123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421 |
- /*
- This file is part of GNUnet
- Copyright (C) 2013, 2016 GNUnet e.V.
- GNUnet is free software: you can redistribute it and/or modify it
- under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License,
- or (at your option) any later version.
- GNUnet is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
- SPDX-License-Identifier: AGPL3.0-or-later
- */
- /**
- * @file revocation/revocation_api.c
- * @brief API to perform and access key revocations
- * @author Christian Grothoff
- */
- #include "platform.h"
- #include "gnunet_revocation_service.h"
- #include "gnunet_signatures.h"
- #include "gnunet_protocols.h"
- #include "revocation.h"
- #include <gcrypt.h>
- /**
- * Handle for the key revocation query.
- */
- struct GNUNET_REVOCATION_Query
- {
- /**
- * Message queue to the service.
- */
- struct GNUNET_MQ_Handle *mq;
- /**
- * Function to call with the result.
- */
- GNUNET_REVOCATION_Callback func;
- /**
- * Closure for @e func.
- */
- void *func_cls;
- };
- /**
- * Generic error handler, called with the appropriate
- * error code and the same closure specified at the creation of
- * the message queue.
- * Not every message queue implementation supports an error handler.
- *
- * @param cls closure with the `struct GNUNET_NSE_Handle *`
- * @param error error code
- */
- static void
- query_mq_error_handler (void *cls,
- enum GNUNET_MQ_Error error)
- {
- struct GNUNET_REVOCATION_Query *q = cls;
- GNUNET_log (GNUNET_ERROR_TYPE_INFO,
- "Revocation query MQ error\n");
- q->func (q->func_cls,
- GNUNET_SYSERR);
- GNUNET_REVOCATION_query_cancel (q);
- }
- /**
- * Handle response to our revocation query.
- *
- * @param cls our `struct GNUNET_REVOCATION_Query` handle
- * @param qrm response we got
- */
- static void
- handle_revocation_query_response (void *cls,
- const struct QueryResponseMessage *qrm)
- {
- struct GNUNET_REVOCATION_Query *q = cls;
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Revocation query result: %d\n",
- (uint32_t) ntohl (qrm->is_valid));
- q->func (q->func_cls,
- ntohl (qrm->is_valid));
- GNUNET_REVOCATION_query_cancel (q);
- }
- /**
- * Check if a key was revoked.
- *
- * @param cfg the configuration to use
- * @param key key to check for revocation
- * @param func funtion to call with the result of the check
- * @param func_cls closure to pass to @a func
- * @return handle to use in #GNUNET_REVOCATION_query_cancel to stop REVOCATION from invoking the callback
- */
- struct GNUNET_REVOCATION_Query *
- GNUNET_REVOCATION_query (const struct GNUNET_CONFIGURATION_Handle *cfg,
- const struct GNUNET_CRYPTO_EcdsaPublicKey *key,
- GNUNET_REVOCATION_Callback func,
- void *func_cls)
- {
- struct GNUNET_REVOCATION_Query *q
- = GNUNET_new (struct GNUNET_REVOCATION_Query);
- struct GNUNET_MQ_MessageHandler handlers[] = {
- GNUNET_MQ_hd_fixed_size (revocation_query_response,
- GNUNET_MESSAGE_TYPE_REVOCATION_QUERY_RESPONSE,
- struct QueryResponseMessage,
- q),
- GNUNET_MQ_handler_end ()
- };
- struct QueryMessage *qm;
- struct GNUNET_MQ_Envelope *env;
- q->mq = GNUNET_CLIENT_connect (cfg,
- "revocation",
- handlers,
- &query_mq_error_handler,
- q);
- if (NULL == q->mq)
- {
- GNUNET_free (q);
- return NULL;
- }
- q->func = func;
- q->func_cls = func_cls;
- env = GNUNET_MQ_msg (qm,
- GNUNET_MESSAGE_TYPE_REVOCATION_QUERY);
- qm->reserved = htonl (0);
- qm->key = *key;
- GNUNET_MQ_send (q->mq,
- env);
- return q;
- }
- /**
- * Cancel key revocation check.
- *
- * @param q query to cancel
- */
- void
- GNUNET_REVOCATION_query_cancel (struct GNUNET_REVOCATION_Query *q)
- {
- if (NULL != q->mq)
- {
- GNUNET_MQ_destroy (q->mq);
- q->mq = NULL;
- }
- GNUNET_free (q);
- }
- /**
- * Handle for the key revocation operation.
- */
- struct GNUNET_REVOCATION_Handle
- {
- /**
- * Message queue to the service.
- */
- struct GNUNET_MQ_Handle *mq;
- /**
- * Function to call once we are done.
- */
- GNUNET_REVOCATION_Callback func;
- /**
- * Closure for @e func.
- */
- void *func_cls;
- };
- /**
- * Generic error handler, called with the appropriate
- * error code and the same closure specified at the creation of
- * the message queue.
- * Not every message queue implementation supports an error handler.
- *
- * @param cls closure with the `struct GNUNET_NSE_Handle *`
- * @param error error code
- */
- static void
- revocation_mq_error_handler (void *cls,
- enum GNUNET_MQ_Error error)
- {
- struct GNUNET_REVOCATION_Handle *h = cls;
- GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
- "Revocation MQ error\n");
- h->func (h->func_cls,
- GNUNET_SYSERR);
- GNUNET_REVOCATION_revoke_cancel (h);
- }
- /**
- * Handle response to our revocation query.
- *
- * @param cls our `struct GNUNET_REVOCATION_Handle` handle
- * @param rrm response we got
- */
- static void
- handle_revocation_response (void *cls,
- const struct RevocationResponseMessage *rrm)
- {
- struct GNUNET_REVOCATION_Handle *h = cls;
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Revocation transmission result: %d\n",
- (uint32_t) ntohl (rrm->is_valid));
- h->func (h->func_cls,
- ntohl (rrm->is_valid));
- GNUNET_REVOCATION_revoke_cancel (h);
- }
- /**
- * Perform key revocation.
- *
- * @param cfg the configuration to use
- * @param key public key of the key to revoke
- * @param sig signature to use on the revocation (should have been
- * created using #GNUNET_REVOCATION_sign_revocation).
- * @param pow proof of work to use (should have been created by
- * iteratively calling #GNUNET_REVOCATION_check_pow)
- * @param func funtion to call with the result of the check
- * (called with `is_valid` being #GNUNET_NO if
- * the revocation worked).
- * @param func_cls closure to pass to @a func
- * @return handle to use in #GNUNET_REVOCATION_revoke_cancel to stop REVOCATION from invoking the callback
- */
- struct GNUNET_REVOCATION_Handle *
- GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg,
- const struct GNUNET_CRYPTO_EcdsaPublicKey *key,
- const struct GNUNET_CRYPTO_EcdsaSignature *sig,
- uint64_t pow,
- GNUNET_REVOCATION_Callback func,
- void *func_cls)
- {
- struct GNUNET_REVOCATION_Handle *h
- = GNUNET_new (struct GNUNET_REVOCATION_Handle);
- struct GNUNET_MQ_MessageHandler handlers[] = {
- GNUNET_MQ_hd_fixed_size (revocation_response,
- GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE_RESPONSE,
- struct RevocationResponseMessage,
- h),
- GNUNET_MQ_handler_end ()
- };
- unsigned long long matching_bits;
- struct RevokeMessage *rm;
- struct GNUNET_MQ_Envelope *env;
- if ( (GNUNET_OK ==
- GNUNET_CONFIGURATION_get_value_number (cfg,
- "REVOCATION",
- "WORKBITS",
- &matching_bits)) &&
- (GNUNET_YES !=
- GNUNET_REVOCATION_check_pow (key,
- pow,
- (unsigned int) matching_bits)) )
- {
- GNUNET_break (0);
- GNUNET_free (h);
- return NULL;
- }
- h->mq = GNUNET_CLIENT_connect (cfg,
- "revocation",
- handlers,
- &revocation_mq_error_handler,
- h);
- if (NULL == h->mq)
- {
- GNUNET_free (h);
- return NULL;
- }
- h->func = func;
- h->func_cls = func_cls;
- env = GNUNET_MQ_msg (rm,
- GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE);
- rm->reserved = htonl (0);
- rm->proof_of_work = pow;
- rm->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION);
- rm->purpose.size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
- sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
- rm->public_key = *key;
- rm->signature = *sig;
- GNUNET_MQ_send (h->mq,
- env);
- return h;
- }
- /**
- * Cancel key revocation.
- *
- * @param h operation to cancel
- */
- void
- GNUNET_REVOCATION_revoke_cancel (struct GNUNET_REVOCATION_Handle *h)
- {
- if (NULL != h->mq)
- {
- GNUNET_MQ_destroy (h->mq);
- h->mq = NULL;
- }
- GNUNET_free (h);
- }
- /**
- * Calculate the 'proof-of-work' hash (an expensive hash).
- *
- * @param buf data to hash
- * @param buf_len number of bytes in @a buf
- * @param result where to write the resulting hash
- */
- static void
- pow_hash (const void *buf,
- size_t buf_len,
- struct GNUNET_HashCode *result)
- {
- GNUNET_break (0 ==
- gcry_kdf_derive (buf, buf_len,
- GCRY_KDF_SCRYPT,
- 1 /* subalgo */,
- "gnunet-revocation-proof-of-work",
- strlen ("gnunet-revocation-proof-of-work"),
- 2 /* iterations; keep cost of individual op small */,
- sizeof (struct GNUNET_HashCode), result));
- }
- /**
- * Count the leading zeroes in hash.
- *
- * @param hash to count leading zeros in
- * @return the number of leading zero bits.
- */
- static unsigned int
- count_leading_zeroes (const struct GNUNET_HashCode *hash)
- {
- unsigned int hash_count;
- hash_count = 0;
- while ((0 == GNUNET_CRYPTO_hash_get_bit (hash, hash_count)))
- hash_count++;
- return hash_count;
- }
- /**
- * Check if the given proof-of-work value
- * would be acceptable for revoking the given key.
- *
- * @param key key to check for
- * @param pow proof of work value
- * @param matching_bits how many bits must match (configuration)
- * @return #GNUNET_YES if the @a pow is acceptable, #GNUNET_NO if not
- */
- int
- GNUNET_REVOCATION_check_pow (const struct GNUNET_CRYPTO_EcdsaPublicKey *key,
- uint64_t pow,
- unsigned int matching_bits)
- {
- char buf[sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) +
- sizeof (pow)] GNUNET_ALIGN;
- struct GNUNET_HashCode result;
- GNUNET_memcpy (buf, &pow, sizeof (pow));
- GNUNET_memcpy (&buf[sizeof (pow)], key,
- sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
- pow_hash (buf, sizeof (buf), &result);
- return (count_leading_zeroes (&result) >=
- matching_bits) ? GNUNET_YES : GNUNET_NO;
- }
- /**
- * Create a revocation signature.
- *
- * @param key private key of the key to revoke
- * @param sig where to write the revocation signature
- */
- void
- GNUNET_REVOCATION_sign_revocation (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
- struct GNUNET_CRYPTO_EcdsaSignature *sig)
- {
- struct RevokeMessage rm;
- rm.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION);
- rm.purpose.size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
- sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
- GNUNET_CRYPTO_ecdsa_key_get_public (key, &rm.public_key);
- GNUNET_assert (GNUNET_OK ==
- GNUNET_CRYPTO_ecdsa_sign (key,
- &rm.purpose,
- sig));
- }
- /* end of revocation_api.c */
|