diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/conversation/conversation.h | 2 | ||||
| -rw-r--r-- | src/conversation/gnunet-service-conversation.c | 13 | ||||
| -rw-r--r-- | src/fs/gnunet-publish.c | 9 | ||||
| -rw-r--r-- | src/gnsrecord/gnsrecord_misc.c | 31 | ||||
| -rw-r--r-- | src/identity/identity_api.c | 229 | ||||
| -rw-r--r-- | src/include/gnunet_crypto_lib.h | 6 | ||||
| -rw-r--r-- | src/include/gnunet_identity_service.h | 264 | ||||
| -rw-r--r-- | src/include/gnunet_revocation_service.h | 14 | ||||
| -rw-r--r-- | src/namestore/test_namestore_api_zone_to_name.c | 3 | ||||
| -rwxr-xr-x | src/namestore/test_plugin_rest_namestore.sh | 21 | ||||
| -rw-r--r-- | src/pt/test_gns_vpn.c | 2 | ||||
| -rw-r--r-- | src/reclaim/oidc_helper.c | 57 | ||||
| -rw-r--r-- | src/revocation/revocation_api.c | 104 | ||||
| -rw-r--r-- | src/testbed/test_testbed_api_template.conf | 2 |
14 files changed, 617 insertions, 140 deletions
diff --git a/src/conversation/conversation.h b/src/conversation/conversation.h index 9eedbeb91..d244f5163 100644 --- a/src/conversation/conversation.h +++ b/src/conversation/conversation.h @@ -313,7 +313,7 @@ struct CadetPhoneRingMessage /** * Signature over a `struct CadetPhoneRingInfoPS` */ - struct GNUNET_CRYPTO_EcdsaSignature signature; + struct GNUNET_IDENTITY_Signature signature; }; diff --git a/src/conversation/gnunet-service-conversation.c b/src/conversation/gnunet-service-conversation.c index b1a629217..a69c95a80 100644 --- a/src/conversation/gnunet-service-conversation.c +++ b/src/conversation/gnunet-service-conversation.c @@ -752,10 +752,11 @@ handle_cadet_ring_message (void *cls, const struct CadetPhoneRingMessage *msg) rs.expiration_time = msg->expiration_time; if (GNUNET_OK != - GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_CONVERSATION_RING, - &rs, - &msg->signature, - &msg->caller_id.ecdsa_key)) + GNUNET_IDENTITY_signature_verify ( + GNUNET_SIGNATURE_PURPOSE_CONVERSATION_RING, + &rs, + &msg->signature, + &msg->caller_id)) { GNUNET_break_op (0); destroy_line_cadet_channels (ch); @@ -1138,9 +1139,7 @@ handle_client_call_message (void *cls, const struct ClientCallMessage *msg) e = GNUNET_MQ_msg (ring, GNUNET_MESSAGE_TYPE_CONVERSATION_CADET_PHONE_RING); GNUNET_IDENTITY_key_get_public (&msg->caller_id, &ring->caller_id); ring->expiration_time = rs.expiration_time; - GNUNET_CRYPTO_ecdsa_sign (&msg->caller_id.ecdsa_key, - &rs, - &ring->signature); + GNUNET_IDENTITY_sign (&msg->caller_id, &rs, &ring->signature); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Sending RING message via CADET\n"); GNUNET_MQ_send (ch->mq, e); GNUNET_SERVICE_client_continue (line->client); diff --git a/src/fs/gnunet-publish.c b/src/fs/gnunet-publish.c index 518192283..dea467669 100644 --- a/src/fs/gnunet-publish.c +++ b/src/fs/gnunet-publish.c @@ -591,13 +591,12 @@ directory_trim_complete (struct GNUNET_FS_ShareTreeItem *directory_scan_result) GNUNET_SCHEDULER_shutdown (); return; } - if (NULL == namespace) - priv = NULL; - else + priv = NULL; + if (NULL != namespace) { pk = GNUNET_IDENTITY_ego_get_private_key (namespace); - if (GNUNET_IDENTITY_TYPE_ECDSA == ntohl (pk->type)) - priv = &pk->ecdsa_key; + GNUNET_assert (GNUNET_IDENTITY_TYPE_ECDSA == ntohl (pk->type)); + priv = &pk->ecdsa_key; } pc = GNUNET_FS_publish_start (ctx, fi, diff --git a/src/gnsrecord/gnsrecord_misc.c b/src/gnsrecord/gnsrecord_misc.c index ba8803850..82c38f19a 100644 --- a/src/gnsrecord/gnsrecord_misc.c +++ b/src/gnsrecord/gnsrecord_misc.c @@ -107,8 +107,8 @@ GNUNET_GNSRECORD_records_cmp (const struct GNUNET_GNSRECORD_Data *a, { LOG (GNUNET_ERROR_TYPE_DEBUG, "Expiration time %llu != %llu\n", - a->expiration_time, - b->expiration_time); + (unsigned long long) a->expiration_time, + (unsigned long long) b->expiration_time); return GNUNET_NO; } if ((a->flags & GNUNET_GNSRECORD_RF_RCMP_FLAGS) @@ -282,11 +282,13 @@ GNUNET_GNSRECORD_identity_from_data (const char *data, return GNUNET_SYSERR; if (data_size > sizeof (struct GNUNET_IDENTITY_PublicKey)) return GNUNET_SYSERR; - key->type = type; - memcpy (key, data, data_size); - return GNUNET_OK; + return (GNUNET_IDENTITY_read_key_from_buffer (key, data, data_size) == + data_size? + GNUNET_OK : + GNUNET_SYSERR); } + enum GNUNET_GenericReturnValue GNUNET_GNSRECORD_data_from_identity (const struct GNUNET_IDENTITY_PublicKey *key, @@ -294,13 +296,15 @@ GNUNET_GNSRECORD_data_from_identity (const struct size_t *data_size, uint32_t *type) { - *type = key->type; + *type = ntohl (key->type); *data_size = GNUNET_IDENTITY_key_get_length (key); if (0 == *data_size) return GNUNET_SYSERR; *data = GNUNET_malloc (*data_size); - memcpy (*data, key, *data_size); - return GNUNET_OK; + return (GNUNET_IDENTITY_write_key_to_buffer (key, *data, *data_size) == + *data_size? + GNUNET_OK : + GNUNET_SYSERR); } @@ -309,14 +313,15 @@ GNUNET_GNSRECORD_is_zonekey_type (uint32_t type) { switch (type) { - case GNUNET_GNSRECORD_TYPE_PKEY: - case GNUNET_GNSRECORD_TYPE_EDKEY: - return GNUNET_YES; - default: - return GNUNET_NO; + case GNUNET_GNSRECORD_TYPE_PKEY: + case GNUNET_GNSRECORD_TYPE_EDKEY: + return GNUNET_YES; + default: + return GNUNET_NO; } } + size_t GNUNET_GNSRECORD_block_get_size (const struct GNUNET_GNSRECORD_Block *block) { diff --git a/src/identity/identity_api.c b/src/identity/identity_api.c index 213b6966e..d44e8da96 100644 --- a/src/identity/identity_api.c +++ b/src/identity/identity_api.c @@ -953,6 +953,7 @@ GNUNET_IDENTITY_disconnect (struct GNUNET_IDENTITY_Handle *h) GNUNET_free (h); } + ssize_t private_key_get_length (const struct GNUNET_IDENTITY_PrivateKey *key) { @@ -971,7 +972,6 @@ private_key_get_length (const struct GNUNET_IDENTITY_PrivateKey *key) } - ssize_t GNUNET_IDENTITY_key_get_length (const struct GNUNET_IDENTITY_PublicKey *key) { @@ -990,6 +990,229 @@ GNUNET_IDENTITY_key_get_length (const struct GNUNET_IDENTITY_PublicKey *key) } +ssize_t +GNUNET_IDENTITY_read_key_from_buffer (struct GNUNET_IDENTITY_PublicKey *key, + const void*buffer, + size_t len) +{ + if (len < sizeof (key->type)) + return -1; + GNUNET_memcpy (&(key->type), buffer, sizeof (key->type)); + const ssize_t length = GNUNET_IDENTITY_key_get_length (key); + if (len < length) + return -1; + if (length < 0) + return -2; + GNUNET_memcpy (&(key->ecdsa_key), buffer + sizeof (key->type), length + - sizeof (key->type)); + return length; +} + + +ssize_t +GNUNET_IDENTITY_write_key_to_buffer (const struct + GNUNET_IDENTITY_PublicKey *key, + void*buffer, + size_t len) +{ + const ssize_t length = GNUNET_IDENTITY_key_get_length (key); + if (len < length) + return -1; + if (length < 0) + return -2; + GNUNET_memcpy (buffer, key, length); + return length; +} + + +ssize_t +GNUNET_IDENTITY_signature_get_length (const struct + GNUNET_IDENTITY_Signature *sig) +{ + switch (ntohl (sig->type)) + { + case GNUNET_IDENTITY_TYPE_ECDSA: + return sizeof (sig->type) + sizeof (sig->ecdsa_signature); + break; + case GNUNET_IDENTITY_TYPE_EDDSA: + return sizeof (sig->type) + sizeof (sig->eddsa_signature); + break; + default: + GNUNET_break (0); + } + return -1; +} + + +ssize_t +GNUNET_IDENTITY_read_signature_from_buffer (struct + GNUNET_IDENTITY_Signature *sig, + const void*buffer, + size_t len) +{ + if (len < sizeof (sig->type)) + return -1; + GNUNET_memcpy (&(sig->type), buffer, sizeof (sig->type)); + const ssize_t length = GNUNET_IDENTITY_signature_get_length (sig); + if (len < length) + return -1; + if (length < 0) + return -2; + GNUNET_memcpy (&(sig->ecdsa_signature), buffer + sizeof (sig->type), length + - sizeof (sig->type)); + return length; +} + + +ssize_t +GNUNET_IDENTITY_write_signature_to_buffer (const struct + GNUNET_IDENTITY_Signature *sig, + void*buffer, + size_t len) +{ + const ssize_t length = GNUNET_IDENTITY_signature_get_length (sig); + if (len < length) + return -1; + if (length < 0) + return -2; + GNUNET_memcpy (buffer, &(sig->type), sizeof (sig->type)); + GNUNET_memcpy (buffer + sizeof (sig->type), &(sig->ecdsa_signature), length + - sizeof (sig->type)); + return length; +} + + +int +GNUNET_IDENTITY_sign_ (const struct + GNUNET_IDENTITY_PrivateKey *priv, + const struct + GNUNET_CRYPTO_EccSignaturePurpose *purpose, + struct GNUNET_IDENTITY_Signature *sig) +{ + sig->type = priv->type; + switch (ntohl (priv->type)) + { + case GNUNET_IDENTITY_TYPE_ECDSA: + return GNUNET_CRYPTO_ecdsa_sign_ (&(priv->ecdsa_key), purpose, + &(sig->ecdsa_signature)); + break; + case GNUNET_IDENTITY_TYPE_EDDSA: + return GNUNET_CRYPTO_eddsa_sign_ (&(priv->eddsa_key), purpose, + &(sig->eddsa_signature)); + break; + default: + GNUNET_break (0); + } + + return GNUNET_SYSERR; +} + + +int +GNUNET_IDENTITY_signature_verify_ (uint32_t purpose, + const struct + GNUNET_CRYPTO_EccSignaturePurpose *validate, + const struct GNUNET_IDENTITY_Signature *sig, + const struct GNUNET_IDENTITY_PublicKey *pub) +{ + /* check type matching of 'sig' and 'pub' */ + GNUNET_assert (ntohl (pub->type) == ntohl (sig->type)); + switch (ntohl (pub->type)) + { + case GNUNET_IDENTITY_TYPE_ECDSA: + return GNUNET_CRYPTO_ecdsa_verify_ (purpose, validate, + &(sig->ecdsa_signature), + &(pub->ecdsa_key)); + break; + case GNUNET_IDENTITY_TYPE_EDDSA: + return GNUNET_CRYPTO_eddsa_verify_ (purpose, validate, + &(sig->eddsa_signature), + &(pub->eddsa_key)); + break; + default: + GNUNET_break (0); + } + + return GNUNET_SYSERR; +} + + +ssize_t +GNUNET_IDENTITY_public_key_encrypt (const void *block, + size_t size, + const struct GNUNET_IDENTITY_PublicKey *pub, + struct GNUNET_CRYPTO_EcdhePublicKey *ecc, + void *result) +{ + struct GNUNET_CRYPTO_EcdhePrivateKey pk; + GNUNET_CRYPTO_ecdhe_key_create (&pk); + struct GNUNET_HashCode hash; + switch (ntohl (pub->type)) + { + case GNUNET_IDENTITY_TYPE_ECDSA: + if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdh_ecdsa (&pk, &(pub->ecdsa_key), + &hash)) + return -1; + break; + case GNUNET_IDENTITY_TYPE_EDDSA: + if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdh_eddsa (&pk, &(pub->eddsa_key), + &hash)) + return -1; + break; + default: + return -1; + } + GNUNET_CRYPTO_ecdhe_key_get_public (&pk, ecc); + GNUNET_CRYPTO_ecdhe_key_clear (&pk); + struct GNUNET_CRYPTO_SymmetricSessionKey key; + struct GNUNET_CRYPTO_SymmetricInitializationVector iv; + GNUNET_CRYPTO_hash_to_aes_key (&hash, &key, &iv); + GNUNET_CRYPTO_zero_keys (&hash, sizeof(hash)); + const ssize_t encrypted = GNUNET_CRYPTO_symmetric_encrypt (block, size, &key, + &iv, result); + GNUNET_CRYPTO_zero_keys (&key, sizeof(key)); + GNUNET_CRYPTO_zero_keys (&iv, sizeof(iv)); + return encrypted; +} + + +ssize_t +GNUNET_IDENTITY_private_key_decrypt (const void *block, + size_t size, + const struct + GNUNET_IDENTITY_PrivateKey *priv, + const struct + GNUNET_CRYPTO_EcdhePublicKey *ecc, + void *result) +{ + struct GNUNET_HashCode hash; + switch (ntohl (priv->type)) + { + case GNUNET_IDENTITY_TYPE_ECDSA: + if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_ecdh (&(priv->ecdsa_key), ecc, + &hash)) + return -1; + break; + case GNUNET_IDENTITY_TYPE_EDDSA: + if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_ecdh (&(priv->eddsa_key), ecc, + &hash)) + return -1; + break; + default: + return -1; + } + struct GNUNET_CRYPTO_SymmetricSessionKey key; + struct GNUNET_CRYPTO_SymmetricInitializationVector iv; + GNUNET_CRYPTO_hash_to_aes_key (&hash, &key, &iv); + GNUNET_CRYPTO_zero_keys (&hash, sizeof(hash)); + const ssize_t decrypted = GNUNET_CRYPTO_symmetric_decrypt (block, size, &key, + &iv, result); + GNUNET_CRYPTO_zero_keys (&key, sizeof(key)); + GNUNET_CRYPTO_zero_keys (&iv, sizeof(iv)); + return decrypted; +} + + char * GNUNET_IDENTITY_public_key_to_string (const struct GNUNET_IDENTITY_PublicKey *key) @@ -1023,7 +1246,7 @@ GNUNET_IDENTITY_public_key_from_string (const char *str, if (GNUNET_OK != ret) return GNUNET_SYSERR; ktype = ntohl (key->type); - return (GNUNET_IDENTITY_TYPE_ECDSA == ktype) ? GNUNET_OK : GNUNET_SYSERR; //FIXME other keys, cleaner way? + return (GNUNET_IDENTITY_TYPE_ECDSA == ktype) ? GNUNET_OK : GNUNET_SYSERR; // FIXME other keys, cleaner way? } @@ -1041,7 +1264,7 @@ GNUNET_IDENTITY_private_key_from_string (const char *str, if (GNUNET_OK != ret) return GNUNET_SYSERR; ktype = ntohl (key->type); - return (GNUNET_IDENTITY_TYPE_ECDSA == ktype) ? GNUNET_OK : GNUNET_SYSERR; //FIXME other keys, cleaner way? + return (GNUNET_IDENTITY_TYPE_ECDSA == ktype) ? GNUNET_OK : GNUNET_SYSERR; // FIXME other keys, cleaner way? } diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 03fb16a43..2bbf2b1e7 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h @@ -1700,7 +1700,7 @@ GNUNET_CRYPTO_eddsa_sign_ ( */ #define GNUNET_CRYPTO_eddsa_sign(priv,ps,sig) do { \ /* check size is set correctly */ \ - GNUNET_assert (htonl ((ps)->purpose.size) == sizeof (*ps)); \ + GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*ps)); \ /* check 'ps' begins with the purpose */ \ GNUNET_static_assert (((void*) (ps)) == \ ((void*) &(ps)->purpose)); \ @@ -1747,7 +1747,7 @@ GNUNET_CRYPTO_ecdsa_sign_ ( */ #define GNUNET_CRYPTO_ecdsa_sign(priv,ps,sig) do { \ /* check size is set correctly */ \ - GNUNET_assert (htonl ((ps)->purpose.size) == sizeof (*(ps))); \ + GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \ /* check 'ps' begins with the purpose */ \ GNUNET_static_assert (((void*) (ps)) == \ ((void*) &(ps)->purpose)); \ @@ -1853,7 +1853,7 @@ GNUNET_CRYPTO_ecdsa_verify_ ( */ #define GNUNET_CRYPTO_ecdsa_verify(purp,ps,sig,pub) ({ \ /* check size is set correctly */ \ - GNUNET_assert (htonl ((ps)->purpose.size) == sizeof (*(ps))); \ + GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \ /* check 'ps' begins with the purpose */ \ GNUNET_static_assert (((void*) (ps)) == \ ((void*) &(ps)->purpose)); \ diff --git a/src/include/gnunet_identity_service.h b/src/include/gnunet_identity_service.h index 17714fec4..2974568db 100644 --- a/src/include/gnunet_identity_service.h +++ b/src/include/gnunet_identity_service.h @@ -138,6 +138,33 @@ struct GNUNET_IDENTITY_PublicKey /** + * An identity signature as per LSD0001. + */ +struct GNUNET_IDENTITY_Signature +{ + /** + * Type of signature. + * Defined by the GNS zone type value. + * In NBO. + */ + uint32_t type; + + union + { + /** + * An ECDSA signature + */ + struct GNUNET_CRYPTO_EcdsaSignature ecdsa_signature; + + /** + * AN EdDSA signature + */ + struct GNUNET_CRYPTO_EddsaSignature eddsa_signature; + }; +}; + + +/** * Handle for an operation with the identity service. */ struct GNUNET_IDENTITY_Operation; @@ -379,6 +406,240 @@ GNUNET_IDENTITY_key_get_length (const struct GNUNET_IDENTITY_PublicKey *key); /** + * Reads a #GNUNET_IDENTITY_PublicKey from a compact buffer. + * The buffer has to contain at least the compacted length of + * a #GNUNET_IDENTITY_PublicKey in bytes. + * If the buffer is too small, the function returns -1 as error. + * If the buffer does not contain a valid key, it returns -2 as error. + * + * @param key the key + * @param buffer the buffer + * @param len the length of buffer + * @return -1 or -2 on error, else the amount of bytes read from the buffer + */ +ssize_t +GNUNET_IDENTITY_read_key_from_buffer (struct GNUNET_IDENTITY_PublicKey *key, + const void*buffer, + size_t len); + + +/** + * Writes a #GNUNET_IDENTITY_PublicKey to a compact buffer. + * The buffer requires space for at least the compacted length of + * a #GNUNET_IDENTITY_PublicKey in bytes. + * If the buffer is too small, the function returns -1 as error. + * If the key is not valid, it returns -2 as error. + * + * @param key the key + * @param buffer the buffer + * @param len the length of buffer + * @return -1 or -2 on error, else the amount of bytes written to the buffer + */ +ssize_t +GNUNET_IDENTITY_write_key_to_buffer (const struct + GNUNET_IDENTITY_PublicKey *key, + void*buffer, + size_t len); + + +/** + * Get the compacted length of a #GNUNET_IDENTITY_Signature. + * Compacted means that it returns the minimum number of bytes this + * signature is long, as opposed to the union structure inside + * #GNUNET_IDENTITY_Signature. + * Useful for compact serializations. + * + * @param sig the signature. + * @return -1 on error, else the compacted length of the signature. + */ +ssize_t +GNUNET_IDENTITY_signature_get_length (const struct + GNUNET_IDENTITY_Signature *sig); + + +/** + * Reads a #GNUNET_IDENTITY_Signature from a compact buffer. + * The buffer has to contain at least the compacted length of + * a #GNUNET_IDENTITY_Signature in bytes. + * If the buffer is too small, the function returns -1 as error. + * If the buffer does not contain a valid key, it returns -2 as error. + * + * @param sig the signature + * @param buffer the buffer + * @param len the length of buffer + * @return -1 or -2 on error, else the amount of bytes read from the buffer + */ +ssize_t +GNUNET_IDENTITY_read_signature_from_buffer (struct + GNUNET_IDENTITY_Signature *sig, + const void*buffer, + size_t len); + + +/** + * Writes a #GNUNET_IDENTITY_Signature to a compact buffer. + * The buffer requires space for at least the compacted length of + * a #GNUNET_IDENTITY_Signature in bytes. + * If the buffer is too small, the function returns -1 as error. + * If the key is not valid, it returns -2 as error. + * + * @param sig the signature + * @param buffer the buffer + * @param len the length of buffer + * @return -1 or -2 on error, else the amount of bytes written to the buffer + */ +ssize_t +GNUNET_IDENTITY_write_signature_to_buffer (const struct + GNUNET_IDENTITY_Signature *sig, + void*buffer, + size_t len); + + +/** + * @brief Sign a given block. + * + * The @a purpose data is the beginning of the data of which the signature is + * to be created. The `size` field in @a purpose must correctly indicate the + * number of bytes of the data structure, including its header. If possible, + * use #GNUNET_IDENTITY_sign() instead of this function. + * + * @param priv private key to use for the signing + * @param purpose what to sign (size, purpose) + * @param[out] sig where to write the signature + * @return #GNUNET_SYSERR on error, #GNUNET_OK on success + */ +int +GNUNET_IDENTITY_sign_ (const struct + GNUNET_IDENTITY_PrivateKey *priv, + const struct + GNUNET_CRYPTO_EccSignaturePurpose *purpose, + struct GNUNET_IDENTITY_Signature *sig); + + +/** + * @brief Sign a given block with #GNUNET_IDENTITY_PrivateKey. + * + * The @a ps data must be a fixed-size struct for which the signature is to be + * created. The `size` field in @a ps->purpose must correctly indicate the + * number of bytes of the data structure, including its header. + * + * @param priv private key to use for the signing + * @param ps packed struct with what to sign, MUST begin with a purpose + * @param[out] sig where to write the signature + */ +#define GNUNET_IDENTITY_sign(priv,ps,sig) do { \ + /* check size is set correctly */ \ + GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \ + /* check 'ps' begins with the purpose */ \ + GNUNET_static_assert (((void*) (ps)) == \ + ((void*) &(ps)->purpose)); \ + GNUNET_assert (GNUNET_OK == \ + GNUNET_IDENTITY_sign_ (priv, \ + &(ps)->purpose, \ + sig)); \ +} while (0) + + +/** + * @brief Verify a given signature. + * + * The @a validate data is the beginning of the data of which the signature + * is to be verified. The `size` field in @a validate must correctly indicate + * the number of bytes of the data structure, including its header. If @a + * purpose does not match the purpose given in @a validate (the latter must be + * in big endian), signature verification fails. If possible, + * use #GNUNET_IDENTITY_signature_verify() instead of this function (only if @a validate + * is not fixed-size, you must use this function directly). + * + * @param purpose what is the purpose that the signature should have? + * @param validate block to validate (size, purpose, data) + * @param sig signature that is being validated + * @param pub public key of the signer + * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid + */ +int +GNUNET_IDENTITY_signature_verify_ (uint32_t purpose, + const struct + GNUNET_CRYPTO_EccSignaturePurpose *validate, + const struct GNUNET_IDENTITY_Signature *sig, + const struct + GNUNET_IDENTITY_PublicKey *pub); + + +/** + * @brief Verify a given signature with #GNUNET_IDENTITY_PublicKey. + * + * The @a ps data must be a fixed-size struct for which the signature is to be + * created. The `size` field in @a ps->purpose must correctly indicate the + * number of bytes of the data structure, including its header. + * + * @param purp purpose of the signature, must match 'ps->purpose.purpose' + * (except in host byte order) + * @param ps packed struct with what to sign, MUST begin with a purpose + * @param sig where to read the signature from + * @param pub public key to use for the verifying + */ +#define GNUNET_IDENTITY_signature_verify(purp,ps,sig,pub) ({ \ + /* check size is set correctly */ \ + GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \ + /* check 'ps' begins with the purpose */ \ + GNUNET_static_assert (((void*) (ps)) == \ + ((void*) &(ps)->purpose)); \ + GNUNET_IDENTITY_signature_verify_ (purp, \ + &(ps)->purpose, \ + sig, \ + pub); \ + }) + + +/** + * Encrypt a block with #GNUNET_IDENTITY_PublicKey and derives a + * #GNUNET_CRYPTO_EcdhePublicKey which is required for decryption + * using ecdh to derive a symmetric key. + * + * @param block the block to encrypt + * @param size the size of the @a block + * @param pub public key to use for ecdh + * @param ecc where to write the ecc public key + * @param result the output parameter in which to store the encrypted result + * can be the same or overlap with @c block + * @returns the size of the encrypted block, -1 for errors. + * Due to the use of CFB and therefore an effective stream cipher, + * this size should be the same as @c len. + */ +ssize_t +GNUNET_IDENTITY_encrypt (const void *block, + size_t size, + const struct GNUNET_IDENTITY_PublicKey *pub, + struct GNUNET_CRYPTO_EcdhePublicKey *ecc, + void *result); + + +/** + * Decrypt a given block with #GNUNET_IDENTITY_PrivateKey and a given + * #GNUNET_CRYPTO_EcdhePublicKey using ecdh to derive a symmetric key. + * + * @param block the data to decrypt, encoded as returned by encrypt + * @param size the size of the @a block to decrypt + * @param priv private key to use for ecdh + * @param ecc the ecc public key + * @param result address to store the result at + * can be the same or overlap with @c block + * @return -1 on failure, size of decrypted block on success. + * Due to the use of CFB and therefore an effective stream cipher, + * this size should be the same as @c size. + */ +ssize_t +GNUNET_IDENTITY_decrypt (const void *block, + size_t size, + const struct + GNUNET_IDENTITY_PrivateKey *priv, + const struct + GNUNET_CRYPTO_EcdhePublicKey *ecc, + void *result); + + +/** * Creates a (Base32) string representation of the public key. * The resulting string encodes a compacted representation of the key. * See also #GNUNET_IDENTITY_key_get_length. @@ -438,7 +699,8 @@ GNUNET_IDENTITY_private_key_from_string (const char*str, * @return GNUNET_SYSERR on error. */ enum GNUNET_GenericReturnValue -GNUNET_IDENTITY_key_get_public (const struct GNUNET_IDENTITY_PrivateKey *privkey, +GNUNET_IDENTITY_key_get_public (const struct + GNUNET_IDENTITY_PrivateKey *privkey, struct GNUNET_IDENTITY_PublicKey *key); diff --git a/src/include/gnunet_revocation_service.h b/src/include/gnunet_revocation_service.h index 18c1f2674..d56116914 100644 --- a/src/include/gnunet_revocation_service.h +++ b/src/include/gnunet_revocation_service.h @@ -95,7 +95,7 @@ struct GNUNET_REVOCATION_PowP /** * The signature object we use for the PoW */ -struct GNUNET_REVOCATION_EcdsaSignaturePurposePS +struct GNUNET_REVOCATION_SignaturePurposePS { /** * The signature purpose @@ -103,19 +103,11 @@ struct GNUNET_REVOCATION_EcdsaSignaturePurposePS struct GNUNET_CRYPTO_EccSignaturePurpose purpose; /** - * Type of the key - */ - uint32_t ktype; - - /** - * The revoked public key - */ - struct GNUNET_CRYPTO_EcdsaPublicKey key; - - /** * The timestamp of the revocation */ struct GNUNET_TIME_AbsoluteNBO timestamp; + + /** Followed by the zone public key type and key **/ }; GNUNET_NETWORK_STRUCT_END diff --git a/src/namestore/test_namestore_api_zone_to_name.c b/src/namestore/test_namestore_api_zone_to_name.c index e5ede6bcd..3fd10e4a1 100644 --- a/src/namestore/test_namestore_api_zone_to_name.c +++ b/src/namestore/test_namestore_api_zone_to_name.c @@ -212,12 +212,13 @@ run (void *cls, GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, &s_zone_value, sizeof(s_zone_value)); + s_zone_value.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY); { struct GNUNET_GNSRECORD_Data rd; rd.expiration_time = GNUNET_TIME_absolute_get ().abs_value_us; rd.record_type = GNUNET_GNSRECORD_TYPE_PKEY; - rd.data_size = sizeof(s_zone_value); + rd.data_size = GNUNET_IDENTITY_key_get_length (&s_zone_value); rd.data = &s_zone_value; rd.flags = 0; diff --git a/src/namestore/test_plugin_rest_namestore.sh b/src/namestore/test_plugin_rest_namestore.sh index 12a7fa50c..8a45cebf5 100755 --- a/src/namestore/test_plugin_rest_namestore.sh +++ b/src/namestore/test_plugin_rest_namestore.sh @@ -84,14 +84,15 @@ gnunet-identity -C $TEST_ID -c test_namestore_api.conf test="$(gnunet-namestore -D -z $TEST_ID -c test_namestore_api.conf)" name=$TEST_ID public="$(gnunet-identity -d -c test_namestore_api.conf | grep $TEST_ID | awk 'NR==1{print $3}')" -gnunet-namestore -z $name -p -a -n "test_entry" -e "1d" -V "HVX38H2CB7WJM0WCPWT9CFX6GASMYJVR65RN75SJSSKAYVYXHMRG" -t "PKEY" -c test_namestore_api.conf +echo "$name $public" +valgrind gnunet-namestore -z $name -p -a -n "test_entry" -e "1d" -V "000G006WVZ8HQ5YTVFNX09HK0VJVVQ9ZCBYDSCH3ERT04N5ZRBKEB82EP8" -t "PKEY" -c test_namestore_api.conf #curl_get "${namestore_link}" "HTTP/1.1 200 OK" curl_get "${namestore_link}/$name" "HTTP/1.1 200 OK" curl_get "${namestore_link}/$public" "error" gnunet-namestore -z $name -d -n "test_entry" -c test_namestore_api.conf #Test POST with NAME -curl_post "${namestore_link}/$name" '{"data": [{"value":"HVX38H2CB7WJM0WCPWT9CFX6GASMYJVR65RN75SJSSKAYVYXHMRG", "record_type":"PKEY", "expiration_time":"1d","private": false, "relative_expiration": false, "supplemental": false, "shadow": false}],"record_name":"test_entry"}' "HTTP/1.1 204 No Content" +curl_post "${namestore_link}/$name" '{"data": [{"value":"000G006WVZ8HQ5YTVFNX09HK0VJVVQ9ZCBYDSCH3ERT04N5ZRBKEB82EP8", "record_type":"PKEY", "expiration_time":"1d","private": false, "relative_expiration": false, "supplemental": false, "shadow": false}],"record_name":"test_entry"}' "HTTP/1.1 204 No Content" gnunet-namestore -z $name -d -n "test_entry" -c test_namestore_api.conf > /dev/null 2>&1 # invalid values @@ -106,29 +107,29 @@ curl_post "${namestore_link}/$name" '{"data": [{"record_type":"PKEY", "expiratio gnunet-namestore -z $name -d -n "test_entry" -c test_namestore_api.conf > /dev/null 2>&1 #expirations -curl_post "${namestore_link}/$name" '{"data": [{"value":"HVX38H2CB7WJM0WCPWT9CFX6GASMYJVR65RN75SJSSKAYVYXHMRG", "record_type":"PKEY", "expiration_time":"0d","private": false, "relative_expiration": true, "supplemental": false, "shadow": false}],"record_name":"test_entry"}' "HTTP/1.1 204" +curl_post "${namestore_link}/$name" '{"data": [{"value":"000G006WVZ8HQ5YTVFNX09HK0VJVVQ9ZCBYDSCH3ERT04N5ZRBKEB82EP8", "record_type":"PKEY", "expiration_time":"0d","private": false, "relative_expiration": true, "supplemental": false, "shadow": false}],"record_name":"test_entry"}' "HTTP/1.1 204" gnunet-namestore -z $name -d -n "test_entry" -c test_namestore_api.conf > /dev/null 2>&1 -curl_post "${namestore_link}/$name" '{"data": [{"value":"HVX38H2CB7WJM0WCPWT9CFX6GASMYJVR65RN75SJSSKAYVYXHMRG", "record_type":"PKEY", "expiration_time":"10000d","private": false, "relative_expiration": true, "supplemental": false, "shadow": false}],"record_name":"test_entry"}' "HTTP/1.1 204" +curl_post "${namestore_link}/$name" '{"data": [{"value":"000G006WVZ8HQ5YTVFNX09HK0VJVVQ9ZCBYDSCH3ERT04N5ZRBKEB82EP8", "record_type":"PKEY", "expiration_time":"10000d","private": false, "relative_expiration": true, "supplemental": false, "shadow": false}],"record_name":"test_entry"}' "HTTP/1.1 204" gnunet-namestore -z $name -d -n "test_entry" -c test_namestore_api.conf > /dev/null 2>&1 -curl_post "${namestore_link}/$name" '{"data": [{"value":"HVX38H2CB7WJM0WCPWT9CFX6GASMYJVR65RN75SJSSKAYVYXHMRG", "record_type":"PKEY", "expiration_time":"now","private": false, "relative_expiration": false, "supplemental": false, "shadow": false}],"record_name":"test_entry"}' "error" +curl_post "${namestore_link}/$name" '{"data": [{"value":"000G006WVZ8HQ5YTVFNX09HK0VJVVQ9ZCBYDSCH3ERT04N5ZRBKEB82EP8", "record_type":"PKEY", "expiration_time":"now","private": false, "relative_expiration": false, "supplemental": false, "shadow": false}],"record_name":"test_entry"}' "error" gnunet-namestore -z $name -d -n "test_entry" -c test_namestore_api.conf > /dev/null 2>&1 -curl_post "${namestore_link}/$name" '{"data": [{"value":"HVX38H2CB7WJM0WCPWT9CFX6GASMYJVR65RN75SJSSKAYVYXHMRG", "record_type":"PKEY", "expiration_time_missing":"1d","private": false, "relative_expiration": false, "supplemental": false, "shadow": false}],"record_name":"test_entry"}' "error" +curl_post "${namestore_link}/$name" '{"data": [{"value":"000G006WVZ8HQ5YTVFNX09HK0VJVVQ9ZCBYDSCH3ERT04N5ZRBKEB82EP8", "record_type":"PKEY", "expiration_time_missing":"1d","private": false, "relative_expiration": false, "supplemental": false, "shadow": false}],"record_name":"test_entry"}' "error" gnunet-namestore -z $name -d -n "test_entry" -c test_namestore_api.conf > /dev/null 2>&1 #record_name -curl_post "${namestore_link}/$name" '{"data": [{"value":"HVX38H2CB7WJM0WCPWT9CFX6GASMYJVR65RN75SJSSKAYVYXHMRG", "record_type":"PKEY", "expiration_time":"1d","private": false, "relative_expiration": false, "supplemental": false, "shadow": false}],"record_name":""}' "error" +curl_post "${namestore_link}/$name" '{"data": [{"value":"000G006WVZ8HQ5YTVFNX09HK0VJVVQ9ZCBYDSCH3ERT04N5ZRBKEB82EP8", "record_type":"PKEY", "expiration_time":"1d","private": false, "relative_expiration": false, "supplemental": false, "shadow": false}],"record_name":""}' "error" gnunet-namestore -z $name -d -n "test_entry" -c test_namestore_api.conf > /dev/null 2>&1 -curl_post "${namestore_link}/$name" '{"data": [{"value":"HVX38H2CB7WJM0WCPWT9CFX6GASMYJVR65RN75SJSSKAYVYXHMRG", "record_type":"PKEY", "expiration_time":"1d","private": false, "relative_expiration": false, "supplemental": false, "shadow": false}],"record_name_missing":"test_entry"}' "error" +curl_post "${namestore_link}/$name" '{"data": [{"value":"000G006WVZ8HQ5YTVFNX09HK0VJVVQ9ZCBYDSCH3ERT04N5ZRBKEB82EP8", "record_type":"PKEY", "expiration_time":"1d","private": false, "relative_expiration": false, "supplemental": false, "shadow": false}],"record_name_missing":"test_entry"}' "error" gnunet-namestore -z $name -d -n "test_entry" -c test_namestore_api.conf > /dev/null 2>&1 #Test DELETE -gnunet-namestore -z $name -p -a -n "test_entry" -e "1d" -V "HVX38H2CB7WJM0WCPWT9CFX6GASMYJVR65RN75SJSSKAYVYXHMRG" -t "PKEY" -c test_namestore_api.conf +gnunet-namestore -z $name -p -a -n "test_entry" -e "1d" -V "000G006WVZ8HQ5YTVFNX09HK0VJVVQ9ZCBYDSCH3ERT04N5ZRBKEB82EP8" -t "PKEY" -c test_namestore_api.conf curl_delete "${namestore_link}/$name/test_entry" "HTTP/1.1 204" curl_delete "${namestore_link}/$name/test_entry" "error" -gnunet-namestore -z $name -p -a -n "test_entry" -e "1d" -V "HVX38H2CB7WJM0WCPWT9CFX6GASMYJVR65RN75SJSSKAYVYXHMRG" -t "PKEY" -c test_namestore_api.conf +gnunet-namestore -z $name -p -a -n "test_entry" -e "1d" -V "000G006WVZ8HQ5YTVFNX09HK0VJVVQ9ZCBYDSCH3ERT04N5ZRBKEB82EP8" -t "PKEY" -c test_namestore_api.conf curl_delete "${namestore_link}/$public/test_entry" "error" gnunet-arm -e -c test_namestore_api.conf diff --git a/src/pt/test_gns_vpn.c b/src/pt/test_gns_vpn.c index cf0455477..7b4abaec2 100644 --- a/src/pt/test_gns_vpn.c +++ b/src/pt/test_gns_vpn.c @@ -560,7 +560,7 @@ identity_cb (void *cls, void **ctx, const char *name) { - const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key; + const struct GNUNET_IDENTITY_PrivateKey *zone_key; struct GNUNET_GNSRECORD_Data rd; char *rd_string; char *peername; diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c index c3ff07976..c6d56e02d 100644 --- a/src/reclaim/oidc_helper.c +++ b/src/reclaim/oidc_helper.c @@ -154,10 +154,12 @@ fix_base64 (char *str) replace_char (str, '/', '_'); } + static json_t* -generate_userinfo_json(const struct GNUNET_IDENTITY_PublicKey *sub_key, - const struct GNUNET_RECLAIM_AttributeList *attrs, - const struct GNUNET_RECLAIM_PresentationList *presentations) +generate_userinfo_json (const struct GNUNET_IDENTITY_PublicKey *sub_key, + const struct GNUNET_RECLAIM_AttributeList *attrs, + const struct + GNUNET_RECLAIM_PresentationList *presentations) { struct GNUNET_RECLAIM_AttributeListEntry *le; struct GNUNET_RECLAIM_PresentationListEntry *ple; @@ -206,7 +208,8 @@ generate_userinfo_json(const struct GNUNET_IDENTITY_PublicKey *sub_key, ple->presentation->data, ple->presentation->data_size); json_object_set_new (aggr_sources_jwt, - GNUNET_RECLAIM_presentation_number_to_typename (ple->presentation->type), + GNUNET_RECLAIM_presentation_number_to_typename ( + ple->presentation->type), json_string (pres_val_str) ); json_object_set_new (aggr_sources, source_name, aggr_sources_jwt); GNUNET_free (pres_val_str); @@ -286,6 +289,7 @@ generate_userinfo_json(const struct GNUNET_IDENTITY_PublicKey *sub_key, return body; } + /** * Generate userinfo JSON as string * @@ -297,12 +301,13 @@ generate_userinfo_json(const struct GNUNET_IDENTITY_PublicKey *sub_key, char * OIDC_generate_userinfo (const struct GNUNET_IDENTITY_PublicKey *sub_key, const struct GNUNET_RECLAIM_AttributeList *attrs, - const struct GNUNET_RECLAIM_PresentationList *presentations) + const struct + GNUNET_RECLAIM_PresentationList *presentations) { char *body_str; - json_t* body = generate_userinfo_json (sub_key, - attrs, - presentations); + json_t*body = generate_userinfo_json (sub_key, + attrs, + presentations); body_str = json_dumps (body, JSON_INDENT (0) | JSON_COMPACT); json_decref (body); return body_str; @@ -324,7 +329,8 @@ char * OIDC_generate_id_token (const struct GNUNET_IDENTITY_PublicKey *aud_key, const struct GNUNET_IDENTITY_PublicKey *sub_key, const struct GNUNET_RECLAIM_AttributeList *attrs, - const struct GNUNET_RECLAIM_PresentationList *presentations, + const struct + GNUNET_RECLAIM_PresentationList *presentations, const struct GNUNET_TIME_Relative *expiration_time, const char *nonce, const char *secret_key) @@ -441,7 +447,8 @@ char * OIDC_build_authz_code (const struct GNUNET_IDENTITY_PrivateKey *issuer, const struct GNUNET_RECLAIM_Ticket *ticket, const struct GNUNET_RECLAIM_AttributeList *attrs, - const struct GNUNET_RECLAIM_PresentationList *presentations, + const struct + GNUNET_RECLAIM_PresentationList *presentations, const char *nonce_str, const char *code_challenge) { @@ -525,7 +532,7 @@ OIDC_build_authz_code (const struct GNUNET_IDENTITY_PrivateKey *issuer, // Get length code_payload_len = sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) + payload_len + sizeof(struct - GNUNET_CRYPTO_EcdsaSignature); + GNUNET_IDENTITY_Signature); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Length of data to encode: %lu\n", code_payload_len); @@ -544,10 +551,10 @@ OIDC_build_authz_code (const struct GNUNET_IDENTITY_PrivateKey *issuer, buf_ptr += payload_len; // Sign and store signature if (GNUNET_SYSERR == - GNUNET_CRYPTO_ecdsa_sign_ (&issuer->ecdsa_key, - purpose, - (struct GNUNET_CRYPTO_EcdsaSignature *) - buf_ptr)) + GNUNET_IDENTITY_sign_ (issuer, + purpose, + (struct GNUNET_IDENTITY_Signature *) + buf_ptr)) { GNUNET_break (0); GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unable to sign code\n"); @@ -593,7 +600,7 @@ OIDC_parse_authz_code (const struct GNUNET_IDENTITY_PublicKey *audience, char *code_challenge; char *code_verifier_hash; struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; - struct GNUNET_CRYPTO_EcdsaSignature *signature; + struct GNUNET_IDENTITY_Signature *signature; uint32_t code_challenge_len; uint32_t attrs_ser_len; uint32_t pres_ser_len; @@ -609,7 +616,7 @@ OIDC_parse_authz_code (const struct GNUNET_IDENTITY_PublicKey *audience, (void **) &code_payload); if (code_payload_len < sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) + sizeof(struct OIDC_Parameters) - + sizeof(struct GNUNET_CRYPTO_EcdsaSignature)) + + sizeof(struct GNUNET_IDENTITY_Signature)) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Authorization code malformed\n"); GNUNET_free (code_payload); @@ -620,10 +627,10 @@ OIDC_parse_authz_code (const struct GNUNET_IDENTITY_PublicKey *audience, plaintext_len = code_payload_len; plaintext_len -= sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose); ptr = (char *) &purpose[1]; - plaintext_len -= sizeof(struct GNUNET_CRYPTO_EcdsaSignature); + plaintext_len -= sizeof(struct GNUNET_IDENTITY_Signature); plaintext = ptr; ptr += plaintext_len; - signature = (struct GNUNET_CRYPTO_EcdsaSignature *) ptr; + signature = (struct GNUNET_IDENTITY_Signature *) ptr; params = (struct OIDC_Parameters *) plaintext; // cmp code_challenge code_verifier @@ -684,10 +691,11 @@ OIDC_parse_authz_code (const struct GNUNET_IDENTITY_PublicKey *audience, return GNUNET_SYSERR; } if (GNUNET_OK != - GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN, - purpose, - signature, - &ticket->identity.ecdsa_key)) + GNUNET_IDENTITY_signature_verify_ ( + GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN, + purpose, + signature, + &(ticket->identity))) { GNUNET_free (code_payload); if (NULL != *nonce_str) @@ -840,7 +848,8 @@ OIDC_check_scopes_for_claim_request (const char*scopes, } } - } else if (0 == strcmp (attr, scope_variable)) + } + else if (0 == strcmp (attr, scope_variable)) { /** attribute matches requested scope **/ GNUNET_free (scope_variables); diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c index 94fbc7022..791c3d008 100644 --- a/src/revocation/revocation_api.c +++ b/src/revocation/revocation_api.c @@ -423,33 +423,33 @@ calculate_score (const struct GNUNET_REVOCATION_PowCalculationHandle *ph) enum GNUNET_GenericReturnValue -check_signature_ecdsa (const struct GNUNET_REVOCATION_PowP *pow, - const struct GNUNET_CRYPTO_EcdsaPublicKey *key) +check_signature_identity (const struct GNUNET_REVOCATION_PowP *pow, + const struct GNUNET_IDENTITY_PublicKey *key) { - struct GNUNET_REVOCATION_EcdsaSignaturePurposePS spurp; - struct GNUNET_CRYPTO_EcdsaSignature *sig; + struct GNUNET_REVOCATION_SignaturePurposePS *spurp; + struct GNUNET_IDENTITY_Signature *sig; const struct GNUNET_IDENTITY_PublicKey *pk; size_t ksize; pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; ksize = GNUNET_IDENTITY_key_get_length (pk); - spurp.ktype = pk->type; - spurp.key = pk->ecdsa_key; - spurp.timestamp = pow->timestamp; - spurp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); - spurp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) - + GNUNET_IDENTITY_key_get_length (pk) - + sizeof (struct GNUNET_TIME_AbsoluteNBO)); + spurp = GNUNET_malloc (sizeof (*spurp) + ksize); + spurp->timestamp = pow->timestamp; + spurp->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); + spurp->purpose.size = htonl (sizeof(*spurp) + ksize); + GNUNET_IDENTITY_write_key_to_buffer (pk, + (char*) &spurp[1], + ksize); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Expected signature payload len: %u\n", - ntohl (spurp.purpose.size)); - sig = (struct GNUNET_CRYPTO_EcdsaSignature *) ((char*)&pow[1] + ksize); + ntohl (spurp->purpose.size)); + sig = (struct GNUNET_IDENTITY_Signature *) ((char*) &pow[1] + ksize); if (GNUNET_OK != - GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION, - &spurp.purpose, - sig, - key)) + GNUNET_IDENTITY_signature_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION, + &spurp->purpose, + sig, + key)) { return GNUNET_SYSERR; } @@ -463,14 +463,7 @@ check_signature (const struct GNUNET_REVOCATION_PowP *pow) const struct GNUNET_IDENTITY_PublicKey *pk; pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; - switch (ntohl (pk->type)) - { - case GNUNET_IDENTITY_TYPE_ECDSA: - return check_signature_ecdsa (pow, &pk->ecdsa_key); - default: - return GNUNET_SYSERR; - } - return GNUNET_SYSERR; + return check_signature_identity (pow, pk); } @@ -576,11 +569,11 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow, enum GNUNET_GenericReturnValue -sign_pow_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, - struct GNUNET_REVOCATION_PowP *pow) +sign_pow_identity (const struct GNUNET_IDENTITY_PrivateKey *key, + struct GNUNET_REVOCATION_PowP *pow) { struct GNUNET_TIME_Absolute ts = GNUNET_TIME_absolute_get (); - struct GNUNET_REVOCATION_EcdsaSignaturePurposePS rp; + struct GNUNET_REVOCATION_SignaturePurposePS *rp; const struct GNUNET_IDENTITY_PublicKey *pk; size_t ksize; char *sig; @@ -594,21 +587,24 @@ sign_pow_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; ksize = GNUNET_IDENTITY_key_get_length (pk); pow->timestamp = GNUNET_TIME_absolute_hton (ts); - rp.timestamp = pow->timestamp; - rp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); - rp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) - + ksize - + sizeof (struct GNUNET_TIME_AbsoluteNBO)); + rp = GNUNET_malloc (sizeof (*rp) + ksize); + rp->timestamp = pow->timestamp; + rp->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); + rp->purpose.size = htonl (sizeof(*rp) + ksize); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Signature payload len: %u\n", - ntohl (rp.purpose.size)); - rp.ktype = pk->type; - rp.key = pk->ecdsa_key; - sig = ((char*)&pow[1]) + ksize; - return GNUNET_CRYPTO_ecdsa_sign_ (key, - &rp.purpose, - (void*) sig); - + ntohl (rp->purpose.size)); + GNUNET_IDENTITY_write_key_to_buffer (pk, + ((char*) &rp[1]), + ksize); + sig = ((char*) &pow[1]) + ksize; + int result = GNUNET_IDENTITY_sign_ (key, + &rp->purpose, + (void*) sig); + if (result == GNUNET_SYSERR) + return GNUNET_NO; + else + return result; } @@ -620,14 +616,7 @@ sign_pow (const struct GNUNET_IDENTITY_PrivateKey *key, pk = (struct GNUNET_IDENTITY_PublicKey *) &pow[1]; GNUNET_IDENTITY_key_get_public (key, pk); - switch (ntohl (pk->type)) - { - case GNUNET_IDENTITY_TYPE_ECDSA: - return sign_pow_ecdsa (&key->ecdsa_key, pow); - default: - return GNUNET_NO; - } - return GNUNET_NO; + return sign_pow_identity (key, pow); } @@ -777,20 +766,17 @@ size_t GNUNET_REVOCATION_proof_get_size (const struct GNUNET_REVOCATION_PowP *pow) { size_t size; + size_t ksize; const struct GNUNET_IDENTITY_PublicKey *pk; + const struct GNUNET_IDENTITY_Signature *sig; size = sizeof (struct GNUNET_REVOCATION_PowP); pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; - size += GNUNET_IDENTITY_key_get_length (pk); - - switch (ntohl (pk->type)) - { - case GNUNET_IDENTITY_TYPE_ECDSA: - return size + sizeof (struct GNUNET_CRYPTO_EcdsaSignature); - default: - return 0; - } - return 0; + ksize = GNUNET_IDENTITY_key_get_length (pk); + size += ksize; + sig = (struct GNUNET_IDENTITY_Signature *) ((char*) &pow[1] + ksize); + size += GNUNET_IDENTITY_signature_get_length (sig); + return size; } diff --git a/src/testbed/test_testbed_api_template.conf b/src/testbed/test_testbed_api_template.conf index 255c1b766..ae0368a8b 100644 --- a/src/testbed/test_testbed_api_template.conf +++ b/src/testbed/test_testbed_api_template.conf @@ -32,7 +32,7 @@ WAN_QUOTA_IN = 3932160 USE_EPHEMERAL_KEYS = NO IMMEDIATE_START = YES -[transport-udp] +[transport-tcp] TIMEOUT = 300 s [PATHS] |