key revocation service More...
#include "platform.h"
#include <math.h>
#include "gnunet_util_lib.h"
#include "gnunet_block_lib.h"
#include "gnunet_constants.h"
#include "gnunet_protocols.h"
#include "gnunet_signatures.h"
#include "gnunet_statistics_service.h"
#include "gnunet_core_service.h"
#include "gnunet_revocation_service.h"
#include "gnunet_setu_service.h"
#include "revocation.h"
#include <gcrypt.h>
Go to the source code of this file.
Data Structures | |
struct | PeerEntry |
Per-peer information. More... | |
Functions | |
static struct PeerEntry * | new_peer_entry (const struct GNUNET_PeerIdentity *peer) |
Create a new PeerEntry and add it to the peers multipeermap. More... | |
static enum GNUNET_GenericReturnValue | verify_revoke_message (const struct RevokeMessage *rm) |
An revoke message has been received, check that it is well-formed. More... | |
static void * | client_connect_cb (void *cls, struct GNUNET_SERVICE_Client *client, struct GNUNET_MQ_Handle *mq) |
Handle client connecting to the service. More... | |
static void | client_disconnect_cb (void *cls, struct GNUNET_SERVICE_Client *client, void *app_cls) |
Handle client connecting to the service. More... | |
static int | check_query_message (void *cls, const struct QueryMessage *qm) |
static void | handle_query_message (void *cls, const struct QueryMessage *qm) |
Handle QUERY message from client. More... | |
static enum GNUNET_GenericReturnValue | do_flood (void *cls, const struct GNUNET_PeerIdentity *target, void *value) |
Flood the given revocation message to all neighbours. More... | |
static enum GNUNET_GenericReturnValue | publicize_rm (const struct RevokeMessage *rm) |
Publicize revocation message. More... | |
static int | check_revoke_message (void *cls, const struct RevokeMessage *rm) |
static void | handle_revoke_message (void *cls, const struct RevokeMessage *rm) |
Handle REVOKE message from client. More... | |
static int | check_p2p_revoke (void *cls, const struct RevokeMessage *rm) |
static void | handle_p2p_revoke (void *cls, const struct RevokeMessage *rm) |
Core handler for flooded revocation messages. More... | |
static void | add_revocation (void *cls, const struct GNUNET_SETU_Element *element, uint64_t current_size, enum GNUNET_SETU_Status status) |
Callback for set operation results. More... | |
static void | transmit_task_cb (void *cls) |
The timeout for performing the set union has expired, run the set operation on the revocation certificates. More... | |
static void * | handle_core_connect (void *cls, const struct GNUNET_PeerIdentity *peer, struct GNUNET_MQ_Handle *mq) |
Method called whenever a peer connects. More... | |
static void | handle_core_disconnect (void *cls, const struct GNUNET_PeerIdentity *peer, void *internal_cls) |
Method called whenever a peer disconnects. More... | |
static int | free_entry (void *cls, const struct GNUNET_HashCode *key, void *value) |
Free all values in a hash map. More... | |
static void | shutdown_task (void *cls) |
Task run during shutdown. More... | |
static void | core_init (void *cls, const struct GNUNET_PeerIdentity *identity) |
Called on core init/fail. More... | |
static void | handle_revocation_union_request (void *cls, const struct GNUNET_PeerIdentity *other_peer, const struct GNUNET_MessageHeader *context_msg, struct GNUNET_SETU_Request *request) |
Called when another peer wants to do a set operation with the local peer. More... | |
static void | run (void *cls, const struct GNUNET_CONFIGURATION_Handle *c, struct GNUNET_SERVICE_Handle *service) |
Handle network size estimate clients. More... | |
GNUNET_SERVICE_MAIN ("revocation", GNUNET_SERVICE_OPTION_NONE, &run, &client_connect_cb, &client_disconnect_cb, NULL, GNUNET_MQ_hd_var_size(query_message, GNUNET_MESSAGE_TYPE_REVOCATION_QUERY, struct QueryMessage, NULL), GNUNET_MQ_hd_var_size(revoke_message, GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE, struct RevokeMessage, NULL), GNUNET_MQ_handler_end()) | |
Define "main" method using service macro. More... | |
Variables | |
static struct GNUNET_SETU_Handle * | revocation_set |
Set from all revocations known to us. More... | |
static struct GNUNET_CONTAINER_MultiHashMap * | revocation_map |
Hash map with all revoked keys, maps the hash of the public key to the respective struct RevokeMessage . More... | |
static const struct GNUNET_CONFIGURATION_Handle * | cfg |
Handle to our current configuration. More... | |
static struct GNUNET_STATISTICS_Handle * | stats |
Handle to the statistics service. More... | |
static struct GNUNET_CORE_Handle * | core_api |
Handle to the core service (for flooding) More... | |
static struct GNUNET_CONTAINER_MultiPeerMap * | peers |
Map of all connected peers. More... | |
static struct GNUNET_PeerIdentity | my_identity |
The peer identity of this peer. More... | |
static struct GNUNET_DISK_FileHandle * | revocation_db |
File handle for the revocation database. More... | |
static struct GNUNET_SETU_ListenHandle * | revocation_union_listen_handle |
Handle for us listening to incoming revocation set union requests. More... | |
static unsigned long long | revocation_work_required |
Amount of work required (W-bit collisions) for REVOCATION proofs, in collision-bits. More... | |
static struct GNUNET_TIME_Relative | epoch_duration |
Length of an expiration expoch. More... | |
static struct GNUNET_HashCode | revocation_set_union_app_id |
Our application ID for set union operations. More... | |
key revocation service
The purpose of this service is to allow users to permanently revoke (compromised) keys. This is done by flooding the network with the revocation requests. To reduce the attack potential offered by such flooding, revocations must include a proof of work. We use the set service for efficiently computing the union of revocations of peers that connect.
TODO:
Definition in file gnunet-service-revocation.c.
|
static |
Create a new PeerEntry and add it to the peers multipeermap.
peer | the peer identity |
Definition at line 150 of file gnunet-service-revocation.c.
References GNUNET_assert, GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY, GNUNET_CONTAINER_multipeermap_put(), GNUNET_new, GNUNET_OK, PeerEntry::id, peer, and peers.
Referenced by handle_core_connect(), and handle_revocation_union_request().
|
static |
An revoke message has been received, check that it is well-formed.
rm | the message to verify |
Definition at line 150 of file gnunet-service-revocation.c.
|
static |
Handle client connecting to the service.
cls | NULL |
client | the new client |
mq | the message queue of client |
Definition at line 201 of file gnunet-service-revocation.c.
|
static |
Handle client connecting to the service.
cls | NULL |
client | the new client |
app_cls | must alias client |
Definition at line 217 of file gnunet-service-revocation.c.
References GNUNET_assert.
|
static |
Definition at line 225 of file gnunet-service-revocation.c.
References GNUNET_break, GNUNET_OK, GNUNET_SYSERR, QueryMessage::header, GNUNET_MessageHeader::size, and size.
|
static |
Handle QUERY message from client.
cls | client who sent the message |
qm | the message received |
Definition at line 249 of file gnunet-service-revocation.c.
|
static |
Flood the given revocation message to all neighbours.
cls | the struct RevokeMessage to flood |
target | a neighbour |
value | our struct PeerEntry for the neighbour |
Definition at line 249 of file gnunet-service-revocation.c.
References env, GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_h2s(), GNUNET_IDENTITY_read_public_key_from_buffer(), GNUNET_log, GNUNET_MESSAGE_TYPE_REVOCATION_QUERY_RESPONSE, GNUNET_MQ_msg, GNUNET_MQ_send(), GNUNET_NO, GNUNET_SERVICE_client_continue(), GNUNET_SERVICE_client_drop(), GNUNET_SERVICE_client_get_mq(), GNUNET_SYSERR, GNUNET_YES, QueryResponseMessage::is_valid, QueryMessage::key_len, res, revocation_map, and zone.
|
static |
Publicize revocation message.
Stores the message locally in the database and passes it to all connected neighbours (and adds it to the set for future connections).
rm | message to publicize |
FIXME yeah this works, but should we have a key length somewhere?
Definition at line 249 of file gnunet-service-revocation.c.
Referenced by handle_p2p_revoke(), and handle_revoke_message().
|
static |
Definition at line 425 of file gnunet-service-revocation.c.
References GNUNET_break, GNUNET_OK, GNUNET_SYSERR, RevokeMessage::header, GNUNET_MessageHeader::size, and size.
|
static |
Handle REVOKE message from client.
cls | client who sent the message |
rm | the message received |
Definition at line 449 of file gnunet-service-revocation.c.
References env, GNUNET_break_op, GNUNET_ERROR_TYPE_DEBUG, GNUNET_log, GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE_RESPONSE, GNUNET_MQ_msg, GNUNET_MQ_send(), GNUNET_NO, GNUNET_OK, GNUNET_SERVICE_client_continue(), GNUNET_SERVICE_client_drop(), GNUNET_SERVICE_client_get_mq(), GNUNET_SYSERR, GNUNET_YES, RevocationResponseMessage::is_valid, publicize_rm(), and ret.
|
static |
Definition at line 475 of file gnunet-service-revocation.c.
References GNUNET_break, GNUNET_OK, GNUNET_SYSERR, RevokeMessage::header, GNUNET_MessageHeader::size, and size.
|
static |
Core handler for flooded revocation messages.
cls | closure unused |
rm | revocation message |
Definition at line 498 of file gnunet-service-revocation.c.
References GNUNET_break_op, GNUNET_ERROR_TYPE_DEBUG, GNUNET_log, GNUNET_SYSERR, and publicize_rm().
Referenced by add_revocation().
|
static |
Callback for set operation results.
Called for each element in the result set. Each element contains a revocation, which we should validate and then add to our revocation list (and set).
cls | closure |
element | a result element, only valid if status is #GNUNET_SETU_STATUS_OK |
current_size | current set size |
status | see enum GNUNET_SETU_Status |
Definition at line 519 of file gnunet-service-revocation.c.
References _, GNUNET_SETU_Element::data, GNUNET_SETU_Element::element_type, gettext_noop, GNUNET_BLOCK_TYPE_REVOCATION, GNUNET_break, GNUNET_break_op, GNUNET_ERROR_TYPE_WARNING, GNUNET_i2s(), GNUNET_log, GNUNET_NO, GNUNET_SETU_STATUS_ADD_LOCAL, GNUNET_SETU_STATUS_DONE, GNUNET_SETU_STATUS_FAILURE, GNUNET_STATISTICS_update(), handle_p2p_revoke(), PeerEntry::id, GNUNET_SETU_Element::size, PeerEntry::so, stats, and status.
Referenced by handle_revocation_union_request().
|
static |
The timeout for performing the set union has expired, run the set operation on the revocation certificates.
cls | NULL |
Definition at line 584 of file gnunet-service-revocation.c.
References GNUNET_assert, GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_SETU_prepare(), PeerEntry::id, revocation_set_union_app_id, PeerEntry::so, and PeerEntry::transmit_task.
Referenced by handle_core_connect().
|
static |
Method called whenever a peer connects.
Sets up the PeerEntry and schedules the initial revocation set exchange with this peer.
cls | closure |
peer | peer identity this notification is about |
Definition at line 619 of file gnunet-service-revocation.c.
References GNUNET_CONTAINER_multipeermap_get(), GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_hash_cmp(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_memcmp, GNUNET_NO, GNUNET_SCHEDULER_add_delayed(), GNUNET_STATISTICS_update(), GNUNET_TIME_UNIT_SECONDS, mq, PeerEntry::mq, my_identity, new_peer_entry(), peer, peers, stats, PeerEntry::transmit_task, and transmit_task_cb().
Referenced by run().
|
static |
Method called whenever a peer disconnects.
Deletes the PeerEntry and cancels any pending transmission requests to that peer.
cls | closure |
peer | peer identity this notification is about |
internal_cls | our struct PeerEntry for this peer |
Definition at line 683 of file gnunet-service-revocation.c.
References GNUNET_assert, GNUNET_CONTAINER_multipeermap_remove(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_i2s(), GNUNET_log, GNUNET_memcmp, GNUNET_NO, GNUNET_SCHEDULER_cancel(), GNUNET_SETU_operation_cancel(), GNUNET_STATISTICS_update(), GNUNET_YES, my_identity, peer, peers, PeerEntry::so, stats, and PeerEntry::transmit_task.
Referenced by run().
|
static |
Free all values in a hash map.
cls | NULL |
key | the key |
value | value to free |
Definition at line 727 of file gnunet-service-revocation.c.
References GNUNET_free, GNUNET_OK, and value.
Referenced by shutdown_task().
|
static |
Task run during shutdown.
cls | unused |
Definition at line 742 of file gnunet-service-revocation.c.
References core_api, free_entry(), GNUNET_CONTAINER_multihashmap_destroy(), GNUNET_CONTAINER_multihashmap_iterate(), GNUNET_CONTAINER_multipeermap_destroy(), GNUNET_CORE_disconnect(), GNUNET_DISK_file_close(), GNUNET_NO, GNUNET_SETU_destroy(), GNUNET_SETU_listen_cancel(), GNUNET_STATISTICS_destroy(), peers, revocation_db, revocation_map, revocation_set, revocation_union_listen_handle, and stats.
Referenced by run().
|
static |
Called on core init/fail.
cls | service closure |
identity | the public identity of this peer |
Definition at line 788 of file gnunet-service-revocation.c.
References GNUNET_ERROR_TYPE_ERROR, GNUNET_log, GNUNET_SCHEDULER_shutdown(), identity, and my_identity.
Referenced by run().
|
static |
Called when another peer wants to do a set operation with the local peer.
If a listen error occurs, the 'request' is NULL.
cls | closure |
other_peer | the other peer |
context_msg | message with application specific information from the other peer |
request | request from the other peer (never NULL), use GNUNET_SETU_accept() to accept it, otherwise the request will be refused Note that we can't just return value from the listen callback, as it is also necessary to specify the set we want to do the operation with, which sometimes can be derived from the context message. It's necessary to specify the timeout. |
Definition at line 818 of file gnunet-service-revocation.c.
References add_revocation(), GNUNET_break, GNUNET_break_op, GNUNET_CONTAINER_multipeermap_get(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_OK, GNUNET_SCHEDULER_shutdown(), GNUNET_SETU_accept(), GNUNET_SETU_commit(), new_peer_entry(), peers, request, revocation_set, and PeerEntry::so.
Referenced by run().
|
static |
Handle network size estimate clients.
cls | closure |
server | the initialized server |
c | configuration to use |
Definition at line 867 of file gnunet-service-revocation.c.
References _, cfg, core_api, core_init(), epoch_duration, GNUNET_break, GNUNET_break_op, GNUNET_CONFIGURATION_get_value_filename(), GNUNET_CONFIGURATION_get_value_number(), GNUNET_CONFIGURATION_get_value_time(), GNUNET_CONTAINER_multihashmap_create(), GNUNET_CONTAINER_multihashmap_put(), GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY, GNUNET_CONTAINER_multipeermap_create(), GNUNET_CORE_connect(), GNUNET_CRYPTO_hash(), GNUNET_DISK_file_open(), GNUNET_DISK_file_read(), GNUNET_DISK_file_size(), GNUNET_DISK_OPEN_CREATE, GNUNET_DISK_OPEN_READWRITE, GNUNET_DISK_PERM_GROUP_READ, GNUNET_DISK_PERM_OTHER_READ, GNUNET_DISK_PERM_USER_READ, GNUNET_DISK_PERM_USER_WRITE, GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_IDENTITY_public_key_get_length(), GNUNET_log_config_invalid(), GNUNET_log_config_missing(), GNUNET_log_strerror_file, GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE, GNUNET_MQ_handler_end, GNUNET_MQ_hd_var_size, GNUNET_new, GNUNET_NO, GNUNET_OK, GNUNET_SCHEDULER_add_shutdown(), GNUNET_SCHEDULER_shutdown(), GNUNET_SETU_create(), GNUNET_SETU_listen(), GNUNET_STATISTICS_create(), GNUNET_YES, handle_core_connect(), handle_core_disconnect(), handle_revocation_union_request(), peers, pk, GNUNET_REVOCATION_PowP::pow, revocation_db, revocation_map, revocation_set, revocation_set_union_app_id, revocation_union_listen_handle, revocation_work_required, shutdown_task(), and stats.
GNUNET_SERVICE_MAIN | ( | "revocation" | , |
GNUNET_SERVICE_OPTION_NONE | , | ||
& | run, | ||
& | client_connect_cb, | ||
& | client_disconnect_cb, | ||
NULL | , | ||
GNUNET_MQ_hd_var_size(query_message, GNUNET_MESSAGE_TYPE_REVOCATION_QUERY, struct QueryMessage, NULL) | , | ||
GNUNET_MQ_hd_var_size(revoke_message, GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE, struct RevokeMessage, NULL) | , | ||
GNUNET_MQ_handler_end() | |||
) |
Define "main" method using service macro.
|
static |
Set from all revocations known to us.
Definition at line 83 of file gnunet-service-revocation.c.
Referenced by handle_revocation_union_request(), run(), and shutdown_task().
|
static |
Hash map with all revoked keys, maps the hash of the public key to the respective struct RevokeMessage
.
Definition at line 89 of file gnunet-service-revocation.c.
Referenced by do_flood(), run(), and shutdown_task().
|
static |
Handle to our current configuration.
Definition at line 94 of file gnunet-service-revocation.c.
Referenced by run().
|
static |
Handle to the statistics service.
Definition at line 99 of file gnunet-service-revocation.c.
Referenced by add_revocation(), handle_core_connect(), handle_core_disconnect(), run(), and shutdown_task().
|
static |
Handle to the core service (for flooding)
Definition at line 104 of file gnunet-service-revocation.c.
Referenced by run(), and shutdown_task().
|
static |
Map of all connected peers.
Definition at line 109 of file gnunet-service-revocation.c.
Referenced by handle_core_connect(), handle_core_disconnect(), handle_revocation_union_request(), new_peer_entry(), run(), and shutdown_task().
|
static |
The peer identity of this peer.
Definition at line 109 of file gnunet-service-revocation.c.
Referenced by core_init(), handle_core_connect(), and handle_core_disconnect().
|
static |
File handle for the revocation database.
Definition at line 119 of file gnunet-service-revocation.c.
Referenced by run(), and shutdown_task().
|
static |
Handle for us listening to incoming revocation set union requests.
Definition at line 124 of file gnunet-service-revocation.c.
Referenced by run(), and shutdown_task().
|
static |
Amount of work required (W-bit collisions) for REVOCATION proofs, in collision-bits.
Definition at line 129 of file gnunet-service-revocation.c.
Referenced by run().
|
static |
Length of an expiration expoch.
Definition at line 129 of file gnunet-service-revocation.c.
Referenced by run().
|
static |
Our application ID for set union operations.
Must be the same for all (compatible) peers.
Definition at line 129 of file gnunet-service-revocation.c.
Referenced by run(), and transmit_task_cb().