From 96c802b46be51e5c45f34e2de823f787d26c2929 Mon Sep 17 00:00:00 2001 From: Martin Schanzenbach Date: Wed, 14 Oct 2020 19:47:32 +0200 Subject: - towards crypto agility; wip --- src/gnsrecord/gnunet-gnsrecord-tvg.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) (limited to 'src/gnsrecord/gnunet-gnsrecord-tvg.c') diff --git a/src/gnsrecord/gnunet-gnsrecord-tvg.c b/src/gnsrecord/gnunet-gnsrecord-tvg.c index 789ff8aa3..31f077722 100644 --- a/src/gnsrecord/gnunet-gnsrecord-tvg.c +++ b/src/gnsrecord/gnunet-gnsrecord-tvg.c @@ -90,18 +90,19 @@ run (void *cls, struct GNUNET_TIME_Absolute exp_abs = GNUNET_TIME_absolute_get (); struct GNUNET_GNSRECORD_Block *rrblock; char *bdata; - struct GNUNET_CRYPTO_EcdsaPrivateKey id_priv; - struct GNUNET_CRYPTO_EcdsaPublicKey id_pub; - struct GNUNET_CRYPTO_EcdsaPrivateKey pkey_data_p; - struct GNUNET_CRYPTO_EcdsaPublicKey pkey_data; + struct GNUNET_IDENTITY_PrivateKey id_priv; + struct GNUNET_IDENTITY_PublicKey id_pub; + struct GNUNET_IDENTITY_PrivateKey pkey_data_p; + struct GNUNET_IDENTITY_PublicKey pkey_data; void *data; size_t data_size; char *rdata; size_t rdata_size; - GNUNET_CRYPTO_ecdsa_key_create (&id_priv); - GNUNET_CRYPTO_ecdsa_key_get_public (&id_priv, - &id_pub); + id_priv.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY); + GNUNET_CRYPTO_ecdsa_key_create (&id_priv.ecdsa_key); + GNUNET_IDENTITY_key_get_public (&id_priv, + &id_pub); fprintf (stdout, "Zone private key (d, little-endian scalar):\n"); print_bytes (&id_priv, sizeof(id_priv), 0); fprintf (stdout, "\n"); @@ -109,9 +110,10 @@ run (void *cls, print_bytes (&id_pub, sizeof(id_pub), 0); fprintf (stdout, "\n"); - GNUNET_CRYPTO_ecdsa_key_create (&pkey_data_p); - GNUNET_CRYPTO_ecdsa_key_get_public (&pkey_data_p, - &pkey_data); + pkey_data_p.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY); + GNUNET_CRYPTO_ecdsa_key_create (&pkey_data_p.ecdsa_key); + GNUNET_IDENTITY_key_get_public (&pkey_data_p, + &pkey_data); fprintf (stdout, "Label: %s\nRRCOUNT: %d\n\n", TEST_RECORD_LABEL, TEST_RRCOUNT); memset (rd, 0, sizeof (struct GNUNET_GNSRECORD_Data) * 2); -- cgit v1.2.3 From 25eb1fb2acbe92b418d8643c06107ce0ab2bfb9a Mon Sep 17 00:00:00 2001 From: Martin Schanzenbach Date: Wed, 14 Oct 2020 22:31:38 +0200 Subject: - better wire format for rrblocks --- src/gns/plugin_block_gns.c | 5 +- src/gnsrecord/gnsrecord_crypto.c | 86 ++++++++++++++++--------------- src/gnsrecord/gnsrecord_misc.c | 54 +++++++++++++++++++ src/gnsrecord/gnunet-gnsrecord-tvg.c | 9 ++-- src/include/gnunet_gnsrecord_lib.h | 47 ++++++++++++++--- src/namecache/gnunet-service-namecache.c | 47 ++++------------- src/namecache/namecache_api.c | 23 ++------- src/namecache/plugin_namecache_flat.c | 16 ++---- src/namecache/plugin_namecache_postgres.c | 24 ++++----- src/namecache/plugin_namecache_sqlite.c | 16 ++---- src/namestore/test_plugin_namestore.c | 6 +-- 11 files changed, 184 insertions(+), 149 deletions(-) (limited to 'src/gnsrecord/gnunet-gnsrecord-tvg.c') diff --git a/src/gns/plugin_block_gns.c b/src/gns/plugin_block_gns.c index aabedcaac..64390c5a0 100644 --- a/src/gns/plugin_block_gns.c +++ b/src/gns/plugin_block_gns.c @@ -145,10 +145,7 @@ block_plugin_gns_evaluate (void *cls, return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; } block = reply_block; - if (ntohl (block->purpose.size) + sizeof(struct - GNUNET_CRYPTO_EcdsaSignature) - + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey) != - reply_block_size) + if (ntohl (block->purpose.size) >= reply_block_size) { GNUNET_break_op (0); return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; diff --git a/src/gnsrecord/gnsrecord_crypto.c b/src/gnsrecord/gnsrecord_crypto.c index b32b148fe..5c7330998 100644 --- a/src/gnsrecord/gnsrecord_crypto.c +++ b/src/gnsrecord/gnsrecord_crypto.c @@ -81,16 +81,17 @@ derive_block_aes_key (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, * @return NULL on error (block too large) */ static struct GNUNET_GNSRECORD_Block * -block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, - const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey, - struct GNUNET_TIME_Absolute expire, - const char *label, - const struct GNUNET_GNSRECORD_Data *rd, - unsigned int rd_count) +block_create_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, + const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey, + struct GNUNET_TIME_Absolute expire, + const char *label, + const struct GNUNET_GNSRECORD_Data *rd, + unsigned int rd_count) { ssize_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count, rd); struct GNUNET_GNSRECORD_Block *block; + struct GNUNET_GNSRECORD_EcdsaBlock *ecblock; struct GNUNET_CRYPTO_EcdsaPrivateKey *dkey; struct GNUNET_CRYPTO_SymmetricInitializationVector iv; struct GNUNET_CRYPTO_SymmetricSessionKey skey; @@ -140,20 +141,21 @@ block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, block = GNUNET_malloc (sizeof(struct GNUNET_GNSRECORD_Block) + sizeof(uint32_t) + payload_len); - block->purpose.size = htonl (sizeof(uint32_t) + ecblock = &block->ecdsa_block; + block->type = htonl (GNUNET_GNSRECORD_TYPE_PKEY); + ecblock->purpose.size = htonl (sizeof(uint32_t) + payload_len + sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) + sizeof(struct GNUNET_TIME_AbsoluteNBO)); - block->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN); - block->expiration_time = GNUNET_TIME_absolute_hton (expire); + ecblock->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN); + ecblock->expiration_time = GNUNET_TIME_absolute_hton (expire); /* encrypt and sign */ dkey = GNUNET_CRYPTO_ecdsa_private_key_derive (key, label, "gns"); GNUNET_CRYPTO_ecdsa_key_get_public (dkey, - &block->derived_key.ecdsa_key); - block->derived_key.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY); + &ecblock->derived_key); derive_block_aes_key (&iv, &skey, label, @@ -164,12 +166,12 @@ block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, + sizeof(uint32_t), &skey, &iv, - &block[1])); + &ecblock[1])); } if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_sign_ (dkey, - &block->purpose, - &block->signature)) + &ecblock->purpose, + &ecblock->signature)) { GNUNET_break (0); GNUNET_free (dkey); @@ -205,12 +207,12 @@ GNUNET_GNSRECORD_block_create (const struct GNUNET_IDENTITY_PrivateKey *key, case GNUNET_GNSRECORD_TYPE_PKEY: GNUNET_CRYPTO_ecdsa_key_get_public (&key->ecdsa_key, &pkey); - return block_create (&key->ecdsa_key, - &pkey, - expire, - label, - rd, - rd_count); + return block_create_ecdsa (&key->ecdsa_key, + &pkey, + expire, + label, + rd, + rd_count); default: GNUNET_assert (0); } @@ -258,7 +260,7 @@ GNUNET_GNSRECORD_block_create2 (const struct GNUNET_IDENTITY_PrivateKey *pkey, if (GNUNET_IDENTITY_TYPE_ECDSA != ntohl (pkey->type)) { - return NULL; //FIXME + return NULL; // FIXME } key = &pkey->ecdsa_key; #define CSIZE 64 @@ -276,12 +278,12 @@ GNUNET_GNSRECORD_block_create2 (const struct GNUNET_IDENTITY_PrivateKey *pkey, &line->pkey); } #undef CSIZE - return block_create (key, - &line->pkey, - expire, - label, - rd, - rd_count); + return block_create_ecdsa (key, + &line->pkey, + expire, + label, + rd, + rd_count); } @@ -296,28 +298,30 @@ enum GNUNET_GenericReturnValue GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block) { const struct GNUNET_CRYPTO_EcdsaPublicKey *key; + const struct GNUNET_GNSRECORD_EcdsaBlock *ecblock; - if (GNUNET_GNSRECORD_TYPE_PKEY != ntohl (block->derived_key.type)) + if (GNUNET_GNSRECORD_TYPE_PKEY != ntohl (block->type)) { GNUNET_break (0); return GNUNET_NO; } - key = &block->derived_key.ecdsa_key; + ecblock = &block->ecdsa_block; + key = &ecblock->derived_key; return GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN, - &block->purpose, - &block->signature, + &ecblock->purpose, + &ecblock->signature, key); } enum GNUNET_GenericReturnValue -block_decrypt (const struct GNUNET_GNSRECORD_Block *block, - const struct - GNUNET_CRYPTO_EcdsaPublicKey *zone_key, - const char *label, - GNUNET_GNSRECORD_RecordCallback proc, - void *proc_cls) +block_decrypt_ecdsa (const struct GNUNET_GNSRECORD_EcdsaBlock *block, + const struct + GNUNET_CRYPTO_EcdsaPublicKey *zone_key, + const char *label, + GNUNET_GNSRECORD_RecordCallback proc, + void *proc_cls) { size_t payload_len = ntohl (block->purpose.size) - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) @@ -465,12 +469,12 @@ GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block, } key = &zone_key->ecdsa_key; - return block_decrypt (block, key, label, proc, proc_cls); + return block_decrypt_ecdsa (&block->ecdsa_block, + key, label, proc, proc_cls); } - /** * Calculate the DHT query for a given @a label in a given @a zone. * @@ -524,8 +528,8 @@ GNUNET_GNSRECORD_query_from_public_key (const struct label, "gns", &pd.ecdsa_key); - GNUNET_CRYPTO_hash (&pd, - sizeof(pd), + GNUNET_CRYPTO_hash (&pd.ecdsa_key, + sizeof (pd.ecdsa_key), query); break; default: diff --git a/src/gnsrecord/gnsrecord_misc.c b/src/gnsrecord/gnsrecord_misc.c index 8b590e35f..baf13e963 100644 --- a/src/gnsrecord/gnsrecord_misc.c +++ b/src/gnsrecord/gnsrecord_misc.c @@ -272,4 +272,58 @@ GNUNET_GNSRECORD_zkey_to_pkey (const char *zkey, } +size_t +GNUNET_GNSRECORD_block_get_size (const struct GNUNET_GNSRECORD_Block *block) +{ + switch (ntohl (block->type)) + { + case GNUNET_GNSRECORD_TYPE_PKEY: + return sizeof (uint32_t) /* zone type */ + + sizeof (block->ecdsa_block) /* EcdsaBlock */ + + ntohl (block->ecdsa_block.purpose.size) /* Length of signed data */ + - sizeof (block->ecdsa_block.purpose); /* Purpose already in EcdsaBlock */ + break; + default: + return 0; + } + return 0; +} + + +struct GNUNET_TIME_Absolute +GNUNET_GNSRECORD_block_get_expiration (const struct + GNUNET_GNSRECORD_Block *block) +{ + + switch (ntohl (block->type)) + { + case GNUNET_GNSRECORD_TYPE_PKEY: + return GNUNET_TIME_absolute_ntoh (block->ecdsa_block.expiration_time); + default: + return GNUNET_TIME_absolute_get_zero_ (); + } + return GNUNET_TIME_absolute_get_zero_ (); + +} + + +enum GNUNET_GenericReturnValue +GNUNET_GNSRECORD_query_from_block (const struct GNUNET_GNSRECORD_Block *block, + struct GNUNET_HashCode *query) +{ + switch (ntohl (block->type)) + { + case GNUNET_GNSRECORD_TYPE_PKEY: + GNUNET_CRYPTO_hash (&block->ecdsa_block.derived_key, + sizeof (block->ecdsa_block.derived_key), + query); + return GNUNET_OK; + default: + return GNUNET_SYSERR; + } + return GNUNET_SYSERR; + +} + + /* end of gnsrecord_misc.c */ diff --git a/src/gnsrecord/gnunet-gnsrecord-tvg.c b/src/gnsrecord/gnunet-gnsrecord-tvg.c index 31f077722..7c28a18d0 100644 --- a/src/gnsrecord/gnunet-gnsrecord-tvg.c +++ b/src/gnsrecord/gnunet-gnsrecord-tvg.c @@ -149,19 +149,20 @@ run (void *cls, TEST_RECORD_LABEL, rd, TEST_RRCOUNT); - size_t bdata_size = ntohl (rrblock->purpose.size) + size_t bdata_size = ntohl (rrblock->ecdsa_block.purpose.size) - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) - sizeof(struct GNUNET_TIME_AbsoluteNBO); - size_t rrblock_size = ntohl (rrblock->purpose.size) + size_t ecblock_size = ntohl (rrblock->ecdsa_block.purpose.size) + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey) + sizeof(struct GNUNET_CRYPTO_EcdsaSignature); + size_t block_size = ecblock_size + sizeof (uint32_t); - bdata = (char*) &rrblock[1]; + bdata = (char*) &(&rrblock->ecdsa_block)[1]; fprintf (stdout, "BDATA:\n"); print_bytes (bdata, bdata_size, 8); fprintf (stdout, "\n"); fprintf (stdout, "RRBLOCK:\n"); - print_bytes (rrblock, rrblock_size, 8); + print_bytes (rrblock, block_size, 8); fprintf (stdout, "\n"); } diff --git a/src/include/gnunet_gnsrecord_lib.h b/src/include/gnunet_gnsrecord_lib.h index 6124b2925..20d8e2517 100644 --- a/src/include/gnunet_gnsrecord_lib.h +++ b/src/include/gnunet_gnsrecord_lib.h @@ -263,21 +263,20 @@ struct GNUNET_GNSRECORD_PlaceData /* Followed by struct GNUNET_PeerIdentity relays[relay_count] */ }; - /** * Information we have in an encrypted block with record data (i.e. in the DHT). */ -struct GNUNET_GNSRECORD_Block +struct GNUNET_GNSRECORD_EcdsaBlock { /** - * Signature of the block. + * Derived key used for signing; hash of this is the query. */ - struct GNUNET_CRYPTO_EcdsaSignature signature; + struct GNUNET_CRYPTO_EcdsaPublicKey derived_key; /** - * Derived key used for signing; hash of this is the query. + * Signature of the block. */ - struct GNUNET_IDENTITY_PublicKey derived_key; + struct GNUNET_CRYPTO_EcdsaSignature signature; /** * Number of bytes signed; also specifies the number of bytes @@ -293,6 +292,17 @@ struct GNUNET_GNSRECORD_Block /* followed by encrypted data */ }; +struct GNUNET_GNSRECORD_Block +{ + uint32_t type; + + union + { + struct GNUNET_GNSRECORD_EcdsaBlock ecdsa_block; + //struct GNUNET_GNSRECORD_EddsaBlock eddsa_block; + }; +}; + /** * Record type used to box up SRV and TLSA records. For example, a @@ -638,6 +648,31 @@ GNUNET_GNSRECORD_record_get_expiration_time ( unsigned int rd_count, const struct GNUNET_GNSRECORD_Data *rd); +/** + * Returns the length of this block in bytes. + * Block length strongly depends on the zone type. + * + * @param block the block. + * @return the length of this block in bytes + */ +size_t +GNUNET_GNSRECORD_block_get_size (const struct GNUNET_GNSRECORD_Block *block); + +/** + * Returns the expiration of a block + */ +struct GNUNET_TIME_Absolute +GNUNET_GNSRECORD_block_get_expiration (const struct GNUNET_GNSRECORD_Block *block); + + +/** + * Builds the query from a block + */ +enum GNUNET_GenericReturnValue +GNUNET_GNSRECORD_query_from_block (const struct GNUNET_GNSRECORD_Block *block, + struct GNUNET_HashCode *query); + + #if 0 /* keep Emacsens' auto-indent happy */ { #endif diff --git a/src/namecache/gnunet-service-namecache.c b/src/namecache/gnunet-service-namecache.c index 7cf216ce3..07bf30de9 100644 --- a/src/namecache/gnunet-service-namecache.c +++ b/src/namecache/gnunet-service-namecache.c @@ -184,40 +184,24 @@ handle_lookup_block_it (void *cls, struct LookupBlockContext *lnc = cls; struct GNUNET_MQ_Envelope *env; struct LookupBlockResponseMessage *r; - size_t esize; size_t bsize; - bsize = ntohl (block->purpose.size); - if (bsize < - (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) + sizeof(struct - GNUNET_TIME_AbsoluteNBO))) - { - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - "Malformed block."); - lnc->status = GNUNET_SYSERR; - return; - } - esize = ntohl (block->purpose.size) - - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) - - sizeof(struct GNUNET_TIME_AbsoluteNBO); + bsize = GNUNET_GNSRECORD_block_get_size (block); env = GNUNET_MQ_msg_extra (r, - esize, + bsize, GNUNET_MESSAGE_TYPE_NAMECACHE_LOOKUP_BLOCK_RESPONSE); r->gns_header.r_id = htonl (lnc->request_id); - r->expire = block->expiration_time; - r->signature = block->signature; - r->derived_key = block->derived_key; GNUNET_memcpy (&r[1], - &block[1], - esize); + block, + bsize); GNUNET_STATISTICS_update (statistics, "blocks found in cache", 1, GNUNET_NO); + r->expire = GNUNET_TIME_absolute_hton ( + GNUNET_GNSRECORD_block_get_expiration (block)); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Sending NAMECACHE_LOOKUP_BLOCK_RESPONSE message with expiration time %s\n", - GNUNET_STRINGS_absolute_time_to_string ( - GNUNET_TIME_absolute_ntoh (r->expire))); + "Sending NAMECACHE_LOOKUP_BLOCK_RESPONSE message\n"); GNUNET_MQ_send (lnc->nc->mq, env); } @@ -314,20 +298,11 @@ handle_block_cache (void *cls, GNUNET_NO); esize = ntohs (rp_msg->gns_header.header.size) - sizeof(struct BlockCacheMessage); - block = GNUNET_malloc (sizeof(struct GNUNET_GNSRECORD_Block) + esize); - block->signature = rp_msg->signature; - block->derived_key = rp_msg->derived_key; - block->purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) - + sizeof(struct GNUNET_TIME_AbsoluteNBO) - + esize); - block->expiration_time = rp_msg->expire; + block = GNUNET_malloc (esize); + memcpy (block, &rp_msg[1], esize); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Received NAMECACHE_BLOCK_CACHE message with expiration time %s\n", - GNUNET_STRINGS_absolute_time_to_string ( - GNUNET_TIME_absolute_ntoh (block->expiration_time))); - GNUNET_memcpy (&block[1], - &rp_msg[1], - esize); + "Received NAMECACHE_BLOCK_CACHE message with type %u\n", + htonl (block->type)); res = GSN_database->cache_block (GSN_database->cls, block); GNUNET_free (block); diff --git a/src/namecache/namecache_api.c b/src/namecache/namecache_api.c index 0c904c9ed..fdbf142a7 100644 --- a/src/namecache/namecache_api.c +++ b/src/namecache/namecache_api.c @@ -225,19 +225,11 @@ handle_lookup_block_response (void *cls, size = ntohs (msg->gns_header.header.size) - sizeof(struct LookupBlockResponseMessage); { - char buf[size + sizeof(struct GNUNET_GNSRECORD_Block)] GNUNET_ALIGN; + char buf[size] GNUNET_ALIGN; struct GNUNET_GNSRECORD_Block *block; block = (struct GNUNET_GNSRECORD_Block *) buf; - block->signature = msg->signature; - block->derived_key = msg->derived_key; - block->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN); - block->purpose.size = htonl (size - + sizeof(struct GNUNET_TIME_AbsoluteNBO) - + sizeof(struct - GNUNET_CRYPTO_EccSignaturePurpose)); - block->expiration_time = msg->expire; - GNUNET_memcpy (&block[1], + GNUNET_memcpy (block, &msg[1], size); if (GNUNET_OK != @@ -483,11 +475,7 @@ GNUNET_NAMECACHE_block_cache (struct GNUNET_NAMECACHE_Handle *h, if (NULL == h->mq) return NULL; - blen = ntohl (block->purpose.size); - GNUNET_assert (blen > (sizeof(struct GNUNET_TIME_AbsoluteNBO) - + sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose))); - blen -= (sizeof(struct GNUNET_TIME_AbsoluteNBO) - + sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)); + blen = GNUNET_GNSRECORD_block_get_size (block); rid = get_op_id (h); qe = GNUNET_new (struct GNUNET_NAMECACHE_QueueEntry); qe->nsh = h; @@ -502,11 +490,8 @@ GNUNET_NAMECACHE_block_cache (struct GNUNET_NAMECACHE_Handle *h, blen, GNUNET_MESSAGE_TYPE_NAMECACHE_BLOCK_CACHE); msg->gns_header.r_id = htonl (rid); - msg->expire = block->expiration_time; - msg->signature = block->signature; - msg->derived_key = block->derived_key; GNUNET_memcpy (&msg[1], - &block[1], + block, blen); GNUNET_MQ_send (h->mq, env); diff --git a/src/namecache/plugin_namecache_flat.c b/src/namecache/plugin_namecache_flat.c index 1775561e1..eb7800051 100644 --- a/src/namecache/plugin_namecache_flat.c +++ b/src/namecache/plugin_namecache_flat.c @@ -207,10 +207,7 @@ store_and_free_entries (void *cls, struct GNUNET_CRYPTO_HashAsciiEncoded query; size_t block_size; - block_size = ntohl (entry->block->purpose.size) - + sizeof(struct GNUNET_IDENTITY_PublicKey) - + sizeof(struct GNUNET_CRYPTO_EcdsaSignature); - + block_size = GNUNET_GNSRECORD_block_get_size (entry->block); GNUNET_STRINGS_base64_encode ((char *) entry->block, block_size, &block_b64); @@ -277,7 +274,7 @@ expire_blocks (void *cls, struct GNUNET_TIME_Absolute expiration; now = GNUNET_TIME_absolute_get (); - expiration = GNUNET_TIME_absolute_ntoh (entry->block->expiration_time); + expiration = GNUNET_GNSRECORD_block_get_expiration (entry->block); if (0 == GNUNET_TIME_absolute_get_difference (now, expiration).rel_value_us) @@ -319,12 +316,9 @@ namecache_cache_block (void *cls, size_t block_size; namecache_expire_blocks (plugin); - GNUNET_CRYPTO_hash (&block->derived_key, - sizeof(struct GNUNET_IDENTITY_PublicKey), - &query); - block_size = ntohl (block->purpose.size) - + sizeof(struct GNUNET_IDENTITY_PublicKey) - + sizeof(struct GNUNET_CRYPTO_EcdsaSignature); + GNUNET_GNSRECORD_query_from_block (block, + &query); + block_size = GNUNET_GNSRECORD_block_get_size (block); if (block_size > 64 * 65536) { GNUNET_break (0); diff --git a/src/namecache/plugin_namecache_postgres.c b/src/namecache/plugin_namecache_postgres.c index 3c8fc4555..ae0f71a1f 100644 --- a/src/namecache/plugin_namecache_postgres.c +++ b/src/namecache/plugin_namecache_postgres.c @@ -153,11 +153,11 @@ namecache_postgres_expire_blocks (struct Plugin *plugin) static void delete_old_block (struct Plugin *plugin, const struct GNUNET_HashCode *query, - struct GNUNET_TIME_AbsoluteNBO expiration_time) + struct GNUNET_TIME_Absolute expiration_time) { struct GNUNET_PQ_QueryParam params[] = { GNUNET_PQ_query_param_auto_from_type (query), - GNUNET_PQ_query_param_absolute_time_nbo (&expiration_time), + GNUNET_PQ_query_param_absolute_time (&expiration_time), GNUNET_PQ_query_param_end }; enum GNUNET_DB_QueryStatus res; @@ -182,21 +182,20 @@ namecache_postgres_cache_block (void *cls, { struct Plugin *plugin = cls; struct GNUNET_HashCode query; - size_t block_size = ntohl (block->purpose.size) - + sizeof(struct GNUNET_IDENTITY_PublicKey) - + sizeof(struct GNUNET_CRYPTO_EcdsaSignature); + size_t block_size = GNUNET_GNSRECORD_block_get_size (block); + struct GNUNET_TIME_Absolute exp; + exp = GNUNET_GNSRECORD_block_get_expiration (block); struct GNUNET_PQ_QueryParam params[] = { GNUNET_PQ_query_param_auto_from_type (&query), GNUNET_PQ_query_param_fixed_size (block, block_size), - GNUNET_PQ_query_param_absolute_time_nbo (&block->expiration_time), + GNUNET_PQ_query_param_absolute_time (&exp), GNUNET_PQ_query_param_end }; enum GNUNET_DB_QueryStatus res; namecache_postgres_expire_blocks (plugin); - GNUNET_CRYPTO_hash (&block->derived_key, - sizeof(struct GNUNET_IDENTITY_PublicKey), - &query); + GNUNET_GNSRECORD_query_from_block (block, + &query); if (block_size > 64 * 65536) { GNUNET_break (0); @@ -204,7 +203,7 @@ namecache_postgres_cache_block (void *cls, } delete_old_block (plugin, &query, - block->expiration_time); + exp); res = GNUNET_PQ_eval_prepared_non_select (plugin->dbh, "cache_block", @@ -263,10 +262,7 @@ namecache_postgres_lookup_block (void *cls, "Ending iteration (no more results)\n"); return GNUNET_NO; } - if ((bsize < sizeof(*block)) || - (bsize != ntohl (block->purpose.size) - + sizeof(struct GNUNET_IDENTITY_PublicKey) - + sizeof(struct GNUNET_CRYPTO_EcdsaSignature))) + if ((bsize < sizeof(*block))) { GNUNET_break (0); LOG (GNUNET_ERROR_TYPE_DEBUG, diff --git a/src/namecache/plugin_namecache_sqlite.c b/src/namecache/plugin_namecache_sqlite.c index 33970631b..82008c837 100644 --- a/src/namecache/plugin_namecache_sqlite.c +++ b/src/namecache/plugin_namecache_sqlite.c @@ -332,9 +332,7 @@ namecache_sqlite_cache_block (void *cls, struct Plugin *plugin = cls; struct GNUNET_HashCode query; struct GNUNET_TIME_Absolute expiration; - size_t block_size = ntohl (block->purpose.size) - + sizeof(struct GNUNET_IDENTITY_PublicKey) - + sizeof(struct GNUNET_CRYPTO_EcdsaSignature); + size_t block_size = GNUNET_GNSRECORD_block_get_size (block); struct GNUNET_SQ_QueryParam del_params[] = { GNUNET_SQ_query_param_auto_from_type (&query), GNUNET_SQ_query_param_absolute_time (&expiration), @@ -356,10 +354,9 @@ namecache_sqlite_cache_block (void *cls, last_expire = GNUNET_TIME_absolute_get (); namecache_sqlite_expire_blocks (plugin); } - GNUNET_CRYPTO_hash (&block->derived_key, - sizeof(block->derived_key), - &query); - expiration = GNUNET_TIME_absolute_ntoh (block->expiration_time); + GNUNET_assert (GNUNET_OK == + GNUNET_GNSRECORD_query_from_block (block, &query)); + expiration = GNUNET_GNSRECORD_block_get_expiration (block); GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Caching new version of block %s (expires %s)\n", GNUNET_h2s (&query), @@ -498,10 +495,7 @@ namecache_sqlite_lookup_block (void *cls, GNUNET_break (0); ret = GNUNET_SYSERR; } - else if ((block_size < sizeof(struct GNUNET_GNSRECORD_Block)) || - (ntohl (block->purpose.size) - + sizeof(struct GNUNET_IDENTITY_PublicKey) - + sizeof(struct GNUNET_CRYPTO_EcdsaSignature) != block_size)) + else if ((block_size < sizeof(struct GNUNET_GNSRECORD_Block))) { GNUNET_break (0); GNUNET_SQ_cleanup_result (rs); diff --git a/src/namestore/test_plugin_namestore.c b/src/namestore/test_plugin_namestore.c index 0f9ce97e4..baea0e444 100644 --- a/src/namestore/test_plugin_namestore.c +++ b/src/namestore/test_plugin_namestore.c @@ -85,14 +85,14 @@ load_plugin (const struct GNUNET_CONFIGURATION_Handle *cfg) static void test_record (void *cls, uint64_t seq, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *private_key, + const struct GNUNET_IDENTITY_PrivateKey *private_key, const char *label, unsigned int rd_count, const struct GNUNET_GNSRECORD_Data *rd) { int *idp = cls; int id = *idp; - struct GNUNET_CRYPTO_EcdsaPrivateKey tzone_private_key; + struct GNUNET_IDENTITY_PrivateKey tzone_private_key; char tname[64]; unsigned int trd_count = 1 + (id % 1024); @@ -123,7 +123,7 @@ get_record (struct GNUNET_NAMESTORE_PluginFunctions *nsp, int id) static void put_record (struct GNUNET_NAMESTORE_PluginFunctions *nsp, int id) { - struct GNUNET_CRYPTO_EcdsaPrivateKey zone_private_key; + struct GNUNET_IDENTITY_PrivateKey zone_private_key; char label[64]; unsigned int rd_count = 1 + (id % 1024); struct GNUNET_GNSRECORD_Data rd[GNUNET_NZL (rd_count)]; -- cgit v1.2.3 From 4bf09d00f1aeb0586f14587dfa455a0a5b902eda Mon Sep 17 00:00:00 2001 From: Martin Schanzenbach Date: Fri, 16 Oct 2020 09:48:03 +0200 Subject: - fix tvgs; expose alternative identity type --- src/gnsrecord/gnunet-gnsrecord-tvg.c | 4 ++-- src/identity/gnunet-identity.c | 27 +++++++++++++++++++++++---- src/include/gnunet_gnsrecord_lib.h | 5 +++++ src/include/gnunet_identity_service.h | 2 +- src/revocation/gnunet-revocation-tvg.c | 14 +++++++------- 5 files changed, 38 insertions(+), 14 deletions(-) (limited to 'src/gnsrecord/gnunet-gnsrecord-tvg.c') diff --git a/src/gnsrecord/gnunet-gnsrecord-tvg.c b/src/gnsrecord/gnunet-gnsrecord-tvg.c index 7c28a18d0..6e6f6414c 100644 --- a/src/gnsrecord/gnunet-gnsrecord-tvg.c +++ b/src/gnsrecord/gnunet-gnsrecord-tvg.c @@ -104,10 +104,10 @@ run (void *cls, GNUNET_IDENTITY_key_get_public (&id_priv, &id_pub); fprintf (stdout, "Zone private key (d, little-endian scalar):\n"); - print_bytes (&id_priv, sizeof(id_priv), 0); + print_bytes (&id_priv, GNUNET_IDENTITY_key_get_length (&id_pub), 0); //FIXME length for privkey? fprintf (stdout, "\n"); fprintf (stdout, "Zone public key (zk):\n"); - print_bytes (&id_pub, sizeof(id_pub), 0); + print_bytes (&id_pub, GNUNET_IDENTITY_key_get_length (&id_pub), 0); fprintf (stdout, "\n"); pkey_data_p.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY); diff --git a/src/identity/gnunet-identity.c b/src/identity/gnunet-identity.c index e16ca83e3..a01cd1ed7 100644 --- a/src/identity/gnunet-identity.c +++ b/src/identity/gnunet-identity.c @@ -65,6 +65,11 @@ static unsigned int verbose; */ static int quiet; +/** + * Was "eddsa" specified? + */ +static int type_eddsa; + /** * -C option */ @@ -357,9 +362,16 @@ print_ego (void *cls, else { if (private_keys) - fprintf (stdout, "%s - %s - %s\n", identifier, s, privs); + fprintf (stdout, "%s - %s - %s - %s\n", + identifier, s, privs, + (ntohl (pk.type) == GNUNET_IDENTITY_TYPE_ECDSA) ? + "ECDSA" : "EdDSA"); else - fprintf (stdout, "%s - %s\n", identifier, s); + fprintf (stdout, "%s - %s - %s\n", + identifier, s, + (ntohl (pk.type) == GNUNET_IDENTITY_TYPE_ECDSA) ? + "ECDSA" : "EdDSA"); + } } GNUNET_free (privs); @@ -412,7 +424,7 @@ run (void *cls, GNUNET_IDENTITY_create (sh, create_ego, &pk, - 0, //Ignored + 0, // Ignored &create_finished, &create_op); } @@ -421,7 +433,9 @@ run (void *cls, GNUNET_IDENTITY_create (sh, create_ego, NULL, - GNUNET_IDENTITY_TYPE_ECDSA, //FIXME from parameter + (type_eddsa) ? + GNUNET_IDENTITY_TYPE_EDDSA : + GNUNET_IDENTITY_TYPE_ECDSA, &create_finished, &create_op); } @@ -458,6 +472,11 @@ main (int argc, char *const *argv) gettext_noop ( "set the private key for the identity to PRIVATE_KEY (use together with -C)"), &privkey_ego), + GNUNET_GETOPT_option_flag ('X', + "eddsa", + gettext_noop ( + "generate an EdDSA identity. (use together with -C) EXPERIMENTAL"), + &type_eddsa), GNUNET_GETOPT_option_flag ('d', "display", gettext_noop ("display all egos"), diff --git a/src/include/gnunet_gnsrecord_lib.h b/src/include/gnunet_gnsrecord_lib.h index 22e7c0e25..530879b21 100644 --- a/src/include/gnunet_gnsrecord_lib.h +++ b/src/include/gnunet_gnsrecord_lib.h @@ -153,6 +153,11 @@ extern "C" { */ #define GNUNET_GNSRECORD_TYPE_RECLAIM_PRESENTATION 65555 +/** + * Record type for EDKEY delegations. + */ +#define GNUNET_GNSRECORD_TYPE_EDKEY GNUNET_IDENTITY_TYPE_EDDSA + /** * Flags that can be set for a record. diff --git a/src/include/gnunet_identity_service.h b/src/include/gnunet_identity_service.h index 3352d9bc0..17714fec4 100644 --- a/src/include/gnunet_identity_service.h +++ b/src/include/gnunet_identity_service.h @@ -69,7 +69,7 @@ enum GNUNET_IDENTITY_KeyType * EDDSA identity. The value is the same as the EDKEY * record type. */ - GNUNET_IDENTITY_TYPE_EDDSA = 65599 // FIXME + GNUNET_IDENTITY_TYPE_EDDSA = 65556 }; /** diff --git a/src/revocation/gnunet-revocation-tvg.c b/src/revocation/gnunet-revocation-tvg.c index 13dee3529..1692472bb 100644 --- a/src/revocation/gnunet-revocation-tvg.c +++ b/src/revocation/gnunet-revocation-tvg.c @@ -67,7 +67,7 @@ run (void *cls, { struct GNUNET_IDENTITY_PrivateKey id_priv; struct GNUNET_IDENTITY_PublicKey id_pub; - struct GNUNET_REVOCATION_PowP pow; + struct GNUNET_REVOCATION_PowP *pow; struct GNUNET_REVOCATION_PowCalculationHandle *ph; struct GNUNET_TIME_Relative exp; @@ -81,10 +81,10 @@ run (void *cls, fprintf (stdout, "Zone public key (zk):\n"); print_bytes (&id_pub, sizeof(id_pub), 0); fprintf (stdout, "\n"); - memset (&pow, 0, sizeof (pow)); + pow = GNUNET_malloc (GNUNET_REVOCATION_MAX_PROOF_SIZE); GNUNET_REVOCATION_pow_init (&id_priv, - &pow); - ph = GNUNET_REVOCATION_pow_start (&pow, + pow); + ph = GNUNET_REVOCATION_pow_start (pow, TEST_EPOCHS, TEST_DIFFICULTY); fprintf (stdout, "Difficulty (%d base difficulty + %d epochs): %d\n\n", @@ -98,12 +98,12 @@ run (void *cls, } exp = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_YEARS, TEST_EPOCHS); - GNUNET_assert (GNUNET_OK == GNUNET_REVOCATION_check_pow (&pow, + GNUNET_assert (GNUNET_OK == GNUNET_REVOCATION_check_pow (pow, TEST_DIFFICULTY, exp)); fprintf (stdout, "Proof:\n"); - print_bytes (&pow, - sizeof (pow), + print_bytes (pow, + GNUNET_REVOCATION_proof_get_size (pow), 8); } -- cgit v1.2.3