2 This file is part of GNUnet
3 Copyright (C) 2013, 2016 GNUnet e.V.
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public Licerevocation as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public Licerevocation for more details.
15 You should have received a copy of the GNU General Public Licerevocation
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
21 * @file revocation/revocation_api.c
22 * @brief API to perform and access key revocations
23 * @author Christian Grothoff
26 #include "gnunet_revocation_service.h"
27 #include "gnunet_signatures.h"
28 #include "gnunet_protocols.h"
29 #include "revocation.h"
34 * Handle for the key revocation query.
36 struct GNUNET_REVOCATION_Query
40 * Message queue to the service.
42 struct GNUNET_MQ_Handle *mq;
45 * Function to call with the result.
47 GNUNET_REVOCATION_Callback func;
50 * Closure for @e func.
58 * Generic error handler, called with the appropriate
59 * error code and the same closure specified at the creation of
61 * Not every message queue implementation supports an error handler.
63 * @param cls closure with the `struct GNUNET_NSE_Handle *`
64 * @param error error code
67 query_mq_error_handler (void *cls,
68 enum GNUNET_MQ_Error error)
70 struct GNUNET_REVOCATION_Query *q = cls;
72 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
73 "Revocation query MQ error\n");
76 GNUNET_REVOCATION_query_cancel (q);
81 * Handle response to our revocation query.
83 * @param cls our `struct GNUNET_REVOCATION_Query` handle
84 * @param qrm response we got
87 handle_revocation_query_response (void *cls,
88 const struct QueryResponseMessage *qrm)
90 struct GNUNET_REVOCATION_Query *q = cls;
92 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
93 "Revocation query result: %d\n",
94 ntohl (qrm->is_valid));
96 ntohl (qrm->is_valid));
97 GNUNET_REVOCATION_query_cancel (q);
102 * Check if a key was revoked.
104 * @param cfg the configuration to use
105 * @param key key to check for revocation
106 * @param func funtion to call with the result of the check
107 * @param func_cls closure to pass to @a func
108 * @return handle to use in #GNUNET_REVOCATION_query_cancel to stop REVOCATION from invoking the callback
110 struct GNUNET_REVOCATION_Query *
111 GNUNET_REVOCATION_query (const struct GNUNET_CONFIGURATION_Handle *cfg,
112 const struct GNUNET_CRYPTO_EcdsaPublicKey *key,
113 GNUNET_REVOCATION_Callback func,
116 struct GNUNET_REVOCATION_Query *q
117 = GNUNET_new (struct GNUNET_REVOCATION_Query);
118 struct GNUNET_MQ_MessageHandler handlers[] = {
119 GNUNET_MQ_hd_fixed_size (revocation_query_response,
120 GNUNET_MESSAGE_TYPE_REVOCATION_QUERY_RESPONSE,
121 struct QueryResponseMessage,
123 GNUNET_MQ_handler_end ()
125 struct QueryMessage *qm;
126 struct GNUNET_MQ_Envelope *env;
128 q->mq = GNUNET_CLIENT_connecT (cfg,
131 &query_mq_error_handler,
139 q->func_cls = func_cls;
140 env = GNUNET_MQ_msg (qm,
141 GNUNET_MESSAGE_TYPE_REVOCATION_QUERY);
142 qm->reserved = htonl (0);
144 GNUNET_MQ_send (q->mq,
151 * Cancel key revocation check.
153 * @param q query to cancel
156 GNUNET_REVOCATION_query_cancel (struct GNUNET_REVOCATION_Query *q)
160 GNUNET_MQ_destroy (q->mq);
168 * Handle for the key revocation operation.
170 struct GNUNET_REVOCATION_Handle
174 * Message queue to the service.
176 struct GNUNET_MQ_Handle *mq;
179 * Function to call once we are done.
181 GNUNET_REVOCATION_Callback func;
184 * Closure for @e func.
192 * Generic error handler, called with the appropriate
193 * error code and the same closure specified at the creation of
195 * Not every message queue implementation supports an error handler.
197 * @param cls closure with the `struct GNUNET_NSE_Handle *`
198 * @param error error code
201 revocation_mq_error_handler (void *cls,
202 enum GNUNET_MQ_Error error)
204 struct GNUNET_REVOCATION_Handle *h = cls;
206 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
207 "Revocation MQ error\n");
208 h->func (h->func_cls,
210 GNUNET_REVOCATION_revoke_cancel (h);
215 * Handle response to our revocation query.
217 * @param cls our `struct GNUNET_REVOCATION_Handle` handle
218 * @param rrm response we got
221 handle_revocation_response (void *cls,
222 const struct RevocationResponseMessage *rrm)
224 struct GNUNET_REVOCATION_Handle *h = cls;
226 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
227 "Revocation transmission result: %d\n",
228 ntohl (rrm->is_valid));
229 h->func (h->func_cls,
230 ntohl (rrm->is_valid));
231 GNUNET_REVOCATION_revoke_cancel (h);
236 * Perform key revocation.
238 * @param cfg the configuration to use
239 * @param key public key of the key to revoke
240 * @param sig signature to use on the revocation (should have been
241 * created using #GNUNET_REVOCATION_sign_revocation).
242 * @param pow proof of work to use (should have been created by
243 * iteratively calling #GNUNET_REVOCATION_check_pow)
244 * @param func funtion to call with the result of the check
245 * (called with `is_valid` being #GNUNET_NO if
246 * the revocation worked).
247 * @param func_cls closure to pass to @a func
248 * @return handle to use in #GNUNET_REVOCATION_revoke_cancel to stop REVOCATION from invoking the callback
250 struct GNUNET_REVOCATION_Handle *
251 GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg,
252 const struct GNUNET_CRYPTO_EcdsaPublicKey *key,
253 const struct GNUNET_CRYPTO_EcdsaSignature *sig,
255 GNUNET_REVOCATION_Callback func,
258 struct GNUNET_REVOCATION_Handle *h
259 = GNUNET_new (struct GNUNET_REVOCATION_Handle);
260 struct GNUNET_MQ_MessageHandler handlers[] = {
261 GNUNET_MQ_hd_fixed_size (revocation_response,
262 GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE_RESPONSE,
263 struct RevocationResponseMessage,
265 GNUNET_MQ_handler_end ()
267 unsigned long long matching_bits;
268 struct RevokeMessage *rm;
269 struct GNUNET_MQ_Envelope *env;
272 GNUNET_CONFIGURATION_get_value_number (cfg,
277 GNUNET_REVOCATION_check_pow (key,
279 (unsigned int) matching_bits)) )
286 h->mq = GNUNET_CLIENT_connecT (cfg,
289 &revocation_mq_error_handler,
297 h->func_cls = func_cls;
298 env = GNUNET_MQ_msg (rm,
299 GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE);
300 rm->reserved = htonl (0);
301 rm->proof_of_work = pow;
302 rm->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION);
303 rm->purpose.size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
304 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
305 rm->public_key = *key;
306 rm->signature = *sig;
307 GNUNET_MQ_send (h->mq,
314 * Cancel key revocation.
316 * @param h operation to cancel
319 GNUNET_REVOCATION_revoke_cancel (struct GNUNET_REVOCATION_Handle *h)
323 GNUNET_MQ_destroy (h->mq);
331 * Calculate the 'proof-of-work' hash (an expensive hash).
333 * @param buf data to hash
334 * @param buf_len number of bytes in @a buf
335 * @param result where to write the resulting hash
338 pow_hash (const void *buf,
340 struct GNUNET_HashCode *result)
343 gcry_kdf_derive (buf, buf_len,
346 "gnunet-revocation-proof-of-work",
347 strlen ("gnunet-revocation-proof-of-work"),
348 2 /* iterations; keep cost of individual op small */,
349 sizeof (struct GNUNET_HashCode), result));
354 * Count the leading zeroes in hash.
356 * @param hash to count leading zeros in
357 * @return the number of leading zero bits.
360 count_leading_zeroes (const struct GNUNET_HashCode *hash)
362 unsigned int hash_count;
365 while ((0 == GNUNET_CRYPTO_hash_get_bit (hash, hash_count)))
372 * Check if the given proof-of-work value
373 * would be acceptable for revoking the given key.
375 * @param key key to check for
376 * @param pow proof of work value
377 * @param matching_bits how many bits must match (configuration)
378 * @return #GNUNET_YES if the @a pow is acceptable, #GNUNET_NO if not
381 GNUNET_REVOCATION_check_pow (const struct GNUNET_CRYPTO_EcdsaPublicKey *key,
383 unsigned int matching_bits)
385 char buf[sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) +
386 sizeof (pow)] GNUNET_ALIGN;
387 struct GNUNET_HashCode result;
389 GNUNET_memcpy (buf, &pow, sizeof (pow));
390 GNUNET_memcpy (&buf[sizeof (pow)], key,
391 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
392 pow_hash (buf, sizeof (buf), &result);
393 return (count_leading_zeroes (&result) >=
394 matching_bits) ? GNUNET_YES : GNUNET_NO;
399 * Create a revocation signature.
401 * @param key private key of the key to revoke
402 * @param sig where to write the revocation signature
405 GNUNET_REVOCATION_sign_revocation (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
406 struct GNUNET_CRYPTO_EcdsaSignature *sig)
408 struct RevokeMessage rm;
410 rm.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION);
411 rm.purpose.size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
412 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
413 GNUNET_CRYPTO_ecdsa_key_get_public (key, &rm.public_key);
414 GNUNET_assert (GNUNET_OK ==
415 GNUNET_CRYPTO_ecdsa_sign (key,
421 /* end of revocation_api.c */