2 This file is part of GNUnet
3 Copyright (C) 2013, 2016 GNUnet e.V.
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 * @file revocation/revocation_api.c
20 * @brief API to perform and access key revocations
21 * @author Christian Grothoff
24 #include "gnunet_revocation_service.h"
25 #include "gnunet_signatures.h"
26 #include "gnunet_protocols.h"
27 #include "revocation.h"
32 * Handle for the key revocation query.
34 struct GNUNET_REVOCATION_Query
38 * Message queue to the service.
40 struct GNUNET_MQ_Handle *mq;
43 * Function to call with the result.
45 GNUNET_REVOCATION_Callback func;
48 * Closure for @e func.
56 * Generic error handler, called with the appropriate
57 * error code and the same closure specified at the creation of
59 * Not every message queue implementation supports an error handler.
61 * @param cls closure with the `struct GNUNET_NSE_Handle *`
62 * @param error error code
65 query_mq_error_handler (void *cls,
66 enum GNUNET_MQ_Error error)
68 struct GNUNET_REVOCATION_Query *q = cls;
70 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
71 "Revocation query MQ error\n");
74 GNUNET_REVOCATION_query_cancel (q);
79 * Handle response to our revocation query.
81 * @param cls our `struct GNUNET_REVOCATION_Query` handle
82 * @param qrm response we got
85 handle_revocation_query_response (void *cls,
86 const struct QueryResponseMessage *qrm)
88 struct GNUNET_REVOCATION_Query *q = cls;
90 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
91 "Revocation query result: %d\n",
92 (uint32_t) ntohl (qrm->is_valid));
94 ntohl (qrm->is_valid));
95 GNUNET_REVOCATION_query_cancel (q);
100 * Check if a key was revoked.
102 * @param cfg the configuration to use
103 * @param key key to check for revocation
104 * @param func funtion to call with the result of the check
105 * @param func_cls closure to pass to @a func
106 * @return handle to use in #GNUNET_REVOCATION_query_cancel to stop REVOCATION from invoking the callback
108 struct GNUNET_REVOCATION_Query *
109 GNUNET_REVOCATION_query (const struct GNUNET_CONFIGURATION_Handle *cfg,
110 const struct GNUNET_CRYPTO_EcdsaPublicKey *key,
111 GNUNET_REVOCATION_Callback func,
114 struct GNUNET_REVOCATION_Query *q
115 = GNUNET_new (struct GNUNET_REVOCATION_Query);
116 struct GNUNET_MQ_MessageHandler handlers[] = {
117 GNUNET_MQ_hd_fixed_size (revocation_query_response,
118 GNUNET_MESSAGE_TYPE_REVOCATION_QUERY_RESPONSE,
119 struct QueryResponseMessage,
121 GNUNET_MQ_handler_end ()
123 struct QueryMessage *qm;
124 struct GNUNET_MQ_Envelope *env;
126 q->mq = GNUNET_CLIENT_connect (cfg,
129 &query_mq_error_handler,
137 q->func_cls = func_cls;
138 env = GNUNET_MQ_msg (qm,
139 GNUNET_MESSAGE_TYPE_REVOCATION_QUERY);
140 qm->reserved = htonl (0);
142 GNUNET_MQ_send (q->mq,
149 * Cancel key revocation check.
151 * @param q query to cancel
154 GNUNET_REVOCATION_query_cancel (struct GNUNET_REVOCATION_Query *q)
158 GNUNET_MQ_destroy (q->mq);
166 * Handle for the key revocation operation.
168 struct GNUNET_REVOCATION_Handle
172 * Message queue to the service.
174 struct GNUNET_MQ_Handle *mq;
177 * Function to call once we are done.
179 GNUNET_REVOCATION_Callback func;
182 * Closure for @e func.
190 * Generic error handler, called with the appropriate
191 * error code and the same closure specified at the creation of
193 * Not every message queue implementation supports an error handler.
195 * @param cls closure with the `struct GNUNET_NSE_Handle *`
196 * @param error error code
199 revocation_mq_error_handler (void *cls,
200 enum GNUNET_MQ_Error error)
202 struct GNUNET_REVOCATION_Handle *h = cls;
204 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
205 "Revocation MQ error\n");
206 h->func (h->func_cls,
208 GNUNET_REVOCATION_revoke_cancel (h);
213 * Handle response to our revocation query.
215 * @param cls our `struct GNUNET_REVOCATION_Handle` handle
216 * @param rrm response we got
219 handle_revocation_response (void *cls,
220 const struct RevocationResponseMessage *rrm)
222 struct GNUNET_REVOCATION_Handle *h = cls;
224 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
225 "Revocation transmission result: %d\n",
226 (uint32_t) ntohl (rrm->is_valid));
227 h->func (h->func_cls,
228 ntohl (rrm->is_valid));
229 GNUNET_REVOCATION_revoke_cancel (h);
234 * Perform key revocation.
236 * @param cfg the configuration to use
237 * @param key public key of the key to revoke
238 * @param sig signature to use on the revocation (should have been
239 * created using #GNUNET_REVOCATION_sign_revocation).
240 * @param pow proof of work to use (should have been created by
241 * iteratively calling #GNUNET_REVOCATION_check_pow)
242 * @param func funtion to call with the result of the check
243 * (called with `is_valid` being #GNUNET_NO if
244 * the revocation worked).
245 * @param func_cls closure to pass to @a func
246 * @return handle to use in #GNUNET_REVOCATION_revoke_cancel to stop REVOCATION from invoking the callback
248 struct GNUNET_REVOCATION_Handle *
249 GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg,
250 const struct GNUNET_CRYPTO_EcdsaPublicKey *key,
251 const struct GNUNET_CRYPTO_EcdsaSignature *sig,
253 GNUNET_REVOCATION_Callback func,
256 struct GNUNET_REVOCATION_Handle *h
257 = GNUNET_new (struct GNUNET_REVOCATION_Handle);
258 struct GNUNET_MQ_MessageHandler handlers[] = {
259 GNUNET_MQ_hd_fixed_size (revocation_response,
260 GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE_RESPONSE,
261 struct RevocationResponseMessage,
263 GNUNET_MQ_handler_end ()
265 unsigned long long matching_bits;
266 struct RevokeMessage *rm;
267 struct GNUNET_MQ_Envelope *env;
270 GNUNET_CONFIGURATION_get_value_number (cfg,
275 GNUNET_REVOCATION_check_pow (key,
277 (unsigned int) matching_bits)) )
284 h->mq = GNUNET_CLIENT_connect (cfg,
287 &revocation_mq_error_handler,
295 h->func_cls = func_cls;
296 env = GNUNET_MQ_msg (rm,
297 GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE);
298 rm->reserved = htonl (0);
299 rm->proof_of_work = pow;
300 rm->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION);
301 rm->purpose.size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
302 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
303 rm->public_key = *key;
304 rm->signature = *sig;
305 GNUNET_MQ_send (h->mq,
312 * Cancel key revocation.
314 * @param h operation to cancel
317 GNUNET_REVOCATION_revoke_cancel (struct GNUNET_REVOCATION_Handle *h)
321 GNUNET_MQ_destroy (h->mq);
329 * Calculate the 'proof-of-work' hash (an expensive hash).
331 * @param buf data to hash
332 * @param buf_len number of bytes in @a buf
333 * @param result where to write the resulting hash
336 pow_hash (const void *buf,
338 struct GNUNET_HashCode *result)
341 gcry_kdf_derive (buf, buf_len,
344 "gnunet-revocation-proof-of-work",
345 strlen ("gnunet-revocation-proof-of-work"),
346 2 /* iterations; keep cost of individual op small */,
347 sizeof (struct GNUNET_HashCode), result));
352 * Count the leading zeroes in hash.
354 * @param hash to count leading zeros in
355 * @return the number of leading zero bits.
358 count_leading_zeroes (const struct GNUNET_HashCode *hash)
360 unsigned int hash_count;
363 while ((0 == GNUNET_CRYPTO_hash_get_bit (hash, hash_count)))
370 * Check if the given proof-of-work value
371 * would be acceptable for revoking the given key.
373 * @param key key to check for
374 * @param pow proof of work value
375 * @param matching_bits how many bits must match (configuration)
376 * @return #GNUNET_YES if the @a pow is acceptable, #GNUNET_NO if not
379 GNUNET_REVOCATION_check_pow (const struct GNUNET_CRYPTO_EcdsaPublicKey *key,
381 unsigned int matching_bits)
383 char buf[sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) +
384 sizeof (pow)] GNUNET_ALIGN;
385 struct GNUNET_HashCode result;
387 GNUNET_memcpy (buf, &pow, sizeof (pow));
388 GNUNET_memcpy (&buf[sizeof (pow)], key,
389 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
390 pow_hash (buf, sizeof (buf), &result);
391 return (count_leading_zeroes (&result) >=
392 matching_bits) ? GNUNET_YES : GNUNET_NO;
397 * Create a revocation signature.
399 * @param key private key of the key to revoke
400 * @param sig where to write the revocation signature
403 GNUNET_REVOCATION_sign_revocation (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
404 struct GNUNET_CRYPTO_EcdsaSignature *sig)
406 struct RevokeMessage rm;
408 rm.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION);
409 rm.purpose.size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
410 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
411 GNUNET_CRYPTO_ecdsa_key_get_public (key, &rm.public_key);
412 GNUNET_assert (GNUNET_OK ==
413 GNUNET_CRYPTO_ecdsa_sign (key,
419 /* end of revocation_api.c */