQ_send (q->mq, | ||
196 | env); | ||
197 | return q; | ||
198 | } | ||
199 | |||
200 | |||
201 | /** | ||
202 | * Cancel key revocation check. | ||
203 | * | ||
204 | * @param q query to cancel | ||
205 | */ | ||
206 | void | ||
207 | GNUNET_REVOCATION_query_cancel (struct GNUNET_REVOCATION_Query *q) | ||
208 | { | ||
209 | if (NULL != q->mq) | ||
210 | { | ||
211 | GNUNET_MQ_destroy (q->mq); | ||
212 | q->mq = NULL; | ||
213 | } | ||
214 | GNUNET_free (q); | ||
215 | } | ||
216 | |||
217 | |||
218 | /** | ||
219 | * Handle for the key revocation operation. | ||
220 | */ | ||
221 | struct GNUNET_REVOCATION_Handle | ||
222 | { | ||
223 | /** | ||
224 | * Message queue to the service. | ||
225 | */ | ||
226 | struct GNUNET_MQ_Handle *mq; | ||
227 | |||
228 | /** | ||
229 | * Function to call once we are done. | ||
230 | */ | ||
231 | GNUNET_REVOCATION_Callback func; | ||
232 | |||
233 | /** | ||
234 | * Closure for @e func. | ||
235 | */ | ||
236 | void *func_cls; | ||
237 | }; | ||
238 | |||
239 | |||
240 | /** | ||
241 | * Generic error handler, called with the appropriate | ||
242 | * error code and the same closure specified at the creation of | ||
243 | * the message queue. | ||
244 | * Not every message queue implementation supports an error handler. | ||
245 | * | ||
246 | * @param cls closure with the `struct GNUNET_NSE_Handle *` | ||
247 | * @param error error code | ||
248 | */ | ||
249 | static void | ||
250 | revocation_mq_error_handler (void *cls, | ||
251 | enum GNUNET_MQ_Error error) | ||
252 | { | ||
253 | struct GNUNET_REVOCATION_Handle *h = cls; | ||
254 | |||
255 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
256 | "Revocation MQ error\n"); | ||
257 | h->func (h->func_cls, | ||
258 | GNUNET_SYSERR); | ||
259 | GNUNET_REVOCATION_revoke_cancel (h); | ||
260 | } | ||
261 | |||
262 | |||
263 | /** | ||
264 | * Handle response to our revocation query. | ||
265 | * | ||
266 | * @param cls our `struct GNUNET_REVOCATION_Handle` handle | ||
267 | * @param rrm response we got | ||
268 | */ | ||
269 | static void | ||
270 | handle_revocation_response (void *cls, | ||
271 | const struct RevocationResponseMessage *rrm) | ||
272 | { | ||
273 | struct GNUNET_REVOCATION_Handle *h = cls; | ||
274 | |||
275 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
276 | "Revocation transmission result: %d\n", | ||
277 | (uint32_t) ntohl (rrm->is_valid)); | ||
278 | h->func (h->func_cls, | ||
279 | ntohl (rrm->is_valid)); | ||
280 | GNUNET_REVOCATION_revoke_cancel (h); | ||
281 | } | ||
282 | |||
283 | |||
284 | /** | ||
285 | * Perform key revocation. | ||
286 | * | ||
287 | * @param cfg the configuration to use | ||
288 | * @param key public key of the key to revoke | ||
289 | * @param sig signature to use on the revocation (should have been | ||
290 | * created using #GNUNET_REVOCATION_sign_revocation). | ||
291 | * @param ts revocation timestamp | ||
292 | * @param pow proof of work to use (should have been created by | ||
293 | * iteratively calling #GNUNET_REVOCATION_check_pow) | ||
294 | * @param func function to call with the result of the check | ||
295 | * (called with `is_valid` being #GNUNET_NO if | ||
296 | * the revocation worked). | ||
297 | * @param func_cls closure to pass to @a func | ||
298 | * @return handle to use in #GNUNET_REVOCATION_revoke_cancel to stop REVOCATION from invoking the callback | ||
299 | */ | ||
300 | struct GNUNET_REVOCATION_Handle * | ||
301 | GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg, | ||
302 | const struct GNUNET_REVOCATION_PowP *pow, | ||
303 | GNUNET_REVOCATION_Callback func, | ||
304 | void *func_cls) | ||
305 | { | ||
306 | struct GNUNET_REVOCATION_Handle *h | ||
307 | = GNUNET_new (struct GNUNET_REVOCATION_Handle); | ||
308 | struct GNUNET_MQ_MessageHandler handlers[] = { | ||
309 | GNUNET_MQ_hd_fixed_size (revocation_response, | ||
310 | GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE_RESPONSE, | ||
311 | struct RevocationResponseMessage, | ||
312 | h), | ||
313 | GNUNET_MQ_handler_end () | ||
314 | }; | ||
315 | unsigned long long matching_bits; | ||
316 | struct GNUNET_TIME_Relative epoch_duration; | ||
317 | struct RevokeMessage *rm; | ||
318 | struct GNUNET_MQ_Envelope *env; | ||
319 | |||
320 | if ((GNUNET_OK != | ||
321 | GNUNET_CONFIGURATION_get_value_number (cfg, | ||
322 | "REVOCATION", | ||
323 | "WORKBITS", | ||
324 | &matching_bits))) | ||
325 | { | ||
326 | GNUNET_break (0); | ||
327 | GNUNET_free (h); | ||
328 | return NULL; | ||
329 | } | ||
330 | if ((GNUNET_OK != | ||
331 | GNUNET_CONFIGURATION_get_value_time (cfg, | ||
332 | "REVOCATION", | ||
333 | "EPOCH_DURATION", | ||
334 | &epoch_duration))) | ||
335 | { | ||
336 | GNUNET_break (0); | ||
337 | GNUNET_free (h); | ||
338 | return NULL; | ||
339 | } | ||
340 | if (GNUNET_YES != GNUNET_REVOCATION_check_pow (pow, | ||
341 | (unsigned int) matching_bits, | ||
342 | epoch_duration)) | ||
343 | { | ||
344 | GNUNET_break (0); | ||
345 | GNUNET_free (h); | ||
346 | return NULL; | ||
347 | } | ||
348 | |||
349 | |||
350 | h->mq = GNUNET_CLIENT_connect (cfg, | ||
351 | "revocation", | ||
352 | handlers, | ||
353 | &revocation_mq_error_handler, | ||
354 | h); | ||
355 | if (NULL == h->mq) | ||
356 | { | ||
357 | GNUNET_free (h); | ||
358 | return NULL; | ||
359 | } | ||
360 | h->func = func; | ||
361 | h->func_cls = func_cls; | ||
362 | size_t extra_len = GNUNET_REVOCATION_proof_get_size (pow); | ||
363 | env = GNUNET_MQ_msg_extra (rm, | ||
364 | extra_len, | ||
365 | GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE); | ||
366 | rm->pow_size = htonl (extra_len); | ||
367 | memcpy (&rm[1], pow, extra_len); | ||
368 | GNUNET_MQ_send (h->mq, | ||
369 | env); | ||
370 | return h; | ||
371 | } | ||
372 | |||
373 | |||
374 | /** | ||
375 | * Cancel key revocation. | ||
376 | * | ||
377 | * @param h operation to cancel | ||
378 | */ | ||
379 | void | ||
380 | GNUNET_REVOCATION_revoke_cancel (struct GNUNET_REVOCATION_Handle *h) | ||
381 | { | ||
382 | if (NULL != h->mq) | ||
383 | { | ||
384 | GNUNET_MQ_destroy (h->mq); | ||
385 | h->mq = NULL; | ||
386 | } | ||
387 | GNUNET_free (h); | ||
388 | } | ||
389 | |||
390 | |||
391 | /** | ||
392 | * Calculate the average zeros in the pows. | ||
393 | * | ||
394 | * @param ph the PowHandle | ||
395 | * @return the average number of zeros. | ||
396 | */ | ||
397 | static unsigned int | ||
398 | calculate_score (const struct GNUNET_REVOCATION_PowCalculationHandle *ph) | ||
399 | { | ||
400 | double sum = 0.0; | ||
401 | for (unsigned int j = 0; j<POW_COUNT; j++) | ||
402 | sum += ph->best[j].bits; | ||
403 | double avg = sum / POW_COUNT; | ||
404 | return avg; | ||
405 | } | ||
406 | |||
407 | struct GNUNET_REVOCATION_SignaturePurposePS * | ||
408 | REV_create_signature_message (const struct GNUNET_REVOCATION_PowP *pow) | ||
409 | { | ||
410 | struct GNUNET_REVOCATION_SignaturePurposePS *spurp; | ||
411 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
412 | size_t ksize; | ||
413 | |||
414 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
415 | ksize = GNUNET_IDENTITY_key_get_length (pk); | ||
416 | spurp = GNUNET_malloc (sizeof (*spurp) + ksize); | ||
417 | spurp->timestamp = pow->timestamp; | ||
418 | spurp->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); | ||
419 | spurp->purpose.size = htonl (sizeof(*spurp) + ksize); | ||
420 | GNUNET_IDENTITY_write_key_to_buffer (pk, | ||
421 | (char*) &spurp[1], | ||
422 | ksize); | ||
423 | return spurp; | ||
424 | } | ||
425 | |||
426 | enum GNUNET_GenericReturnValue | ||
427 | check_signature_identity (const struct GNUNET_REVOCATION_PowP *pow, | ||
428 | const struct GNUNET_IDENTITY_PublicKey *key) | ||
429 | { | ||
430 | struct GNUNET_REVOCATION_SignaturePurposePS *spurp; | ||
431 | unsigned char *sig; | ||
432 | size_t ksize; | ||
433 | |||
434 | ksize = GNUNET_IDENTITY_key_get_length (key); | ||
435 | spurp = REV_create_signature_message (pow); | ||
436 | sig = ((unsigned char*) &pow[1] + ksize); | ||
437 | if (GNUNET_OK != | ||
438 | GNUNET_IDENTITY_signature_verify_raw_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION, | ||
439 | &spurp->purpose, | ||
440 | sig, | ||
441 | key)) | ||
442 | { | ||
443 | return GNUNET_SYSERR; | ||
444 | } | ||
445 | return GNUNET_OK; | ||
446 | } | ||
447 | |||
448 | |||
449 | enum GNUNET_GenericReturnValue | ||
450 | check_signature (const struct GNUNET_REVOCATION_PowP *pow) | ||
451 | { | ||
452 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
453 | |||
454 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
455 | return check_signature_identity (pow, pk); | ||
456 | } | ||
457 | |||
458 | |||
459 | /** | ||
460 | * Check if the given proof-of-work is valid. | ||
461 | * | ||
462 | * @param pow proof of work | ||
463 | * @param difficulty how many bits must match (configuration) LSD0001: D | ||
464 | * @param epoch_duration length of single epoch in configuration | ||
465 | * @return #GNUNET_YES if the @a pow is acceptable, #GNUNET_NO if not | ||
466 | */ | ||
467 | enum GNUNET_GenericReturnValue | ||
468 | GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow, | ||
469 | unsigned int difficulty, | ||
470 | struct GNUNET_TIME_Relative epoch_duration) | ||
471 | { | ||
472 | char buf[sizeof(struct GNUNET_IDENTITY_PublicKey) | ||
473 | + sizeof (struct GNUNET_TIME_AbsoluteNBO) | ||
474 | + sizeof (uint64_t)] GNUNET_ALIGN; | ||
475 | struct GNUNET_HashCode result; | ||
476 | struct GNUNET_TIME_Absolute ts; | ||
477 | struct GNUNET_TIME_Absolute exp; | ||
478 | struct GNUNET_TIME_Relative ttl; | ||
479 | struct GNUNET_TIME_Relative buffer; | ||
480 | /* LSD0001: D' */ | ||
481 | unsigned int score = 0; | ||
482 | unsigned int tmp_score = 0; | ||
483 | unsigned int epochs; | ||
484 | uint64_t pow_val; | ||
485 | ssize_t pklen; | ||
486 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
487 | |||
488 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
489 | |||
490 | /** | ||
491 | * Check if signature valid | ||
492 | */ | ||
493 | if (GNUNET_OK != check_signature (pow)) | ||
494 | { | ||
495 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
496 | "Proof of work signature invalid!\n"); | ||
497 | return GNUNET_SYSERR; | ||
498 | } | ||
499 | |||
500 | /** | ||
501 | * First, check if PoW set is strictly monotically increasing | ||
502 | */ | ||
503 | for (unsigned int i = 0; i < POW_COUNT - 1; i++) | ||
504 | { | ||
505 | if (GNUNET_ntohll (pow->pow[i]) >= GNUNET_ntohll (pow->pow[i + 1])) | ||
506 | return GNUNET_NO; | ||
507 | } | ||
508 | GNUNET_memcpy (&buf[sizeof(uint64_t)], | ||
509 | &pow->timestamp, | ||
510 | sizeof (uint64_t)); | ||
511 | pklen = GNUNET_IDENTITY_key_get_length (pk); | ||
512 | if (0 > pklen) | ||
513 | { | ||
514 | GNUNET_break (0); | ||
515 | return GNUNET_NO; | ||
516 | } | ||
517 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], | ||
518 | pk, | ||
519 | pklen); | ||
520 | for (unsigned int i = 0; i < POW_COUNT; i++) | ||
521 | { | ||
522 | pow_val = GNUNET_ntohll (pow->pow[i]); | ||
523 | GNUNET_memcpy (buf, &pow->pow[i], sizeof(uint64_t)); | ||
524 | GNUNET_CRYPTO_pow_hash (&salt, | ||
525 | buf, | ||
526 | sizeof(buf), | ||
527 | &result); | ||
528 | tmp_score = GNUNET_CRYPTO_hash_count_leading_zeros (&result); | ||
529 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
530 | "Score %u with %" PRIu64 " (#%u)\n", | ||
531 | tmp_score, pow_val, i); | ||
532 | |||
533 | score += tmp_score; | ||
534 | |||
535 | } | ||
536 | score = score / POW_COUNT; | ||
537 | if (score < difficulty) | ||
538 | return GNUNET_NO; | ||
539 | /* LSD0001: (D'-D+1) */ | ||
540 | epochs = score - difficulty + 1; | ||
541 | |||
542 | /** | ||
543 | * Check expiration | ||
544 | */ | ||
545 | ts = GNUNET_TIME_absolute_ntoh (pow->timestamp); | ||
546 | ttl = GNUNET_TIME_relative_multiply (epoch_duration, | ||
547 | epochs); | ||
548 | /** | ||
549 | * Extend by 10% for unsynchronized clocks | ||
550 | */ | ||
551 | buffer = GNUNET_TIME_relative_divide (epoch_duration, | ||
552 | 10); | ||
553 | exp = GNUNET_TIME_absolute_add (ts, ttl); | ||
554 | exp = GNUNET_TIME_absolute_add (exp, | ||
555 | buffer); | ||
556 | |||
557 | if (0 != GNUNET_TIME_absolute_get_remaining (ts).rel_value_us) | ||
558 | return GNUNET_NO; /* Not yet valid. */ | ||
559 | /* Revert to actual start time */ | ||
560 | ts = GNUNET_TIME_absolute_add (ts, | ||
561 | buffer); | ||
562 | |||
563 | if (0 == GNUNET_TIME_absolute_get_remaining (exp).rel_value_us) | ||
564 | return GNUNET_NO; /* expired */ | ||
565 | return GNUNET_YES; | ||
566 | } | ||
567 | |||
568 | |||
569 | enum GNUNET_GenericReturnValue | ||
570 | sign_pow_identity (const struct GNUNET_IDENTITY_PrivateKey *key, | ||
571 | struct GNUNET_REVOCATION_PowP *pow) | ||
572 | { | ||
573 | struct GNUNET_TIME_Absolute ts = GNUNET_TIME_absolute_get (); | ||
574 | struct GNUNET_REVOCATION_SignaturePurposePS *rp; | ||
575 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
576 | size_t ksize; | ||
577 | char *sig; | ||
578 | |||
579 | /** | ||
580 | * Predate the validity period to prevent rejections due to | ||
581 | * unsynchronized clocks | ||
582 | */ | ||
583 | ts = GNUNET_TIME_absolute_subtract (ts, | ||
584 | GNUNET_TIME_UNIT_WEEKS); | ||
585 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
586 | ksize = GNUNET_IDENTITY_key_get_length (pk); | ||
587 | pow->timestamp = GNUNET_TIME_absolute_hton (ts); | ||
588 | rp = REV_create_signature_message (pow); | ||
589 | sig = ((char*) &pow[1]) + ksize; | ||
590 | int result = GNUNET_IDENTITY_sign_raw_ (key, | ||
591 | &rp->purpose, | ||
592 | (void*) sig); | ||
593 | if (result == GNUNET_SYSERR) | ||
594 | return GNUNET_NO; | ||
595 | else | ||
596 | return result; | ||
597 | } | ||
598 | |||
599 | |||
600 | enum GNUNET_GenericReturnValue | ||
601 | sign_pow (const struct GNUNET_IDENTITY_PrivateKey *key, | ||
602 | struct GNUNET_REVOCATION_PowP *pow) | ||
603 | { | ||
604 | struct GNUNET_IDENTITY_PublicKey *pk; | ||
605 | |||
606 | pk = (struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
607 | GNUNET_IDENTITY_key_get_public (key, pk); | ||
608 | return sign_pow_identity (key, pow); | ||
609 | } | ||
610 | |||
611 | |||
612 | /** | ||
613 | * Initializes a fresh PoW computation. | ||
614 | * | ||
615 | * @param key the key to calculate the PoW for. | ||
616 | * @param[out] pow starting point for PoW calculation (not yet valid) | ||
617 | */ | ||
618 | void | ||
619 | GNUNET_REVOCATION_pow_init (const struct GNUNET_IDENTITY_PrivateKey *key, | ||
620 | struct GNUNET_REVOCATION_PowP *pow) | ||
621 | { | ||
622 | GNUNET_assert (GNUNET_OK == sign_pow (key, pow)); | ||
623 | } | ||
624 | |||
625 | |||
626 | /** | ||
627 | * Starts a proof-of-work calculation given the pow object as well as | ||
628 | * target epochs and difficulty. | ||
629 | * | ||
630 | * @param pow the PoW to based calculations on. | ||
631 | * @param epochs the number of epochs for which the PoW must be valid. | ||
632 | * @param difficulty the base difficulty of the PoW. | ||
633 | * @return a handle for use in PoW rounds | ||
634 | */ | ||
635 | struct GNUNET_REVOCATION_PowCalculationHandle* | ||
636 | GNUNET_REVOCATION_pow_start (struct GNUNET_REVOCATION_PowP *pow, | ||
637 | int epochs, | ||
638 | unsigned int difficulty) | ||
639 | { | ||
640 | struct GNUNET_REVOCATION_PowCalculationHandle *pc; | ||
641 | struct GNUNET_TIME_Relative ttl; | ||
642 | |||
643 | |||
644 | pc = GNUNET_new (struct GNUNET_REVOCATION_PowCalculationHandle); | ||
645 | pc->pow = pow; | ||
646 | ttl = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_YEARS, | ||
647 | epochs); | ||
648 | pc->pow->ttl = GNUNET_TIME_relative_hton (ttl); | ||
649 | pc->current_pow = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_WEAK, | ||
650 | UINT64_MAX); | ||
651 | pc->difficulty = difficulty; | ||
652 | pc->epochs = epochs; | ||
653 | return pc; | ||
654 | } | ||
655 | |||
656 | |||
657 | /** | ||
658 | * Comparison function for quicksort | ||
659 | * | ||
660 | * @param a left element | ||
661 | * @param b right element | ||
662 | * @return a-b | ||
663 | */ | ||
664 | static int | ||
665 | cmp_pow_value (const void *a, const void *b) | ||
666 | { | ||
667 | return (GNUNET_ntohll (*(uint64_t*) a) - GNUNET_ntohll (*(uint64_t*) b)); | ||
668 | } | ||
669 | |||
670 | |||
671 | /** | ||
672 | * Calculate a key revocation valid for broadcasting for a number | ||
673 | * of epochs. | ||
674 | * | ||
675 | * @param pc handle to the PoW, initially called with NULL. | ||
676 | * @param epochs number of epochs for which the revocation must be valid. | ||
677 | * @param pow current pow value to try | ||
678 | * @param difficulty current base difficulty to achieve | ||
679 | * @return #GNUNET_YES if the @a pow is acceptable, #GNUNET_NO if not | ||
680 | */ | ||
681 | enum GNUNET_GenericReturnValue | ||
682 | GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc) | ||
683 | { | ||
684 | char buf[sizeof(struct GNUNET_IDENTITY_PublicKey) | ||
685 | + sizeof (uint64_t) | ||
686 | + sizeof (uint64_t)] GNUNET_ALIGN; | ||
687 | struct GNUNET_HashCode result; | ||
688 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
689 | unsigned int zeros; | ||
690 | int ret; | ||
691 | uint64_t pow_nbo; | ||
692 | ssize_t ksize; | ||
693 | |||
694 | pc->current_pow++; | ||
695 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &(pc->pow[1]); | ||
696 | |||
697 | /** | ||
698 | * Do not try duplicates | ||
699 | */ | ||
700 | for (unsigned int i = 0; i < POW_COUNT; i++) | ||
701 | if (pc->current_pow == pc->best[i].pow) | ||
702 | return GNUNET_NO; | ||
703 | pow_nbo = GNUNET_htonll (pc->current_pow); | ||
704 | GNUNET_memcpy (buf, &pow_nbo, sizeof(uint64_t)); | ||
705 | GNUNET_memcpy (&buf[sizeof(uint64_t)], | ||
706 | &pc->pow->timestamp, | ||
707 | sizeof (uint64_t)); | ||
708 | ksize = GNUNET_IDENTITY_key_get_length (pk); | ||
709 | GNUNET_assert (0 < ksize); | ||
710 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], | ||
711 | pk, | ||
712 | ksize); | ||
713 | GNUNET_CRYPTO_pow_hash (&salt, | ||
714 | buf, | ||
715 | sizeof(buf), | ||
716 | &result); | ||
717 | zeros = GNUNET_CRYPTO_hash_count_leading_zeros (&result); | ||
718 | for (unsigned int i = 0; i < POW_COUNT; i++) | ||
719 | { | ||
720 | if (pc->best[i].bits < zeros) | ||
721 | { | ||
722 | pc->best[i].bits = zeros; | ||
723 | pc->best[i].pow = pc->current_pow; | ||
724 | pc->pow->pow[i] = pow_nbo; | ||
725 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
726 | "New best score %u with %" PRIu64 " (#%u)\n", | ||
727 | zeros, pc->current_pow, i); | ||
728 | |||
729 | break; | ||
730 | } | ||
731 | } | ||
732 | ret = calculate_score (pc) >= pc->difficulty + pc->epochs ? GNUNET_YES : | ||
733 | GNUNET_NO; | ||
734 | if (GNUNET_YES == ret) | ||
735 | { | ||
736 | /* Sort POWs) */ | ||
737 | qsort (pc->pow->pow, POW_COUNT, sizeof (uint64_t), &cmp_pow_value); | ||
738 | } | ||
739 | return ret; | ||
740 | } | ||
741 | |||
742 | |||
743 | /** | ||
744 | * Stop a PoW calculation | ||
745 | * | ||
746 | * @param pc the calculation to clean up | ||
747 | * @return #GNUNET_YES if pow valid, #GNUNET_NO if pow was set but is not | ||
748 | * valid | ||
749 | */ | ||
750 | void | ||
751 | GNUNET_REVOCATION_pow_stop (struct GNUNET_REVOCATION_PowCalculationHandle *pc) | ||
752 | { | ||
753 | GNUNET_free (pc); | ||
754 | } | ||
755 | |||
756 | |||
757 | size_t | ||
758 | GNUNET_REVOCATION_proof_get_size (const struct GNUNET_REVOCATION_PowP *pow) | ||
759 | { | ||
760 | size_t size; | ||
761 | size_t ksize; | ||
762 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
763 | |||
764 | size = sizeof (struct GNUNET_REVOCATION_PowP); | ||
765 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
766 | ksize = GNUNET_IDENTITY_key_get_length (pk); | ||
767 | size += ksize; | ||
768 | size += GNUNET_IDENTITY_signature_get_raw_length_by_type (pk->type); | ||
769 | return size; | ||
770 | } | ||
771 | |||
772 | |||
773 | /* end of revocation_api.c */ | ||
diff --git a/src/revocation/test_local_revocation.py.in b/src/revocation/test_local_revocation.py.in deleted file mode 100644 index e667c10ce..000000000 --- a/src/revocation/test_local_revocation.py.in +++ /dev/null | |||
@@ -1,129 +0,0 @@ | |||
1 | #!@PYTHONEXE@ | ||
2 | # This file is part of GNUnet. | ||
3 | # (C) 2010, 2018 Christian Grothoff (and other contributing authors) | ||
4 | # | ||
5 | # GNUnet is free software: you can redistribute it and/or modify it | ||
6 | # under the terms of the GNU Affero General Public License as published | ||
7 | # by the Free Software Foundation, either version 3 of the License, | ||
8 | # or (at your option) any later version. | ||
9 | # | ||
10 | # GNUnet is distributed in the hope that it will be useful, but | ||
11 | # WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | # Affero General Public License for more details. | ||
14 | # | ||
15 | # You should have received a copy of the GNU Affero General Public License | ||
16 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | # | ||
18 | # SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | # | ||
20 | # Testcase for ego revocation | ||
21 | |||
22 | import sys | ||
23 | import os | ||
24 | import subprocess | ||
25 | import re | ||
26 | import shutil | ||
27 | |||
28 | if os.name == 'posix': | ||
29 | config = 'gnunet-config' | ||
30 | gnunetarm = 'gnunet-arm' | ||
31 | ident = 'gnunet-identity' | ||
32 | revoc = './gnunet-revocation' | ||
33 | elif os.name == 'nt': | ||
34 | config = 'gnunet-config.exe' | ||
35 | gnunetarm = 'gnunet-arm.exe' | ||
36 | ident = 'gnunet-identity.exe' | ||
37 | revoc = './gnunet-revocation.exe' | ||
38 | |||
39 | TEST_CONFIGURATION = "test_revocation.conf" | ||
40 | TEST_REVOCATION_EGO = "revoc_test" | ||
41 | |||
42 | get_clean = subprocess.Popen([ | ||
43 | config, '-c', TEST_CONFIGURATION, '-s', 'PATHS', '-o', 'GNUNET_HOME', '-f' | ||
44 | ], | ||
45 | stdout=subprocess.PIPE) | ||
46 | cleandir, x = get_clean.communicate() | ||
47 | cleandir = cleandir.decode("utf-8") | ||
48 | cleandir = cleandir.rstrip('\n').rstrip('\r') | ||
49 | |||
50 | if os.path.isdir(cleandir): | ||
51 | shutil.rmtree(cleandir, True) | ||
52 | |||
53 | res = 0 | ||
54 | arm = subprocess.Popen([gnunetarm, '-s', '-c', TEST_CONFIGURATION]) | ||
55 | arm.communicate() | ||
56 | |||
57 | try: | ||
58 | print("Creating an ego " + TEST_REVOCATION_EGO) | ||
59 | sys.stdout.flush() | ||
60 | sys.stderr.flush() | ||
61 | idc = subprocess.Popen([ | ||
62 | ident, '-C', TEST_REVOCATION_EGO, '-c', TEST_CONFIGURATION | ||
63 | ]) | ||
64 | idc.communicate() | ||
65 | if idc.returncode != 0: | ||
66 | raise Exception( | ||
67 | "gnunet-identity failed to create an ego `" + TEST_REVOCATION_EGO + | ||
68 | "'" | ||
69 | ) | ||
70 | |||
71 | sys.stdout.flush() | ||
72 | sys.stderr.flush() | ||
73 | idd = subprocess.Popen([ident, '-d'], stdout=subprocess.PIPE) | ||
74 | rev_key, x = idd.communicate() | ||
75 | rev_key = rev_key.decode("utf-8") | ||
76 | if len(rev_key.split()) < 3: | ||
77 | raise Exception("can't get revocation key out of `" + rev_key + "'") | ||
78 | rev_key = rev_key.split()[2] | ||
79 | |||
80 | print("Testing key " + rev_key) | ||
81 | sys.stdout.flush() | ||
82 | sys.stderr.flush() | ||
83 | tst = subprocess.Popen([revoc, '-t', rev_key, '-c', TEST_CONFIGURATION], | ||
84 | stdout=subprocess.PIPE) | ||
85 | output_not_revoked, x = tst.communicate() | ||
86 | output_not_revoked = output_not_revoked.decode("utf-8") | ||
87 | if tst.returncode != 0: | ||
88 | raise Exception( | ||
89 | "gnunet-revocation failed to test a key - " + str(tst.returncode) + | ||
90 | ": " + output_not_revoked | ||
91 | ) | ||
92 | if 'valid' not in output_not_revoked: | ||
93 | res = 1 | ||
94 | print("Key was not valid") | ||
95 | else: | ||
96 | print("Key was valid") | ||
97 | |||
98 | print("Revoking key " + rev_key) | ||
99 | sys.stdout.flush() | ||
100 | sys.stderr.flush() | ||
101 | rev = subprocess.Popen([ | ||
102 | revoc, '-R', TEST_REVOCATION_EGO, '-p', '-c', TEST_CONFIGURATION | ||
103 | ]) | ||
104 | rev.communicate() | ||
105 | if rev.returncode != 0: | ||
106 | raise Exception("gnunet-revocation failed to revoke a key") | ||
107 | |||
108 | print("Testing revoked key " + rev_key) | ||
109 | sys.stdout.flush() | ||
110 | sys.stderr.flush() | ||
111 | tst = subprocess.Popen([revoc, '-t', rev_key, '-c', TEST_CONFIGURATION], | ||
112 | stdout=subprocess.PIPE) | ||
113 | output_revoked, x = tst.communicate() | ||
114 | output_revoked = output_revoked.decode("utf-8") | ||
115 | if tst.returncode != 0: | ||
116 | raise Exception("gnunet-revocation failed to test a revoked key") | ||
117 | if 'revoked' not in output_revoked: | ||
118 | res = 1 | ||
119 | print("Key was not revoked") | ||
120 | else: | ||
121 | print("Key was revoked") | ||
122 | |||
123 | finally: | ||
124 | arm = subprocess.Popen([gnunetarm, '-e', '-c', TEST_CONFIGURATION]) | ||
125 | arm.communicate() | ||
126 | if os.path.isdir(cleandir): | ||
127 | shutil.rmtree(cleandir, True) | ||
128 | |||
129 | sys.exit(res) | ||
diff --git a/src/revocation/test_revocation.c b/src/revocation/test_revocation.c deleted file mode 100644 index c6457016f..000000000 --- a/src/revocation/test_revocation.c +++ /dev/null | |||
@@ -1,419 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2009, 2013, 2016 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | /** | ||
21 | * @file revocation/test_revocation.c | ||
22 | * @brief base testcase for revocation exchange | ||
23 | * @author Matthias Wachs | ||
24 | * @author Christian Grothoff | ||
25 | */ | ||
26 | #include "platform.h" | ||
27 | #include "gnunet_core_service.h" | ||
28 | #include "gnunet_identity_service.h" | ||
29 | #include "gnunet_revocation_service.h" | ||
30 | #include "gnunet_testbed_service.h" | ||
31 | |||
32 | #define NUM_TEST_PEERS 2 | ||
33 | |||
34 | struct TestPeer | ||
35 | { | ||
36 | struct GNUNET_TESTBED_Peer *p; | ||
37 | struct GNUNET_TESTBED_Operation *identity_op; | ||
38 | struct GNUNET_TESTBED_Operation *core_op; | ||
39 | struct GNUNET_IDENTITY_Handle *idh; | ||
40 | const struct GNUNET_CONFIGURATION_Handle *cfg; | ||
41 | const struct GNUNET_IDENTITY_PrivateKey *privkey; | ||
42 | struct GNUNET_IDENTITY_PublicKey pubkey; | ||
43 | struct GNUNET_CRYPTO_EcdsaSignature sig; | ||
44 | struct GNUNET_IDENTITY_Operation *create_id_op; | ||
45 | struct GNUNET_IDENTITY_EgoLookup *ego_lookup; | ||
46 | struct GNUNET_REVOCATION_Handle *revok_handle; | ||
47 | struct GNUNET_CORE_Handle *ch; | ||
48 | struct GNUNET_REVOCATION_PowCalculationHandle *pow; | ||
49 | }; | ||
50 | |||
51 | static struct TestPeer testpeers[2]; | ||
52 | |||
53 | /** | ||
54 | * Return value from main, set to 0 on success. | ||
55 | */ | ||
56 | static int ok; | ||
57 | |||
58 | |||
59 | static void | ||
60 | do_shutdown (void *cls) | ||
61 | { | ||
62 | for (unsigned int c = 0; c < NUM_TEST_PEERS; c++) | ||
63 | { | ||
64 | if (NULL != testpeers[c].create_id_op) | ||
65 | { | ||
66 | GNUNET_IDENTITY_cancel (testpeers[c].create_id_op); | ||
67 | testpeers[c].create_id_op = NULL; | ||
68 | } | ||
69 | if (NULL != testpeers[c].ego_lookup) | ||
70 | { | ||
71 | GNUNET_IDENTITY_ego_lookup_cancel (testpeers[c].ego_lookup); | ||
72 | testpeers[c].ego_lookup = NULL; | ||
73 | } | ||
74 | if (NULL != testpeers[c].revok_handle) | ||
75 | { | ||
76 | GNUNET_REVOCATION_revoke_cancel (testpeers[c].revok_handle); | ||
77 | testpeers[c].revok_handle = NULL; | ||
78 | } | ||
79 | if (NULL != testpeers[c].identity_op) | ||
80 | { | ||
81 | GNUNET_TESTBED_operation_done (testpeers[c].identity_op); | ||
82 | testpeers[c].identity_op = NULL; | ||
83 | } | ||
84 | if (NULL != testpeers[c].core_op) | ||
85 | { | ||
86 | GNUNET_TESTBED_operation_done (testpeers[c].core_op); | ||
87 | testpeers[c].core_op = NULL; | ||
88 | } | ||
89 | } | ||
90 | } | ||
91 | |||
92 | |||
93 | static void | ||
94 | check_revocation (void *cls); | ||
95 | |||
96 | |||
97 | static void | ||
98 | revocation_remote_cb (void *cls, int is_valid) | ||
99 | { | ||
100 | static int repeat = 0; | ||
101 | |||
102 | if (GNUNET_NO == is_valid) | ||
103 | { | ||
104 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Local revocation successful\n"); | ||
105 | ok = 0; | ||
106 | GNUNET_SCHEDULER_shutdown (); | ||
107 | return; | ||
108 | } | ||
109 | if (repeat < 10) | ||
110 | { | ||
111 | repeat++; | ||
112 | GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_SECONDS, | ||
113 | &check_revocation, | ||
114 | NULL); | ||
115 | return; | ||
116 | } | ||
117 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Flooding of revocation failed\n"); | ||
118 | ok = 2; | ||
119 | GNUNET_SCHEDULER_shutdown (); | ||
120 | } | ||
121 | |||
122 | |||
123 | static void | ||
124 | check_revocation (void *cls) | ||
125 | { | ||
126 | GNUNET_REVOCATION_query (testpeers[0].cfg, | ||
127 | &testpeers[1].pubkey, | ||
128 | &revocation_remote_cb, | ||
129 | NULL); | ||
130 | } | ||
131 | |||
132 | |||
133 | static void | ||
134 | revocation_cb (void *cls, enum GNUNET_GenericReturnValue is_valid) | ||
135 | { | ||
136 | testpeers[1].revok_handle = NULL; | ||
137 | if (GNUNET_NO == is_valid) | ||
138 | { | ||
139 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Revocation successful\n"); | ||
140 | check_revocation (NULL); | ||
141 | } | ||
142 | } | ||
143 | |||
144 | |||
145 | static struct GNUNET_REVOCATION_PowP *proof_of_work; | ||
146 | |||
147 | static void | ||
148 | ego_cb (void *cls, struct GNUNET_IDENTITY_Ego *ego) | ||
149 | { | ||
150 | static int completed = 0; | ||
151 | const struct GNUNET_IDENTITY_PrivateKey *privkey; | ||
152 | |||
153 | if ((NULL != ego) && (cls == &testpeers[0])) | ||
154 | { | ||
155 | testpeers[0].ego_lookup = NULL; | ||
156 | testpeers[0].privkey = GNUNET_IDENTITY_ego_get_private_key (ego); | ||
157 | GNUNET_IDENTITY_ego_get_public_key (ego, &testpeers[0].pubkey); | ||
158 | completed++; | ||
159 | } | ||
160 | if ((NULL != ego) && (cls == &testpeers[1])) | ||
161 | { | ||
162 | testpeers[1].ego_lookup = NULL; | ||
163 | testpeers[1].privkey = GNUNET_IDENTITY_ego_get_private_key (ego); | ||
164 | GNUNET_IDENTITY_ego_get_public_key (ego, &testpeers[1].pubkey); | ||
165 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Calculating proof of work...\n"); | ||
166 | privkey = GNUNET_IDENTITY_ego_get_private_key (ego); | ||
167 | proof_of_work = GNUNET_malloc (GNUNET_REVOCATION_MAX_PROOF_SIZE); | ||
168 | GNUNET_REVOCATION_pow_init (privkey, | ||
169 | proof_of_work); | ||
170 | testpeers[1].pow = GNUNET_REVOCATION_pow_start (proof_of_work, | ||
171 | 1, | ||
172 | 5); | ||
173 | int res = | ||
174 | GNUNET_REVOCATION_pow_round (testpeers[1].pow); | ||
175 | while (GNUNET_OK != res) | ||
176 | { | ||
177 | res = | ||
178 | GNUNET_REVOCATION_pow_round (testpeers[1].pow); | ||
179 | } | ||
180 | fprintf (stderr, "Done calculating proof of work\n"); | ||
181 | completed++; | ||
182 | } | ||
183 | if (2 == completed) | ||
184 | { | ||
185 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Egos retrieved\n"); | ||
186 | testpeers[1].revok_handle = GNUNET_REVOCATION_revoke (testpeers[1].cfg, | ||
187 | proof_of_work, | ||
188 | &revocation_cb, | ||
189 | NULL); | ||
190 | GNUNET_REVOCATION_pow_stop (testpeers[1].pow); | ||
191 | } | ||
192 | } | ||
193 | |||
194 | |||
195 | static void | ||
196 | identity_create_cb (void *cls, | ||
197 | const struct GNUNET_IDENTITY_PrivateKey *pk, | ||
198 | const char *emsg) | ||
199 | { | ||
200 | static int completed = 0; | ||
201 | |||
202 | if ((NULL == emsg) && (cls == &testpeers[0])) | ||
203 | { | ||
204 | testpeers[0].create_id_op = NULL; | ||
205 | completed++; | ||
206 | } | ||
207 | if ((NULL == emsg) && (cls == &testpeers[1])) | ||
208 | { | ||
209 | testpeers[1].create_id_op = NULL; | ||
210 | completed++; | ||
211 | } | ||
212 | if (2 != completed) | ||
213 | return; | ||
214 | fprintf (stderr, "Identities created\n"); | ||
215 | testpeers[0].ego_lookup = GNUNET_IDENTITY_ego_lookup (testpeers[0].cfg, | ||
216 | "client", | ||
217 | &ego_cb, | ||
218 | &testpeers[0]); | ||
219 | testpeers[1].ego_lookup = GNUNET_IDENTITY_ego_lookup (testpeers[1].cfg, | ||
220 | "toberevoked", | ||
221 | &ego_cb, | ||
222 | &testpeers[1]); | ||
223 | } | ||
224 | |||
225 | |||
226 | static void | ||
227 | identity_completion_cb (void *cls, | ||
228 | struct GNUNET_TESTBED_Operation *op, | ||
229 | void *ca_result, | ||
230 | const char *emsg) | ||
231 | { | ||
232 | static int completed = 0; | ||
233 | |||
234 | completed++; | ||
235 | if (NUM_TEST_PEERS != completed) | ||
236 | return; | ||
237 | fprintf (stderr, "All peers connected @ IDENTITY ...\n"); | ||
238 | testpeers[0].create_id_op = GNUNET_IDENTITY_create (testpeers[0].idh, | ||
239 | "client", | ||
240 | NULL, | ||
241 | GNUNET_IDENTITY_TYPE_ECDSA, | ||
242 | &identity_create_cb, | ||
243 | &testpeers[0]); | ||
244 | testpeers[1].create_id_op = GNUNET_IDENTITY_create (testpeers[1].idh, | ||
245 | "toberevoked", | ||
246 | NULL, | ||
247 | GNUNET_IDENTITY_TYPE_ECDSA, | ||
248 | &identity_create_cb, | ||
249 | &testpeers[1]); | ||
250 | } | ||
251 | |||
252 | |||
253 | static void * | ||
254 | identity_connect_adapter (void *cls, | ||
255 | const struct GNUNET_CONFIGURATION_Handle *cfg) | ||
256 | { | ||
257 | struct TestPeer *me = cls; | ||
258 | |||
259 | me->cfg = cfg; | ||
260 | me->idh = GNUNET_IDENTITY_connect (cfg, NULL, NULL); | ||
261 | if (NULL == me->idh) | ||
262 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to create IDENTITY handle \n"); | ||
263 | return me->idh; | ||
264 | } | ||
265 | |||
266 | |||
267 | static void | ||
268 | identity_disconnect_adapter (void *cls, void *op_result) | ||
269 | { | ||
270 | struct TestPeer *me = cls; | ||
271 | |||
272 | GNUNET_IDENTITY_disconnect (me->idh); | ||
273 | me->idh = NULL; | ||
274 | } | ||
275 | |||
276 | |||
277 | static void * | ||
278 | connect_cb (void *cls, | ||
279 | const struct GNUNET_PeerIdentity *peer, | ||
280 | struct GNUNET_MQ_Handle *mq) | ||
281 | { | ||
282 | static int connects = 0; | ||
283 | |||
284 | connects++; | ||
285 | if (NUM_TEST_PEERS * NUM_TEST_PEERS == connects) | ||
286 | { | ||
287 | fprintf (stderr, "All peers connected @ CORE ...\n"); | ||
288 | |||
289 | /* Connect to identity service */ | ||
290 | testpeers[0].identity_op = | ||
291 | GNUNET_TESTBED_service_connect (NULL, | ||
292 | testpeers[0].p, | ||
293 | "identity", | ||
294 | &identity_completion_cb, | ||
295 | NULL, | ||
296 | &identity_connect_adapter, | ||
297 | &identity_disconnect_adapter, | ||
298 | &testpeers[0]); | ||
299 | testpeers[1].identity_op = | ||
300 | GNUNET_TESTBED_service_connect (NULL, | ||
301 | testpeers[1].p, | ||
302 | "identity", | ||
303 | *identity_completion_cb, | ||
304 | NULL, | ||
305 | &identity_connect_adapter, | ||
306 | &identity_disconnect_adapter, | ||
307 | &testpeers[1]); | ||
308 | } | ||
309 | return NULL; | ||
310 | } | ||
311 | |||
312 | |||
313 | static void | ||
314 | core_completion_cb (void *cls, | ||
315 | struct GNUNET_TESTBED_Operation *op, | ||
316 | void *ca_result, | ||
317 | const char *emsg) | ||
318 | { | ||
319 | static int completed = 0; | ||
320 | |||
321 | completed++; | ||
322 | if (NUM_TEST_PEERS == completed) | ||
323 | { | ||
324 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Connected to CORE\n"); | ||
325 | } | ||
326 | } | ||
327 | |||
328 | |||
329 | static void * | ||
330 | core_connect_adapter (void *cls, const struct GNUNET_CONFIGURATION_Handle *cfg) | ||
331 | { | ||
332 | struct TestPeer *me = cls; | ||
333 | |||
334 | me->cfg = cfg; | ||
335 | me->ch = GNUNET_CORE_connect (cfg, me, NULL, &connect_cb, NULL, NULL); | ||
336 | if (NULL == me->ch) | ||
337 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to create CORE handle \n"); | ||
338 | return me->ch; | ||
339 | } | ||
340 | |||
341 | |||
342 | static void | ||
343 | core_disconnect_adapter (void *cls, void *op_result) | ||
344 | { | ||
345 | struct TestPeer *me = cls; | ||
346 | |||
347 | GNUNET_CORE_disconnect (me->ch); | ||
348 | me->ch = NULL; | ||
349 | } | ||
350 | |||
351 | |||
352 | static void | ||
353 | test_connection (void *cls, | ||
354 | struct GNUNET_TESTBED_RunHandle *h, | ||
355 | unsigned int num_peers, | ||
356 | struct GNUNET_TESTBED_Peer **peers, | ||
357 | unsigned int links_succeeded, | ||
358 | unsigned int links_failed) | ||
359 | { | ||
360 | unsigned int c; | ||
361 | |||
362 | GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); | ||
363 | if (NUM_TEST_PEERS != num_peers) | ||
364 | { | ||
365 | ok = 4; | ||
366 | fprintf (stderr, | ||
367 | "Only %u out of %u peers were started ...\n", | ||
368 | num_peers, | ||
369 | NUM_TEST_PEERS); | ||
370 | GNUNET_SCHEDULER_shutdown (); | ||
371 | return; | ||
372 | } | ||
373 | /* We are generating a CLIQUE */ | ||
374 | if (NUM_TEST_PEERS * (NUM_TEST_PEERS - 1) == links_succeeded) | ||
375 | { | ||
376 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
377 | "Testbed connected peers, initializing test\n"); | ||
378 | for (c = 0; c < num_peers; c++) | ||
379 | { | ||
380 | testpeers[c].p = peers[c]; | ||
381 | testpeers[c].core_op = | ||
382 | GNUNET_TESTBED_service_connect (NULL, | ||
383 | testpeers[c].p, | ||
384 | "core", | ||
385 | &core_completion_cb, | ||
386 | NULL, | ||
387 | &core_connect_adapter, | ||
388 | &core_disconnect_adapter, | ||
389 | &testpeers[c]); | ||
390 | } | ||
391 | } | ||
392 | else | ||
393 | { | ||
394 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Testbed failed to connect peers\n"); | ||
395 | ok = 5; | ||
396 | GNUNET_SCHEDULER_shutdown (); | ||
397 | return; | ||
398 | } | ||
399 | } | ||
400 | |||
401 | |||
402 | int | ||
403 | main (int argc, char *argv[]) | ||
404 | { | ||
405 | ok = 1; | ||
406 | /* Connecting initial topology */ | ||
407 | (void) GNUNET_TESTBED_test_run ("test-revocation", | ||
408 | "test_revocation.conf", | ||
409 | NUM_TEST_PEERS, | ||
410 | 0, | ||
411 | NULL, | ||
412 | NULL, | ||
413 | &test_connection, | ||
414 | NULL); | ||
415 | return ok; | ||
416 | } | ||
417 | |||
418 | |||
419 | /* end of test_revocation.c */ | ||
diff --git a/src/revocation/test_revocation.conf b/src/revocation/test_revocation.conf deleted file mode 100644 index 66e2cdcc9..000000000 --- a/src/revocation/test_revocation.conf +++ /dev/null | |||
@@ -1,31 +0,0 @@ | |||
1 | @INLINE@ ../../contrib/conf/gnunet/no_forcestart.conf | ||
2 | |||
3 | [paths] | ||
4 | GNUNET_HOME=$GNUNET_TMP/test-revocation-service | ||
5 | SERVICEHOME=$GNUNET_TMP/test-revocation-service | ||
6 | |||
7 | [revocation] | ||
8 | WORKBITS = 3 | ||
9 | IMMEDIATE_START = YES | ||
10 | EPOCH_DURATION = 365 d | ||
11 | |||
12 | [identity] | ||
13 | # Directory where we store information about our egos | ||
14 | EGODIR = $GNUNET_HOME/identity/egos/ | ||
15 | SUBSYSTEM_CFG = $SERVICEHOME/s.conf | ||
16 | |||
17 | [nat] | ||
18 | RETURN_LOCAL_ADDRESSES = YES | ||
19 | |||
20 | [transport] | ||
21 | PLUGINS = tcp | ||
22 | |||
23 | [peerinfo] | ||
24 | USE_INCLUDED_HELLOS = NO | ||
25 | |||
26 | [testbed] | ||
27 | OVERLAY_TOPOLOGY = CLIQUE | ||
28 | SETUP_TIMEOUT = 10 s | ||
29 | OPERATION_TIMEOUT = 5 s | ||
30 | CACHE_SIZE = 0 | ||
31 | |||