2 This file is part of GNUnet
3 (C) 2013 Christian Grothoff (and other contributing authors)
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public Licerevocation as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public Licerevocation for more details.
15 You should have received a copy of the GNU General Public Licerevocation
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
21 * @file revocation/revocation_api.c
22 * @brief API to perform and access key revocations
23 * @author Christian Grothoff
26 #include "gnunet_revocation_service.h"
27 #include "gnunet_signatures.h"
28 #include "gnunet_protocols.h"
29 #include "revocation.h"
34 * Handle for the key revocation query.
36 struct GNUNET_REVOCATION_Query
40 * Connection to the service.
42 struct GNUNET_CLIENT_Connection *client;
47 const struct GNUNET_CONFIGURATION_Handle *cfg;
52 struct GNUNET_CRYPTO_EcdsaPublicKey key;
55 * Function to call with the result.
57 GNUNET_REVOCATION_Callback func;
60 * Closure for @e func.
65 * Transmission handle to the service.
67 struct GNUNET_CLIENT_TransmitHandle *th;
73 * Handle response to our revocation query.
75 * @param cls our `struct GNUNET_REVOCATION_Query` handle
76 * @param msg response we got, NULL on disconnect
79 handle_revocation_query_response (void *cls,
80 const struct GNUNET_MessageHeader *msg)
82 struct GNUNET_REVOCATION_Query *q = cls;
83 const struct QueryResponseMessage *qrm;
86 (sizeof (struct QueryResponseMessage) != ntohs (msg->size)) ||
87 (GNUNET_MESSAGE_TYPE_REVOCATION_QUERY_RESPONSE != ntohs (msg->type)) )
89 GNUNET_break (NULL == msg);
90 q->func (q->func_cls, GNUNET_SYSERR);
91 GNUNET_REVOCATION_query_cancel (q);
94 qrm = (const struct QueryResponseMessage *) msg;
95 q->func (q->func_cls, ntohl (qrm->is_valid));
96 GNUNET_REVOCATION_query_cancel (q);
101 * Transmit our revocation query to the service.
103 * @param cls our `struct GNUNET_REVOCATION_Query` handle
104 * @param size number of bytes available in @a buf
105 * @param buf where to copy the query
106 * @return number of bytes copied to @a buf
109 send_revocation_query (void *cls,
113 struct GNUNET_REVOCATION_Query *q = cls;
114 struct QueryMessage qm;
117 if ( (NULL == buf) ||
118 (sizeof (struct QueryMessage) > size) )
121 q->func (q->func_cls, GNUNET_SYSERR);
122 GNUNET_REVOCATION_query_cancel (q);
125 qm.header.size = htons (sizeof (struct QueryMessage));
126 qm.header.type = htons (GNUNET_MESSAGE_TYPE_REVOCATION_QUERY);
127 qm.reserved = htonl (0);
129 memcpy (buf, &qm, sizeof (struct QueryMessage));
130 GNUNET_CLIENT_receive (q->client,
131 &handle_revocation_query_response,
133 GNUNET_TIME_UNIT_FOREVER_REL);
134 return sizeof (struct QueryMessage);
139 * Check if a key was revoked.
141 * @param cfg the configuration to use
142 * @param key key to check for revocation
143 * @param func funtion to call with the result of the check
144 * @param func_cls closure to pass to @a func
145 * @return handle to use in #GNUNET_REVOCATION_query_cancel to stop REVOCATION from invoking the callback
147 struct GNUNET_REVOCATION_Query *
148 GNUNET_REVOCATION_query (const struct GNUNET_CONFIGURATION_Handle *cfg,
149 const struct GNUNET_CRYPTO_EcdsaPublicKey *key,
150 GNUNET_REVOCATION_Callback func, void *func_cls)
152 struct GNUNET_REVOCATION_Query *q;
154 q = GNUNET_new (struct GNUNET_REVOCATION_Query);
155 q->client = GNUNET_CLIENT_connect ("revocation", cfg);
156 if (NULL == q->client)
165 q->func_cls = func_cls;
166 q->th = GNUNET_CLIENT_notify_transmit_ready (q->client,
167 sizeof (struct QueryMessage),
168 GNUNET_TIME_UNIT_FOREVER_REL,
170 &send_revocation_query,
177 * Cancel key revocation check.
179 * @param q query to cancel
182 GNUNET_REVOCATION_query_cancel (struct GNUNET_REVOCATION_Query *q)
186 GNUNET_CLIENT_notify_transmit_ready_cancel (q->th);
189 GNUNET_CLIENT_disconnect (q->client);
195 * Handle for the key revocation operation.
197 struct GNUNET_REVOCATION_Handle
201 * Connection to the service.
203 struct GNUNET_CLIENT_Connection *client;
208 const struct GNUNET_CONFIGURATION_Handle *cfg;
213 struct GNUNET_CRYPTO_EcdsaPublicKey key;
216 * Signature showing that we have the right to revoke.
218 struct GNUNET_CRYPTO_EcdsaSignature sig;
221 * Proof of work showing that we spent enough resources to broadcast revocation.
226 * Function to call once we are done.
228 GNUNET_REVOCATION_Callback func;
231 * Closure for @e func.
236 * Transmission handle to the service.
238 struct GNUNET_CLIENT_TransmitHandle *th;
244 * Handle response to our revocation query.
246 * @param cls our `struct GNUNET_REVOCATION_Handle` handle
247 * @param msg response we got, NULL on disconnect
250 handle_revocation_response (void *cls,
251 const struct GNUNET_MessageHeader *msg)
253 struct GNUNET_REVOCATION_Handle *h = cls;
254 const struct RevocationResponseMessage *rrm;
256 if ( (NULL == msg) ||
257 (sizeof (struct RevocationResponseMessage) != ntohs (msg->size)) ||
258 (GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE_RESPONSE != ntohs (msg->type)) )
260 GNUNET_break (NULL == msg);
261 h->func (h->func_cls, GNUNET_SYSERR);
262 GNUNET_REVOCATION_revoke_cancel (h);
265 rrm = (const struct RevocationResponseMessage *) msg;
266 h->func (h->func_cls, ntohl (rrm->is_valid));
267 GNUNET_REVOCATION_revoke_cancel (h);
273 * Transmit our revocation to the service.
275 * @param cls our `struct GNUNET_REVOCATION_Handle` handle
276 * @param size number of bytes available in @a buf
277 * @param buf where to copy the query
278 * @return number of bytes copied to @a buf
281 send_revoke (void *cls,
285 struct GNUNET_REVOCATION_Handle *h = cls;
286 struct RevokeMessage rm;
289 if ( (NULL == buf) ||
290 (sizeof (struct RevokeMessage) > size) )
293 h->func (h->func_cls, GNUNET_SYSERR);
294 GNUNET_REVOCATION_revoke_cancel (h);
297 rm.header.size = htons (sizeof (struct RevokeMessage));
298 rm.header.type = htons (GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE);
299 rm.reserved = htonl (0);
300 rm.proof_of_work = h->pow;
301 rm.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION);
302 rm.purpose.size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
303 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
304 rm.public_key = h->key;
305 rm.signature = h->sig;
306 memcpy (buf, &rm, sizeof (struct RevokeMessage));
307 GNUNET_CLIENT_receive (h->client,
308 &handle_revocation_response,
310 GNUNET_TIME_UNIT_FOREVER_REL);
311 return sizeof (struct RevokeMessage);
316 * Perform key revocation.
318 * @param cfg the configuration to use
319 * @param key public key of the key to revoke
320 * @param sig signature to use on the revocation (should have been
321 * created using #GNUNET_REVOCATION_sign_revocation).
322 * @param pow proof of work to use (should have been created by
323 * iteratively calling #GNUNET_REVOCATION_check_pow)
324 * @param func funtion to call with the result of the check
325 * (called with `is_valid` being #GNUNET_NO if
326 * the revocation worked).
327 * @param func_cls closure to pass to @a func
328 * @return handle to use in #GNUNET_REVOCATION_revoke_cancel to stop REVOCATION from invoking the callback
330 struct GNUNET_REVOCATION_Handle *
331 GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg,
332 const struct GNUNET_CRYPTO_EcdsaPublicKey *key,
333 const struct GNUNET_CRYPTO_EcdsaSignature *sig,
335 GNUNET_REVOCATION_Callback func, void *func_cls)
337 struct GNUNET_REVOCATION_Handle *h;
338 unsigned long long matching_bits;
341 GNUNET_CONFIGURATION_get_value_number (cfg,
346 GNUNET_REVOCATION_check_pow (key, pow,
347 (unsigned int) matching_bits)) )
352 h = GNUNET_new (struct GNUNET_REVOCATION_Handle);
353 h->client = GNUNET_CLIENT_connect ("revocation", cfg);
359 h->func_cls = func_cls;
360 h->th = GNUNET_CLIENT_notify_transmit_ready (h->client,
361 sizeof (struct RevokeMessage),
362 GNUNET_TIME_UNIT_FOREVER_REL,
371 * Cancel key revocation.
373 * @param h operation to cancel
376 GNUNET_REVOCATION_revoke_cancel (struct GNUNET_REVOCATION_Handle *h)
380 GNUNET_CLIENT_notify_transmit_ready_cancel (h->th);
383 GNUNET_CLIENT_disconnect (h->client);
390 * Calculate the 'proof-of-work' hash (an expensive hash).
392 * @param buf data to hash
393 * @param buf_len number of bytes in @a buf
394 * @param result where to write the resulting hash
397 pow_hash (const void *buf,
399 struct GNUNET_HashCode *result)
402 gcry_kdf_derive (buf, buf_len,
405 "gnunet-revocation-proof-of-work",
406 strlen ("gnunet-revocation-proof-of-work"),
407 2 /* iterations; keep cost of individual op small */,
408 sizeof (struct GNUNET_HashCode), result));
413 * Count the leading zeroes in hash.
415 * @param hash to count leading zeros in
416 * @return the number of leading zero bits.
419 count_leading_zeroes (const struct GNUNET_HashCode *hash)
421 unsigned int hash_count;
424 while ((0 == GNUNET_CRYPTO_hash_get_bit (hash, hash_count)))
431 * Check if the given proof-of-work value
432 * would be acceptable for revoking the given key.
434 * @param key key to check for
435 * @param pow proof of work value
436 * @param matching_bits how many bits must match (configuration)
437 * @return #GNUNET_YES if the @a pow is acceptable, #GNUNET_NO if not
440 GNUNET_REVOCATION_check_pow (const struct GNUNET_CRYPTO_EcdsaPublicKey *key,
442 unsigned int matching_bits)
444 char buf[sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) +
445 sizeof (pow)] GNUNET_ALIGN;
446 struct GNUNET_HashCode result;
448 memcpy (buf, &pow, sizeof (pow));
449 memcpy (&buf[sizeof (pow)], key,
450 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
451 pow_hash (buf, sizeof (buf), &result);
452 return (count_leading_zeroes (&result) >=
453 matching_bits) ? GNUNET_YES : GNUNET_NO;
458 * Create a revocation signature.
460 * @param key private key of the key to revoke
461 * @param sig where to write the revocation signature
464 GNUNET_REVOCATION_sign_revocation (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
465 struct GNUNET_CRYPTO_EcdsaSignature *sig)
467 struct RevokeMessage rm;
469 rm.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION);
470 rm.purpose.size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
471 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
472 GNUNET_CRYPTO_ecdsa_key_get_public (key, &rm.public_key);
473 GNUNET_assert (GNUNET_OK ==
474 GNUNET_CRYPTO_ecdsa_sign (key,
480 /* end of revocation_api.c */