1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
|
/*
This file is part of GNUnet
(C) 2013 Christian Grothoff (and other contributing authors)
GNUnet is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public Licerevocation as published
by the Free Software Foundation; either version 3, or (at your
option) any later version.
GNUnet is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public Licerevocation for more details.
You should have received a copy of the GNU General Public Licerevocation
along with GNUnet; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
/**
* @file revocation/revocation_api.c
* @brief API to perform and access key revocations
* @author Christian Grothoff
*/
#include "platform.h"
#include "gnunet_revocation_service.h"
#include "gnunet_signatures.h"
#include "gnunet_protocols.h"
#include "revocation.h"
#include <gcrypt.h>
/**
* Handle for the key revocation query.
*/
struct GNUNET_REVOCATION_Query
{
/**
* Connection to the service.
*/
struct GNUNET_CLIENT_Connection *client;
/**
* Our configuration.
*/
const struct GNUNET_CONFIGURATION_Handle *cfg;
/**
* Key to check.
*/
struct GNUNET_CRYPTO_EccPublicSignKey key;
/**
* Function to call with the result.
*/
GNUNET_REVOCATION_Callback func;
/**
* Closure for @e func.
*/
void *func_cls;
};
/**
* Check if a key was revoked.
*
* @param cfg the configuration to use
* @param key key to check for revocation
* @param func funtion to call with the result of the check
* @param func_cls closure to pass to @a func
* @return handle to use in #GNUNET_REVOCATION_query_cancel to stop REVOCATION from invoking the callback
*/
struct GNUNET_REVOCATION_Query *
GNUNET_REVOCATION_query (const struct GNUNET_CONFIGURATION_Handle *cfg,
const struct GNUNET_CRYPTO_EccPublicSignKey *key,
GNUNET_REVOCATION_Callback func, void *func_cls)
{
struct GNUNET_REVOCATION_Query *q;
q = GNUNET_new (struct GNUNET_REVOCATION_Query);
q->client = GNUNET_CLIENT_connect ("revocation", cfg);
q->cfg = cfg;
q->key = *key;
q->func = func;
q->func_cls = func_cls;
GNUNET_break (0);
return q;
}
/**
* Cancel key revocation check.
*
* @param q query to cancel
*/
void
GNUNET_REVOCATION_query_cancel (struct GNUNET_REVOCATION_Query *q)
{
GNUNET_CLIENT_disconnect (q->client);
GNUNET_free (q);
}
/**
* Handle for the key revocation operation.
*/
struct GNUNET_REVOCATION_Handle
{
/**
* Connection to the service.
*/
struct GNUNET_CLIENT_Connection *client;
/**
* Our configuration.
*/
const struct GNUNET_CONFIGURATION_Handle *cfg;
/**
* Key to revoke.
*/
struct GNUNET_CRYPTO_EccPublicSignKey key;
/**
* Signature showing that we have the right to revoke.
*/
struct GNUNET_CRYPTO_EccSignature sig;
/**
* Proof of work showing that we spent enough resources to broadcast revocation.
*/
uint64_t pow;
/**
* Function to call once we are done.
*/
GNUNET_REVOCATION_Callback func;
/**
* Closure for @e func.
*/
void *func_cls;
};
/**
* Perform key revocation.
*
* @param cfg the configuration to use
* @param key public key of the key to revoke
* @param sig signature to use on the revocation (should have been
* created using #GNUNET_REVOCATION_sign_revocation).
* @param pow proof of work to use (should have been created by
* iteratively calling #GNUNET_REVOCATION_check_pow)
* @param func funtion to call with the result of the check
* (called with `is_valid` being #GNUNET_NO if
* the revocation worked).
* @param func_cls closure to pass to @a func
* @return handle to use in #GNUNET_REVOCATION_revoke_cancel to stop REVOCATION from invoking the callback
*/
struct GNUNET_REVOCATION_Handle *
GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg,
const struct GNUNET_CRYPTO_EccPublicSignKey *key,
const struct GNUNET_CRYPTO_EccSignature *sig,
uint64_t pow,
GNUNET_REVOCATION_Callback func, void *func_cls)
{
struct GNUNET_REVOCATION_Handle *h;
h = GNUNET_new (struct GNUNET_REVOCATION_Handle);
h->client = GNUNET_CLIENT_connect ("revocation", cfg);
h->cfg = cfg;
h->key = *key;
h->sig = *sig;
h->pow = pow;
h->func = func;
h->func_cls = func_cls;
GNUNET_break (0);
return h;
}
/**
* Cancel key revocation.
*
* @param h operation to cancel
*/
void
GNUNET_REVOCATION_revoke_cancel (struct GNUNET_REVOCATION_Handle *h)
{
GNUNET_CLIENT_disconnect (h->client);
GNUNET_free (h);
}
/**
* Calculate the 'proof-of-work' hash (an expensive hash).
*
* @param buf data to hash
* @param buf_len number of bytes in @a buf
* @param result where to write the resulting hash
*/
static void
pow_hash (const void *buf,
size_t buf_len,
struct GNUNET_HashCode *result)
{
GNUNET_break (0 ==
gcry_kdf_derive (buf, buf_len,
GCRY_KDF_SCRYPT,
1 /* subalgo */,
"gnunet-revocation-proof-of-work",
strlen ("gnunet-revocation-proof-of-work"),
2 /* iterations; keep cost of individual op small */,
sizeof (struct GNUNET_HashCode), result));
}
/**
* Count the leading zeroes in hash.
*
* @param hash to count leading zeros in
* @return the number of leading zero bits.
*/
static unsigned int
count_leading_zeroes (const struct GNUNET_HashCode *hash)
{
unsigned int hash_count;
hash_count = 0;
while ((0 == GNUNET_CRYPTO_hash_get_bit (hash, hash_count)))
hash_count++;
return hash_count;
}
/**
* Check if the given proof-of-work value
* would be acceptable for revoking the given key.
*
* @param key key to check for
* @param pow proof of work value
* @param matching_bits how many bits must match (configuration)
* @return #GNUNET_YES if the @a pow is acceptable, #GNUNET_NO if not
*/
int
GNUNET_REVOCATION_check_pow (const struct GNUNET_CRYPTO_EccPublicSignKey *key,
uint64_t pow,
unsigned int matching_bits)
{
char buf[sizeof (struct GNUNET_CRYPTO_EccPublicSignKey) +
sizeof (pow)] GNUNET_ALIGN;
struct GNUNET_HashCode result;
memcpy (buf, &pow, sizeof (pow));
memcpy (&buf[sizeof (pow)], key,
sizeof (struct GNUNET_CRYPTO_EccPublicSignKey));
pow_hash (buf, sizeof (buf), &result);
return (count_leading_zeroes (&result) >=
matching_bits) ? GNUNET_YES : GNUNET_NO;
}
/**
* Create a revocation signature.
*
* @param key private key of the key to revoke
* @param sig where to write the revocation signature
*/
void
GNUNET_REVOCATION_sign_revocation (const struct GNUNET_CRYPTO_EccPrivateKey *key,
struct GNUNET_CRYPTO_EccSignature *sig)
{
struct GNUNET_REVOCATION_RevokeMessage rm;
rm.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION);
rm.purpose.size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
sizeof (struct GNUNET_CRYPTO_EccPublicSignKey));
GNUNET_CRYPTO_ecc_key_get_public_for_signature (key, &rm.public_key);
GNUNET_assert (GNUNET_OK ==
GNUNET_CRYPTO_ecc_sign (key,
&rm.purpose,
sig));
}
/* end of revocation_api.c */
|
