diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/gnsrecord/Makefile.am | 9 | ||||
-rw-r--r-- | src/gnsrecord/gnsrecord_crypto.c | 535 | ||||
-rw-r--r-- | src/gnsrecord/gnsrecord_crypto.h | 87 | ||||
-rw-r--r-- | src/gnsrecord/gnsrecord_misc.c | 19 | ||||
-rw-r--r-- | src/gnsrecord/gnsrecord_serialization.c | 56 | ||||
-rw-r--r-- | src/gnsrecord/gnunet-gnsrecord-tvg.c | 223 | ||||
-rw-r--r-- | src/gnsrecord/test_gnsrecord_crypto.c | 12 | ||||
-rw-r--r-- | src/gnsrecord/test_gnsrecord_testvectors.c | 128 | ||||
-rw-r--r-- | src/identity/identity_api.c | 75 | ||||
-rw-r--r-- | src/include/gnunet_gnsrecord_lib.h | 76 | ||||
-rw-r--r-- | src/include/gnunet_identity_service.h | 59 | ||||
-rw-r--r-- | src/namestore/gnunet-service-namestore.c | 10 | ||||
-rw-r--r-- | src/revocation/gnunet-revocation-tvg.c | 58 | ||||
-rw-r--r-- | src/revocation/revocation.h | 8 | ||||
-rw-r--r-- | src/revocation/revocation_api.c | 53 | ||||
-rw-r--r-- | src/util/.gitignore | 3 | ||||
-rw-r--r-- | src/util/gnunet-crypto-tvg.c | 401 | ||||
-rw-r--r-- | src/zonemaster/gnunet-service-zonemaster-monitor.c | 22 | ||||
-rw-r--r-- | src/zonemaster/gnunet-service-zonemaster.c | 10 |
19 files changed, 1428 insertions, 416 deletions
diff --git a/src/gnsrecord/Makefile.am b/src/gnsrecord/Makefile.am index 42ac4ede4..4308d9c1a 100644 --- a/src/gnsrecord/Makefile.am +++ b/src/gnsrecord/Makefile.am | |||
@@ -20,6 +20,7 @@ check_PROGRAMS = \ | |||
20 | test_gnsrecord_crypto \ | 20 | test_gnsrecord_crypto \ |
21 | test_gnsrecord_serialization \ | 21 | test_gnsrecord_serialization \ |
22 | test_gnsrecord_block_expiration \ | 22 | test_gnsrecord_block_expiration \ |
23 | test_gnsrecord_testvectors \ | ||
23 | perf_gnsrecord_crypto | 24 | perf_gnsrecord_crypto |
24 | 25 | ||
25 | if ENABLE_TEST_RUN | 26 | if ENABLE_TEST_RUN |
@@ -85,6 +86,14 @@ libgnunet_plugin_gnsrecord_dns_la_LDFLAGS = \ | |||
85 | EXTRA_DIST = \ | 86 | EXTRA_DIST = \ |
86 | $(check_SCRIPTS) | 87 | $(check_SCRIPTS) |
87 | 88 | ||
89 | test_gnsrecord_testvectors_SOURCES = \ | ||
90 | test_gnsrecord_testvectors.c | ||
91 | test_gnsrecord_testvectors_LDADD = \ | ||
92 | $(top_builddir)/src/testing/libgnunettesting.la \ | ||
93 | $(top_builddir)/src/identity/libgnunetidentity.la \ | ||
94 | libgnunetgnsrecord.la \ | ||
95 | $(top_builddir)/src/util/libgnunetutil.la | ||
96 | |||
88 | 97 | ||
89 | test_gnsrecord_serialization_SOURCES = \ | 98 | test_gnsrecord_serialization_SOURCES = \ |
90 | test_gnsrecord_serialization.c | 99 | test_gnsrecord_serialization.c |
diff --git a/src/gnsrecord/gnsrecord_crypto.c b/src/gnsrecord/gnsrecord_crypto.c index fe7db88b9..890ddb011 100644 --- a/src/gnsrecord/gnsrecord_crypto.c +++ b/src/gnsrecord/gnsrecord_crypto.c | |||
@@ -25,15 +25,7 @@ | |||
25 | * @author Matthias Wachs | 25 | * @author Matthias Wachs |
26 | * @author Christian Grothoff | 26 | * @author Christian Grothoff |
27 | */ | 27 | */ |
28 | #include "platform.h" | 28 | #include "gnsrecord_crypto.h" |
29 | #include "gnunet_util_lib.h" | ||
30 | #include "gnunet_constants.h" | ||
31 | #include "gnunet_signatures.h" | ||
32 | #include "gnunet_arm_service.h" | ||
33 | #include "gnunet_gnsrecord_lib.h" | ||
34 | #include "gnunet_dnsparser_lib.h" | ||
35 | #include "gnunet_tun_lib.h" | ||
36 | |||
37 | 29 | ||
38 | #define LOG(kind, ...) GNUNET_log_from (kind, "gnsrecord", __VA_ARGS__) | 30 | #define LOG(kind, ...) GNUNET_log_from (kind, "gnsrecord", __VA_ARGS__) |
39 | 31 | ||
@@ -103,8 +95,8 @@ eddsa_symmetric_decrypt ( | |||
103 | if (ctlen < 0) | 95 | if (ctlen < 0) |
104 | return GNUNET_SYSERR; | 96 | return GNUNET_SYSERR; |
105 | if (0 != crypto_secretbox_open_detached (result, | 97 | if (0 != crypto_secretbox_open_detached (result, |
106 | block, // Ciphertext | 98 | ((unsigned char*) block) + crypto_secretbox_MACBYTES, // Ciphertext |
107 | ((unsigned char*)block) + ctlen, // TAG | 99 | block, // Tag |
108 | ctlen, | 100 | ctlen, |
109 | nonce, key)) | 101 | nonce, key)) |
110 | { | 102 | { |
@@ -124,27 +116,19 @@ eddsa_symmetric_encrypt ( | |||
124 | { | 116 | { |
125 | if (size > crypto_secretbox_MESSAGEBYTES_MAX) | 117 | if (size > crypto_secretbox_MESSAGEBYTES_MAX) |
126 | return GNUNET_SYSERR; | 118 | return GNUNET_SYSERR; |
127 | crypto_secretbox_detached (result, // Ciphertext | 119 | crypto_secretbox_detached (result + crypto_secretbox_MACBYTES, // Ciphertext |
128 | result + size, // TAG | 120 | result, // TAG |
129 | block, size, nonce, key); | 121 | block, size, nonce, key); |
130 | return GNUNET_OK; | 122 | return GNUNET_OK; |
131 | } | 123 | } |
132 | 124 | ||
133 | 125 | ||
134 | /** | 126 | void |
135 | * Derive session key and iv from label and public key. | 127 | GNR_derive_block_aes_key (unsigned char *ctr, |
136 | * | 128 | unsigned char *key, |
137 | * @param iv initialization vector to initialize | 129 | const char *label, |
138 | * @param skey session key to initialize | 130 | uint64_t exp, |
139 | * @param label label to use for KDF | 131 | const struct GNUNET_CRYPTO_EcdsaPublicKey *pub) |
140 | * @param pub public key to use for KDF | ||
141 | */ | ||
142 | static void | ||
143 | derive_block_aes_key (unsigned char *ctr, | ||
144 | unsigned char *key, | ||
145 | const char *label, | ||
146 | uint64_t exp, | ||
147 | const struct GNUNET_CRYPTO_EcdsaPublicKey *pub) | ||
148 | { | 132 | { |
149 | static const char ctx_key[] = "gns-aes-ctx-key"; | 133 | static const char ctx_key[] = "gns-aes-ctx-key"; |
150 | static const char ctx_iv[] = "gns-aes-ctx-iv"; | 134 | static const char ctx_iv[] = "gns-aes-ctx-iv"; |
@@ -168,23 +152,15 @@ derive_block_aes_key (unsigned char *ctr, | |||
168 | } | 152 | } |
169 | 153 | ||
170 | 154 | ||
171 | /** | 155 | void |
172 | * Derive session key and iv from label and public key. | 156 | GNR_derive_block_xsalsa_key (unsigned char *nonce, |
173 | * | 157 | unsigned char *key, |
174 | * @param nonce initialization vector to initialize | 158 | const char *label, |
175 | * @param skey session key to initialize | 159 | uint64_t exp, |
176 | * @param label label to use for KDF | 160 | const struct GNUNET_CRYPTO_EddsaPublicKey *pub) |
177 | * @param pub public key to use for KDF | ||
178 | */ | ||
179 | static void | ||
180 | derive_block_xsalsa_key (unsigned char *nonce, | ||
181 | unsigned char *key, | ||
182 | const char *label, | ||
183 | uint64_t exp, | ||
184 | const struct GNUNET_CRYPTO_EddsaPublicKey *pub) | ||
185 | { | 161 | { |
186 | static const char ctx_key[] = "gns-aes-ctx-key"; | 162 | static const char ctx_key[] = "gns-xsalsa-ctx-key"; |
187 | static const char ctx_iv[] = "gns-aes-ctx-iv"; | 163 | static const char ctx_iv[] = "gns-xsalsa-ctx-iv"; |
188 | 164 | ||
189 | GNUNET_CRYPTO_kdf (key, crypto_secretbox_KEYBYTES, | 165 | GNUNET_CRYPTO_kdf (key, crypto_secretbox_KEYBYTES, |
190 | ctx_key, strlen (ctx_key), | 166 | ctx_key, strlen (ctx_key), |
@@ -204,6 +180,20 @@ derive_block_xsalsa_key (unsigned char *nonce, | |||
204 | } | 180 | } |
205 | 181 | ||
206 | 182 | ||
183 | static ssize_t | ||
184 | block_get_size_ecdsa (const struct GNUNET_GNSRECORD_Data *rd, | ||
185 | unsigned int rd_count) | ||
186 | { | ||
187 | ssize_t len; | ||
188 | |||
189 | len = GNUNET_GNSRECORD_records_get_size (rd_count, rd); | ||
190 | if (len < 0) | ||
191 | return -1; | ||
192 | len += sizeof(struct GNUNET_GNSRECORD_Block); | ||
193 | return len; | ||
194 | } | ||
195 | |||
196 | |||
207 | /** | 197 | /** |
208 | * Sign name and records | 198 | * Sign name and records |
209 | * | 199 | * |
@@ -213,20 +203,22 @@ derive_block_xsalsa_key (unsigned char *nonce, | |||
213 | * @param label the name for the records | 203 | * @param label the name for the records |
214 | * @param rd record data | 204 | * @param rd record data |
215 | * @param rd_count number of records | 205 | * @param rd_count number of records |
216 | * @return NULL on error (block too large) | 206 | * @param block the block result. Must be allocated sufficiently. |
207 | * @return GNUNET_SYSERR on error (otherwise GNUNET_OK) | ||
217 | */ | 208 | */ |
218 | static struct GNUNET_GNSRECORD_Block * | 209 | static enum GNUNET_GenericReturnValue |
219 | block_create_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | 210 | block_create_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, |
220 | const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey, | 211 | const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey, |
221 | struct GNUNET_TIME_Absolute expire, | 212 | struct GNUNET_TIME_Absolute expire, |
222 | const char *label, | 213 | const char *label, |
223 | const struct GNUNET_GNSRECORD_Data *rd, | 214 | const struct GNUNET_GNSRECORD_Data *rd, |
224 | unsigned int rd_count) | 215 | unsigned int rd_count, |
216 | struct GNUNET_GNSRECORD_Block **block) | ||
225 | { | 217 | { |
226 | ssize_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count, | 218 | ssize_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count, |
227 | rd); | 219 | rd); |
228 | struct GNUNET_GNSRECORD_Block *block; | ||
229 | struct GNUNET_GNSRECORD_EcdsaBlock *ecblock; | 220 | struct GNUNET_GNSRECORD_EcdsaBlock *ecblock; |
221 | struct GNRBlockPS *gnr_block; | ||
230 | struct GNUNET_CRYPTO_EcdsaPrivateKey *dkey; | 222 | struct GNUNET_CRYPTO_EcdsaPrivateKey *dkey; |
231 | unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2]; | 223 | unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2]; |
232 | unsigned char skey[GNUNET_CRYPTO_AES_KEY_LENGTH]; | 224 | unsigned char skey[GNUNET_CRYPTO_AES_KEY_LENGTH]; |
@@ -237,12 +229,12 @@ block_create_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | |||
237 | if (payload_len < 0) | 229 | if (payload_len < 0) |
238 | { | 230 | { |
239 | GNUNET_break (0); | 231 | GNUNET_break (0); |
240 | return NULL; | 232 | return GNUNET_SYSERR; |
241 | } | 233 | } |
242 | if (payload_len > GNUNET_GNSRECORD_MAX_BLOCK_SIZE) | 234 | if (payload_len > GNUNET_GNSRECORD_MAX_BLOCK_SIZE) |
243 | { | 235 | { |
244 | GNUNET_break (0); | 236 | GNUNET_break (0); |
245 | return NULL; | 237 | return GNUNET_SYSERR; |
246 | } | 238 | } |
247 | /* convert relative to absolute times */ | 239 | /* convert relative to absolute times */ |
248 | now = GNUNET_TIME_absolute_get (); | 240 | now = GNUNET_TIME_absolute_get (); |
@@ -260,62 +252,70 @@ block_create_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | |||
260 | } | 252 | } |
261 | } | 253 | } |
262 | /* serialize */ | 254 | /* serialize */ |
255 | *block = GNUNET_malloc (sizeof (struct GNUNET_GNSRECORD_Block) + payload_len); | ||
256 | (*block)->size = htonl(sizeof (struct GNUNET_GNSRECORD_Block) + payload_len); | ||
263 | rd_count_nbo = htonl (rd_count); | 257 | rd_count_nbo = htonl (rd_count); |
264 | { | 258 | { |
265 | char payload[sizeof(uint32_t) + payload_len]; | 259 | char payload[payload_len]; |
266 | 260 | ||
267 | GNUNET_memcpy (payload, | ||
268 | &rd_count_nbo, | ||
269 | sizeof(uint32_t)); | ||
270 | GNUNET_assert (payload_len == | 261 | GNUNET_assert (payload_len == |
271 | GNUNET_GNSRECORD_records_serialize (rd_count, | 262 | GNUNET_GNSRECORD_records_serialize (rd_count, |
272 | rdc, | 263 | rdc, |
273 | payload_len, | 264 | payload_len, |
274 | &payload[sizeof(uint32_t) | 265 | payload)); |
275 | ])); | 266 | gnr_block = GNUNET_malloc (sizeof (struct GNRBlockPS) + payload_len); |
276 | block = GNUNET_malloc (sizeof(struct GNUNET_GNSRECORD_Block) | 267 | ecblock = &(*block)->ecdsa_block; |
277 | + sizeof(uint32_t) | 268 | (*block)->type = htonl (GNUNET_GNSRECORD_TYPE_PKEY); |
278 | + payload_len); | 269 | gnr_block->purpose.size = htonl (sizeof(struct GNRBlockPS) + payload_len); |
279 | ecblock = &block->ecdsa_block; | 270 | gnr_block->purpose.purpose = |
280 | block->type = htonl (GNUNET_GNSRECORD_TYPE_PKEY); | 271 | htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN); |
281 | ecblock->purpose.size = htonl (sizeof(uint32_t) | 272 | gnr_block->expiration_time = GNUNET_TIME_absolute_hton (expire); |
282 | + payload_len | 273 | ecblock->expiration_time = gnr_block->expiration_time; |
283 | + sizeof(struct | ||
284 | GNUNET_CRYPTO_EccSignaturePurpose) | ||
285 | + sizeof(struct GNUNET_TIME_AbsoluteNBO)); | ||
286 | ecblock->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN); | ||
287 | ecblock->expiration_time = GNUNET_TIME_absolute_hton (expire); | ||
288 | /* encrypt and sign */ | 274 | /* encrypt and sign */ |
289 | dkey = GNUNET_CRYPTO_ecdsa_private_key_derive (key, | 275 | dkey = GNUNET_CRYPTO_ecdsa_private_key_derive (key, |
290 | label, | 276 | label, |
291 | "gns"); | 277 | "gns"); |
292 | GNUNET_CRYPTO_ecdsa_key_get_public (dkey, | 278 | GNUNET_CRYPTO_ecdsa_key_get_public (dkey, |
293 | &ecblock->derived_key); | 279 | &ecblock->derived_key); |
294 | derive_block_aes_key (ctr, | 280 | GNR_derive_block_aes_key (ctr, |
295 | skey, | 281 | skey, |
296 | label, | 282 | label, |
297 | ecblock->expiration_time.abs_value_us__, | 283 | ecblock->expiration_time.abs_value_us__, |
298 | pkey); | 284 | pkey); |
299 | GNUNET_break (payload_len + sizeof(uint32_t) == | 285 | GNUNET_break (payload_len == |
300 | ecdsa_symmetric_encrypt (payload, | 286 | ecdsa_symmetric_encrypt (payload, |
301 | payload_len | 287 | payload_len, |
302 | + sizeof(uint32_t), | ||
303 | skey, | 288 | skey, |
304 | ctr, | 289 | ctr, |
305 | &ecblock[1])); | 290 | &ecblock[1])); |
291 | GNUNET_memcpy (&gnr_block[1], &ecblock[1], payload_len); | ||
306 | } | 292 | } |
307 | if (GNUNET_OK != | 293 | if (GNUNET_OK != |
308 | GNUNET_CRYPTO_ecdsa_sign_ (dkey, | 294 | GNUNET_CRYPTO_ecdsa_sign_ (dkey, |
309 | &ecblock->purpose, | 295 | &gnr_block->purpose, |
310 | &ecblock->signature)) | 296 | &ecblock->signature)) |
311 | { | 297 | { |
312 | GNUNET_break (0); | 298 | GNUNET_break (0); |
299 | GNUNET_free (*block); | ||
313 | GNUNET_free (dkey); | 300 | GNUNET_free (dkey); |
314 | GNUNET_free (block); | 301 | return GNUNET_SYSERR; |
315 | return NULL; | ||
316 | } | 302 | } |
317 | GNUNET_free (dkey); | 303 | GNUNET_free (dkey); |
318 | return block; | 304 | return GNUNET_OK; |
305 | } | ||
306 | |||
307 | static ssize_t | ||
308 | block_get_size_eddsa (const struct GNUNET_GNSRECORD_Data *rd, | ||
309 | unsigned int rd_count) | ||
310 | { | ||
311 | ssize_t len; | ||
312 | |||
313 | len = GNUNET_GNSRECORD_records_get_size (rd_count, rd); | ||
314 | if (len < 0) | ||
315 | return -1; | ||
316 | len += sizeof(struct GNUNET_GNSRECORD_Block); | ||
317 | len += crypto_secretbox_MACBYTES; | ||
318 | return len; | ||
319 | } | 319 | } |
320 | 320 | ||
321 | 321 | ||
@@ -328,20 +328,22 @@ block_create_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | |||
328 | * @param label the name for the records | 328 | * @param label the name for the records |
329 | * @param rd record data | 329 | * @param rd record data |
330 | * @param rd_count number of records | 330 | * @param rd_count number of records |
331 | * @return NULL on error (block too large) | 331 | * @param block where to store the block. Must be allocated sufficiently. |
332 | * @return GNUNET_SYSERR on error (otherwise GNUNET_OK) | ||
332 | */ | 333 | */ |
333 | static struct GNUNET_GNSRECORD_Block * | 334 | enum GNUNET_GenericReturnValue |
334 | block_create_eddsa (const struct GNUNET_CRYPTO_EddsaPrivateKey *key, | 335 | block_create_eddsa (const struct GNUNET_CRYPTO_EddsaPrivateKey *key, |
335 | const struct GNUNET_CRYPTO_EddsaPublicKey *pkey, | 336 | const struct GNUNET_CRYPTO_EddsaPublicKey *pkey, |
336 | struct GNUNET_TIME_Absolute expire, | 337 | struct GNUNET_TIME_Absolute expire, |
337 | const char *label, | 338 | const char *label, |
338 | const struct GNUNET_GNSRECORD_Data *rd, | 339 | const struct GNUNET_GNSRECORD_Data *rd, |
339 | unsigned int rd_count) | 340 | unsigned int rd_count, |
341 | struct GNUNET_GNSRECORD_Block **block) | ||
340 | { | 342 | { |
341 | ssize_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count, | 343 | ssize_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count, |
342 | rd); | 344 | rd); |
343 | struct GNUNET_GNSRECORD_Block *block; | ||
344 | struct GNUNET_GNSRECORD_EddsaBlock *edblock; | 345 | struct GNUNET_GNSRECORD_EddsaBlock *edblock; |
346 | struct GNRBlockPS *gnr_block; | ||
345 | struct GNUNET_CRYPTO_EddsaPrivateScalar dkey; | 347 | struct GNUNET_CRYPTO_EddsaPrivateScalar dkey; |
346 | unsigned char nonce[crypto_secretbox_NONCEBYTES]; | 348 | unsigned char nonce[crypto_secretbox_NONCEBYTES]; |
347 | unsigned char skey[crypto_secretbox_KEYBYTES]; | 349 | unsigned char skey[crypto_secretbox_KEYBYTES]; |
@@ -352,12 +354,12 @@ block_create_eddsa (const struct GNUNET_CRYPTO_EddsaPrivateKey *key, | |||
352 | if (payload_len < 0) | 354 | if (payload_len < 0) |
353 | { | 355 | { |
354 | GNUNET_break (0); | 356 | GNUNET_break (0); |
355 | return NULL; | 357 | return GNUNET_SYSERR; |
356 | } | 358 | } |
357 | if (payload_len > GNUNET_GNSRECORD_MAX_BLOCK_SIZE) | 359 | if (payload_len > GNUNET_GNSRECORD_MAX_BLOCK_SIZE) |
358 | { | 360 | { |
359 | GNUNET_break (0); | 361 | GNUNET_break (0); |
360 | return NULL; | 362 | return GNUNET_SYSERR; |
361 | } | 363 | } |
362 | /* convert relative to absolute times */ | 364 | /* convert relative to absolute times */ |
363 | now = GNUNET_TIME_absolute_get (); | 365 | now = GNUNET_TIME_absolute_get (); |
@@ -375,33 +377,32 @@ block_create_eddsa (const struct GNUNET_CRYPTO_EddsaPrivateKey *key, | |||
375 | } | 377 | } |
376 | } | 378 | } |
377 | /* serialize */ | 379 | /* serialize */ |
380 | *block = GNUNET_malloc (sizeof (struct GNUNET_GNSRECORD_Block) | ||
381 | + payload_len + crypto_secretbox_MACBYTES); | ||
382 | (*block)->size = htonl(sizeof (struct GNUNET_GNSRECORD_Block) | ||
383 | + payload_len + crypto_secretbox_MACBYTES); | ||
378 | rd_count_nbo = htonl (rd_count); | 384 | rd_count_nbo = htonl (rd_count); |
379 | { | 385 | { |
380 | char payload[sizeof(uint32_t) + payload_len]; | 386 | char payload[payload_len]; |
381 | 387 | ||
382 | GNUNET_memcpy (payload, | ||
383 | &rd_count_nbo, | ||
384 | sizeof(uint32_t)); | ||
385 | GNUNET_assert (payload_len == | 388 | GNUNET_assert (payload_len == |
386 | GNUNET_GNSRECORD_records_serialize (rd_count, | 389 | GNUNET_GNSRECORD_records_serialize (rd_count, |
387 | rdc, | 390 | rdc, |
388 | payload_len, | 391 | payload_len, |
389 | &payload[sizeof(uint32_t) | 392 | payload)); |
390 | ])); | 393 | gnr_block = GNUNET_malloc (sizeof (struct GNRBlockPS) |
391 | block = GNUNET_malloc (sizeof(struct GNUNET_GNSRECORD_Block) | 394 | + payload_len |
392 | + sizeof(uint32_t) | 395 | + crypto_secretbox_MACBYTES); |
393 | + payload_len | 396 | edblock = &(*block)->eddsa_block; |
394 | + crypto_secretbox_MACBYTES); | 397 | (*block)->type = htonl (GNUNET_GNSRECORD_TYPE_EDKEY); |
395 | edblock = &block->eddsa_block; | 398 | gnr_block->purpose.size = |
396 | block->type = htonl (GNUNET_GNSRECORD_TYPE_EDKEY); | 399 | htonl (sizeof(struct GNRBlockPS) |
397 | edblock->purpose.size = htonl (sizeof(uint32_t) | 400 | + payload_len |
398 | + payload_len | 401 | + crypto_secretbox_MACBYTES); |
399 | + sizeof(struct | 402 | gnr_block->purpose.purpose = |
400 | GNUNET_CRYPTO_EccSignaturePurpose) | 403 | htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN); |
401 | + sizeof(struct GNUNET_TIME_AbsoluteNBO) | 404 | gnr_block->expiration_time = GNUNET_TIME_absolute_hton (expire); |
402 | + crypto_secretbox_MACBYTES); | 405 | edblock->expiration_time = gnr_block->expiration_time; |
403 | edblock->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN); | ||
404 | edblock->expiration_time = GNUNET_TIME_absolute_hton (expire); | ||
405 | /* encrypt and sign */ | 406 | /* encrypt and sign */ |
406 | GNUNET_CRYPTO_eddsa_private_key_derive (key, | 407 | GNUNET_CRYPTO_eddsa_private_key_derive (key, |
407 | label, | 408 | label, |
@@ -409,45 +410,63 @@ block_create_eddsa (const struct GNUNET_CRYPTO_EddsaPrivateKey *key, | |||
409 | &dkey); | 410 | &dkey); |
410 | GNUNET_CRYPTO_eddsa_key_get_public_from_scalar (&dkey, | 411 | GNUNET_CRYPTO_eddsa_key_get_public_from_scalar (&dkey, |
411 | &edblock->derived_key); | 412 | &edblock->derived_key); |
412 | derive_block_xsalsa_key (nonce, | 413 | GNR_derive_block_xsalsa_key (nonce, |
413 | skey, | 414 | skey, |
414 | label, | 415 | label, |
415 | edblock->expiration_time.abs_value_us__, | 416 | edblock->expiration_time.abs_value_us__, |
416 | pkey); | 417 | pkey); |
417 | GNUNET_break (GNUNET_OK == | 418 | GNUNET_break (GNUNET_OK == |
418 | eddsa_symmetric_encrypt (payload, | 419 | eddsa_symmetric_encrypt (payload, |
419 | payload_len | 420 | payload_len, |
420 | + sizeof(uint32_t), | ||
421 | skey, | 421 | skey, |
422 | nonce, | 422 | nonce, |
423 | &edblock[1])); | 423 | &edblock[1])); |
424 | GNUNET_memcpy (&gnr_block[1], &edblock[1], | ||
425 | payload_len + crypto_secretbox_MACBYTES); | ||
426 | |||
427 | GNUNET_CRYPTO_eddsa_sign_with_scalar (&dkey, | ||
428 | &gnr_block->purpose, | ||
429 | &edblock->signature); | ||
424 | } | 430 | } |
425 | GNUNET_CRYPTO_eddsa_sign_with_scalar (&dkey, | 431 | return GNUNET_OK; |
426 | &edblock->purpose, | ||
427 | &edblock->signature); | ||
428 | return block; | ||
429 | } | 432 | } |
430 | 433 | ||
434 | ssize_t | ||
435 | GNUNET_GNSRECORD_block_calculate_size (const struct | ||
436 | GNUNET_IDENTITY_PrivateKey *key, | ||
437 | const struct GNUNET_GNSRECORD_Data *rd, | ||
438 | unsigned int rd_count) | ||
439 | { | ||
440 | struct GNUNET_IDENTITY_PublicKey pkey; | ||
441 | ssize_t res; | ||
431 | 442 | ||
432 | /** | 443 | GNUNET_IDENTITY_key_get_public (key, |
433 | * Sign name and records | 444 | &pkey); |
434 | * | 445 | switch (ntohl (key->type)) |
435 | * @param key the private key | 446 | { |
436 | * @param expire block expiration | 447 | case GNUNET_GNSRECORD_TYPE_PKEY: |
437 | * @param label the name for the records | 448 | res = block_get_size_ecdsa (rd, rd_count); |
438 | * @param rd record data | 449 | break; |
439 | * @param rd_count number of records | 450 | case GNUNET_GNSRECORD_TYPE_EDKEY: |
440 | * @return NULL on error (block too large) | 451 | res = block_get_size_eddsa (rd, rd_count); |
441 | */ | 452 | break; |
442 | struct GNUNET_GNSRECORD_Block * | 453 | default: |
454 | GNUNET_assert (0); | ||
455 | } | ||
456 | return -1; | ||
457 | |||
458 | } | ||
459 | |||
460 | enum GNUNET_GenericReturnValue | ||
443 | GNUNET_GNSRECORD_block_create (const struct GNUNET_IDENTITY_PrivateKey *key, | 461 | GNUNET_GNSRECORD_block_create (const struct GNUNET_IDENTITY_PrivateKey *key, |
444 | struct GNUNET_TIME_Absolute expire, | 462 | struct GNUNET_TIME_Absolute expire, |
445 | const char *label, | 463 | const char *label, |
446 | const struct GNUNET_GNSRECORD_Data *rd, | 464 | const struct GNUNET_GNSRECORD_Data *rd, |
447 | unsigned int rd_count) | 465 | unsigned int rd_count, |
466 | struct GNUNET_GNSRECORD_Block **result) | ||
448 | { | 467 | { |
449 | struct GNUNET_IDENTITY_PublicKey pkey; | 468 | struct GNUNET_IDENTITY_PublicKey pkey; |
450 | struct GNUNET_GNSRECORD_Block *res = NULL; | 469 | enum GNUNET_GenericReturnValue res = GNUNET_SYSERR; |
451 | char *norm_label; | 470 | char *norm_label; |
452 | 471 | ||
453 | GNUNET_IDENTITY_key_get_public (key, | 472 | GNUNET_IDENTITY_key_get_public (key, |
@@ -456,24 +475,26 @@ GNUNET_GNSRECORD_block_create (const struct GNUNET_IDENTITY_PrivateKey *key, | |||
456 | 475 | ||
457 | switch (ntohl (key->type)) | 476 | switch (ntohl (key->type)) |
458 | { | 477 | { |
459 | case GNUNET_GNSRECORD_TYPE_PKEY: | 478 | case GNUNET_GNSRECORD_TYPE_PKEY: |
460 | res = block_create_ecdsa (&key->ecdsa_key, | 479 | res = block_create_ecdsa (&key->ecdsa_key, |
461 | &pkey.ecdsa_key, | 480 | &pkey.ecdsa_key, |
462 | expire, | 481 | expire, |
463 | norm_label, | 482 | norm_label, |
464 | rd, | 483 | rd, |
465 | rd_count); | 484 | rd_count, |
466 | break; | 485 | result); |
467 | case GNUNET_GNSRECORD_TYPE_EDKEY: | 486 | break; |
468 | res = block_create_eddsa (&key->eddsa_key, | 487 | case GNUNET_GNSRECORD_TYPE_EDKEY: |
469 | &pkey.eddsa_key, | 488 | res = block_create_eddsa (&key->eddsa_key, |
470 | expire, | 489 | &pkey.eddsa_key, |
471 | norm_label, | 490 | expire, |
472 | rd, | 491 | norm_label, |
473 | rd_count); | 492 | rd, |
474 | break; | 493 | rd_count, |
475 | default: | 494 | result); |
476 | GNUNET_assert (0); | 495 | break; |
496 | default: | ||
497 | GNUNET_assert (0); | ||
477 | } | 498 | } |
478 | GNUNET_free (norm_label); | 499 | GNUNET_free (norm_label); |
479 | return res; | 500 | return res; |
@@ -497,28 +518,17 @@ struct KeyCacheLine | |||
497 | }; | 518 | }; |
498 | 519 | ||
499 | 520 | ||
500 | /** | 521 | enum GNUNET_GenericReturnValue |
501 | * Sign name and records, cache derived public key (also keeps the | ||
502 | * private key in static memory, so do not use this function if | ||
503 | * keeping the private key in the process'es RAM is a major issue). | ||
504 | * | ||
505 | * @param key the private key | ||
506 | * @param expire block expiration | ||
507 | * @param label the name for the records | ||
508 | * @param rd record data | ||
509 | * @param rd_count number of records | ||
510 | * @return NULL on error (block too large) | ||
511 | */ | ||
512 | struct GNUNET_GNSRECORD_Block * | ||
513 | GNUNET_GNSRECORD_block_create2 (const struct GNUNET_IDENTITY_PrivateKey *pkey, | 522 | GNUNET_GNSRECORD_block_create2 (const struct GNUNET_IDENTITY_PrivateKey *pkey, |
514 | struct GNUNET_TIME_Absolute expire, | 523 | struct GNUNET_TIME_Absolute expire, |
515 | const char *label, | 524 | const char *label, |
516 | const struct GNUNET_GNSRECORD_Data *rd, | 525 | const struct GNUNET_GNSRECORD_Data *rd, |
517 | unsigned int rd_count) | 526 | unsigned int rd_count, |
527 | struct GNUNET_GNSRECORD_Block **result) | ||
518 | { | 528 | { |
519 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *key; | 529 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *key; |
520 | struct GNUNET_CRYPTO_EddsaPublicKey edpubkey; | 530 | struct GNUNET_CRYPTO_EddsaPublicKey edpubkey; |
521 | struct GNUNET_GNSRECORD_Block *res = NULL; | 531 | enum GNUNET_GenericReturnValue res = GNUNET_SYSERR; |
522 | char *norm_label; | 532 | char *norm_label; |
523 | 533 | ||
524 | norm_label = GNUNET_GNSRECORD_string_normalize (label); | 534 | norm_label = GNUNET_GNSRECORD_string_normalize (label); |
@@ -546,7 +556,8 @@ GNUNET_GNSRECORD_block_create2 (const struct GNUNET_IDENTITY_PrivateKey *pkey, | |||
546 | expire, | 556 | expire, |
547 | norm_label, | 557 | norm_label, |
548 | rd, | 558 | rd, |
549 | rd_count); | 559 | rd_count, |
560 | result); | ||
550 | } | 561 | } |
551 | else if (GNUNET_IDENTITY_TYPE_EDDSA == ntohl (pkey->type)) | 562 | else if (GNUNET_IDENTITY_TYPE_EDDSA == ntohl (pkey->type)) |
552 | { | 563 | { |
@@ -557,7 +568,8 @@ GNUNET_GNSRECORD_block_create2 (const struct GNUNET_IDENTITY_PrivateKey *pkey, | |||
557 | expire, | 568 | expire, |
558 | norm_label, | 569 | norm_label, |
559 | rd, | 570 | rd, |
560 | rd_count); | 571 | rd_count, |
572 | result); | ||
561 | } | 573 | } |
562 | GNUNET_free (norm_label); | 574 | GNUNET_free (norm_label); |
563 | return res; | 575 | return res; |
@@ -574,64 +586,76 @@ GNUNET_GNSRECORD_block_create2 (const struct GNUNET_IDENTITY_PrivateKey *pkey, | |||
574 | enum GNUNET_GenericReturnValue | 586 | enum GNUNET_GenericReturnValue |
575 | GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block) | 587 | GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block) |
576 | { | 588 | { |
589 | struct GNRBlockPS *purp; | ||
590 | size_t payload_len = ntohl (block->size) | ||
591 | - sizeof (struct GNUNET_GNSRECORD_Block); | ||
592 | enum GNUNET_GenericReturnValue res = GNUNET_NO; | ||
593 | purp = GNUNET_malloc (sizeof (struct GNRBlockPS) + payload_len); | ||
594 | purp->purpose.size = htonl (sizeof (struct GNRBlockPS) + payload_len); | ||
595 | purp->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN); | ||
596 | GNUNET_memcpy (&purp[1], &block[1], payload_len); | ||
597 | |||
577 | switch (ntohl (block->type)) | 598 | switch (ntohl (block->type)) |
578 | { | 599 | { |
579 | case GNUNET_GNSRECORD_TYPE_PKEY: | 600 | case GNUNET_GNSRECORD_TYPE_PKEY: |
580 | return GNUNET_CRYPTO_ecdsa_verify_ ( | 601 | purp->expiration_time = block->ecdsa_block.expiration_time; |
581 | GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN, | 602 | res = GNUNET_CRYPTO_ecdsa_verify_ ( |
582 | &block->ecdsa_block.purpose, | 603 | GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN, |
583 | &block->ecdsa_block.signature, | 604 | &purp->purpose, |
584 | &block->ecdsa_block.derived_key); | 605 | &block->ecdsa_block.signature, |
585 | case GNUNET_GNSRECORD_TYPE_EDKEY: | 606 | &block->ecdsa_block.derived_key); |
586 | return GNUNET_CRYPTO_eddsa_verify_ ( | 607 | break; |
587 | GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN, | 608 | case GNUNET_GNSRECORD_TYPE_EDKEY: |
588 | &block->eddsa_block.purpose, | 609 | purp->expiration_time = block->eddsa_block.expiration_time; |
589 | &block->eddsa_block.signature, | 610 | res = GNUNET_CRYPTO_eddsa_verify_ ( |
590 | &block->eddsa_block.derived_key); | 611 | GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN, |
591 | default: | 612 | &purp->purpose, |
592 | return GNUNET_NO; | 613 | &block->eddsa_block.signature, |
614 | &block->eddsa_block.derived_key); | ||
615 | break; | ||
616 | default: | ||
617 | res = GNUNET_NO; | ||
593 | } | 618 | } |
619 | GNUNET_free (purp); | ||
620 | return res; | ||
594 | } | 621 | } |
595 | 622 | ||
596 | 623 | ||
597 | enum GNUNET_GenericReturnValue | 624 | enum GNUNET_GenericReturnValue |
598 | block_decrypt_ecdsa (const struct GNUNET_GNSRECORD_EcdsaBlock *block, | 625 | block_decrypt_ecdsa (const struct GNUNET_GNSRECORD_Block *block, |
599 | const struct | 626 | const struct |
600 | GNUNET_CRYPTO_EcdsaPublicKey *zone_key, | 627 | GNUNET_CRYPTO_EcdsaPublicKey *zone_key, |
601 | const char *label, | 628 | const char *label, |
602 | GNUNET_GNSRECORD_RecordCallback proc, | 629 | GNUNET_GNSRECORD_RecordCallback proc, |
603 | void *proc_cls) | 630 | void *proc_cls) |
604 | { | 631 | { |
605 | size_t payload_len = ntohl (block->purpose.size) | 632 | size_t payload_len = ntohl (block->size) - sizeof (struct |
606 | - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | 633 | GNUNET_GNSRECORD_Block); |
607 | - sizeof(struct GNUNET_TIME_AbsoluteNBO); | ||
608 | unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2]; | 634 | unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2]; |
609 | unsigned char key[GNUNET_CRYPTO_AES_KEY_LENGTH]; | 635 | unsigned char key[GNUNET_CRYPTO_AES_KEY_LENGTH]; |
610 | 636 | ||
611 | if (ntohl (block->purpose.size) < | 637 | if (ntohl (block->size) < |
612 | sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | 638 | sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) |
613 | + sizeof(struct GNUNET_TIME_AbsoluteNBO)) | 639 | + sizeof(struct GNUNET_TIME_AbsoluteNBO)) |
614 | { | 640 | { |
615 | GNUNET_break_op (0); | 641 | GNUNET_break_op (0); |
616 | return GNUNET_SYSERR; | 642 | return GNUNET_SYSERR; |
617 | } | 643 | } |
618 | derive_block_aes_key (ctr, | 644 | GNR_derive_block_aes_key (ctr, |
619 | key, | 645 | key, |
620 | label, | 646 | label, |
621 | block->expiration_time.abs_value_us__, | 647 | block->ecdsa_block.expiration_time.abs_value_us__, |
622 | zone_key); | 648 | zone_key); |
623 | { | 649 | { |
624 | char payload[payload_len]; | 650 | char payload[payload_len]; |
625 | uint32_t rd_count; | 651 | unsigned int rd_count; |
626 | 652 | ||
627 | GNUNET_break (payload_len == | 653 | GNUNET_break (payload_len == |
628 | ecdsa_symmetric_decrypt (&block[1], payload_len, | 654 | ecdsa_symmetric_decrypt (&block[1], payload_len, |
629 | key, ctr, | 655 | key, ctr, |
630 | payload)); | 656 | payload)); |
631 | GNUNET_memcpy (&rd_count, | 657 | rd_count = GNUNET_GNSRECORD_records_deserialize_get_size (payload_len, |
632 | payload, | 658 | payload); |
633 | sizeof(uint32_t)); | ||
634 | rd_count = ntohl (rd_count); | ||
635 | if (rd_count > 2048) | 659 | if (rd_count > 2048) |
636 | { | 660 | { |
637 | /* limit to sane value */ | 661 | /* limit to sane value */ |
@@ -644,8 +668,8 @@ block_decrypt_ecdsa (const struct GNUNET_GNSRECORD_EcdsaBlock *block, | |||
644 | struct GNUNET_TIME_Absolute now; | 668 | struct GNUNET_TIME_Absolute now; |
645 | 669 | ||
646 | if (GNUNET_OK != | 670 | if (GNUNET_OK != |
647 | GNUNET_GNSRECORD_records_deserialize (payload_len - sizeof(uint32_t), | 671 | GNUNET_GNSRECORD_records_deserialize (payload_len, |
648 | &payload[sizeof(uint32_t)], | 672 | payload, |
649 | rd_count, | 673 | rd_count, |
650 | rd)) | 674 | rd)) |
651 | { | 675 | { |
@@ -723,43 +747,42 @@ block_decrypt_ecdsa (const struct GNUNET_GNSRECORD_EcdsaBlock *block, | |||
723 | 747 | ||
724 | 748 | ||
725 | enum GNUNET_GenericReturnValue | 749 | enum GNUNET_GenericReturnValue |
726 | block_decrypt_eddsa (const struct GNUNET_GNSRECORD_EddsaBlock *block, | 750 | block_decrypt_eddsa (const struct GNUNET_GNSRECORD_Block *block, |
727 | const struct | 751 | const struct |
728 | GNUNET_CRYPTO_EddsaPublicKey *zone_key, | 752 | GNUNET_CRYPTO_EddsaPublicKey *zone_key, |
729 | const char *label, | 753 | const char *label, |
730 | GNUNET_GNSRECORD_RecordCallback proc, | 754 | GNUNET_GNSRECORD_RecordCallback proc, |
731 | void *proc_cls) | 755 | void *proc_cls) |
732 | { | 756 | { |
733 | size_t payload_len = ntohl (block->purpose.size) | 757 | const struct GNUNET_GNSRECORD_EddsaBlock *edblock = &block->eddsa_block; |
734 | - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | 758 | size_t payload_len = ntohl (block->size) - sizeof (struct |
735 | - sizeof(struct GNUNET_TIME_AbsoluteNBO); | 759 | GNUNET_GNSRECORD_Block); |
736 | unsigned char nonce[crypto_secretbox_NONCEBYTES]; | 760 | unsigned char nonce[crypto_secretbox_NONCEBYTES]; |
737 | unsigned char key[crypto_secretbox_KEYBYTES]; | 761 | unsigned char key[crypto_secretbox_KEYBYTES]; |
738 | 762 | ||
739 | if (ntohl (block->purpose.size) < | 763 | if (ntohl (block->size) < |
740 | sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | 764 | sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) |
741 | + sizeof(struct GNUNET_TIME_AbsoluteNBO)) | 765 | + sizeof(struct GNUNET_TIME_AbsoluteNBO)) |
742 | { | 766 | { |
743 | GNUNET_break_op (0); | 767 | GNUNET_break_op (0); |
744 | return GNUNET_SYSERR; | 768 | return GNUNET_SYSERR; |
745 | } | 769 | } |
746 | derive_block_xsalsa_key (nonce, | 770 | GNR_derive_block_xsalsa_key (nonce, |
747 | key, | 771 | key, |
748 | label, | 772 | label, |
749 | block->expiration_time.abs_value_us__, | 773 | block->eddsa_block.expiration_time.abs_value_us__, |
750 | zone_key); | 774 | zone_key); |
751 | { | 775 | { |
752 | char payload[payload_len]; | 776 | char payload[payload_len]; |
753 | uint32_t rd_count; | 777 | unsigned int rd_count; |
754 | 778 | ||
755 | GNUNET_break (GNUNET_OK == | 779 | GNUNET_break (GNUNET_OK == |
756 | eddsa_symmetric_decrypt (&block[1], payload_len, | 780 | eddsa_symmetric_decrypt (&block[1], payload_len, |
757 | key, nonce, | 781 | key, nonce, |
758 | payload)); | 782 | payload)); |
759 | GNUNET_memcpy (&rd_count, | 783 | payload_len -= crypto_secretbox_MACBYTES; |
760 | payload, | 784 | rd_count = GNUNET_GNSRECORD_records_deserialize_get_size (payload_len, |
761 | sizeof(uint32_t)); | 785 | payload); |
762 | rd_count = ntohl (rd_count); | ||
763 | if (rd_count > 2048) | 786 | if (rd_count > 2048) |
764 | { | 787 | { |
765 | /* limit to sane value */ | 788 | /* limit to sane value */ |
@@ -772,8 +795,8 @@ block_decrypt_eddsa (const struct GNUNET_GNSRECORD_EddsaBlock *block, | |||
772 | struct GNUNET_TIME_Absolute now; | 795 | struct GNUNET_TIME_Absolute now; |
773 | 796 | ||
774 | if (GNUNET_OK != | 797 | if (GNUNET_OK != |
775 | GNUNET_GNSRECORD_records_deserialize (payload_len - sizeof(uint32_t), | 798 | GNUNET_GNSRECORD_records_deserialize (payload_len, |
776 | &payload[sizeof(uint32_t)], | 799 | payload, |
777 | rd_count, | 800 | rd_count, |
778 | rd)) | 801 | rd)) |
779 | { | 802 | { |
@@ -875,16 +898,18 @@ GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block, | |||
875 | norm_label = GNUNET_GNSRECORD_string_normalize (label); | 898 | norm_label = GNUNET_GNSRECORD_string_normalize (label); |
876 | switch (ntohl (zone_key->type)) | 899 | switch (ntohl (zone_key->type)) |
877 | { | 900 | { |
878 | case GNUNET_IDENTITY_TYPE_ECDSA: | 901 | case GNUNET_IDENTITY_TYPE_ECDSA: |
879 | res = block_decrypt_ecdsa (&block->ecdsa_block, | 902 | res = block_decrypt_ecdsa (block, |
880 | &zone_key->ecdsa_key, norm_label, proc, proc_cls); | 903 | &zone_key->ecdsa_key, norm_label, proc, |
881 | break; | 904 | proc_cls); |
882 | case GNUNET_IDENTITY_TYPE_EDDSA: | 905 | break; |
883 | res = block_decrypt_eddsa (&block->eddsa_block, | 906 | case GNUNET_IDENTITY_TYPE_EDDSA: |
884 | &zone_key->eddsa_key, norm_label, proc, proc_cls); | 907 | res = block_decrypt_eddsa (block, |
885 | break; | 908 | &zone_key->eddsa_key, norm_label, proc, |
886 | default: | 909 | proc_cls); |
887 | return GNUNET_SYSERR; | 910 | break; |
911 | default: | ||
912 | return GNUNET_SYSERR; | ||
888 | } | 913 | } |
889 | GNUNET_free (norm_label); | 914 | GNUNET_free (norm_label); |
890 | return res; | 915 | return res; |
@@ -910,17 +935,17 @@ GNUNET_GNSRECORD_query_from_private_key (const struct | |||
910 | norm_label = GNUNET_GNSRECORD_string_normalize (label); | 935 | norm_label = GNUNET_GNSRECORD_string_normalize (label); |
911 | switch (ntohl (zone->type)) | 936 | switch (ntohl (zone->type)) |
912 | { | 937 | { |
913 | case GNUNET_GNSRECORD_TYPE_PKEY: | 938 | case GNUNET_GNSRECORD_TYPE_PKEY: |
914 | case GNUNET_GNSRECORD_TYPE_EDKEY: | 939 | case GNUNET_GNSRECORD_TYPE_EDKEY: |
915 | 940 | ||
916 | GNUNET_IDENTITY_key_get_public (zone, | 941 | GNUNET_IDENTITY_key_get_public (zone, |
917 | &pub); | 942 | &pub); |
918 | GNUNET_GNSRECORD_query_from_public_key (&pub, | 943 | GNUNET_GNSRECORD_query_from_public_key (&pub, |
919 | norm_label, | 944 | norm_label, |
920 | query); | 945 | query); |
921 | break; | 946 | break; |
922 | default: | 947 | default: |
923 | GNUNET_assert (0); | 948 | GNUNET_assert (0); |
924 | } | 949 | } |
925 | GNUNET_free (norm_label); | 950 | GNUNET_free (norm_label); |
926 | } | 951 | } |
@@ -947,28 +972,28 @@ GNUNET_GNSRECORD_query_from_public_key (const struct | |||
947 | 972 | ||
948 | switch (ntohl (pub->type)) | 973 | switch (ntohl (pub->type)) |
949 | { | 974 | { |
950 | case GNUNET_GNSRECORD_TYPE_PKEY: | 975 | case GNUNET_GNSRECORD_TYPE_PKEY: |
951 | pd.type = pub->type; | 976 | pd.type = pub->type; |
952 | GNUNET_CRYPTO_ecdsa_public_key_derive (&pub->ecdsa_key, | 977 | GNUNET_CRYPTO_ecdsa_public_key_derive (&pub->ecdsa_key, |
953 | norm_label, | 978 | norm_label, |
954 | "gns", | 979 | "gns", |
955 | &pd.ecdsa_key); | 980 | &pd.ecdsa_key); |
956 | GNUNET_CRYPTO_hash (&pd.ecdsa_key, | 981 | GNUNET_CRYPTO_hash (&pd.ecdsa_key, |
957 | sizeof (pd.ecdsa_key), | 982 | sizeof (pd.ecdsa_key), |
958 | query); | 983 | query); |
959 | break; | 984 | break; |
960 | case GNUNET_GNSRECORD_TYPE_EDKEY: | 985 | case GNUNET_GNSRECORD_TYPE_EDKEY: |
961 | pd.type = pub->type; | 986 | pd.type = pub->type; |
962 | GNUNET_CRYPTO_eddsa_public_key_derive (&pub->eddsa_key, | 987 | GNUNET_CRYPTO_eddsa_public_key_derive (&pub->eddsa_key, |
963 | norm_label, | 988 | norm_label, |
964 | "gns", | 989 | "gns", |
965 | &(pd.eddsa_key)); | 990 | &(pd.eddsa_key)); |
966 | GNUNET_CRYPTO_hash (&pd.eddsa_key, | 991 | GNUNET_CRYPTO_hash (&pd.eddsa_key, |
967 | sizeof (pd.eddsa_key), | 992 | sizeof (pd.eddsa_key), |
968 | query); | 993 | query); |
969 | break; | 994 | break; |
970 | default: | 995 | default: |
971 | GNUNET_assert (0); | 996 | GNUNET_assert (0); |
972 | } | 997 | } |
973 | GNUNET_free (norm_label); | 998 | GNUNET_free (norm_label); |
974 | } | 999 | } |
diff --git a/src/gnsrecord/gnsrecord_crypto.h b/src/gnsrecord/gnsrecord_crypto.h new file mode 100644 index 000000000..79a7e6fb9 --- /dev/null +++ b/src/gnsrecord/gnsrecord_crypto.h | |||
@@ -0,0 +1,87 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2009-2013, 2018 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file gnsrecord/gnsrecord_crypto.h | ||
23 | * @brief API for GNS record-related crypto | ||
24 | * @author Martin Schanzenbach | ||
25 | * @author Matthias Wachs | ||
26 | * @author Christian Grothoff | ||
27 | */ | ||
28 | #include "platform.h" | ||
29 | #include "gnunet_util_lib.h" | ||
30 | #include "gnunet_constants.h" | ||
31 | #include "gnunet_signatures.h" | ||
32 | #include "gnunet_arm_service.h" | ||
33 | #include "gnunet_gnsrecord_lib.h" | ||
34 | #include "gnunet_dnsparser_lib.h" | ||
35 | #include "gnunet_tun_lib.h" | ||
36 | |||
37 | /** | ||
38 | * Information we have in an encrypted block with record data (i.e. in the DHT). | ||
39 | */ | ||
40 | struct GNRBlockPS | ||
41 | { | ||
42 | /** | ||
43 | * Number of bytes signed; also specifies the number of bytes | ||
44 | * of encrypted data that follow. | ||
45 | */ | ||
46 | struct GNUNET_CRYPTO_EccSignaturePurpose purpose; | ||
47 | |||
48 | /** | ||
49 | * Expiration time of the block. | ||
50 | */ | ||
51 | struct GNUNET_TIME_AbsoluteNBO expiration_time; | ||
52 | |||
53 | /* followed by encrypted data */ | ||
54 | }; | ||
55 | |||
56 | |||
57 | /** | ||
58 | * Derive session key and iv from label and public key. | ||
59 | * | ||
60 | * @param iv initialization vector to initialize | ||
61 | * @param skey session key to initialize | ||
62 | * @param label label to use for KDF | ||
63 | * @param pub public key to use for KDF | ||
64 | */ | ||
65 | void | ||
66 | GNR_derive_block_aes_key (unsigned char *ctr, | ||
67 | unsigned char *key, | ||
68 | const char *label, | ||
69 | uint64_t exp, | ||
70 | const struct GNUNET_CRYPTO_EcdsaPublicKey *pub); | ||
71 | |||
72 | |||
73 | /** | ||
74 | * Derive session key and iv from label and public key. | ||
75 | * | ||
76 | * @param nonce initialization vector to initialize | ||
77 | * @param skey session key to initialize | ||
78 | * @param label label to use for KDF | ||
79 | * @param pub public key to use for KDF | ||
80 | */ | ||
81 | void | ||
82 | GNR_derive_block_xsalsa_key (unsigned char *nonce, | ||
83 | unsigned char *key, | ||
84 | const char *label, | ||
85 | uint64_t exp, | ||
86 | const struct GNUNET_CRYPTO_EddsaPublicKey *pub); | ||
87 | |||
diff --git a/src/gnsrecord/gnsrecord_misc.c b/src/gnsrecord/gnsrecord_misc.c index c6f07ccd0..61604c730 100644 --- a/src/gnsrecord/gnsrecord_misc.c +++ b/src/gnsrecord/gnsrecord_misc.c | |||
@@ -334,24 +334,7 @@ GNUNET_GNSRECORD_is_zonekey_type (uint32_t type) | |||
334 | size_t | 334 | size_t |
335 | GNUNET_GNSRECORD_block_get_size (const struct GNUNET_GNSRECORD_Block *block) | 335 | GNUNET_GNSRECORD_block_get_size (const struct GNUNET_GNSRECORD_Block *block) |
336 | { | 336 | { |
337 | switch (ntohl (block->type)) | 337 | return ntohl (block->size); |
338 | { | ||
339 | case GNUNET_GNSRECORD_TYPE_PKEY: | ||
340 | return sizeof (uint32_t) /* zone type */ | ||
341 | + sizeof (block->ecdsa_block) /* EcdsaBlock */ | ||
342 | + ntohl (block->ecdsa_block.purpose.size) /* Length of signed data */ | ||
343 | - sizeof (block->ecdsa_block.purpose); /* Purpose already in EcdsaBlock */ | ||
344 | break; | ||
345 | case GNUNET_GNSRECORD_TYPE_EDKEY: | ||
346 | return sizeof (uint32_t) /* zone type */ | ||
347 | + sizeof (block->eddsa_block) /* EddsaBlock */ | ||
348 | + ntohl (block->eddsa_block.purpose.size) /* Length of signed data */ | ||
349 | - sizeof (block->ecdsa_block.purpose); /* Purpose already in EcdsaBlock */ | ||
350 | |||
351 | default: | ||
352 | return 0; | ||
353 | } | ||
354 | return 0; | ||
355 | } | 338 | } |
356 | 339 | ||
357 | 340 | ||
diff --git a/src/gnsrecord/gnsrecord_serialization.c b/src/gnsrecord/gnsrecord_serialization.c index cb6957605..eaa3a9ab2 100644 --- a/src/gnsrecord/gnsrecord_serialization.c +++ b/src/gnsrecord/gnsrecord_serialization.c | |||
@@ -60,17 +60,18 @@ struct NetworkRecord | |||
60 | /** | 60 | /** |
61 | * Number of bytes in 'data', network byte order. | 61 | * Number of bytes in 'data', network byte order. |
62 | */ | 62 | */ |
63 | uint32_t data_size GNUNET_PACKED; | 63 | uint16_t data_size GNUNET_PACKED; |
64 | 64 | ||
65 | /** | 65 | /** |
66 | * Type of the GNS/DNS record, network byte order. | 66 | * Flags for the record, network byte order. |
67 | */ | 67 | */ |
68 | uint32_t record_type GNUNET_PACKED; | 68 | uint16_t flags GNUNET_PACKED; |
69 | 69 | ||
70 | /** | 70 | /** |
71 | * Flags for the record, network byte order. | 71 | * Type of the GNS/DNS record, network byte order. |
72 | */ | 72 | */ |
73 | uint32_t flags GNUNET_PACKED; | 73 | uint32_t record_type GNUNET_PACKED; |
74 | |||
74 | }; | 75 | }; |
75 | 76 | ||
76 | GNUNET_NETWORK_STRUCT_END | 77 | GNUNET_NETWORK_STRUCT_END |
@@ -169,9 +170,9 @@ GNUNET_GNSRECORD_records_serialize (unsigned int rd_count, | |||
169 | rd[i].flags, | 170 | rd[i].flags, |
170 | (unsigned long long) rd[i].expiration_time); | 171 | (unsigned long long) rd[i].expiration_time); |
171 | rec.expiration_time = GNUNET_htonll (rd[i].expiration_time); | 172 | rec.expiration_time = GNUNET_htonll (rd[i].expiration_time); |
172 | rec.data_size = htonl ((uint32_t) rd[i].data_size); | 173 | rec.data_size = htons ((uint16_t) rd[i].data_size); |
173 | rec.record_type = htonl (rd[i].record_type); | 174 | rec.record_type = htonl (rd[i].record_type); |
174 | rec.flags = htonl (rd[i].flags); | 175 | rec.flags = htons (rd[i].flags); |
175 | if ((off + sizeof(rec) > dest_size) || | 176 | if ((off + sizeof(rec) > dest_size) || |
176 | (off + sizeof(rec) < off)) | 177 | (off + sizeof(rec) < off)) |
177 | { | 178 | { |
@@ -214,13 +215,48 @@ GNUNET_GNSRECORD_records_serialize (unsigned int rd_count, | |||
214 | return dest_size; | 215 | return dest_size; |
215 | } | 216 | } |
216 | 217 | ||
218 | unsigned int | ||
219 | GNUNET_GNSRECORD_records_deserialize_get_size (size_t len, | ||
220 | const char *src) | ||
221 | { | ||
222 | struct NetworkRecord rec; | ||
223 | struct NetworkRecord rec_zero; | ||
224 | size_t off; | ||
225 | unsigned int rd_count = 0; | ||
226 | |||
227 | memset (&rec_zero, 0, sizeof (rec_zero)); | ||
228 | |||
229 | off = 0; | ||
230 | for (off = 0; (off + sizeof(rec) <= len) && (off + sizeof(rec) >= off);) | ||
231 | { | ||
232 | /* | ||
233 | * If we have found a byte string of zeroes, we have reached | ||
234 | * the padding | ||
235 | */ | ||
236 | if (0 == GNUNET_memcmp (&rec, &rec_zero)) | ||
237 | break; | ||
238 | GNUNET_memcpy (&rec, | ||
239 | &src[off], | ||
240 | sizeof(rec)); | ||
241 | off += sizeof(rec); | ||
242 | if ((off + ntohs ((uint16_t) rec.data_size) > len) || | ||
243 | (off + ntohs ((uint16_t) rec.data_size) < off)) | ||
244 | { | ||
245 | GNUNET_break_op (0); | ||
246 | return 0; | ||
247 | } | ||
248 | off += ntohs ((uint16_t) rec.data_size); | ||
249 | rd_count++; | ||
250 | } | ||
251 | return rd_count; | ||
252 | } | ||
217 | 253 | ||
218 | /** | 254 | /** |
219 | * Deserialize the given records to the given destination. | 255 | * Deserialize the given records to the given destination. |
220 | * | 256 | * |
221 | * @param len size of the serialized record data | 257 | * @param len size of the serialized record data |
222 | * @param src the serialized record data | 258 | * @param src the serialized record data |
223 | * @param rd_count number of records in the rd array | 259 | * @param rd_count number of records parsed |
224 | * @param dest where to put the data | 260 | * @param dest where to put the data |
225 | * @return #GNUNET_OK on success, #GNUNET_SYSERR on error | 261 | * @return #GNUNET_OK on success, #GNUNET_SYSERR on error |
226 | */ | 262 | */ |
@@ -246,9 +282,9 @@ GNUNET_GNSRECORD_records_deserialize (size_t len, | |||
246 | &src[off], | 282 | &src[off], |
247 | sizeof(rec)); | 283 | sizeof(rec)); |
248 | dest[i].expiration_time = GNUNET_ntohll (rec.expiration_time); | 284 | dest[i].expiration_time = GNUNET_ntohll (rec.expiration_time); |
249 | dest[i].data_size = ntohl ((uint32_t) rec.data_size); | 285 | dest[i].data_size = ntohs ((uint16_t) rec.data_size); |
250 | dest[i].record_type = ntohl (rec.record_type); | 286 | dest[i].record_type = ntohl (rec.record_type); |
251 | dest[i].flags = ntohl (rec.flags); | 287 | dest[i].flags = ntohs (rec.flags); |
252 | off += sizeof(rec); | 288 | off += sizeof(rec); |
253 | if ((off + dest[i].data_size > len) || | 289 | if ((off + dest[i].data_size > len) || |
254 | (off + dest[i].data_size < off)) | 290 | (off + dest[i].data_size < off)) |
diff --git a/src/gnsrecord/gnunet-gnsrecord-tvg.c b/src/gnsrecord/gnunet-gnsrecord-tvg.c index 16a360bdc..f9b83e48b 100644 --- a/src/gnsrecord/gnunet-gnsrecord-tvg.c +++ b/src/gnsrecord/gnunet-gnsrecord-tvg.c | |||
@@ -31,15 +31,43 @@ | |||
31 | #include "gnunet_dnsparser_lib.h" | 31 | #include "gnunet_dnsparser_lib.h" |
32 | #include "gnunet_testing_lib.h" | 32 | #include "gnunet_testing_lib.h" |
33 | #include <inttypes.h> | 33 | #include <inttypes.h> |
34 | #include "gnsrecord_crypto.h" | ||
34 | 35 | ||
35 | #define TEST_RECORD_LABEL "test" | 36 | #define TEST_RECORD_LABEL "test" |
36 | #define TEST_RECORD_A "1.2.3.4" | 37 | #define TEST_RECORD_A "1.2.3.4" |
37 | #define TEST_RRCOUNT 2 | 38 | #define TEST_RRCOUNT 2 |
38 | 39 | ||
40 | static char *d_pkey = | ||
41 | "50d7b652a4efeadff37396909785e5952171a02178c8e7d450fa907925fafd98"; | ||
42 | |||
43 | static char *d_edkey = | ||
44 | "5af7020ee19160328832352bbc6a68a8d71a7cbe1b929969a7c66d415a0d8f65"; | ||
45 | |||
46 | int parsehex (char *src, char *dst, size_t dstlen, int invert) | ||
47 | { | ||
48 | char *line = src; | ||
49 | char *data = line; | ||
50 | int off; | ||
51 | int read_byte; | ||
52 | int data_len = 0; | ||
53 | |||
54 | while (sscanf (data, " %02x%n", &read_byte, &off) == 1) | ||
55 | { | ||
56 | if (invert) | ||
57 | dst[dstlen - 1 - data_len++] = read_byte; | ||
58 | else | ||
59 | dst[data_len++] = read_byte; | ||
60 | data += off; | ||
61 | } | ||
62 | return data_len; | ||
63 | } | ||
64 | |||
65 | |||
39 | static void | 66 | static void |
40 | print_bytes (void *buf, | 67 | print_bytes_ (void *buf, |
41 | size_t buf_len, | 68 | size_t buf_len, |
42 | int fold) | 69 | int fold, |
70 | int in_be) | ||
43 | { | 71 | { |
44 | int i; | 72 | int i; |
45 | 73 | ||
@@ -47,11 +75,22 @@ print_bytes (void *buf, | |||
47 | { | 75 | { |
48 | if ((0 != i) && (0 != fold) && (i % fold == 0)) | 76 | if ((0 != i) && (0 != fold) && (i % fold == 0)) |
49 | printf ("\n"); | 77 | printf ("\n"); |
50 | printf ("%02x", ((unsigned char*) buf)[i]); | 78 | if (in_be) |
79 | printf ("%02x", ((unsigned char*) buf)[buf_len - 1 - i]); | ||
80 | else | ||
81 | printf ("%02x", ((unsigned char*) buf)[i]); | ||
51 | } | 82 | } |
52 | printf ("\n"); | 83 | printf ("\n"); |
53 | } | 84 | } |
54 | 85 | ||
86 | static void | ||
87 | print_bytes (void *buf, | ||
88 | size_t buf_len, | ||
89 | int fold) | ||
90 | { | ||
91 | print_bytes_ (buf, buf_len, fold, 0); | ||
92 | } | ||
93 | |||
55 | 94 | ||
56 | static void | 95 | static void |
57 | print_record (const struct GNUNET_GNSRECORD_Data *rd) | 96 | print_record (const struct GNUNET_GNSRECORD_Data *rd) |
@@ -84,28 +123,51 @@ static void | |||
84 | run_pkey (void) | 123 | run_pkey (void) |
85 | { | 124 | { |
86 | struct GNUNET_GNSRECORD_Data rd[2]; | 125 | struct GNUNET_GNSRECORD_Data rd[2]; |
87 | struct GNUNET_TIME_Absolute exp_abs = GNUNET_TIME_absolute_get (); | 126 | struct GNUNET_TIME_Absolute expire; |
127 | struct GNUNET_TIME_Absolute now = GNUNET_TIME_absolute_get (); | ||
128 | struct GNUNET_TIME_Absolute exp1; | ||
129 | struct GNUNET_TIME_Absolute exp2; | ||
130 | struct GNUNET_TIME_Relative delta1; | ||
131 | struct GNUNET_TIME_Relative delta2; | ||
88 | struct GNUNET_GNSRECORD_Block *rrblock; | 132 | struct GNUNET_GNSRECORD_Block *rrblock; |
89 | char *bdata; | 133 | char *bdata; |
90 | struct GNUNET_IDENTITY_PrivateKey id_priv; | 134 | struct GNUNET_IDENTITY_PrivateKey id_priv; |
91 | struct GNUNET_IDENTITY_PublicKey id_pub; | 135 | struct GNUNET_IDENTITY_PublicKey id_pub; |
92 | struct GNUNET_IDENTITY_PrivateKey pkey_data_p; | 136 | struct GNUNET_IDENTITY_PrivateKey pkey_data_p; |
93 | struct GNUNET_IDENTITY_PublicKey pkey_data; | 137 | struct GNUNET_IDENTITY_PublicKey pkey_data; |
138 | struct GNUNET_HashCode query; | ||
94 | void *data; | 139 | void *data; |
95 | size_t data_size; | 140 | size_t data_size; |
96 | char *rdata; | 141 | char *rdata; |
97 | size_t rdata_size; | 142 | size_t rdata_size; |
143 | uint32_t rd_count_nbo; | ||
98 | char ztld[128]; | 144 | char ztld[128]; |
145 | unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2]; | ||
146 | unsigned char skey[GNUNET_CRYPTO_AES_KEY_LENGTH]; | ||
147 | |||
148 | /* | ||
149 | * Make two different expiration times | ||
150 | */ | ||
151 | GNUNET_STRINGS_fancy_time_to_absolute ("2048-01-23 10:51:34", | ||
152 | &exp1); | ||
153 | GNUNET_STRINGS_fancy_time_to_absolute ("3540-05-22 07:55:01", | ||
154 | &exp2); | ||
155 | |||
99 | 156 | ||
100 | id_priv.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY); | 157 | id_priv.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY); |
101 | GNUNET_CRYPTO_ecdsa_key_create (&id_priv.ecdsa_key); | 158 | GNUNET_CRYPTO_ecdsa_key_create (&id_priv.ecdsa_key); |
159 | parsehex (d_pkey, | ||
160 | (char*) &id_priv.ecdsa_key, | ||
161 | sizeof (id_priv.ecdsa_key), 1); | ||
162 | |||
102 | GNUNET_IDENTITY_key_get_public (&id_priv, | 163 | GNUNET_IDENTITY_key_get_public (&id_priv, |
103 | &id_pub); | 164 | &id_pub); |
104 | fprintf (stdout, | 165 | fprintf (stdout, |
105 | "Zone private key (d, little-endian, with ztype prepended):\n"); | 166 | "Zone private key (d, big-endian):\n"); |
106 | print_bytes (&id_priv, GNUNET_IDENTITY_key_get_length (&id_pub), 8); // FIXME length for privkey? | 167 | print_bytes_ (&id_priv.ecdsa_key, |
168 | sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey), 8, 1); | ||
107 | fprintf (stdout, "\n"); | 169 | fprintf (stdout, "\n"); |
108 | fprintf (stdout, "Zone identifier (zid):\n"); | 170 | fprintf (stdout, "Zone identifier (ztype|zkey):\n"); |
109 | print_bytes (&id_pub, GNUNET_IDENTITY_key_get_length (&id_pub), 8); | 171 | print_bytes (&id_pub, GNUNET_IDENTITY_key_get_length (&id_pub), 8); |
110 | GNUNET_STRINGS_data_to_string (&id_pub, | 172 | GNUNET_STRINGS_data_to_string (&id_pub, |
111 | GNUNET_IDENTITY_key_get_length (&id_pub), | 173 | GNUNET_IDENTITY_key_get_length (&id_pub), |
@@ -127,20 +189,20 @@ run_pkey (void) | |||
127 | GNUNET_DNSPARSER_TYPE_A, TEST_RECORD_A, &data, &data_size)); | 189 | GNUNET_DNSPARSER_TYPE_A, TEST_RECORD_A, &data, &data_size)); |
128 | rd[0].data = data; | 190 | rd[0].data = data; |
129 | rd[0].data_size = data_size; | 191 | rd[0].data_size = data_size; |
130 | rd[0].expiration_time = exp_abs.abs_value_us; | 192 | rd[0].expiration_time = exp1.abs_value_us; |
131 | rd[0].record_type = GNUNET_DNSPARSER_TYPE_A; | 193 | rd[0].record_type = GNUNET_DNSPARSER_TYPE_A; |
132 | fprintf (stdout, "Record #0\n"); | 194 | fprintf (stdout, "Record #0\n"); |
133 | print_record (&rd[0]); | 195 | print_record (&rd[0]); |
134 | 196 | ||
135 | rd[1].data = &pkey_data; | 197 | rd[1].data = "Some nick"; |
136 | rd[1].data_size = sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey); | 198 | rd[1].data_size = sizeof (struct GNUNET_IDENTITY_PublicKey); |
137 | rd[1].expiration_time = exp_abs.abs_value_us; | 199 | rd[1].expiration_time = exp2.abs_value_us; |
138 | rd[1].record_type = GNUNET_GNSRECORD_TYPE_PKEY; | 200 | rd[1].record_type = GNUNET_GNSRECORD_TYPE_NICK; |
139 | rd[1].flags = GNUNET_GNSRECORD_RF_PRIVATE; | 201 | rd[1].flags = GNUNET_GNSRECORD_RF_PRIVATE; |
140 | fprintf (stdout, "Record #1\n"); | 202 | fprintf (stdout, "Record #1\n"); |
141 | print_record (&rd[1]); | 203 | print_record (&rd[1]); |
142 | 204 | ||
143 | rdata_size = GNUNET_GNSRECORD_records_get_size (2, | 205 | rdata_size = GNUNET_GNSRECORD_records_get_size (TEST_RRCOUNT, |
144 | rd); | 206 | rd); |
145 | rdata = GNUNET_malloc (rdata_size); | 207 | rdata = GNUNET_malloc (rdata_size); |
146 | GNUNET_GNSRECORD_records_serialize (2, | 208 | GNUNET_GNSRECORD_records_serialize (2, |
@@ -150,25 +212,40 @@ run_pkey (void) | |||
150 | fprintf (stdout, "RDATA:\n"); | 212 | fprintf (stdout, "RDATA:\n"); |
151 | print_bytes (rdata, rdata_size, 8); | 213 | print_bytes (rdata, rdata_size, 8); |
152 | fprintf (stdout, "\n"); | 214 | fprintf (stdout, "\n"); |
153 | rrblock = GNUNET_GNSRECORD_block_create (&id_priv, | 215 | expire = GNUNET_GNSRECORD_record_get_expiration_time (TEST_RRCOUNT, rd); |
154 | exp_abs, | 216 | GNR_derive_block_aes_key (ctr, |
155 | TEST_RECORD_LABEL, | 217 | skey, |
156 | rd, | 218 | TEST_RECORD_LABEL, |
157 | TEST_RRCOUNT); | 219 | GNUNET_TIME_absolute_hton ( |
158 | size_t bdata_size = ntohl (rrblock->ecdsa_block.purpose.size) | 220 | expire).abs_value_us__, |
159 | - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | 221 | &id_pub.ecdsa_key); |
160 | - sizeof(struct GNUNET_TIME_AbsoluteNBO); | 222 | |
161 | size_t ecblock_size = ntohl (rrblock->ecdsa_block.purpose.size) | 223 | fprintf (stdout, "Encryption NONCE|EXPIRATION|BLOCK COUNTER:\n"); |
162 | + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey) | 224 | print_bytes (ctr, sizeof (ctr), 8); |
163 | + sizeof(struct GNUNET_CRYPTO_EcdsaSignature); | 225 | fprintf (stdout, "\n"); |
164 | size_t block_size = ecblock_size + sizeof (uint32_t); | 226 | fprintf (stdout, "Encryption key (K):\n"); |
227 | print_bytes (skey, sizeof (skey), 8); | ||
228 | fprintf (stdout, "\n"); | ||
229 | GNUNET_GNSRECORD_query_from_public_key (&id_pub, | ||
230 | TEST_RECORD_LABEL, | ||
231 | &query); | ||
232 | fprintf (stdout, "Storage key (q):\n"); | ||
233 | print_bytes (&query, sizeof (query), 8); | ||
234 | fprintf (stdout, "\n"); | ||
235 | GNUNET_assert (GNUNET_OK == GNUNET_GNSRECORD_block_create (&id_priv, | ||
236 | expire, | ||
237 | TEST_RECORD_LABEL, | ||
238 | rd, | ||
239 | TEST_RRCOUNT, | ||
240 | &rrblock)); | ||
241 | size_t bdata_size = ntohl(rrblock->size) - sizeof (struct GNUNET_GNSRECORD_Block); | ||
165 | 242 | ||
166 | bdata = (char*) &(&rrblock->ecdsa_block)[1]; | 243 | bdata = (char*) &(&rrblock->ecdsa_block)[1]; |
167 | fprintf (stdout, "BDATA:\n"); | 244 | fprintf (stdout, "BDATA:\n"); |
168 | print_bytes (bdata, bdata_size, 8); | 245 | print_bytes (bdata, bdata_size, 8); |
169 | fprintf (stdout, "\n"); | 246 | fprintf (stdout, "\n"); |
170 | fprintf (stdout, "RRBLOCK:\n"); | 247 | fprintf (stdout, "RRBLOCK:\n"); |
171 | print_bytes (rrblock, block_size, 8); | 248 | print_bytes (rrblock, ntohl(rrblock->size), 8); |
172 | fprintf (stdout, "\n"); | 249 | fprintf (stdout, "\n"); |
173 | GNUNET_free (rdata); | 250 | GNUNET_free (rdata); |
174 | } | 251 | } |
@@ -186,28 +263,54 @@ static void | |||
186 | run_edkey (void) | 263 | run_edkey (void) |
187 | { | 264 | { |
188 | struct GNUNET_GNSRECORD_Data rd[2]; | 265 | struct GNUNET_GNSRECORD_Data rd[2]; |
189 | struct GNUNET_TIME_Absolute exp_abs = GNUNET_TIME_absolute_get (); | 266 | struct GNUNET_TIME_Absolute expire; |
267 | struct GNUNET_TIME_Absolute now = GNUNET_TIME_absolute_get (); | ||
268 | struct GNUNET_TIME_Absolute exp1; | ||
269 | struct GNUNET_TIME_Absolute exp2; | ||
270 | struct GNUNET_TIME_Relative delta1; | ||
271 | struct GNUNET_TIME_Relative delta2; | ||
190 | struct GNUNET_GNSRECORD_Block *rrblock; | 272 | struct GNUNET_GNSRECORD_Block *rrblock; |
191 | char *bdata; | 273 | char *bdata; |
192 | struct GNUNET_IDENTITY_PrivateKey id_priv; | 274 | struct GNUNET_IDENTITY_PrivateKey id_priv; |
193 | struct GNUNET_IDENTITY_PublicKey id_pub; | 275 | struct GNUNET_IDENTITY_PublicKey id_pub; |
194 | struct GNUNET_IDENTITY_PrivateKey pkey_data_p; | 276 | struct GNUNET_IDENTITY_PrivateKey pkey_data_p; |
195 | struct GNUNET_IDENTITY_PublicKey pkey_data; | 277 | struct GNUNET_IDENTITY_PublicKey pkey_data; |
278 | struct GNUNET_HashCode query; | ||
196 | void *data; | 279 | void *data; |
197 | size_t data_size; | 280 | size_t data_size; |
198 | char *rdata; | 281 | char *rdata; |
199 | size_t rdata_size; | 282 | size_t rdata_size; |
283 | uint32_t rd_count_nbo; | ||
200 | char ztld[128]; | 284 | char ztld[128]; |
285 | unsigned char nonce[crypto_secretbox_NONCEBYTES]; | ||
286 | unsigned char skey[crypto_secretbox_KEYBYTES]; | ||
287 | |||
288 | /* | ||
289 | * Make two different expiration times | ||
290 | */ | ||
291 | GNUNET_STRINGS_fancy_time_to_absolute ("%2048-01-23 10:51:34", | ||
292 | &exp1); | ||
293 | GNUNET_STRINGS_fancy_time_to_absolute ("3540-05-22 07:55:01", | ||
294 | &exp2); | ||
295 | |||
296 | id_priv.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY); | ||
297 | GNUNET_CRYPTO_ecdsa_key_create (&id_priv.ecdsa_key); | ||
298 | GNUNET_IDENTITY_key_get_public (&id_priv, | ||
299 | &id_pub); | ||
201 | 300 | ||
202 | id_priv.type = htonl (GNUNET_IDENTITY_TYPE_EDDSA); | 301 | id_priv.type = htonl (GNUNET_IDENTITY_TYPE_EDDSA); |
203 | GNUNET_CRYPTO_eddsa_key_create (&id_priv.eddsa_key); | 302 | GNUNET_CRYPTO_eddsa_key_create (&id_priv.eddsa_key); |
303 | parsehex (d_edkey, | ||
304 | (char*) &id_priv.eddsa_key, | ||
305 | sizeof (id_priv.eddsa_key), 0); | ||
204 | GNUNET_IDENTITY_key_get_public (&id_priv, | 306 | GNUNET_IDENTITY_key_get_public (&id_priv, |
205 | &id_pub); | 307 | &id_pub); |
206 | fprintf (stdout, | 308 | fprintf (stdout, |
207 | "Zone private key (d, little-endian, with ztype prepended):\n"); | 309 | "Zone private key (d):\n"); |
208 | print_bytes (&id_priv, GNUNET_IDENTITY_key_get_length (&id_pub), 8); // FIXME length for privkey? | 310 | print_bytes (&id_priv.eddsa_key, sizeof (struct |
311 | GNUNET_CRYPTO_EddsaPrivateKey), 8); | ||
209 | fprintf (stdout, "\n"); | 312 | fprintf (stdout, "\n"); |
210 | fprintf (stdout, "Zone identifier (zid):\n"); | 313 | fprintf (stdout, "Zone identifier (ztype|zkey):\n"); |
211 | print_bytes (&id_pub, GNUNET_IDENTITY_key_get_length (&id_pub), 8); | 314 | print_bytes (&id_pub, GNUNET_IDENTITY_key_get_length (&id_pub), 8); |
212 | GNUNET_STRINGS_data_to_string (&id_pub, | 315 | GNUNET_STRINGS_data_to_string (&id_pub, |
213 | GNUNET_IDENTITY_key_get_length (&id_pub), | 316 | GNUNET_IDENTITY_key_get_length (&id_pub), |
@@ -229,21 +332,23 @@ run_edkey (void) | |||
229 | GNUNET_DNSPARSER_TYPE_A, TEST_RECORD_A, &data, &data_size)); | 332 | GNUNET_DNSPARSER_TYPE_A, TEST_RECORD_A, &data, &data_size)); |
230 | rd[0].data = data; | 333 | rd[0].data = data; |
231 | rd[0].data_size = data_size; | 334 | rd[0].data_size = data_size; |
232 | rd[0].expiration_time = exp_abs.abs_value_us; | 335 | rd[0].expiration_time = exp1.abs_value_us; |
233 | rd[0].record_type = GNUNET_DNSPARSER_TYPE_A; | 336 | rd[0].record_type = GNUNET_DNSPARSER_TYPE_A; |
234 | fprintf (stdout, "Record #0\n"); | 337 | fprintf (stdout, "Record #0\n"); |
235 | print_record (&rd[0]); | 338 | print_record (&rd[0]); |
236 | 339 | ||
237 | rd[1].data = &pkey_data; | 340 | rd[1].data = "My Nick"; |
238 | rd[1].data_size = sizeof (struct GNUNET_CRYPTO_EddsaPublicKey); | 341 | rd[1].data_size = sizeof (struct GNUNET_IDENTITY_PublicKey); |
239 | rd[1].expiration_time = exp_abs.abs_value_us; | 342 | rd[1].expiration_time = exp2.abs_value_us; |
240 | rd[1].record_type = GNUNET_GNSRECORD_TYPE_EDKEY; | 343 | rd[1].record_type = GNUNET_GNSRECORD_TYPE_NICK; |
241 | rd[1].flags = GNUNET_GNSRECORD_RF_PRIVATE; | 344 | rd[1].flags = GNUNET_GNSRECORD_RF_PRIVATE; |
242 | fprintf (stdout, "Record #1\n"); | 345 | fprintf (stdout, "Record #1\n"); |
243 | print_record (&rd[1]); | 346 | print_record (&rd[1]); |
244 | 347 | ||
245 | rdata_size = GNUNET_GNSRECORD_records_get_size (2, | 348 | rdata_size = GNUNET_GNSRECORD_records_get_size (TEST_RRCOUNT, |
246 | rd); | 349 | rd); |
350 | expire = GNUNET_GNSRECORD_record_get_expiration_time (TEST_RRCOUNT, | ||
351 | rd); | ||
247 | rdata = GNUNET_malloc (rdata_size); | 352 | rdata = GNUNET_malloc (rdata_size); |
248 | GNUNET_GNSRECORD_records_serialize (2, | 353 | GNUNET_GNSRECORD_records_serialize (2, |
249 | rd, | 354 | rd, |
@@ -252,25 +357,39 @@ run_edkey (void) | |||
252 | fprintf (stdout, "RDATA:\n"); | 357 | fprintf (stdout, "RDATA:\n"); |
253 | print_bytes (rdata, rdata_size, 8); | 358 | print_bytes (rdata, rdata_size, 8); |
254 | fprintf (stdout, "\n"); | 359 | fprintf (stdout, "\n"); |
255 | rrblock = GNUNET_GNSRECORD_block_create (&id_priv, | 360 | GNR_derive_block_xsalsa_key (nonce, |
256 | exp_abs, | 361 | skey, |
257 | TEST_RECORD_LABEL, | 362 | TEST_RECORD_LABEL, |
258 | rd, | 363 | GNUNET_TIME_absolute_hton ( |
259 | TEST_RRCOUNT); | 364 | expire).abs_value_us__, |
260 | size_t bdata_size = ntohl (rrblock->eddsa_block.purpose.size) | 365 | &id_pub.eddsa_key); |
261 | - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | 366 | fprintf (stdout, "Encryption NONCE|EXPIRATION:\n"); |
262 | - sizeof(struct GNUNET_TIME_AbsoluteNBO); | 367 | print_bytes (nonce, sizeof (nonce), 8); |
263 | size_t ecblock_size = ntohl (rrblock->eddsa_block.purpose.size) | 368 | fprintf (stdout, "\n"); |
264 | + sizeof(struct GNUNET_CRYPTO_EddsaPublicKey) | 369 | fprintf (stdout, "Encryption key (K):\n"); |
265 | + sizeof(struct GNUNET_CRYPTO_EddsaSignature); | 370 | print_bytes (skey, sizeof (skey), 8); |
266 | size_t block_size = ecblock_size + sizeof (uint32_t); | 371 | fprintf (stdout, "\n"); |
372 | GNUNET_GNSRECORD_query_from_public_key (&id_pub, | ||
373 | TEST_RECORD_LABEL, | ||
374 | &query); | ||
375 | fprintf (stdout, "Storage key (q):\n"); | ||
376 | print_bytes (&query, sizeof (query), 8); | ||
377 | fprintf (stdout, "\n"); | ||
378 | |||
379 | GNUNET_assert (GNUNET_OK == GNUNET_GNSRECORD_block_create (&id_priv, | ||
380 | expire, | ||
381 | TEST_RECORD_LABEL, | ||
382 | rd, | ||
383 | TEST_RRCOUNT, | ||
384 | &rrblock)); | ||
385 | size_t bdata_size = ntohl(rrblock->size) - sizeof (struct GNUNET_GNSRECORD_Block); | ||
267 | 386 | ||
268 | bdata = (char*) &(&rrblock->eddsa_block)[1]; | 387 | bdata = (char*) &(&rrblock->eddsa_block)[1]; |
269 | fprintf (stdout, "BDATA:\n"); | 388 | fprintf (stdout, "BDATA:\n"); |
270 | print_bytes (bdata, bdata_size, 8); | 389 | print_bytes (bdata, bdata_size, 8); |
271 | fprintf (stdout, "\n"); | 390 | fprintf (stdout, "\n"); |
272 | fprintf (stdout, "RRBLOCK:\n"); | 391 | fprintf (stdout, "RRBLOCK:\n"); |
273 | print_bytes (rrblock, block_size, 8); | 392 | print_bytes (rrblock, ntohl(rrblock->size), 8); |
274 | fprintf (stdout, "\n"); | 393 | fprintf (stdout, "\n"); |
275 | GNUNET_free (rdata); | 394 | GNUNET_free (rdata); |
276 | } | 395 | } |
@@ -290,8 +409,8 @@ run (void *cls, | |||
290 | const char *cfgfile, | 409 | const char *cfgfile, |
291 | const struct GNUNET_CONFIGURATION_Handle *cfg) | 410 | const struct GNUNET_CONFIGURATION_Handle *cfg) |
292 | { | 411 | { |
293 | run_pkey(); | 412 | run_pkey (); |
294 | run_edkey(); | 413 | run_edkey (); |
295 | } | 414 | } |
296 | 415 | ||
297 | 416 | ||
diff --git a/src/gnsrecord/test_gnsrecord_crypto.c b/src/gnsrecord/test_gnsrecord_crypto.c index 9e5a1aa7e..ee14fa904 100644 --- a/src/gnsrecord/test_gnsrecord_crypto.c +++ b/src/gnsrecord/test_gnsrecord_crypto.c | |||
@@ -123,12 +123,12 @@ test_with_type (struct GNUNET_IDENTITY_PrivateKey *privkey) | |||
123 | s_rd = create_record (RECORDS); | 123 | s_rd = create_record (RECORDS); |
124 | 124 | ||
125 | /* Create block */ | 125 | /* Create block */ |
126 | GNUNET_assert (NULL != (block = | 126 | GNUNET_assert (GNUNET_OK == GNUNET_GNSRECORD_block_create (privkey, |
127 | GNUNET_GNSRECORD_block_create (privkey, | 127 | expire, |
128 | expire, | 128 | s_name, |
129 | s_name, | 129 | s_rd, |
130 | s_rd, | 130 | RECORDS, |
131 | RECORDS))); | 131 | &block)); |
132 | GNUNET_assert (GNUNET_OK == | 132 | GNUNET_assert (GNUNET_OK == |
133 | GNUNET_GNSRECORD_query_from_block (block, | 133 | GNUNET_GNSRECORD_query_from_block (block, |
134 | &query_block)); | 134 | &query_block)); |
diff --git a/src/gnsrecord/test_gnsrecord_testvectors.c b/src/gnsrecord/test_gnsrecord_testvectors.c new file mode 100644 index 000000000..153c56261 --- /dev/null +++ b/src/gnsrecord/test_gnsrecord_testvectors.c | |||
@@ -0,0 +1,128 @@ | |||
1 | #include "platform.h" | ||
2 | #include "gnunet_util_lib.h" | ||
3 | #include "gnunet_signatures.h" | ||
4 | #include "gnunet_gns_service.h" | ||
5 | #include "gnunet_gnsrecord_lib.h" | ||
6 | #include "gnunet_dnsparser_lib.h" | ||
7 | #include "gnunet_testing_lib.h" | ||
8 | #include <inttypes.h> | ||
9 | |||
10 | |||
11 | |||
12 | static char *d = | ||
13 | "50d7b652a4efeadff37396909785e5952171a02178c8e7d450fa907925fafd98"; | ||
14 | |||
15 | |||
16 | static char *zid = | ||
17 | "00010000677c477d2d93097c85b195c6f96d84ff61f5982c2c4fe02d5a11fedfb0c2901f"; | ||
18 | |||
19 | #define RRCOUNT 2 | ||
20 | #define LABEL "test" | ||
21 | |||
22 | #define R0_EXPIRATION 14888744139323793 | ||
23 | #define R0_DATA_SIZE 4 | ||
24 | #define R0_TYPE 1 | ||
25 | #define R0_FLAGS 0 | ||
26 | #define R0_DATA "01020304" | ||
27 | |||
28 | /* Record #1*/ | ||
29 | #define R1_EXPIRATION 26147096139323793 | ||
30 | #define R1_DATA_SIZE 36 | ||
31 | #define R1_TYPE 65536 | ||
32 | #define R1_FLAGS 2 | ||
33 | #define R1_DATA \ | ||
34 | "000100000e601be42eb57fb4697610cf3a3b18347b65a33f025b5b174abefb30807bfecf" | ||
35 | |||
36 | #define R1_RRBLOCK \ | ||
37 | "000100008e16da87203b5159c5538e9b765742e968c54af9afbc0890dc80205ad14c84e107b0c115fc0089aa38b9c7ab9cbe1d77040d282a51a2ad493f61f3495f02d8170fe473a55ec6bdf9a509ab1701ffc37ea3bb4cac4a672520986df96e67cc1a73000000940000000f0034e53be193799100e4837eb5d04f92903de4b5234e8ccac5736c9793379a59c33375fc8951aca2eb7aad067bf9af60bf26758646a17f5e5c3b6215f94079545b1c4d4f1b2ebb22c2b4dad44126817b6f001530d476401dd67ac0148554e806353da9e4298079f3e1b16942c48d90c4360c61238c40d9d52911aea52cc0037ac7160bb3cf5b2f4a722fd96b" | ||
38 | |||
39 | int parsehex(char *src, char *dst, size_t dstlen, int invert) | ||
40 | { | ||
41 | char *line = src; | ||
42 | char *data = line; | ||
43 | int off; | ||
44 | int read_byte; | ||
45 | int data_len = 0; | ||
46 | |||
47 | while (sscanf(data, " %02x%n", &read_byte, &off) == 1) { | ||
48 | if (invert) | ||
49 | dst[dstlen - 1 - data_len++] = read_byte; | ||
50 | else | ||
51 | dst[data_len++] = read_byte; | ||
52 | data += off; | ||
53 | } | ||
54 | return data_len; | ||
55 | } | ||
56 | |||
57 | void | ||
58 | res_checker (void *cls, | ||
59 | unsigned int rd_count, const struct GNUNET_GNSRECORD_Data *rd) | ||
60 | { | ||
61 | int r0_found = 0; | ||
62 | int r1_found = 0; | ||
63 | char r0_data[R0_DATA_SIZE]; | ||
64 | char r1_data[R1_DATA_SIZE]; | ||
65 | parsehex(R0_DATA, (char*)r0_data, 0, 0); | ||
66 | parsehex(R1_DATA, (char*)r1_data, 0, 0); | ||
67 | GNUNET_assert (rd_count == RRCOUNT); | ||
68 | for (int i = 0; i < RRCOUNT; i++) | ||
69 | { | ||
70 | if (rd[i].record_type == R0_TYPE) | ||
71 | { | ||
72 | if (0 != memcmp (rd[i].data, r0_data, R0_DATA_SIZE)) | ||
73 | { | ||
74 | printf ("R0 Data mismatch\n"); | ||
75 | continue; | ||
76 | } | ||
77 | if (rd[i].expiration_time != R0_EXPIRATION) | ||
78 | { | ||
79 | printf ("R0 expiration mismatch\n"); | ||
80 | continue; | ||
81 | } | ||
82 | r0_found = 1; | ||
83 | } | ||
84 | if (rd[i].record_type == R1_TYPE) | ||
85 | { | ||
86 | if (0 != memcmp (rd[i].data, r1_data, R1_DATA_SIZE)) | ||
87 | { | ||
88 | printf ("R1 Data mismatch\n"); | ||
89 | continue; | ||
90 | } | ||
91 | if (rd[i].expiration_time != R1_EXPIRATION) | ||
92 | { | ||
93 | printf ("R1 expiration mismatch\n"); | ||
94 | continue; | ||
95 | } | ||
96 | |||
97 | r1_found = 1; | ||
98 | } | ||
99 | |||
100 | } | ||
101 | GNUNET_assert (r0_found); | ||
102 | GNUNET_assert (r1_found); | ||
103 | } | ||
104 | |||
105 | |||
106 | int | ||
107 | main() | ||
108 | { | ||
109 | struct GNUNET_IDENTITY_PrivateKey priv; | ||
110 | struct GNUNET_IDENTITY_PublicKey pub; | ||
111 | struct GNUNET_IDENTITY_PublicKey pub_parsed; | ||
112 | struct GNUNET_GNSRECORD_Block *rrblock; | ||
113 | char *bdata; | ||
114 | |||
115 | parsehex(d,(char*)&priv.ecdsa_key, sizeof (priv.ecdsa_key), 1); | ||
116 | priv.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY); | ||
117 | parsehex(zid,(char*)&pub_parsed, 0, 0); | ||
118 | GNUNET_IDENTITY_key_get_public(&priv, &pub); | ||
119 | GNUNET_assert (0 == memcmp (&pub, &pub_parsed, sizeof (pub))); | ||
120 | rrblock = GNUNET_malloc (strlen (R1_RRBLOCK) / 2); | ||
121 | parsehex(R1_RRBLOCK, (char*)rrblock, 0, 0); | ||
122 | GNUNET_GNSRECORD_block_decrypt (rrblock, | ||
123 | &pub_parsed, | ||
124 | LABEL, | ||
125 | &res_checker, | ||
126 | NULL); | ||
127 | return 0; | ||
128 | } | ||
diff --git a/src/identity/identity_api.c b/src/identity/identity_api.c index 4a7a69211..471569cb3 100644 --- a/src/identity/identity_api.c +++ b/src/identity/identity_api.c | |||
@@ -1063,6 +1063,25 @@ GNUNET_IDENTITY_signature_get_length (const struct | |||
1063 | 1063 | ||
1064 | 1064 | ||
1065 | ssize_t | 1065 | ssize_t |
1066 | GNUNET_IDENTITY_signature_get_raw_length_by_type (uint32_t type) | ||
1067 | { | ||
1068 | switch (ntohl (type)) | ||
1069 | { | ||
1070 | case GNUNET_IDENTITY_TYPE_ECDSA: | ||
1071 | return sizeof (struct GNUNET_CRYPTO_EcdsaSignature); | ||
1072 | break; | ||
1073 | case GNUNET_IDENTITY_TYPE_EDDSA: | ||
1074 | return sizeof (struct GNUNET_CRYPTO_EddsaSignature); | ||
1075 | break; | ||
1076 | default: | ||
1077 | GNUNET_break (0); | ||
1078 | } | ||
1079 | return -1; | ||
1080 | } | ||
1081 | |||
1082 | |||
1083 | |||
1084 | ssize_t | ||
1066 | GNUNET_IDENTITY_read_signature_from_buffer (struct | 1085 | GNUNET_IDENTITY_read_signature_from_buffer (struct |
1067 | GNUNET_IDENTITY_Signature *sig, | 1086 | GNUNET_IDENTITY_Signature *sig, |
1068 | const void*buffer, | 1087 | const void*buffer, |
@@ -1099,6 +1118,31 @@ GNUNET_IDENTITY_write_signature_to_buffer (const struct | |||
1099 | return length; | 1118 | return length; |
1100 | } | 1119 | } |
1101 | 1120 | ||
1121 | enum GNUNET_GenericReturnValue | ||
1122 | GNUNET_IDENTITY_sign_raw_ (const struct | ||
1123 | GNUNET_IDENTITY_PrivateKey *priv, | ||
1124 | const struct | ||
1125 | GNUNET_CRYPTO_EccSignaturePurpose *purpose, | ||
1126 | unsigned char *sig) | ||
1127 | { | ||
1128 | switch (ntohl (priv->type)) | ||
1129 | { | ||
1130 | case GNUNET_IDENTITY_TYPE_ECDSA: | ||
1131 | return GNUNET_CRYPTO_ecdsa_sign_ (&(priv->ecdsa_key), purpose, | ||
1132 | (struct GNUNET_CRYPTO_EcdsaSignature*)sig); | ||
1133 | break; | ||
1134 | case GNUNET_IDENTITY_TYPE_EDDSA: | ||
1135 | return GNUNET_CRYPTO_eddsa_sign_ (&(priv->eddsa_key), purpose, | ||
1136 | (struct GNUNET_CRYPTO_EddsaSignature*)sig); | ||
1137 | break; | ||
1138 | default: | ||
1139 | GNUNET_break (0); | ||
1140 | } | ||
1141 | |||
1142 | return GNUNET_SYSERR; | ||
1143 | } | ||
1144 | |||
1145 | |||
1102 | 1146 | ||
1103 | enum GNUNET_GenericReturnValue | 1147 | enum GNUNET_GenericReturnValue |
1104 | GNUNET_IDENTITY_sign_ (const struct | 1148 | GNUNET_IDENTITY_sign_ (const struct |
@@ -1155,6 +1199,37 @@ GNUNET_IDENTITY_signature_verify_ (uint32_t purpose, | |||
1155 | } | 1199 | } |
1156 | 1200 | ||
1157 | 1201 | ||
1202 | enum GNUNET_GenericReturnValue | ||
1203 | GNUNET_IDENTITY_signature_verify_raw_ (uint32_t purpose, | ||
1204 | const struct | ||
1205 | GNUNET_CRYPTO_EccSignaturePurpose * | ||
1206 | validate, | ||
1207 | const unsigned char *sig, | ||
1208 | const struct | ||
1209 | GNUNET_IDENTITY_PublicKey *pub) | ||
1210 | { | ||
1211 | switch (ntohl (pub->type)) | ||
1212 | { | ||
1213 | case GNUNET_IDENTITY_TYPE_ECDSA: | ||
1214 | return GNUNET_CRYPTO_ecdsa_verify_ (purpose, validate, | ||
1215 | (struct GNUNET_CRYPTO_EcdsaSignature*)sig, | ||
1216 | &(pub->ecdsa_key)); | ||
1217 | break; | ||
1218 | case GNUNET_IDENTITY_TYPE_EDDSA: | ||
1219 | return GNUNET_CRYPTO_eddsa_verify_ (purpose, validate, | ||
1220 | (struct GNUNET_CRYPTO_EddsaSignature*)sig, | ||
1221 | &(pub->eddsa_key)); | ||
1222 | break; | ||
1223 | default: | ||
1224 | GNUNET_break (0); | ||
1225 | } | ||
1226 | |||
1227 | return GNUNET_SYSERR; | ||
1228 | } | ||
1229 | |||
1230 | |||
1231 | |||
1232 | |||
1158 | ssize_t | 1233 | ssize_t |
1159 | GNUNET_IDENTITY_encrypt (const void *block, | 1234 | GNUNET_IDENTITY_encrypt (const void *block, |
1160 | size_t size, | 1235 | size_t size, |
diff --git a/src/include/gnunet_gnsrecord_lib.h b/src/include/gnunet_gnsrecord_lib.h index 94e20323d..fdbac3cf5 100644 --- a/src/include/gnunet_gnsrecord_lib.h +++ b/src/include/gnunet_gnsrecord_lib.h | |||
@@ -61,6 +61,7 @@ extern "C" { | |||
61 | 61 | ||
62 | /** | 62 | /** |
63 | * Flags that can be set for a record. | 63 | * Flags that can be set for a record. |
64 | * MUST fit into 16 bit. | ||
64 | */ | 65 | */ |
65 | enum GNUNET_GNSRECORD_Flags | 66 | enum GNUNET_GNSRECORD_Flags |
66 | { | 67 | { |
@@ -70,10 +71,17 @@ enum GNUNET_GNSRECORD_Flags | |||
70 | GNUNET_GNSRECORD_RF_NONE = 0, | 71 | GNUNET_GNSRECORD_RF_NONE = 0, |
71 | 72 | ||
72 | /** | 73 | /** |
73 | * This is a private record of this peer and it should | 74 | * This record is critical. If it cannot be processed |
74 | * thus not be handed out to other peers. | 75 | * (for example beacuse the record type is unknown) |
76 | * resolution MUST fail | ||
75 | */ | 77 | */ |
76 | GNUNET_GNSRECORD_RF_PRIVATE = 2, | 78 | GNUNET_GNSRECORD_RF_CRITICAL = 1, |
79 | |||
80 | /** | ||
81 | * This record should not be used unless all (other) records with an absolute | ||
82 | * expiration time have expired. | ||
83 | */ | ||
84 | GNUNET_GNSRECORD_RF_SHADOW_RECORD = 2, | ||
77 | 85 | ||
78 | /** | 86 | /** |
79 | * This is a supplemental record. | 87 | * This is a supplemental record. |
@@ -84,13 +92,14 @@ enum GNUNET_GNSRECORD_Flags | |||
84 | * This expiration time of the record is a relative | 92 | * This expiration time of the record is a relative |
85 | * time (not an absolute time). | 93 | * time (not an absolute time). |
86 | */ | 94 | */ |
87 | GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION = 8, | 95 | GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION = 16384, /* 2^14 */ |
88 | 96 | ||
89 | /** | 97 | /** |
90 | * This record should not be used unless all (other) records with an absolute | 98 | * This is a private record of this peer and it should |
91 | * expiration time have expired. | 99 | * thus not be handed out to other peers. |
92 | */ | 100 | */ |
93 | GNUNET_GNSRECORD_RF_SHADOW_RECORD = 16 | 101 | GNUNET_GNSRECORD_RF_PRIVATE = 32768, /* 2^15 */ |
102 | |||
94 | 103 | ||
95 | /** | 104 | /** |
96 | * When comparing flags for record equality for removal, | 105 | * When comparing flags for record equality for removal, |
@@ -184,12 +193,6 @@ struct GNUNET_GNSRECORD_EcdsaBlock | |||
184 | struct GNUNET_CRYPTO_EcdsaSignature signature; | 193 | struct GNUNET_CRYPTO_EcdsaSignature signature; |
185 | 194 | ||
186 | /** | 195 | /** |
187 | * Number of bytes signed; also specifies the number of bytes | ||
188 | * of encrypted data that follow. | ||
189 | */ | ||
190 | struct GNUNET_CRYPTO_EccSignaturePurpose purpose; | ||
191 | |||
192 | /** | ||
193 | * Expiration time of the block. | 196 | * Expiration time of the block. |
194 | */ | 197 | */ |
195 | struct GNUNET_TIME_AbsoluteNBO expiration_time; | 198 | struct GNUNET_TIME_AbsoluteNBO expiration_time; |
@@ -214,22 +217,25 @@ struct GNUNET_GNSRECORD_EddsaBlock | |||
214 | struct GNUNET_CRYPTO_EddsaSignature signature; | 217 | struct GNUNET_CRYPTO_EddsaSignature signature; |
215 | 218 | ||
216 | /** | 219 | /** |
217 | * Number of bytes signed; also specifies the number of bytes | ||
218 | * of encrypted data that follow. | ||
219 | */ | ||
220 | struct GNUNET_CRYPTO_EccSignaturePurpose purpose; | ||
221 | |||
222 | /** | ||
223 | * Expiration time of the block. | 220 | * Expiration time of the block. |
224 | */ | 221 | */ |
225 | struct GNUNET_TIME_AbsoluteNBO expiration_time; | 222 | struct GNUNET_TIME_AbsoluteNBO expiration_time; |
226 | 223 | ||
224 | |||
227 | /* followed by encrypted data */ | 225 | /* followed by encrypted data */ |
228 | }; | 226 | }; |
229 | 227 | ||
230 | 228 | ||
231 | struct GNUNET_GNSRECORD_Block | 229 | struct GNUNET_GNSRECORD_Block |
232 | { | 230 | { |
231 | /** | ||
232 | * Size of the block. | ||
233 | */ | ||
234 | uint32_t size; | ||
235 | |||
236 | /** | ||
237 | * The zone type (GNUNET_GNSRECORD_TYPE_PKEY) | ||
238 | */ | ||
233 | uint32_t type; | 239 | uint32_t type; |
234 | 240 | ||
235 | union | 241 | union |
@@ -387,6 +393,9 @@ GNUNET_GNSRECORD_records_serialize (unsigned int rd_count, | |||
387 | const struct GNUNET_GNSRECORD_Data *rd, | 393 | const struct GNUNET_GNSRECORD_Data *rd, |
388 | size_t dest_size, char *dest); | 394 | size_t dest_size, char *dest); |
389 | 395 | ||
396 | unsigned int | ||
397 | GNUNET_GNSRECORD_records_deserialize_get_size (size_t len, | ||
398 | const char *src); | ||
390 | 399 | ||
391 | /** | 400 | /** |
392 | * Deserialize the given records to the given destination. | 401 | * Deserialize the given records to the given destination. |
@@ -503,6 +512,21 @@ GNUNET_GNSRECORD_query_from_public_key ( | |||
503 | 512 | ||
504 | 513 | ||
505 | /** | 514 | /** |
515 | * Get size of buffer for block creation. | ||
516 | * | ||
517 | * @param key the zone key | ||
518 | * @param rd record data | ||
519 | * @param rd_count number of records | ||
520 | * @return -1 on error (otherwise the length of the block) | ||
521 | */ | ||
522 | ssize_t | ||
523 | GNUNET_GNSRECORD_block_calculate_size (const struct | ||
524 | GNUNET_IDENTITY_PrivateKey *key, | ||
525 | const struct GNUNET_GNSRECORD_Data *rd, | ||
526 | unsigned int rd_count); | ||
527 | |||
528 | |||
529 | /** | ||
506 | * Sign name and records | 530 | * Sign name and records |
507 | * | 531 | * |
508 | * @param key the private key | 532 | * @param key the private key |
@@ -510,13 +534,16 @@ GNUNET_GNSRECORD_query_from_public_key ( | |||
510 | * @param label the name for the records | 534 | * @param label the name for the records |
511 | * @param rd record data | 535 | * @param rd record data |
512 | * @param rd_count number of records in @a rd | 536 | * @param rd_count number of records in @a rd |
537 | * @param result the block buffer. Will be allocated. | ||
538 | * @return GNUNET_OK on success | ||
513 | */ | 539 | */ |
514 | struct GNUNET_GNSRECORD_Block * | 540 | enum GNUNET_GenericReturnValue |
515 | GNUNET_GNSRECORD_block_create (const struct GNUNET_IDENTITY_PrivateKey *key, | 541 | GNUNET_GNSRECORD_block_create (const struct GNUNET_IDENTITY_PrivateKey *key, |
516 | struct GNUNET_TIME_Absolute expire, | 542 | struct GNUNET_TIME_Absolute expire, |
517 | const char *label, | 543 | const char *label, |
518 | const struct GNUNET_GNSRECORD_Data *rd, | 544 | const struct GNUNET_GNSRECORD_Data *rd, |
519 | unsigned int rd_count); | 545 | unsigned int rd_count, |
546 | struct GNUNET_GNSRECORD_Block **block); | ||
520 | 547 | ||
521 | 548 | ||
522 | /** | 549 | /** |
@@ -529,13 +556,16 @@ GNUNET_GNSRECORD_block_create (const struct GNUNET_IDENTITY_PrivateKey *key, | |||
529 | * @param label the name for the records | 556 | * @param label the name for the records |
530 | * @param rd record data | 557 | * @param rd record data |
531 | * @param rd_count number of records in @a rd | 558 | * @param rd_count number of records in @a rd |
559 | * @param result the block buffer. Will be allocated. | ||
560 | * @return GNUNET_OK on success. | ||
532 | */ | 561 | */ |
533 | struct GNUNET_GNSRECORD_Block * | 562 | enum GNUNET_GenericReturnValue |
534 | GNUNET_GNSRECORD_block_create2 (const struct GNUNET_IDENTITY_PrivateKey *key, | 563 | GNUNET_GNSRECORD_block_create2 (const struct GNUNET_IDENTITY_PrivateKey *key, |
535 | struct GNUNET_TIME_Absolute expire, | 564 | struct GNUNET_TIME_Absolute expire, |
536 | const char *label, | 565 | const char *label, |
537 | const struct GNUNET_GNSRECORD_Data *rd, | 566 | const struct GNUNET_GNSRECORD_Data *rd, |
538 | unsigned int rd_count); | 567 | unsigned int rd_count, |
568 | struct GNUNET_GNSRECORD_Block **result); | ||
539 | 569 | ||
540 | 570 | ||
541 | /** | 571 | /** |
diff --git a/src/include/gnunet_identity_service.h b/src/include/gnunet_identity_service.h index b2a45577f..227c7f486 100644 --- a/src/include/gnunet_identity_service.h +++ b/src/include/gnunet_identity_service.h | |||
@@ -459,6 +459,21 @@ GNUNET_IDENTITY_signature_get_length (const struct | |||
459 | 459 | ||
460 | 460 | ||
461 | /** | 461 | /** |
462 | * Get the compacted length of a signature by type. | ||
463 | * Compacted means that it returns the minimum number of bytes this | ||
464 | * signature is long, as opposed to the union structure inside | ||
465 | * #GNUNET_IDENTITY_Signature. | ||
466 | * Useful for compact serializations. | ||
467 | * | ||
468 | * @param sig the signature. | ||
469 | * @return -1 on error, else the compacted length of the signature. | ||
470 | */ | ||
471 | ssize_t | ||
472 | GNUNET_IDENTITY_signature_get_raw_length_by_type (const uint32_t type); | ||
473 | |||
474 | |||
475 | |||
476 | /** | ||
462 | * Reads a #GNUNET_IDENTITY_Signature from a compact buffer. | 477 | * Reads a #GNUNET_IDENTITY_Signature from a compact buffer. |
463 | * The buffer has to contain at least the compacted length of | 478 | * The buffer has to contain at least the compacted length of |
464 | * a #GNUNET_IDENTITY_Signature in bytes. | 479 | * a #GNUNET_IDENTITY_Signature in bytes. |
@@ -516,6 +531,26 @@ GNUNET_IDENTITY_sign_ (const struct | |||
516 | GNUNET_CRYPTO_EccSignaturePurpose *purpose, | 531 | GNUNET_CRYPTO_EccSignaturePurpose *purpose, |
517 | struct GNUNET_IDENTITY_Signature *sig); | 532 | struct GNUNET_IDENTITY_Signature *sig); |
518 | 533 | ||
534 | /** | ||
535 | * @brief Sign a given block. | ||
536 | * | ||
537 | * The @a purpose data is the beginning of the data of which the signature is | ||
538 | * to be created. The `size` field in @a purpose must correctly indicate the | ||
539 | * number of bytes of the data structure, including its header. | ||
540 | * The signature payload and length depends on the key type. | ||
541 | * | ||
542 | * @param priv private key to use for the signing | ||
543 | * @param purpose what to sign (size, purpose) | ||
544 | * @param[out] sig where to write the signature | ||
545 | * @return #GNUNET_SYSERR on error, #GNUNET_OK on success | ||
546 | */ | ||
547 | enum GNUNET_GenericReturnValue | ||
548 | GNUNET_IDENTITY_sign_raw_ (const struct | ||
549 | GNUNET_IDENTITY_PrivateKey *priv, | ||
550 | const struct | ||
551 | GNUNET_CRYPTO_EccSignaturePurpose *purpose, | ||
552 | unsigned char *sig); | ||
553 | |||
519 | 554 | ||
520 | /** | 555 | /** |
521 | * @brief Sign a given block with #GNUNET_IDENTITY_PrivateKey. | 556 | * @brief Sign a given block with #GNUNET_IDENTITY_PrivateKey. |
@@ -566,6 +601,30 @@ GNUNET_IDENTITY_signature_verify_ (uint32_t purpose, | |||
566 | const struct | 601 | const struct |
567 | GNUNET_IDENTITY_PublicKey *pub); | 602 | GNUNET_IDENTITY_PublicKey *pub); |
568 | 603 | ||
604 | /** | ||
605 | * @brief Verify a given signature. | ||
606 | * | ||
607 | * The @a validate data is the beginning of the data of which the signature | ||
608 | * is to be verified. The `size` field in @a validate must correctly indicate | ||
609 | * the number of bytes of the data structure, including its header. If @a | ||
610 | * purpose does not match the purpose given in @a validate (the latter must be | ||
611 | * in big endian), signature verification fails. | ||
612 | * | ||
613 | * @param purpose what is the purpose that the signature should have? | ||
614 | * @param validate block to validate (size, purpose, data) | ||
615 | * @param sig signature that is being validated | ||
616 | * @param pub public key of the signer | ||
617 | * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid | ||
618 | */ | ||
619 | enum GNUNET_GenericReturnValue | ||
620 | GNUNET_IDENTITY_signature_verify_raw_ (uint32_t purpose, | ||
621 | const struct | ||
622 | GNUNET_CRYPTO_EccSignaturePurpose * | ||
623 | validate, | ||
624 | const unsigned char *sig, | ||
625 | const struct | ||
626 | GNUNET_IDENTITY_PublicKey *pub); | ||
627 | |||
569 | 628 | ||
570 | /** | 629 | /** |
571 | * @brief Verify a given signature with #GNUNET_IDENTITY_PublicKey. | 630 | * @brief Verify a given signature with #GNUNET_IDENTITY_PublicKey. |
diff --git a/src/namestore/gnunet-service-namestore.c b/src/namestore/gnunet-service-namestore.c index cf1b555a5..9b2d9b6f3 100644 --- a/src/namestore/gnunet-service-namestore.c +++ b/src/namestore/gnunet-service-namestore.c | |||
@@ -950,11 +950,13 @@ refresh_block (struct NamestoreClient *nc, | |||
950 | } | 950 | } |
951 | exp_time = GNUNET_GNSRECORD_record_get_expiration_time (res_count, res); | 951 | exp_time = GNUNET_GNSRECORD_record_get_expiration_time (res_count, res); |
952 | if (cache_keys) | 952 | if (cache_keys) |
953 | block = | 953 | GNUNET_assert (GNUNET_OK == |
954 | GNUNET_GNSRECORD_block_create2 (zone_key, exp_time, name, res, res_count); | 954 | GNUNET_GNSRECORD_block_create2 (zone_key, exp_time, name, |
955 | res, res_count, &block)); | ||
955 | else | 956 | else |
956 | block = | 957 | GNUNET_assert (GNUNET_OK == |
957 | GNUNET_GNSRECORD_block_create (zone_key, exp_time, name, res, res_count); | 958 | GNUNET_GNSRECORD_block_create (zone_key, exp_time, name, |
959 | res, res_count, &block)); | ||
958 | GNUNET_assert (NULL != block); | 960 | GNUNET_assert (NULL != block); |
959 | GNUNET_IDENTITY_key_get_public (zone_key, &pkey); | 961 | GNUNET_IDENTITY_key_get_public (zone_key, &pkey); |
960 | GNUNET_log ( | 962 | GNUNET_log ( |
diff --git a/src/revocation/gnunet-revocation-tvg.c b/src/revocation/gnunet-revocation-tvg.c index cb5e31fcd..3ba5b56fa 100644 --- a/src/revocation/gnunet-revocation-tvg.c +++ b/src/revocation/gnunet-revocation-tvg.c | |||
@@ -29,15 +29,39 @@ | |||
29 | #include "gnunet_revocation_service.h" | 29 | #include "gnunet_revocation_service.h" |
30 | #include "gnunet_dnsparser_lib.h" | 30 | #include "gnunet_dnsparser_lib.h" |
31 | #include "gnunet_testing_lib.h" | 31 | #include "gnunet_testing_lib.h" |
32 | #include "revocation.h" | ||
32 | #include <inttypes.h> | 33 | #include <inttypes.h> |
33 | 34 | ||
34 | #define TEST_EPOCHS 2 | 35 | #define TEST_EPOCHS 2 |
35 | #define TEST_DIFFICULTY 5 | 36 | #define TEST_DIFFICULTY 5 |
36 | 37 | ||
38 | static char* d_pkey = | ||
39 | "6fea32c05af58bfa979553d188605fd57d8bf9cc263b78d5f7478c07b998ed70"; | ||
40 | |||
41 | int parsehex(char *src, char *dst, size_t dstlen, int invert) | ||
42 | { | ||
43 | char *line = src; | ||
44 | char *data = line; | ||
45 | int off; | ||
46 | int read_byte; | ||
47 | int data_len = 0; | ||
48 | |||
49 | while (sscanf(data, " %02x%n", &read_byte, &off) == 1) { | ||
50 | if (invert) | ||
51 | dst[dstlen - 1 - data_len++] = read_byte; | ||
52 | else | ||
53 | dst[data_len++] = read_byte; | ||
54 | data += off; | ||
55 | } | ||
56 | return data_len; | ||
57 | } | ||
58 | |||
59 | |||
37 | static void | 60 | static void |
38 | print_bytes (void *buf, | 61 | print_bytes_ (void *buf, |
39 | size_t buf_len, | 62 | size_t buf_len, |
40 | int fold) | 63 | int fold, |
64 | int in_be) | ||
41 | { | 65 | { |
42 | int i; | 66 | int i; |
43 | 67 | ||
@@ -45,11 +69,23 @@ print_bytes (void *buf, | |||
45 | { | 69 | { |
46 | if ((0 != i) && (0 != fold) && (i % fold == 0)) | 70 | if ((0 != i) && (0 != fold) && (i % fold == 0)) |
47 | printf ("\n"); | 71 | printf ("\n"); |
48 | printf ("%02x", ((unsigned char*) buf)[i]); | 72 | if (in_be) |
73 | printf ("%02x", ((unsigned char*) buf)[buf_len - 1 - i]); | ||
74 | else | ||
75 | printf ("%02x", ((unsigned char*) buf)[i]); | ||
49 | } | 76 | } |
50 | printf ("\n"); | 77 | printf ("\n"); |
51 | } | 78 | } |
52 | 79 | ||
80 | static void | ||
81 | print_bytes (void *buf, | ||
82 | size_t buf_len, | ||
83 | int fold) | ||
84 | { | ||
85 | print_bytes_ (buf, buf_len, fold, 0); | ||
86 | } | ||
87 | |||
88 | |||
53 | 89 | ||
54 | /** | 90 | /** |
55 | * Main function that will be run. | 91 | * Main function that will be run. |
@@ -74,16 +110,17 @@ run (void *cls, | |||
74 | 110 | ||
75 | id_priv.type = htonl (GNUNET_IDENTITY_TYPE_ECDSA); | 111 | id_priv.type = htonl (GNUNET_IDENTITY_TYPE_ECDSA); |
76 | GNUNET_CRYPTO_ecdsa_key_create (&id_priv.ecdsa_key); | 112 | GNUNET_CRYPTO_ecdsa_key_create (&id_priv.ecdsa_key); |
113 | parsehex(d_pkey,(char*)&id_priv.ecdsa_key, sizeof (id_priv.ecdsa_key), 1); | ||
77 | GNUNET_IDENTITY_key_get_public (&id_priv, | 114 | GNUNET_IDENTITY_key_get_public (&id_priv, |
78 | &id_pub); | 115 | &id_pub); |
79 | GNUNET_STRINGS_data_to_string (&id_pub, | 116 | GNUNET_STRINGS_data_to_string (&id_pub, |
80 | GNUNET_IDENTITY_key_get_length (&id_pub), | 117 | GNUNET_IDENTITY_key_get_length (&id_pub), |
81 | ztld, | 118 | ztld, |
82 | sizeof (ztld)); | 119 | sizeof (ztld)); |
83 | fprintf (stdout, "Zone private key (d, little-endian scalar, with ztype prepended):\n"); | 120 | fprintf (stdout, "Zone private key (d, big-endian scalar):\n"); |
84 | print_bytes (&id_priv, sizeof(id_priv), 8); | 121 | print_bytes_ (&id_priv.ecdsa_key, sizeof(id_priv.ecdsa_key), 8, 1); |
85 | fprintf (stdout, "\n"); | 122 | fprintf (stdout, "\n"); |
86 | fprintf (stdout, "Zone identifier (zid):\n"); | 123 | fprintf (stdout, "Zone identifier (ztype|zkey):\n"); |
87 | print_bytes (&id_pub, GNUNET_IDENTITY_key_get_length (&id_pub), 8); | 124 | print_bytes (&id_pub, GNUNET_IDENTITY_key_get_length (&id_pub), 8); |
88 | fprintf (stdout, "\n"); | 125 | fprintf (stdout, "\n"); |
89 | fprintf (stdout, "Encoded zone identifier (zkl = zTLD):\n"); | 126 | fprintf (stdout, "Encoded zone identifier (zkl = zTLD):\n"); |
@@ -104,6 +141,15 @@ run (void *cls, | |||
104 | { | 141 | { |
105 | pow_passes++; | 142 | pow_passes++; |
106 | } | 143 | } |
144 | struct GNUNET_REVOCATION_SignaturePurposePS *purp; | ||
145 | purp = REV_create_signature_message (pow); | ||
146 | fprintf (stdout, "Signed message:\n"); | ||
147 | print_bytes (purp, | ||
148 | ntohl (purp->purpose.size), | ||
149 | 8); | ||
150 | printf ("\n"); | ||
151 | GNUNET_free (purp); | ||
152 | |||
107 | exp = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_YEARS, | 153 | exp = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_YEARS, |
108 | TEST_EPOCHS); | 154 | TEST_EPOCHS); |
109 | GNUNET_assert (GNUNET_OK == GNUNET_REVOCATION_check_pow (pow, | 155 | GNUNET_assert (GNUNET_OK == GNUNET_REVOCATION_check_pow (pow, |
diff --git a/src/revocation/revocation.h b/src/revocation/revocation.h index c3a9c9e6b..490abf180 100644 --- a/src/revocation/revocation.h +++ b/src/revocation/revocation.h | |||
@@ -113,5 +113,13 @@ struct RevocationResponseMessage | |||
113 | 113 | ||
114 | GNUNET_NETWORK_STRUCT_END | 114 | GNUNET_NETWORK_STRUCT_END |
115 | 115 | ||
116 | /** | ||
117 | * Create the revocation metadata to sign for a revocation message | ||
118 | * | ||
119 | * @param pow the PoW to sign | ||
120 | * @return the signature purpose | ||
121 | */ | ||
122 | struct GNUNET_REVOCATION_SignaturePurposePS * | ||
123 | REV_create_signature_message (const struct GNUNET_REVOCATION_PowP *pow); | ||
116 | 124 | ||
117 | #endif | 125 | #endif |
diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c index d5bd53e56..bc5dae021 100644 --- a/src/revocation/revocation_api.c +++ b/src/revocation/revocation_api.c | |||
@@ -404,19 +404,15 @@ calculate_score (const struct GNUNET_REVOCATION_PowCalculationHandle *ph) | |||
404 | return avg; | 404 | return avg; |
405 | } | 405 | } |
406 | 406 | ||
407 | 407 | struct GNUNET_REVOCATION_SignaturePurposePS * | |
408 | enum GNUNET_GenericReturnValue | 408 | REV_create_signature_message (const struct GNUNET_REVOCATION_PowP *pow) |
409 | check_signature_identity (const struct GNUNET_REVOCATION_PowP *pow, | ||
410 | const struct GNUNET_IDENTITY_PublicKey *key) | ||
411 | { | 409 | { |
412 | struct GNUNET_REVOCATION_SignaturePurposePS *spurp; | 410 | struct GNUNET_REVOCATION_SignaturePurposePS *spurp; |
413 | struct GNUNET_IDENTITY_Signature *sig; | ||
414 | const struct GNUNET_IDENTITY_PublicKey *pk; | 411 | const struct GNUNET_IDENTITY_PublicKey *pk; |
415 | size_t ksize; | 412 | size_t ksize; |
416 | 413 | ||
417 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | 414 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; |
418 | ksize = GNUNET_IDENTITY_key_get_length (pk); | 415 | ksize = GNUNET_IDENTITY_key_get_length (pk); |
419 | |||
420 | spurp = GNUNET_malloc (sizeof (*spurp) + ksize); | 416 | spurp = GNUNET_malloc (sizeof (*spurp) + ksize); |
421 | spurp->timestamp = pow->timestamp; | 417 | spurp->timestamp = pow->timestamp; |
422 | spurp->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); | 418 | spurp->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); |
@@ -424,15 +420,25 @@ check_signature_identity (const struct GNUNET_REVOCATION_PowP *pow, | |||
424 | GNUNET_IDENTITY_write_key_to_buffer (pk, | 420 | GNUNET_IDENTITY_write_key_to_buffer (pk, |
425 | (char*) &spurp[1], | 421 | (char*) &spurp[1], |
426 | ksize); | 422 | ksize); |
427 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 423 | return spurp; |
428 | "Expected signature payload len: %u\n", | 424 | } |
429 | ntohl (spurp->purpose.size)); | 425 | |
430 | sig = (struct GNUNET_IDENTITY_Signature *) ((char*) &pow[1] + ksize); | 426 | enum GNUNET_GenericReturnValue |
427 | check_signature_identity (const struct GNUNET_REVOCATION_PowP *pow, | ||
428 | const struct GNUNET_IDENTITY_PublicKey *key) | ||
429 | { | ||
430 | struct GNUNET_REVOCATION_SignaturePurposePS *spurp; | ||
431 | unsigned char *sig; | ||
432 | size_t ksize; | ||
433 | |||
434 | ksize = GNUNET_IDENTITY_key_get_length (key); | ||
435 | spurp = REV_create_signature_message (pow); | ||
436 | sig = ((unsigned char*) &pow[1] + ksize); | ||
431 | if (GNUNET_OK != | 437 | if (GNUNET_OK != |
432 | GNUNET_IDENTITY_signature_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION, | 438 | GNUNET_IDENTITY_signature_verify_raw_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION, |
433 | &spurp->purpose, | 439 | &spurp->purpose, |
434 | sig, | 440 | sig, |
435 | key)) | 441 | key)) |
436 | { | 442 | { |
437 | return GNUNET_SYSERR; | 443 | return GNUNET_SYSERR; |
438 | } | 444 | } |
@@ -577,20 +583,11 @@ sign_pow_identity (const struct GNUNET_IDENTITY_PrivateKey *key, | |||
577 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | 583 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; |
578 | ksize = GNUNET_IDENTITY_key_get_length (pk); | 584 | ksize = GNUNET_IDENTITY_key_get_length (pk); |
579 | pow->timestamp = GNUNET_TIME_absolute_hton (ts); | 585 | pow->timestamp = GNUNET_TIME_absolute_hton (ts); |
580 | rp = GNUNET_malloc (sizeof (*rp) + ksize); | 586 | rp = REV_create_signature_message (pow); |
581 | rp->timestamp = pow->timestamp; | ||
582 | rp->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); | ||
583 | rp->purpose.size = htonl (sizeof(*rp) + ksize); | ||
584 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
585 | "Signature payload len: %u\n", | ||
586 | ntohl (rp->purpose.size)); | ||
587 | GNUNET_IDENTITY_write_key_to_buffer (pk, | ||
588 | ((char*) &rp[1]), | ||
589 | ksize); | ||
590 | sig = ((char*) &pow[1]) + ksize; | 587 | sig = ((char*) &pow[1]) + ksize; |
591 | int result = GNUNET_IDENTITY_sign_ (key, | 588 | int result = GNUNET_IDENTITY_sign_raw_ (key, |
592 | &rp->purpose, | 589 | &rp->purpose, |
593 | (void*) sig); | 590 | (void*) sig); |
594 | if (result == GNUNET_SYSERR) | 591 | if (result == GNUNET_SYSERR) |
595 | return GNUNET_NO; | 592 | return GNUNET_NO; |
596 | else | 593 | else |
@@ -768,7 +765,7 @@ GNUNET_REVOCATION_proof_get_size (const struct GNUNET_REVOCATION_PowP *pow) | |||
768 | ksize = GNUNET_IDENTITY_key_get_length (pk); | 765 | ksize = GNUNET_IDENTITY_key_get_length (pk); |
769 | size += ksize; | 766 | size += ksize; |
770 | sig = (struct GNUNET_IDENTITY_Signature *) ((char*) &pow[1] + ksize); | 767 | sig = (struct GNUNET_IDENTITY_Signature *) ((char*) &pow[1] + ksize); |
771 | size += GNUNET_IDENTITY_signature_get_length (sig); | 768 | size += GNUNET_IDENTITY_signature_get_raw_length_by_type (pk->type); |
772 | return size; | 769 | return size; |
773 | } | 770 | } |
774 | 771 | ||
diff --git a/src/util/.gitignore b/src/util/.gitignore index 7c7b7045d..51eab71db 100644 --- a/src/util/.gitignore +++ b/src/util/.gitignore | |||
@@ -43,6 +43,7 @@ test_crypto_kdf | |||
43 | test_crypto_paillier | 43 | test_crypto_paillier |
44 | test_crypto_random | 44 | test_crypto_random |
45 | test_crypto_rsa | 45 | test_crypto_rsa |
46 | test_crypto_cs | ||
46 | test_crypto_symmetric | 47 | test_crypto_symmetric |
47 | test_disk | 48 | test_disk |
48 | test_getopt | 49 | test_getopt |
@@ -70,7 +71,9 @@ perf_crypto_asymmetric | |||
70 | perf_crypto_hash | 71 | perf_crypto_hash |
71 | perf_crypto_symmetric | 72 | perf_crypto_symmetric |
72 | perf_crypto_rsa | 73 | perf_crypto_rsa |
74 | perf_crypto_cs | ||
73 | perf_crypto_ecc_dlog | 75 | perf_crypto_ecc_dlog |
76 | perf_crypto_paillier | ||
74 | test_hexcoder | 77 | test_hexcoder |
75 | test_regex | 78 | test_regex |
76 | test_tun | 79 | test_tun |
diff --git a/src/util/gnunet-crypto-tvg.c b/src/util/gnunet-crypto-tvg.c index 28e44e28b..6b2a7f472 100644 --- a/src/util/gnunet-crypto-tvg.c +++ b/src/util/gnunet-crypto-tvg.c | |||
@@ -672,6 +672,263 @@ checkvec (const char *operation, | |||
672 | GNUNET_free (sig_enc_data); | 672 | GNUNET_free (sig_enc_data); |
673 | GNUNET_free (skey); | 673 | GNUNET_free (skey); |
674 | } | 674 | } |
675 | else if (0 == strcmp (operation, "cs_blind_signing")) | ||
676 | { | ||
677 | struct GNUNET_CRYPTO_CsPrivateKey priv; | ||
678 | struct GNUNET_CRYPTO_CsPublicKey pub; | ||
679 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]; | ||
680 | struct GNUNET_CRYPTO_CsRSecret r_priv[2]; | ||
681 | struct GNUNET_CRYPTO_CsRPublic r_pub[2]; | ||
682 | struct GNUNET_CRYPTO_CsRPublic r_pub_blind[2]; | ||
683 | struct GNUNET_CRYPTO_CsC c[2]; | ||
684 | struct GNUNET_CRYPTO_CsS signature_scalar; | ||
685 | struct GNUNET_CRYPTO_CsBlindS blinded_s; | ||
686 | struct GNUNET_CRYPTO_CsSignature sig; | ||
687 | struct GNUNET_CRYPTO_CsNonce nonce; | ||
688 | struct GNUNET_HashCode message_hash; | ||
689 | unsigned int b; | ||
690 | |||
691 | if (GNUNET_OK != expect_data_fixed (vec, | ||
692 | "message_hash", | ||
693 | &message_hash, | ||
694 | sizeof (message_hash))) | ||
695 | { | ||
696 | GNUNET_break (0); | ||
697 | return GNUNET_SYSERR; | ||
698 | } | ||
699 | if (GNUNET_OK != expect_data_fixed (vec, | ||
700 | "cs_public_key", | ||
701 | &pub, | ||
702 | sizeof (pub))) | ||
703 | { | ||
704 | GNUNET_break (0); | ||
705 | return GNUNET_SYSERR; | ||
706 | } | ||
707 | |||
708 | if (GNUNET_OK != expect_data_fixed (vec, | ||
709 | "cs_private_key", | ||
710 | &priv, | ||
711 | sizeof (priv))) | ||
712 | { | ||
713 | GNUNET_break (0); | ||
714 | return GNUNET_SYSERR; | ||
715 | } | ||
716 | if (GNUNET_OK != expect_data_fixed (vec, | ||
717 | "cs_nonce", | ||
718 | &nonce, | ||
719 | sizeof (nonce))) | ||
720 | { | ||
721 | GNUNET_break (0); | ||
722 | return GNUNET_SYSERR; | ||
723 | } | ||
724 | if (GNUNET_OK != expect_data_fixed (vec, | ||
725 | "cs_r_priv_0", | ||
726 | &r_priv[0], | ||
727 | sizeof (r_priv[0]))) | ||
728 | { | ||
729 | GNUNET_break (0); | ||
730 | return GNUNET_SYSERR; | ||
731 | } | ||
732 | if (GNUNET_OK != expect_data_fixed (vec, | ||
733 | "cs_r_priv_1", | ||
734 | &r_priv[1], | ||
735 | sizeof (r_priv[1]))) | ||
736 | { | ||
737 | GNUNET_break (0); | ||
738 | return GNUNET_SYSERR; | ||
739 | } | ||
740 | if (GNUNET_OK != expect_data_fixed (vec, | ||
741 | "cs_r_pub_0", | ||
742 | &r_pub[0], | ||
743 | sizeof (r_pub[0]))) | ||
744 | { | ||
745 | GNUNET_break (0); | ||
746 | return GNUNET_SYSERR; | ||
747 | } | ||
748 | if (GNUNET_OK != expect_data_fixed (vec, | ||
749 | "cs_r_pub_1", | ||
750 | &r_pub[1], | ||
751 | sizeof (r_pub[1]))) | ||
752 | { | ||
753 | GNUNET_break (0); | ||
754 | return GNUNET_SYSERR; | ||
755 | } | ||
756 | |||
757 | if (GNUNET_OK != expect_data_fixed (vec, | ||
758 | "cs_bs_alpha_0", | ||
759 | &bs[0].alpha, | ||
760 | sizeof (bs[0].alpha))) | ||
761 | { | ||
762 | GNUNET_break (0); | ||
763 | return GNUNET_SYSERR; | ||
764 | } | ||
765 | if (GNUNET_OK != expect_data_fixed (vec, | ||
766 | "cs_bs_alpha_1", | ||
767 | &bs[1].alpha, | ||
768 | sizeof (bs[1].alpha))) | ||
769 | { | ||
770 | GNUNET_break (0); | ||
771 | return GNUNET_SYSERR; | ||
772 | } | ||
773 | if (GNUNET_OK != expect_data_fixed (vec, | ||
774 | "cs_bs_beta_0", | ||
775 | &bs[0].beta, | ||
776 | sizeof (bs[0].beta))) | ||
777 | { | ||
778 | GNUNET_break (0); | ||
779 | return GNUNET_SYSERR; | ||
780 | } | ||
781 | if (GNUNET_OK != expect_data_fixed (vec, | ||
782 | "cs_bs_beta_1", | ||
783 | &bs[1].beta, | ||
784 | sizeof (bs[1].beta))) | ||
785 | { | ||
786 | GNUNET_break (0); | ||
787 | return GNUNET_SYSERR; | ||
788 | } | ||
789 | if (GNUNET_OK != expect_data_fixed (vec, | ||
790 | "cs_r_pub_blind_0", | ||
791 | &r_pub_blind[0], | ||
792 | sizeof (r_pub_blind[0]))) | ||
793 | { | ||
794 | GNUNET_break (0); | ||
795 | return GNUNET_SYSERR; | ||
796 | } | ||
797 | if (GNUNET_OK != expect_data_fixed (vec, | ||
798 | "cs_r_pub_blind_1", | ||
799 | &r_pub_blind[1], | ||
800 | sizeof (r_pub_blind[1]))) | ||
801 | { | ||
802 | GNUNET_break (0); | ||
803 | return GNUNET_SYSERR; | ||
804 | } | ||
805 | if (GNUNET_OK != expect_data_fixed (vec, | ||
806 | "cs_c_0", | ||
807 | &c[0], | ||
808 | sizeof (c[0]))) | ||
809 | { | ||
810 | GNUNET_break (0); | ||
811 | return GNUNET_SYSERR; | ||
812 | } | ||
813 | if (GNUNET_OK != expect_data_fixed (vec, | ||
814 | "cs_c_1", | ||
815 | &c[1], | ||
816 | sizeof (c[1]))) | ||
817 | { | ||
818 | GNUNET_break (0); | ||
819 | return GNUNET_SYSERR; | ||
820 | } | ||
821 | if (GNUNET_OK != expect_data_fixed (vec, | ||
822 | "cs_blind_s", | ||
823 | &blinded_s, | ||
824 | sizeof (blinded_s))) | ||
825 | { | ||
826 | GNUNET_break (0); | ||
827 | return GNUNET_SYSERR; | ||
828 | } | ||
829 | if (GNUNET_OK != expect_data_fixed (vec, | ||
830 | "cs_b", | ||
831 | &b, | ||
832 | sizeof (b))) | ||
833 | { | ||
834 | GNUNET_break (0); | ||
835 | return GNUNET_SYSERR; | ||
836 | } | ||
837 | if (GNUNET_OK != expect_data_fixed (vec, | ||
838 | "cs_sig_s", | ||
839 | &signature_scalar, | ||
840 | sizeof (signature_scalar))) | ||
841 | { | ||
842 | GNUNET_break (0); | ||
843 | return GNUNET_SYSERR; | ||
844 | } | ||
845 | sig.s_scalar = signature_scalar; | ||
846 | if (GNUNET_OK != expect_data_fixed (vec, | ||
847 | "cs_sig_R", | ||
848 | &sig.r_point, | ||
849 | sizeof (sig.r_point))) | ||
850 | { | ||
851 | GNUNET_break (0); | ||
852 | return GNUNET_SYSERR; | ||
853 | } | ||
854 | |||
855 | if ((b != 1)&& (b != 0)) | ||
856 | { | ||
857 | GNUNET_break (0); | ||
858 | return GNUNET_SYSERR; | ||
859 | } | ||
860 | |||
861 | struct GNUNET_CRYPTO_CsRSecret r_priv_comp[2]; | ||
862 | struct GNUNET_CRYPTO_CsRPublic r_pub_comp[2]; | ||
863 | struct GNUNET_CRYPTO_CsBlindingSecret bs_comp[2]; | ||
864 | struct GNUNET_CRYPTO_CsC c_comp[2]; | ||
865 | struct GNUNET_CRYPTO_CsRPublic r_pub_blind_comp[2]; | ||
866 | struct GNUNET_CRYPTO_CsBlindS blinded_s_comp; | ||
867 | struct GNUNET_CRYPTO_CsS signature_scalar_comp; | ||
868 | struct GNUNET_CRYPTO_CsSignature sig_comp; | ||
869 | unsigned int b_comp; | ||
870 | |||
871 | |||
872 | GNUNET_CRYPTO_cs_r_derive (&nonce, &priv, r_priv_comp); | ||
873 | GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[0], &r_pub_comp[0]); | ||
874 | GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[1], &r_pub_comp[1]); | ||
875 | GNUNET_assert (0 == memcmp (&r_priv_comp, | ||
876 | &r_priv, | ||
877 | sizeof(struct GNUNET_CRYPTO_CsRSecret) * 2)); | ||
878 | GNUNET_assert (0 == memcmp (&r_pub_comp, | ||
879 | &r_pub, | ||
880 | sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2)); | ||
881 | |||
882 | GNUNET_CRYPTO_cs_blinding_secrets_derive (&nonce, | ||
883 | bs_comp); | ||
884 | GNUNET_assert (0 == memcmp (&bs_comp, | ||
885 | &bs, | ||
886 | sizeof(struct GNUNET_CRYPTO_CsBlindingSecret) | ||
887 | * 2)); | ||
888 | GNUNET_CRYPTO_cs_calc_blinded_c (bs_comp, | ||
889 | r_pub_comp, | ||
890 | &pub, | ||
891 | &message_hash, | ||
892 | sizeof(message_hash), | ||
893 | c_comp, | ||
894 | r_pub_blind_comp); | ||
895 | GNUNET_assert (0 == memcmp (&c_comp, | ||
896 | &c, | ||
897 | sizeof(struct GNUNET_CRYPTO_CsC) * 2)); | ||
898 | GNUNET_assert (0 == memcmp (&r_pub_blind_comp, | ||
899 | &r_pub_blind, | ||
900 | sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2)); | ||
901 | b_comp = GNUNET_CRYPTO_cs_sign_derive (&priv, | ||
902 | r_priv_comp, | ||
903 | c_comp, | ||
904 | &nonce, | ||
905 | &blinded_s_comp); | ||
906 | GNUNET_assert (0 == memcmp (&blinded_s_comp, | ||
907 | &blinded_s, | ||
908 | sizeof(blinded_s))); | ||
909 | GNUNET_assert (0 == memcmp (&b_comp, | ||
910 | &b, | ||
911 | sizeof(b))); | ||
912 | GNUNET_CRYPTO_cs_unblind (&blinded_s_comp, | ||
913 | &bs_comp[b_comp], | ||
914 | &signature_scalar_comp); | ||
915 | GNUNET_assert (0 == memcmp (&signature_scalar_comp, | ||
916 | &signature_scalar, | ||
917 | sizeof(signature_scalar_comp))); | ||
918 | sig_comp.r_point = r_pub_blind_comp[b_comp]; | ||
919 | sig_comp.s_scalar = signature_scalar_comp; | ||
920 | GNUNET_assert (0 == memcmp (&sig_comp, | ||
921 | &sig, | ||
922 | sizeof(sig_comp))); | ||
923 | if (GNUNET_OK != GNUNET_CRYPTO_cs_verify (&sig_comp, | ||
924 | &pub, | ||
925 | &message_hash, | ||
926 | sizeof(message_hash))) | ||
927 | { | ||
928 | GNUNET_break (0); | ||
929 | return GNUNET_SYSERR; | ||
930 | } | ||
931 | } | ||
675 | else | 932 | else |
676 | { | 933 | { |
677 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 934 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
@@ -1025,6 +1282,150 @@ output_vectors () | |||
1025 | GNUNET_free (secret_enc_data); | 1282 | GNUNET_free (secret_enc_data); |
1026 | } | 1283 | } |
1027 | 1284 | ||
1285 | { | ||
1286 | json_t *vec = vec_for (vecs, "cs_blind_signing"); | ||
1287 | |||
1288 | struct GNUNET_CRYPTO_CsPrivateKey priv; | ||
1289 | struct GNUNET_CRYPTO_CsPublicKey pub; | ||
1290 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]; | ||
1291 | struct GNUNET_CRYPTO_CsRSecret r_priv[2]; | ||
1292 | struct GNUNET_CRYPTO_CsRPublic r_pub[2]; | ||
1293 | struct GNUNET_CRYPTO_CsRPublic r_pub_blind[2]; | ||
1294 | struct GNUNET_CRYPTO_CsC c[2]; | ||
1295 | struct GNUNET_CRYPTO_CsS signature_scalar; | ||
1296 | struct GNUNET_CRYPTO_CsBlindS blinded_s; | ||
1297 | struct GNUNET_CRYPTO_CsSignature sig; | ||
1298 | struct GNUNET_CRYPTO_CsNonce nonce; | ||
1299 | unsigned int b; | ||
1300 | struct GNUNET_HashCode message_hash; | ||
1301 | |||
1302 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, | ||
1303 | &message_hash, | ||
1304 | sizeof (struct GNUNET_HashCode)); | ||
1305 | |||
1306 | GNUNET_CRYPTO_cs_private_key_generate (&priv); | ||
1307 | GNUNET_CRYPTO_cs_private_key_get_public (&priv, &pub); | ||
1308 | |||
1309 | GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_hkdf (nonce.nonce, | ||
1310 | sizeof(nonce.nonce), | ||
1311 | GCRY_MD_SHA512, | ||
1312 | GCRY_MD_SHA256, | ||
1313 | "nonce", | ||
1314 | strlen ("nonce"), | ||
1315 | "nonce_secret", | ||
1316 | strlen ("nonce_secret"), | ||
1317 | NULL, | ||
1318 | 0)); | ||
1319 | GNUNET_CRYPTO_cs_r_derive (&nonce, &priv, r_priv); | ||
1320 | GNUNET_CRYPTO_cs_r_get_public (&r_priv[0], &r_pub[0]); | ||
1321 | GNUNET_CRYPTO_cs_r_get_public (&r_priv[1], &r_pub[1]); | ||
1322 | GNUNET_CRYPTO_cs_blinding_secrets_derive (&nonce, | ||
1323 | bs); | ||
1324 | GNUNET_CRYPTO_cs_calc_blinded_c (bs, | ||
1325 | r_pub, | ||
1326 | &pub, | ||
1327 | &message_hash, | ||
1328 | sizeof(message_hash), | ||
1329 | c, | ||
1330 | r_pub_blind); | ||
1331 | b = GNUNET_CRYPTO_cs_sign_derive (&priv, | ||
1332 | r_priv, | ||
1333 | c, | ||
1334 | &nonce, | ||
1335 | &blinded_s); | ||
1336 | GNUNET_CRYPTO_cs_unblind (&blinded_s, &bs[b], &signature_scalar); | ||
1337 | sig.r_point = r_pub_blind[b]; | ||
1338 | sig.s_scalar = signature_scalar; | ||
1339 | if (GNUNET_OK != GNUNET_CRYPTO_cs_verify (&sig, | ||
1340 | &pub, | ||
1341 | &message_hash, | ||
1342 | sizeof(message_hash))) | ||
1343 | { | ||
1344 | GNUNET_break (0); | ||
1345 | return GNUNET_SYSERR; | ||
1346 | } | ||
1347 | d2j (vec, | ||
1348 | "message_hash", | ||
1349 | &message_hash, | ||
1350 | sizeof (struct GNUNET_HashCode)); | ||
1351 | d2j (vec, | ||
1352 | "cs_public_key", | ||
1353 | &pub, | ||
1354 | sizeof(pub)); | ||
1355 | d2j (vec, | ||
1356 | "cs_private_key", | ||
1357 | &priv, | ||
1358 | sizeof(priv)); | ||
1359 | d2j (vec, | ||
1360 | "cs_nonce", | ||
1361 | &nonce, | ||
1362 | sizeof(nonce)); | ||
1363 | d2j (vec, | ||
1364 | "cs_r_priv_0", | ||
1365 | &r_priv[0], | ||
1366 | sizeof(r_priv[0])); | ||
1367 | d2j (vec, | ||
1368 | "cs_r_priv_1", | ||
1369 | &r_priv[1], | ||
1370 | sizeof(r_priv[1])); | ||
1371 | d2j (vec, | ||
1372 | "cs_r_pub_0", | ||
1373 | &r_pub[0], | ||
1374 | sizeof(r_pub[0])); | ||
1375 | d2j (vec, | ||
1376 | "cs_r_pub_1", | ||
1377 | &r_pub[1], | ||
1378 | sizeof(r_pub[1])); | ||
1379 | d2j (vec, | ||
1380 | "cs_bs_alpha_0", | ||
1381 | &bs[0].alpha, | ||
1382 | sizeof(bs[0].alpha)); | ||
1383 | d2j (vec, | ||
1384 | "cs_bs_alpha_1", | ||
1385 | &bs[1].alpha, | ||
1386 | sizeof(bs[1].alpha)); | ||
1387 | d2j (vec, | ||
1388 | "cs_bs_beta_0", | ||
1389 | &bs[0].beta, | ||
1390 | sizeof(bs[0].beta)); | ||
1391 | d2j (vec, | ||
1392 | "cs_bs_beta_1", | ||
1393 | &bs[1].beta, | ||
1394 | sizeof(bs[1].beta)); | ||
1395 | d2j (vec, | ||
1396 | "cs_r_pub_blind_0", | ||
1397 | &r_pub_blind[0], | ||
1398 | sizeof(r_pub_blind[0])); | ||
1399 | d2j (vec, | ||
1400 | "cs_r_pub_blind_1", | ||
1401 | &r_pub_blind[1], | ||
1402 | sizeof(r_pub_blind[1])); | ||
1403 | d2j (vec, | ||
1404 | "cs_c_0", | ||
1405 | &c[0], | ||
1406 | sizeof(c[0])); | ||
1407 | d2j (vec, | ||
1408 | "cs_c_1", | ||
1409 | &c[1], | ||
1410 | sizeof(c[1])); | ||
1411 | d2j (vec, | ||
1412 | "cs_blind_s", | ||
1413 | &blinded_s, | ||
1414 | sizeof(blinded_s)); | ||
1415 | d2j (vec, | ||
1416 | "cs_b", | ||
1417 | &b, | ||
1418 | sizeof(b)); | ||
1419 | d2j (vec, | ||
1420 | "cs_sig_s", | ||
1421 | &signature_scalar, | ||
1422 | sizeof(signature_scalar)); | ||
1423 | d2j (vec, | ||
1424 | "cs_sig_R", | ||
1425 | &r_pub_blind[b], | ||
1426 | sizeof(r_pub_blind[b])); | ||
1427 | } | ||
1428 | |||
1028 | json_dumpf (vecfile, stdout, JSON_INDENT (2)); | 1429 | json_dumpf (vecfile, stdout, JSON_INDENT (2)); |
1029 | json_decref (vecfile); | 1430 | json_decref (vecfile); |
1030 | printf ("\n"); | 1431 | printf ("\n"); |
diff --git a/src/zonemaster/gnunet-service-zonemaster-monitor.c b/src/zonemaster/gnunet-service-zonemaster-monitor.c index 7e8c1fb8b..3392a19d7 100644 --- a/src/zonemaster/gnunet-service-zonemaster-monitor.c +++ b/src/zonemaster/gnunet-service-zonemaster-monitor.c | |||
@@ -255,17 +255,19 @@ perform_dht_put (const struct GNUNET_IDENTITY_PrivateKey *key, | |||
255 | expire = GNUNET_GNSRECORD_record_get_expiration_time (rd_public_count, | 255 | expire = GNUNET_GNSRECORD_record_get_expiration_time (rd_public_count, |
256 | rd_public); | 256 | rd_public); |
257 | if (cache_keys) | 257 | if (cache_keys) |
258 | block = GNUNET_GNSRECORD_block_create2 (key, | 258 | GNUNET_assert (GNUNET_OK == GNUNET_GNSRECORD_block_create2 (key, |
259 | expire, | 259 | expire, |
260 | label, | 260 | label, |
261 | rd_public, | 261 | rd_public, |
262 | rd_public_count); | 262 | rd_public_count, |
263 | &block)); | ||
263 | else | 264 | else |
264 | block = GNUNET_GNSRECORD_block_create (key, | 265 | GNUNET_assert (GNUNET_OK == GNUNET_GNSRECORD_block_create (key, |
265 | expire, | 266 | expire, |
266 | label, | 267 | label, |
267 | rd_public, | 268 | rd_public, |
268 | rd_public_count); | 269 | rd_public_count, |
270 | &block)); | ||
269 | if (NULL == block) | 271 | if (NULL == block) |
270 | { | 272 | { |
271 | GNUNET_break (0); | 273 | GNUNET_break (0); |
diff --git a/src/zonemaster/gnunet-service-zonemaster.c b/src/zonemaster/gnunet-service-zonemaster.c index 2957cfee2..bacafb97c 100644 --- a/src/zonemaster/gnunet-service-zonemaster.c +++ b/src/zonemaster/gnunet-service-zonemaster.c | |||
@@ -594,17 +594,19 @@ perform_dht_put (const struct GNUNET_IDENTITY_PrivateKey *key, | |||
594 | expire = GNUNET_GNSRECORD_record_get_expiration_time (rd_public_count, | 594 | expire = GNUNET_GNSRECORD_record_get_expiration_time (rd_public_count, |
595 | rd_public); | 595 | rd_public); |
596 | if (cache_keys) | 596 | if (cache_keys) |
597 | block = GNUNET_GNSRECORD_block_create2 (key, | 597 | GNUNET_assert (GNUNET_OK == GNUNET_GNSRECORD_block_create2 (key, |
598 | expire, | 598 | expire, |
599 | label, | 599 | label, |
600 | rd_public, | 600 | rd_public, |
601 | rd_public_count); | 601 | rd_public_count, |
602 | &block)); | ||
602 | else | 603 | else |
603 | block = GNUNET_GNSRECORD_block_create (key, | 604 | GNUNET_assert (GNUNET_OK == GNUNET_GNSRECORD_block_create (key, |
604 | expire, | 605 | expire, |
605 | label, | 606 | label, |
606 | rd_public, | 607 | rd_public, |
607 | rd_public_count); | 608 | rd_public_count, |
609 | &block)); | ||
608 | if (NULL == block) | 610 | if (NULL == block) |
609 | { | 611 | { |
610 | GNUNET_break (0); | 612 | GNUNET_break (0); |