From 0314e07406c3860c4dbc76b585000685f3437e09 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Mon, 30 Sep 2013 18:27:33 +0000 Subject: [PATCH] -revocation prototype --- src/include/gnunet_revocation_service.h | 22 ++- src/revocation/Makefile.am | 13 +- src/revocation/revocation.h | 20 +- src/revocation/revocation_api.c | 240 ++++++++++++++++++++++++ 4 files changed, 281 insertions(+), 14 deletions(-) create mode 100644 src/revocation/revocation_api.c diff --git a/src/include/gnunet_revocation_service.h b/src/include/gnunet_revocation_service.h index 772dbbe75..7176abb7a 100644 --- a/src/include/gnunet_revocation_service.h +++ b/src/include/gnunet_revocation_service.h @@ -24,6 +24,7 @@ /** * @file include/gnunet_revocation_service.h * @brief API to perform and access key revocations + * @author Christian Grothoff * @defgroup revocation key revocation service * @{ */ @@ -94,8 +95,11 @@ struct GNUNET_REVOCATION_Handle; * Perform key revocation. * * @param cfg the configuration to use - * @param key key to revoke - * @param pow proof of work to use + * @param key public key of the key to revoke + * @param sig signature to use on the revocation (should have been + * created using #GNUNET_REVOCATION_sign_revocation). + * @param pow proof of work to use (should have been created by + * iteratively calling #GNUNET_REVOCATION_check_pow) * @param func funtion to call with the result of the check * (called with `is_valid` being #GNUNET_NO if * the revocation worked). @@ -104,7 +108,8 @@ struct GNUNET_REVOCATION_Handle; */ struct GNUNET_REVOCATION_Handle * GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg, - const struct GNUNET_CRYPTO_EccPrivateKey *key, + const struct GNUNET_CRYPTO_EccPublicSignKey *key, + const struct GNUNET_CRYPTO_EccSignature *sig, uint64_t pow, GNUNET_REVOCATION_Callback func, void *func_cls); @@ -131,6 +136,17 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_CRYPTO_EccPublicSignKey *key, uint64_t pow); +/** + * Create a revocation signature. + * + * @param key private key of the key to revoke + * @param sig where to write the revocation signature + */ +void +GNUNET_REVOCATION_sign_revocation (const struct GNUNET_CRYPTO_EccPrivateKey *key, + struct GNUNET_CRYPTO_EccSignature *sig); + + #if 0 /* keep Emacsens' auto-indent happy */ { #endif diff --git a/src/revocation/Makefile.am b/src/revocation/Makefile.am index cc0dfd15f..6937ee85c 100644 --- a/src/revocation/Makefile.am +++ b/src/revocation/Makefile.am @@ -17,4 +17,15 @@ pkgcfg_DATA = \ revocation.conf -EXTRA_DIST = revocation.h \ No newline at end of file +lib_LTLIBRARIES = libgnunetrevocation.la + +libgnunetrevocation_la_SOURCES = \ + revocation_api.c revocation.h +libgnunetrevocation_la_LIBADD = \ + $(top_builddir)/src/util/libgnunetutil.la \ + $(GN_LIBINTL) $(XLIB) +libgnunetrevocation_la_LDFLAGS = \ + $(GN_LIB_LDFLAGS) $(WINFLAGS) \ + -version-info 0:0:0 + +#EXTRA_DIST = diff --git a/src/revocation/revocation.h b/src/revocation/revocation.h index aa15fd44a..c6c5d5e76 100644 --- a/src/revocation/revocation.h +++ b/src/revocation/revocation.h @@ -48,7 +48,7 @@ struct GNUNET_REVOCATION_QueryMessage /** * Key to check. */ - struct GNUNET_CRYPTO_EccPublicSignKey key GNUNET_PACKED; + struct GNUNET_CRYPTO_EccPublicSignKey key; }; @@ -91,25 +91,25 @@ struct GNUNET_REVOCATION_RevokeMessage uint32_t reserved GNUNET_PACKED; /** - * Signature confirming revocation. + * Number that causes a hash collision with the @e public_key. */ - struct GNUNET_CRYPTO_EccSignature signature GNUNET_PACKED; + uint64_t proof_of_work GNUNET_PACKED; /** - * Must have purpose #GNUNET_SIGNATURE_PURPOSE_REVOCATION, - * size expands over the key and the proof of work. + * Signature confirming revocation. */ - struct GNUNET_CRYPTO_EccSignaturePurpose purpose GNUNET_PACKED; + struct GNUNET_CRYPTO_EccSignature signature; /** - * Key to revoke. + * Must have purpose #GNUNET_SIGNATURE_PURPOSE_REVOCATION, + * size expands over the public key. */ - struct GNUNET_CRYPTO_EccPublicSignKey public_key GNUNET_PACKED; + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; /** - * Number that causes a hash collision with the @e public_key. + * Key to revoke. */ - uint64_t proof_of_work GNUNET_PACKED; + struct GNUNET_CRYPTO_EccPublicSignKey public_key; }; diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c new file mode 100644 index 000000000..32fe995f7 --- /dev/null +++ b/src/revocation/revocation_api.c @@ -0,0 +1,240 @@ +/* + This file is part of GNUnet + (C) 2013 Christian Grothoff (and other contributing authors) + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public Licerevocation as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public Licerevocation for more details. + + You should have received a copy of the GNU General Public Licerevocation + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. + */ +/** + * @file revocation/revocation_api.c + * @brief API to perform and access key revocations + * @author Christian Grothoff + */ +#include "platform.h" +#include "gnunet_revocation_service.h" +#include "gnunet_signatures.h" +#include "gnunet_protocols.h" +#include "revocation.h" + + +/** + * Handle for the key revocation query. + */ +struct GNUNET_REVOCATION_Query +{ + + /** + * Connection to the service. + */ + struct GNUNET_CLIENT_Connection *client; + + /** + * Our configuration. + */ + const struct GNUNET_CONFIGURATION_Handle *cfg; + + /** + * Key to check. + */ + struct GNUNET_CRYPTO_EccPublicSignKey key; + + /** + * Function to call with the result. + */ + GNUNET_REVOCATION_Callback func; + + /** + * Closure for @e func. + */ + void *func_cls; +}; + + +/** + * Check if a key was revoked. + * + * @param cfg the configuration to use + * @param key key to check for revocation + * @param func funtion to call with the result of the check + * @param func_cls closure to pass to @a func + * @return handle to use in #GNUNET_REVOCATION_query_cancel to stop REVOCATION from invoking the callback + */ +struct GNUNET_REVOCATION_Query * +GNUNET_REVOCATION_query (const struct GNUNET_CONFIGURATION_Handle *cfg, + const struct GNUNET_CRYPTO_EccPublicSignKey *key, + GNUNET_REVOCATION_Callback func, void *func_cls) +{ + struct GNUNET_REVOCATION_Query *q; + + q = GNUNET_new (struct GNUNET_REVOCATION_Query); + q->client = GNUNET_CLIENT_connect ("revocation", cfg); + q->cfg = cfg; + q->key = *key; + q->func = func; + q->func_cls = func_cls; + GNUNET_break (0); + return q; +} + + +/** + * Cancel key revocation check. + * + * @param q query to cancel + */ +void +GNUNET_REVOCATION_query_cancel (struct GNUNET_REVOCATION_Query *q) +{ + GNUNET_CLIENT_disconnect (q->client); + GNUNET_free (q); +} + + +/** + * Handle for the key revocation operation. + */ +struct GNUNET_REVOCATION_Handle +{ + + /** + * Connection to the service. + */ + struct GNUNET_CLIENT_Connection *client; + + /** + * Our configuration. + */ + const struct GNUNET_CONFIGURATION_Handle *cfg; + + /** + * Key to revoke. + */ + struct GNUNET_CRYPTO_EccPublicSignKey key; + + /** + * Signature showing that we have the right to revoke. + */ + struct GNUNET_CRYPTO_EccSignature sig; + + /** + * Proof of work showing that we spent enough resources to broadcast revocation. + */ + uint64_t pow; + + /** + * Function to call once we are done. + */ + GNUNET_REVOCATION_Callback func; + + /** + * Closure for @e func. + */ + void *func_cls; + +}; + + +/** + * Perform key revocation. + * + * @param cfg the configuration to use + * @param key public key of the key to revoke + * @param sig signature to use on the revocation (should have been + * created using #GNUNET_REVOCATION_sign_revocation). + * @param pow proof of work to use (should have been created by + * iteratively calling #GNUNET_REVOCATION_check_pow) + * @param func funtion to call with the result of the check + * (called with `is_valid` being #GNUNET_NO if + * the revocation worked). + * @param func_cls closure to pass to @a func + * @return handle to use in #GNUNET_REVOCATION_cancel to stop REVOCATION from invoking the callback + */ +struct GNUNET_REVOCATION_Handle * +GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg, + const struct GNUNET_CRYPTO_EccPublicSignKey *key, + const struct GNUNET_CRYPTO_EccSignature *sig, + uint64_t pow, + GNUNET_REVOCATION_Callback func, void *func_cls) +{ + struct GNUNET_REVOCATION_Handle *h; + + h = GNUNET_new (struct GNUNET_REVOCATION_Handle); + h->client = GNUNET_CLIENT_connect ("revocation", cfg); + h->cfg = cfg; + h->key = *key; + h->sig = *sig; + h->pow = pow; + h->func = func; + h->func_cls = func_cls; + GNUNET_break (0); + return h; +} + + +/** + * Cancel key revocation. + * + * @param h operation to cancel + */ +void +GNUNET_REVOCATION_revoke_cancel (struct GNUNET_REVOCATION_Handle *h) +{ + GNUNET_CLIENT_disconnect (h->client); + GNUNET_free (h); +} + + +/** + * Check if the given proof-of-work value + * would be acceptable for revoking the given key. + * + * @param key key to check for + * @param pow proof of work value + * @return #GNUNET_YES if the @a pow is acceptable, #GNUNET_NO if not + */ +int +GNUNET_REVOCATION_check_pow (const struct GNUNET_CRYPTO_EccPublicSignKey *key, + uint64_t pow) +{ + GNUNET_break (0); + return GNUNET_NO; +} + + +/** + * Create a revocation signature. + * + * @param key private key of the key to revoke + * @param sig where to write the revocation signature + */ +void +GNUNET_REVOCATION_sign_revocation (const struct GNUNET_CRYPTO_EccPrivateKey *key, + struct GNUNET_CRYPTO_EccSignature *sig) +{ + struct GNUNET_REVOCATION_RevokeMessage rm; + + rm.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); + rm.purpose.size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + + sizeof (struct GNUNET_CRYPTO_EccPublicSignKey)); + GNUNET_CRYPTO_ecc_key_get_public_for_signature (key, &rm.public_key); + GNUNET_assert (GNUNET_OK == + GNUNET_CRYPTO_ecc_sign (key, + &rm.purpose, + sig)); +} + + +/* end of revocation_api.c */ + -- 2.25.1