 |
GNUnet 0.27.0
|
|
|
GNUnet 0.27.0
|
|
Go to the source code of this file.
Typedefs | |
| typedef void(* | GNUNET_PILS_SignResultCallback) (void *cls, const struct GNUNET_PeerIdentity *pid, const struct GNUNET_CRYPTO_EddsaSignature *sig) |
| A handler/callback to be called for signatures. | |
| typedef void(* | GNUNET_PILS_SignAddrResultCallback) (void *cls, void *result, size_t result_size) |
| A handler/callback to be called for signatures on addresses. | |
| typedef void(* | GNUNET_PILS_DecapsResultCallback) (void *cls, const struct GNUNET_ShortHashCode *key) |
| A handler/callback to be called for decaps. | |
| typedef void(* | GNUNET_PILS_EcdhResultCallback) (void *cls, const struct GNUNET_HashCode *key) |
| A handler/callback to be called for ecdh. | |
| typedef void(* | GNUNET_PILS_PidChangeCallback) (void *cls, const struct GNUNET_HELLO_Parser *parser, const struct GNUNET_HashCode *hash) |
| A handler/callback to be called on the change of the peer id. | |
Functions | |
| struct GNUNET_PILS_Handle * | GNUNET_PILS_connect (const struct GNUNET_CONFIGURATION_Handle *cfg, GNUNET_PILS_PidChangeCallback pid_change_cb, void *cls) |
| Connect to the PILS service. | |
| void | GNUNET_PILS_disconnect (struct GNUNET_PILS_Handle *handle) |
| Disconnect from the PILS service. | |
| struct GNUNET_PILS_Operation * | GNUNET_PILS_sign_by_peer_identity (struct GNUNET_PILS_Handle *handle, const struct GNUNET_CRYPTO_SignaturePurpose *purpose, GNUNET_PILS_SignResultCallback cb, void *cb_cls) |
| Sign data with the peer id. | |
| struct GNUNET_PILS_Operation * | GNUNET_PILS_kem_decaps (struct GNUNET_PILS_Handle *handle, const struct GNUNET_CRYPTO_HpkeEncapsulation *c, GNUNET_PILS_DecapsResultCallback cb, void *cb_cls) |
| Decaps an encapsulated key with our private key. | |
| struct GNUNET_PILS_Operation * | GNUNET_PILS_ecdh (struct GNUNET_PILS_Handle *handle, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, GNUNET_PILS_EcdhResultCallback cb, void *cb_cls) |
| Derive key material from a ECDH public key and our private key. | |
| void | GNUNET_PILS_feed_addresses (struct GNUNET_PILS_Handle *handle, const struct GNUNET_HELLO_Builder *addresses_builder) |
| Feed a set of addresses to pils so that it will generate a new peer id based on the given set of addresses. | |
| void | GNUNET_HELLO_builder_hash_addresses (const struct GNUNET_HELLO_Builder *builder, struct GNUNET_HashCode *address_hash) |
| Hash address in builder. | |
| void | GNUNET_PILS_derive_pid (size_t seed_key_bytes, const uint8_t seed_key[seed_key_bytes], const struct GNUNET_HashCode *addrs_hash, struct GNUNET_CRYPTO_EddsaPrivateKey *outkey) |
| Generate the peer id from the addresses hash and the initial secret key. | |
| struct GNUNET_PILS_Operation * | GNUNET_PILS_sign_hello (struct GNUNET_PILS_Handle *handle, const struct GNUNET_HELLO_Builder *builder, struct GNUNET_TIME_Absolute et, GNUNET_PILS_SignResultCallback cb, void *cb_cls) |
| Create HELLO signature. | |
| void | GNUNET_PILS_cancel (struct GNUNET_PILS_Operation *op) |
| Cancel request. | |
| const struct GNUNET_PeerIdentity * | GNUNET_PILS_get_identity (const struct GNUNET_PILS_Handle *handle) |
| Return the current peer identity of a given handle. | |
| const struct GNUNET_HashCode * | GNUNET_PILS_get_identity_hash (const struct GNUNET_PILS_Handle *handle) |
| Return the hash of the current peer identity from a given handle. | |
| struct GNUNET_PILS_KeyRing * | GNUNET_PILS_create_key_ring (const struct GNUNET_CONFIGURATION_Handle *cfg, GNUNET_SCHEDULER_TaskCallback init_cb, void *cls) |
| Create a key ring handle to use the current peer identity key. | |
| void | GNUNET_PILS_destroy_key_ring (struct GNUNET_PILS_KeyRing *key_ring) |
| Destroy a key ring handle and free its memory. | |
| const struct GNUNET_CRYPTO_EddsaPrivateKey * | GNUNET_PILS_key_ring_get_private_key (const struct GNUNET_PILS_KeyRing *key_ring) |
| Return the current private key of a given key ring handle. | |
Peer Identity Lifecycle Service; the API for managing Peer Identities
This api gives access to the PILS service.
The service maintains the peer identity. On address change it generates a new identity and informs subscribed components. It also signs data with the identity on request.
Note: Currently the signatures are actually made in the api. TODO is it fine this way?
Definition in file gnunet_pils_service.h.
| typedef void(* GNUNET_PILS_SignResultCallback) (void *cls, const struct GNUNET_PeerIdentity *pid, const struct GNUNET_CRYPTO_EddsaSignature *sig) |
A handler/callback to be called for signatures.
The peer identity may have been changed by PILS in the meantime, so the identity that was used to sign is returned here.
| cls | The closure given to #GNUNET_PILS_sign |
| pid | the peer identity that produced the signature |
| sig | the signature, NULL on error |
Definition at line 63 of file gnunet_pils_service.h.
| typedef void(* GNUNET_PILS_SignAddrResultCallback) (void *cls, void *result, size_t result_size) |
A handler/callback to be called for signatures on addresses.
| cls | The closure given to #GNUNET_PILS_sign |
| result | allocated address record |
| result_size | size of result |
Definition at line 75 of file gnunet_pils_service.h.
| typedef void(* GNUNET_PILS_DecapsResultCallback) (void *cls, const struct GNUNET_ShortHashCode *key) |
A handler/callback to be called for decaps.
| cls | The closure given to GNUNET_PILS_kem_decaps |
| key | The decapsulated key |
Definition at line 86 of file gnunet_pils_service.h.
| typedef void(* GNUNET_PILS_EcdhResultCallback) (void *cls, const struct GNUNET_HashCode *key) |
A handler/callback to be called for ecdh.
| cls | The closure given to GNUNET_PILS_ecdh |
| key | The derived key material |
Definition at line 96 of file gnunet_pils_service.h.
| typedef void(* GNUNET_PILS_PidChangeCallback) (void *cls, const struct GNUNET_HELLO_Parser *parser, const struct GNUNET_HashCode *hash) |
A handler/callback to be called on the change of the peer id.
| cls | The closure given to GNUNET_PILS_connect |
| parser | a parsed HELLO block that represents the new PID |
| hash | The hash of addresses the peer id is based on. This hash is also returned by #GNUNET_PILS_feed_address. |
Definition at line 108 of file gnunet_pils_service.h.
| struct GNUNET_PILS_Handle * GNUNET_PILS_connect | ( | const struct GNUNET_CONFIGURATION_Handle * | cfg, |
| GNUNET_PILS_PidChangeCallback | pid_change_cb, | ||
| void * | cls | ||
| ) |
Connect to the PILS service.
| cfg | configuration to use |
| pid_change_cb | handler/callback called once the peer id changes |
| cls | closure for pid_change_cb |
Definition at line 465 of file pils_api.c.
References cfg, GNUNET_ARM_Handle::cfg, GNUNET_new, GNUNET_TIME_UNIT_ZERO, h, pid_change_cb(), and reconnect().
Referenced by advertise_dns_exit(), create_service(), DHTU_gnunet_init(), GCH_init(), GNUNET_PILS_create_key_ring(), GSC_KX_init(), main_init(), run(), run(), run(), run(), run(), run(), run(), run(), run(), run(), run(), run(), run(), run(), and run().
| void GNUNET_PILS_disconnect | ( | struct GNUNET_PILS_Handle * | handle | ) |
Disconnect from the PILS service.
| handle | handle to the PILS service (was returned by GNUNET_PILS_connect) |
Definition at line 488 of file pils_api.c.
References GNUNET_assert, GNUNET_CONTAINER_DLL_remove, GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_MQ_destroy(), GNUNET_SCHEDULER_cancel(), handle, LOG, GNUNET_VPN_Handle::mq, and op.
Referenced by cleaning_task(), cleanup(), cleanup_task(), destroy_service(), DHTU_gnunet_done(), do_shutdown(), do_shutdown(), do_shutdown(), do_shutdown(), do_shutdown(), do_shutdown(), do_shutdown(), GCH_shutdown(), GNUNET_PILS_destroy_key_ring(), GSC_KX_done(), run(), shutdown_task(), shutdown_task(), shutdown_task(), shutdown_task(), shutdown_task(), shutdown_task(), and shutdown_task().
| struct GNUNET_PILS_Operation * GNUNET_PILS_sign_by_peer_identity | ( | struct GNUNET_PILS_Handle * | handle, |
| const struct GNUNET_CRYPTO_SignaturePurpose * | purpose, | ||
| GNUNET_PILS_SignResultCallback | cb, | ||
| void * | cb_cls | ||
| ) |
Sign data with the peer id.
TODO not sure whether this was the intended design from last meeting - this is currently following the design of GNUNET_CRYPTO_blinded_key_sign_by_peer_identity
In particular we currently transfer the secret key from the service to the api so we can sign in-place and have no ipc-overhead. Is this fine?
| handle | handle to the PILS service |
| purpose | what to sign (size, purpose and data) TODO improve wording - look at GNUNET_CRYPTO_eddsa_sign |
| cb | signature result callback |
| cb_cls | closure for the cb |
| handle | handle to the PILS service |
| purpose | what to sign (size, purpose and data) |
| cb | callback to call once the signature is ready |
| cb_cls | closure to cb |
Definition at line 528 of file pils_api.c.
References GNUNET_CONTAINER_DLL_insert, GNUNET_MESSAGE_TYPE_PILS_SIGN_REQUEST, GNUNET_MQ_msg_extra, GNUNET_MQ_send(), GNUNET_new, GNUNET_ARM_Operation::h, handle, GNUNET_VPN_Handle::mq, msg, op, and GNUNET_CRYPTO_SignaturePurpose::size.
Referenced by do_dht_put(), forward_dv_learn(), GDS_helper_sign_path(), GNUNET_PILS_sign_hello(), handle_validation_challenge(), pils_sign_address(), regex_iterator(), send_create(), sign_ephemeral(), sign_message_by_peer(), start_dv_learn(), and transmit_task_cb().
| struct GNUNET_PILS_Operation * GNUNET_PILS_kem_decaps | ( | struct GNUNET_PILS_Handle * | handle, |
| const struct GNUNET_CRYPTO_HpkeEncapsulation * | c, | ||
| GNUNET_PILS_DecapsResultCallback | cb, | ||
| void * | cb_cls | ||
| ) |
Decaps an encapsulated key with our private key.
TODO whether it's fine to use the private key in this way needs to be discussed. If not, another key (which has been signed with this id) needs to be used for en-/decapsulating.
| handle | handle to the PILS service |
| c | the encapsulated key |
| cb | the callback to call with the decapsulated key |
| cb_cls | callback closure |
| handle | handle to the PILS service |
| c | the encapsulated key |
| prk | where to write the key material HKDF-Extract(c||aX)=HKDF-Extract(c||x(aG)) |
Definition at line 568 of file pils_api.c.
References DecapsMessage::c, GNUNET_CONTAINER_DLL_insert, GNUNET_MESSAGE_TYPE_PILS_KEM_DECAPS, GNUNET_MQ_msg, GNUNET_MQ_send(), GNUNET_new, GNUNET_ARM_Operation::h, handle, GNUNET_VPN_Handle::mq, msg, and op.
Referenced by handle_dv_box(), handle_initiator_hello(), and handle_responder_hello().
| struct GNUNET_PILS_Operation * GNUNET_PILS_ecdh | ( | struct GNUNET_PILS_Handle * | handle, |
| const struct GNUNET_CRYPTO_EcdhePublicKey * | pub, | ||
| GNUNET_PILS_EcdhResultCallback | cb, | ||
| void * | cb_cls | ||
| ) |
Derive key material from a ECDH public key and our private key.
| handle | handle to the PILS service |
| pub | the public key |
| cb | the callback to call with the derived key material |
| cb_cls | callback closure |
Definition at line 595 of file pils_api.c.
References GNUNET_assert, GNUNET_CONTAINER_DLL_insert, GNUNET_MESSAGE_TYPE_PILS_ECDH, GNUNET_MQ_msg, GNUNET_MQ_send(), GNUNET_new, GNUNET_ARM_Operation::h, handle, GNUNET_VPN_Handle::mq, msg, op, and pub.
Referenced by GCT_handle_kx(), and GCT_handle_kx_auth().
| void GNUNET_PILS_feed_addresses | ( | struct GNUNET_PILS_Handle * | handle, |
| const struct GNUNET_HELLO_Builder * | addresses_builder | ||
| ) |
Feed a set of addresses to pils so that it will generate a new peer id based on the given set of addresses.
THIS IS ONLY TO BE CALLED FROM CORE!
The address representation will be canonicalized/sorted by pils before the new peer id is generated.
| handle | the handle to the PILS service |
| addresses_builder | addresses to feed as builder |
Definition at line 669 of file pils_api.c.
References builder, env, GNUNET_HELLO_builder_to_block(), GNUNET_HELLO_get_builder_to_block_size(), GNUNET_MESSAGE_TYPE_PILS_FEED_ADDRESSES, GNUNET_MQ_msg_extra, GNUNET_MQ_send(), GNUNET_TIME_relative_to_absolute(), GNUNET_TIME_UNIT_ZERO, handle, GNUNET_VPN_Handle::mq, and msg.
Referenced by feed_addresses_to_pils().
| void GNUNET_PILS_derive_pid | ( | size_t | seed_key_bytes, |
| const uint8_t | seed_key[seed_key_bytes], | ||
| const struct GNUNET_HashCode * | addrs_hash, | ||
| struct GNUNET_CRYPTO_EddsaPrivateKey * | outkey | ||
| ) |
Generate the peer id from the addresses hash and the initial secret key.
| seed_key_bytes | length of the seed key in bytes | |
| seed_key | the initial secret key | |
| addrs_hash | the address to use for derivation | |
| [out] | outkey | the (private) peer identity key |
Since we should have initial keying material of good quality here, this is effectively a PRF called on the address hash with a uniform random key.
We now expand the PRK to the key size we actually require. FIXME: IF we want to use elligator, we need to find a private key that can actually be used as such. For that, we may want to add a counter to the initial secret key to the above PRF.
Definition at line 635 of file pils_api.c.
References GNUNET_assert, GNUNET_CRYPTO_hkdf_expand, GNUNET_CRYPTO_hkdf_extract(), GNUNET_CRYPTO_kdf_arg_string, GNUNET_OK, and seed_key.
Referenced by do_generate_pid(), pid_change_cb(), and run().
| struct GNUNET_PILS_Operation * GNUNET_PILS_sign_hello | ( | struct GNUNET_PILS_Handle * | handle, |
| const struct GNUNET_HELLO_Builder * | builder, | ||
| struct GNUNET_TIME_Absolute | et, | ||
| GNUNET_PILS_SignResultCallback | cb, | ||
| void * | cb_cls | ||
| ) |
Create HELLO signature.
| handle | handle to the pils service |
| builder | the builder to use |
| et | expiration time to sign |
| cb | callback to call with the signature |
| cb_cls | closure to cb |
Definition at line 703 of file pils_api.c.
References builder, GNUNET_ERROR_TYPE_DEBUG, GNUNET_h2s_full(), GNUNET_HELLO_builder_hash_addresses(), GNUNET_log, GNUNET_PILS_sign_by_peer_identity(), GNUNET_SIGNATURE_PURPOSE_HELLO, GNUNET_TIME_absolute_hton(), PilsHelloSignaturePurpose::h_addrs, handle, PilsHelloSignaturePurpose::purpose, and GNUNET_CRYPTO_SignaturePurpose::size.
Referenced by peerstore_store_own_cb(), and pid_changed_cb().
| void GNUNET_PILS_cancel | ( | struct GNUNET_PILS_Operation * | op | ) |
Cancel request.
| op | cancel PILS operation |
Definition at line 623 of file pils_api.c.
References GNUNET_CONTAINER_DLL_remove, GNUNET_free, GNUNET_MQ_discard(), h, GNUNET_ARM_Operation::h, and op.
Referenced by cleanup(), cleanup_helper_operation(), destroy_tunnel(), do_dht_put(), do_initial_dht_put(), do_shutdown(), GCC_destroy(), GCH_shutdown(), GCT_handle_kx(), GCT_handle_kx_auth(), GSC_KX_done(), iterate_cancel_signature(), regex_iterator(), send_create(), shutdown_task(), and shutdown_task().
| const struct GNUNET_PeerIdentity * GNUNET_PILS_get_identity | ( | const struct GNUNET_PILS_Handle * | handle | ) |
Return the current peer identity of a given handle.
| handle | handle to the pils service |
Definition at line 727 of file pils_api.c.
References GNUNET_assert, and handle.
Referenced by announce_id(), cb_path_signed(), check_dv_box(), check_dv_learn(), decaps_dv_box_cb(), decrypt_and_check_tc(), dir_ready_cb(), do_initial_dht_put(), do_rekey(), encapsulate_for_dv(), find_proof(), forward_dv_learn(), forward_reply(), GCCH_bind(), GCCH_channel_local_new(), GCPP_try_path_from_dht(), GCT_alice_or_betty(), GDS_CLIENTS_handle_reply(), GDS_NEIGHBOURS_get_id(), GDS_NEIGHBOURS_handle_get(), GDS_NEIGHBOURS_handle_put(), GDS_NEIGHBOURS_handle_reply(), GDS_try_connect(), GDS_u_connect(), get_next_free_ctn(), got_hello(), GSC_CLIENTS_solicit_request(), GSC_complete_initialization_cb(), GSC_KX_start(), GSC_SESSIONS_dequeue_request(), GSF_peer_connect_handler(), handle_backchannel_encapsulation(), handle_client_init(), handle_client_send_request(), handle_communicator_available(), handle_connection_create(), handle_core_connect(), handle_core_disconnect(), handle_dht_local_hello_get(), handle_dht_p2p_get(), handle_dht_p2p_put(), handle_dht_p2p_result(), handle_dv_box(), handle_dv_learn(), handle_find_my_hello(), handle_hello_for_client(), handle_hello_for_incoming(), handle_p2p_estimate(), handle_port_open(), handle_suggest(), handle_transport_notify_connect(), handshake_monotime_cb(), iface_proc(), inject_rekey(), learn_dv_path(), mq_send(), peerinfo_cb(), pid_change_cb(), pils_id_change_cb(), pils_pid_change_cb(), recv_rx_key_cb(), regex_iterator(), route_message(), run(), send_broken_without_mqm(), send_challenge(), send_create(), send_initiator_hello(), send_msg_with_kx(), setup_flood_message(), setup_in_cipher(), setup_in_cipher_elligator(), sign_dv_init_cb(), sock_read(), sock_read(), start_dv_learn(), store_pi(), tokenized_cb(), transmit_kx(), try_connection_reversal(), try_handle_plaintext(), update_flood_message(), and verify_confirmation().
| const struct GNUNET_HashCode * GNUNET_PILS_get_identity_hash | ( | const struct GNUNET_PILS_Handle * | handle | ) |
Return the hash of the current peer identity from a given handle.
| handle | handle to the pils service |
Definition at line 736 of file pils_api.c.
References GNUNET_assert, and handle.
Referenced by find_bucket(), GDS_am_closest_peer(), GDS_DATACACHE_handle_put(), GDS_NEIGHBOURS_handle_get(), GDS_NEIGHBOURS_handle_put(), handle_find_my_hello(), handle_initiator_hello(), handle_initiator_hello_cont(), restart_kx(), select_peer(), and send_find_peer_message().
| struct GNUNET_PILS_KeyRing * GNUNET_PILS_create_key_ring | ( | const struct GNUNET_CONFIGURATION_Handle * | cfg, |
| GNUNET_SCHEDULER_TaskCallback | init_cb, | ||
| void * | cls | ||
| ) |
Create a key ring handle to use the current peer identity key.
| cfg | configuration to use |
| init_cb | initial callback or NULL |
| cls | closure of callback or NULL |
Create a key ring handle to use the current peer identity key.
This is supposed to be generated at random once in the lifetime of a peer, so all generated peer ids use the same initial secret key to obtain the same peer id per set of addresses.
First check whether there's already a initial secret key. If so: return it. If no initial secret key exists yet, generate at random and store it where it will be found.
Definition at line 804 of file pils_api.c.
References cfg, GNUNET_PILS_KeyRing::cls, GNUNET_assert, GNUNET_CONFIGURATION_get_value_filename(), GNUNET_CRYPTO_eddsa_key_from_file(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log, GNUNET_log_config_missing(), GNUNET_new, GNUNET_OK, GNUNET_PILS_connect(), GNUNET_SYSERR, GNUNET_YES, init_cb(), GNUNET_PILS_KeyRing::init_cb, GNUNET_PILS_KeyRing::initial_key_material, key, key_ring, LOG, pid_change_cb(), and GNUNET_PILS_KeyRing::pils.
Referenced by run(), and run().
| void GNUNET_PILS_destroy_key_ring | ( | struct GNUNET_PILS_KeyRing * | key_ring | ) |
Destroy a key ring handle and free its memory.
| key_ring | key ring handle |
Definition at line 864 of file pils_api.c.
References GNUNET_assert, GNUNET_CRYPTO_zero_keys(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_PILS_disconnect(), GNUNET_PILS_KeyRing::initial_key_material, key_ring, LOG, GNUNET_PILS_KeyRing::pils, and GNUNET_PILS_KeyRing::private_key.
Referenced by do_shutdown(), and do_shutdown().
| const struct GNUNET_CRYPTO_EddsaPrivateKey * GNUNET_PILS_key_ring_get_private_key | ( | const struct GNUNET_PILS_KeyRing * | key_ring | ) |
Return the current private key of a given key ring handle.
| key_ring | key ring handle |
Definition at line 887 of file pils_api.c.
References GNUNET_assert, key_ring, and GNUNET_PILS_KeyRing::private_key.
Referenced by iface_proc(), inject_rekey(), send_challenge(), send_msg_with_kx(), setup_in_cipher(), setup_in_cipher_elligator(), setup_initial_shared_secret_dec(), setup_shared_secret_dec(), and transmit_kx().
1.9.8