From f00c18e631ce8bdaf80d20f236ef275c9cb99291 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sat, 18 Apr 2020 19:46:44 +0200 Subject: simplify pow even more; add timestamp to revocation pow --- src/include/gnunet_revocation_service.h | 4 +++ src/revocation/gnunet-revocation.c | 22 ++++++++++++++++- src/revocation/gnunet-service-revocation.c | 3 +++ src/revocation/plugin_block_revocation.c | 3 +++ src/revocation/revocation.h | 5 ++++ src/revocation/revocation_api.c | 17 +++++++++++-- src/util/crypto_pow.c | 39 ------------------------------ 7 files changed, 51 insertions(+), 42 deletions(-) diff --git a/src/include/gnunet_revocation_service.h b/src/include/gnunet_revocation_service.h index 7222cedc1..1e1abb787 100644 --- a/src/include/gnunet_revocation_service.h +++ b/src/include/gnunet_revocation_service.h @@ -105,6 +105,7 @@ struct GNUNET_REVOCATION_Handle; * @param key public key of the key to revoke * @param sig signature to use on the revocation (should have been * created using #GNUNET_REVOCATION_sign_revocation). + * @param ts revocation timestamp * @param pow proof of work to use (should have been created by * iteratively calling #GNUNET_REVOCATION_check_pow) * @param func funtion to call with the result of the check @@ -117,6 +118,7 @@ struct GNUNET_REVOCATION_Handle * GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg, const struct GNUNET_CRYPTO_EcdsaPublicKey *key, const struct GNUNET_CRYPTO_EcdsaSignature *sig, + const struct GNUNET_TIME_Absolute *ts, uint64_t pow, GNUNET_REVOCATION_Callback func, void *func_cls); @@ -135,12 +137,14 @@ GNUNET_REVOCATION_revoke_cancel (struct GNUNET_REVOCATION_Handle *h); * would be acceptable for revoking the given key. * * @param key key to check for + * @param ts revocation timestamp * @param pow proof of work value * @param matching_bits how many bits must match (configuration) * @return #GNUNET_YES if the @a pow is acceptable, #GNUNET_NO if not */ int GNUNET_REVOCATION_check_pow (const struct GNUNET_CRYPTO_EcdsaPublicKey *key, + const struct GNUNET_TIME_Absolute *ts, uint64_t pow, unsigned int matching_bits); diff --git a/src/revocation/gnunet-revocation.c b/src/revocation/gnunet-revocation.c index f5aa2d17e..42ec71d16 100644 --- a/src/revocation/gnunet-revocation.c +++ b/src/revocation/gnunet-revocation.c @@ -202,6 +202,11 @@ struct RevocationData */ struct GNUNET_CRYPTO_EcdsaSignature sig; + /** + * Time of revocation + */ + struct GNUNET_TIME_AbsoluteNBO ts; + /** * Proof of work (in NBO). */ @@ -215,9 +220,13 @@ struct RevocationData static void perform_revocation (const struct RevocationData *rd) { + struct GNUNET_TIME_Absolute ts; + + ts = GNUNET_TIME_absolute_ntoh (rd->ts); h = GNUNET_REVOCATION_revoke (cfg, &rd->key, &rd->sig, + &ts, rd->pow, &print_revocation_result, NULL); @@ -273,6 +282,7 @@ static void calculate_pow (void *cls) { struct RevocationData *rd = cls; + struct GNUNET_TIME_Absolute ts = GNUNET_TIME_absolute_ntoh (rd->ts); /* store temporary results */ pow_task = NULL; @@ -290,6 +300,7 @@ calculate_pow (void *cls) /* actually do POW calculation */ rd->pow++; if (GNUNET_OK == GNUNET_REVOCATION_check_pow (&rd->key, + &ts, rd->pow, (unsigned int) matching_bits)) { @@ -331,6 +342,7 @@ ego_callback (void *cls, const struct GNUNET_IDENTITY_Ego *ego) { struct RevocationData *rd; struct GNUNET_CRYPTO_EcdsaPublicKey key; + struct GNUNET_TIME_Absolute ts; el = NULL; if (NULL == ego) @@ -361,9 +373,14 @@ ego_callback (void *cls, const struct GNUNET_IDENTITY_Ego *ego) ego), &rd->sig); rd->key = key; + rd->ts = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get ()); } + ts = GNUNET_TIME_absolute_ntoh (rd->ts); if (GNUNET_YES == - GNUNET_REVOCATION_check_pow (&key, rd->pow, (unsigned int) matching_bits)) + GNUNET_REVOCATION_check_pow (&key, + &ts, + rd->pow, + (unsigned int) matching_bits)) { fprintf (stderr, "%s", _ ("Revocation certificate ready\n")); if (perform) @@ -397,6 +414,7 @@ run (void *cls, { struct GNUNET_CRYPTO_EcdsaPublicKey pk; struct RevocationData rd; + struct GNUNET_TIME_Absolute ts; cfg = c; if (NULL != test_ego) @@ -453,8 +471,10 @@ run (void *cls, return; } GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); + ts = GNUNET_TIME_absolute_ntoh (rd.ts); if (GNUNET_YES != GNUNET_REVOCATION_check_pow (&rd.key, + &ts, rd.pow, (unsigned int) matching_bits)) { diff --git a/src/revocation/gnunet-service-revocation.c b/src/revocation/gnunet-service-revocation.c index 3e811cd9a..ff75faa2c 100644 --- a/src/revocation/gnunet-service-revocation.c +++ b/src/revocation/gnunet-service-revocation.c @@ -167,8 +167,11 @@ new_peer_entry (const struct GNUNET_PeerIdentity *peer) static int verify_revoke_message (const struct RevokeMessage *rm) { + struct GNUNET_TIME_Absolute ts; + ts = GNUNET_TIME_absolute_ntoh (rm->ts); if (GNUNET_YES != GNUNET_REVOCATION_check_pow (&rm->public_key, + &ts, rm->proof_of_work, (unsigned int) revocation_work_required)) { diff --git a/src/revocation/plugin_block_revocation.c b/src/revocation/plugin_block_revocation.c index 8d16b8781..57234fa36 100644 --- a/src/revocation/plugin_block_revocation.c +++ b/src/revocation/plugin_block_revocation.c @@ -134,6 +134,7 @@ block_plugin_revocation_evaluate (void *cls, struct InternalContext *ic = cls; struct GNUNET_HashCode chash; const struct RevokeMessage *rm = reply_block; + struct GNUNET_TIME_Absolute ts; if (NULL == reply_block) return GNUNET_BLOCK_EVALUATION_REQUEST_VALID; @@ -142,8 +143,10 @@ block_plugin_revocation_evaluate (void *cls, GNUNET_break_op (0); return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; } + ts = GNUNET_TIME_absolute_ntoh (rm->ts); if (GNUNET_YES != GNUNET_REVOCATION_check_pow (&rm->public_key, + &ts, rm->proof_of_work, ic->matching_bits)) { diff --git a/src/revocation/revocation.h b/src/revocation/revocation.h index b6e7a07ec..184f58e0a 100644 --- a/src/revocation/revocation.h +++ b/src/revocation/revocation.h @@ -88,6 +88,11 @@ struct RevokeMessage */ uint32_t reserved GNUNET_PACKED; + /** + * Timestamp + */ + struct GNUNET_TIME_AbsoluteNBO ts; + /** * Number that causes a hash collision with the @e public_key. */ diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c index 4755d4816..c2aafd254 100644 --- a/src/revocation/revocation_api.c +++ b/src/revocation/revocation_api.c @@ -235,6 +235,7 @@ handle_revocation_response (void *cls, * @param key public key of the key to revoke * @param sig signature to use on the revocation (should have been * created using #GNUNET_REVOCATION_sign_revocation). + * @param ts revocation timestamp * @param pow proof of work to use (should have been created by * iteratively calling #GNUNET_REVOCATION_check_pow) * @param func funtion to call with the result of the check @@ -247,6 +248,7 @@ struct GNUNET_REVOCATION_Handle * GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg, const struct GNUNET_CRYPTO_EcdsaPublicKey *key, const struct GNUNET_CRYPTO_EcdsaSignature *sig, + const struct GNUNET_TIME_Absolute *ts, uint64_t pow, GNUNET_REVOCATION_Callback func, void *func_cls) @@ -271,6 +273,7 @@ GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg, &matching_bits)) && (GNUNET_YES != GNUNET_REVOCATION_check_pow (key, + ts, pow, (unsigned int) matching_bits))) { @@ -346,22 +349,32 @@ count_leading_zeroes (const struct GNUNET_HashCode *hash) * would be acceptable for revoking the given key. * * @param key key to check for + * @param ts revocation timestamp * @param pow proof of work value * @param matching_bits how many bits must match (configuration) * @return #GNUNET_YES if the @a pow is acceptable, #GNUNET_NO if not */ int GNUNET_REVOCATION_check_pow (const struct GNUNET_CRYPTO_EcdsaPublicKey *key, + const struct GNUNET_TIME_Absolute *ts, uint64_t pow, unsigned int matching_bits) { char buf[sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey) - + sizeof(pow)] GNUNET_ALIGN; + + sizeof(pow) + + sizeof (struct GNUNET_TIME_AbsoluteNBO)] GNUNET_ALIGN; struct GNUNET_HashCode result; + struct GNUNET_TIME_AbsoluteNBO ts_nbo; - GNUNET_memcpy (buf, &pow, sizeof(pow)); + ts_nbo = GNUNET_TIME_absolute_hton (*ts); + + GNUNET_memcpy (buf, &pow, sizeof(pow)) ; GNUNET_memcpy (&buf[sizeof(pow)], key, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)); + GNUNET_memcpy (&buf[sizeof(pow) + sizeof (struct GNUNET_TIME_AbsoluteNBO)], + &ts_nbo, + sizeof (struct GNUNET_TIME_AbsoluteNBO)); + GNUNET_CRYPTO_pow_hash ("gnunet-revocation-proof-of-work", buf, sizeof(buf), diff --git a/src/util/crypto_pow.c b/src/util/crypto_pow.c index 5e225f244..1ab4443d1 100644 --- a/src/util/crypto_pow.c +++ b/src/util/crypto_pow.c @@ -47,12 +47,6 @@ GNUNET_CRYPTO_pow_hash (const char *salt, struct GNUNET_HashCode *result) { #ifdef LSD0001 - char twofish_iv[128 / 8]; // 128 bit IV - char twofish_key[256 / 8]; // 256 bit Key - char rbuf[buf_len]; - int rc; - gcry_cipher_hd_t handle; - GNUNET_break (ARGON2_OK == argon2d_hash_raw (3, /* iterations */ 1024, /* memory (1 MiB) */ 1, /* threads */ @@ -60,39 +54,6 @@ GNUNET_CRYPTO_pow_hash (const char *salt, buf_len, salt, strlen (salt), - &twofish_key, - sizeof (twofish_key))); - - GNUNET_CRYPTO_kdf (twofish_iv, - sizeof (twofish_iv), - "gnunet-proof-of-work-iv", - strlen ("gnunet-proof-of-work-iv"), - twofish_key, - sizeof(twofish_key), - salt, - strlen (salt), - NULL, 0); - GNUNET_assert (0 == - gcry_cipher_open (&handle, GCRY_CIPHER_TWOFISH, - GCRY_CIPHER_MODE_CFB, 0)); - rc = gcry_cipher_setkey (handle, - twofish_key, - sizeof(twofish_key)); - GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY)); - rc = gcry_cipher_setiv (handle, - twofish_iv, - sizeof(twofish_iv)); - GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY)); - GNUNET_assert (0 == gcry_cipher_encrypt (handle, &rbuf, buf_len, buf, - buf_len)); - gcry_cipher_close (handle); - GNUNET_break (ARGON2_OK == argon2d_hash_raw (3, /* iterations */ - 1024, /* memory (1 MiB) */ - 1, /* threads */ - rbuf, - buf_len, - salt, - strlen (salt), result, sizeof (struct GNUNET_HashCode))); -- cgit v1.2.3