key revocation service More...
#include "platform.h"
#include "gnunet_util_lib.h"
#include "gnunet_gnsrecord_lib.h"
#include "gnunet_dht_block_types.h"
#include "gnunet_protocols.h"
#include "gnunet_statistics_service.h"
#include "gnunet_core_service.h"
#include "gnunet_setu_service.h"
#include "revocation.h"
#include <gcrypt.h>
Go to the source code of this file.
Data Structures | |
struct | PeerEntry |
Per-peer information. More... | |
Functions | |
static struct PeerEntry * | new_peer_entry (const struct GNUNET_PeerIdentity *peer) |
Create a new PeerEntry and add it to the peers multipeermap. More... | |
static enum GNUNET_GenericReturnValue | verify_revoke_message (const struct RevokeMessage *rm) |
An revoke message has been received, check that it is well-formed. More... | |
static void * | client_connect_cb (void *cls, struct GNUNET_SERVICE_Client *client, struct GNUNET_MQ_Handle *mq) |
Handle client connecting to the service. More... | |
static void | client_disconnect_cb (void *cls, struct GNUNET_SERVICE_Client *client, void *app_cls) |
Handle client connecting to the service. More... | |
static int | check_query_message (void *cls, const struct QueryMessage *qm) |
static void | handle_query_message (void *cls, const struct QueryMessage *qm) |
Handle QUERY message from client. More... | |
static enum GNUNET_GenericReturnValue | do_flood (void *cls, const struct GNUNET_PeerIdentity *target, void *value) |
Flood the given revocation message to all neighbours. More... | |
static enum GNUNET_GenericReturnValue | publicize_rm (const struct RevokeMessage *rm) |
Publicize revocation message. More... | |
static int | check_revoke_message (void *cls, const struct RevokeMessage *rm) |
static void | handle_revoke_message (void *cls, const struct RevokeMessage *rm) |
Handle REVOKE message from client. More... | |
static int | check_p2p_revoke (void *cls, const struct RevokeMessage *rm) |
static void | handle_p2p_revoke (void *cls, const struct RevokeMessage *rm) |
Core handler for flooded revocation messages. More... | |
static void | add_revocation (void *cls, const struct GNUNET_SETU_Element *element, uint64_t current_size, enum GNUNET_SETU_Status status) |
Callback for set operation results. More... | |
static void | transmit_task_cb (void *cls) |
The timeout for performing the set union has expired, run the set operation on the revocation certificates. More... | |
static void * | handle_core_connect (void *cls, const struct GNUNET_PeerIdentity *peer, struct GNUNET_MQ_Handle *mq) |
Method called whenever a peer connects. More... | |
static void | handle_core_disconnect (void *cls, const struct GNUNET_PeerIdentity *peer, void *internal_cls) |
Method called whenever a peer disconnects. More... | |
static int | free_entry (void *cls, const struct GNUNET_HashCode *key, void *value) |
Free all values in a hash map. More... | |
static void | shutdown_task (void *cls) |
Task run during shutdown. More... | |
static void | core_init (void *cls, const struct GNUNET_PeerIdentity *identity) |
Called on core init/fail. More... | |
static void | handle_revocation_union_request (void *cls, const struct GNUNET_PeerIdentity *other_peer, const struct GNUNET_MessageHeader *context_msg, struct GNUNET_SETU_Request *request) |
Called when another peer wants to do a set operation with the local peer. More... | |
static void | run (void *cls, const struct GNUNET_CONFIGURATION_Handle *c, struct GNUNET_SERVICE_Handle *service) |
Handle network size estimate clients. More... | |
GNUNET_SERVICE_MAIN ("revocation", GNUNET_SERVICE_OPTION_NONE, &run, &client_connect_cb, &client_disconnect_cb, NULL, GNUNET_MQ_hd_var_size(query_message, GNUNET_MESSAGE_TYPE_REVOCATION_QUERY, struct QueryMessage, NULL), GNUNET_MQ_hd_var_size(revoke_message, GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE, struct RevokeMessage, NULL), GNUNET_MQ_handler_end()) | |
Define "main" method using service macro. More... | |
Variables | |
static struct GNUNET_SETU_Handle * | revocation_set |
Set from all revocations known to us. More... | |
static struct GNUNET_CONTAINER_MultiHashMap * | revocation_map |
Hash map with all revoked keys, maps the hash of the public key to the respective struct RevokeMessage . More... | |
static const struct GNUNET_CONFIGURATION_Handle * | cfg |
Handle to our current configuration. More... | |
static struct GNUNET_STATISTICS_Handle * | stats |
Handle to the statistics service. More... | |
static struct GNUNET_CORE_Handle * | core_api |
Handle to the core service (for flooding) More... | |
static struct GNUNET_CONTAINER_MultiPeerMap * | peers |
Map of all connected peers. More... | |
static struct GNUNET_PeerIdentity | my_identity |
The peer identity of this peer. More... | |
static struct GNUNET_DISK_FileHandle * | revocation_db |
File handle for the revocation database. More... | |
static struct GNUNET_SETU_ListenHandle * | revocation_union_listen_handle |
Handle for us listening to incoming revocation set union requests. More... | |
static unsigned long long | revocation_work_required |
Amount of work required (W-bit collisions) for REVOCATION proofs, in collision-bits. More... | |
static struct GNUNET_TIME_Relative | epoch_duration |
Length of an expiration expoch. More... | |
static struct GNUNET_HashCode | revocation_set_union_app_id |
Our application ID for set union operations. More... | |
key revocation service
The purpose of this service is to allow users to permanently revoke (compromised) keys. This is done by flooding the network with the revocation requests. To reduce the attack potential offered by such flooding, revocations must include a proof of work. We use the set service for efficiently computing the union of revocations of peers that connect.
TODO:
Definition in file gnunet-service-revocation.c.
|
static |
Create a new PeerEntry and add it to the peers multipeermap.
peer | the peer identity |
Definition at line 147 of file gnunet-service-revocation.c.
References GNUNET_assert, GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY, GNUNET_CONTAINER_multipeermap_put(), GNUNET_new, GNUNET_OK, PeerEntry::id, and peers.
Referenced by handle_core_connect(), and handle_revocation_union_request().
|
static |
An revoke message has been received, check that it is well-formed.
rm | the message to verify |
Definition at line 170 of file gnunet-service-revocation.c.
References epoch_duration, GNUNET_break_op, GNUNET_ERROR_TYPE_DEBUG, GNUNET_GNSRECORD_check_pow(), GNUNET_log, GNUNET_NO, GNUNET_YES, GNUNET_GNSRECORD_PowP::pow, and revocation_work_required.
Referenced by publicize_rm().
|
static |
Handle client connecting to the service.
cls | NULL |
client | the new client |
mq | the message queue of client |
Definition at line 198 of file gnunet-service-revocation.c.
|
static |
Handle client connecting to the service.
cls | NULL |
client | the new client |
app_cls | must alias client |
Definition at line 214 of file gnunet-service-revocation.c.
References GNUNET_assert.
|
static |
Definition at line 223 of file gnunet-service-revocation.c.
References GNUNET_break, GNUNET_OK, GNUNET_SYSERR, QueryMessage::header, GNUNET_MessageHeader::size, and size.
|
static |
Handle QUERY message from client.
cls | client who sent the message |
qm | the message received |
Definition at line 247 of file gnunet-service-revocation.c.
References env, GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_read_public_key_from_buffer(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_h2s(), GNUNET_log, GNUNET_MESSAGE_TYPE_REVOCATION_QUERY_RESPONSE, GNUNET_MQ_msg, GNUNET_MQ_send(), GNUNET_NO, GNUNET_SERVICE_client_continue(), GNUNET_SERVICE_client_drop(), GNUNET_SERVICE_client_get_mq(), GNUNET_SYSERR, GNUNET_YES, QueryResponseMessage::is_valid, QueryMessage::key_len, res, and revocation_map.
|
static |
Flood the given revocation message to all neighbours.
cls | the struct RevokeMessage to flood |
target | a neighbour |
value | our struct PeerEntry for the neighbour |
Definition at line 298 of file gnunet-service-revocation.c.
References GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE, GNUNET_MQ_msg_extra, GNUNET_MQ_send(), GNUNET_OK, PeerEntry::mq, RevokeMessage::pow_size, and value.
Referenced by publicize_rm().
|
static |
Publicize revocation message.
Stores the message locally in the database and passes it to all connected neighbours (and adds it to the set for future connections).
rm | message to publicize |
FIXME yeah this works, but should we have a key length somewhere?
Definition at line 337 of file gnunet-service-revocation.c.
References GNUNET_SETU_Element::data, do_flood(), GNUNET_SETU_Element::element_type, GNUNET_BLOCK_TYPE_REVOCATION, GNUNET_break, GNUNET_break_op, GNUNET_CONTAINER_multihashmap_contains(), GNUNET_CONTAINER_multihashmap_put(), GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY, GNUNET_CONTAINER_multipeermap_iterate(), GNUNET_copy_message(), GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_public_key_get_length(), GNUNET_DISK_file_sync(), GNUNET_DISK_file_write(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_log, GNUNET_log_strerror, GNUNET_NO, GNUNET_OK, GNUNET_SETU_add_element(), GNUNET_SYSERR, GNUNET_YES, RevokeMessage::header, peers, pk, GNUNET_GNSRECORD_PowP::pow, revocation_db, revocation_map, revocation_set, GNUNET_MessageHeader::size, GNUNET_SETU_Element::size, and verify_revoke_message().
Referenced by handle_p2p_revoke(), and handle_revoke_message().
|
static |
Definition at line 423 of file gnunet-service-revocation.c.
References GNUNET_break, GNUNET_OK, GNUNET_SYSERR, RevokeMessage::header, GNUNET_MessageHeader::size, and size.
|
static |
Handle REVOKE message from client.
cls | client who sent the message |
rm | the message received |
Definition at line 447 of file gnunet-service-revocation.c.
References env, GNUNET_break_op, GNUNET_ERROR_TYPE_DEBUG, GNUNET_log, GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE_RESPONSE, GNUNET_MQ_msg, GNUNET_MQ_send(), GNUNET_NO, GNUNET_OK, GNUNET_SERVICE_client_continue(), GNUNET_SERVICE_client_drop(), GNUNET_SERVICE_client_get_mq(), GNUNET_SYSERR, GNUNET_YES, RevocationResponseMessage::is_valid, publicize_rm(), and ret.
|
static |
Definition at line 473 of file gnunet-service-revocation.c.
References GNUNET_break, GNUNET_OK, GNUNET_SYSERR, RevokeMessage::header, GNUNET_MessageHeader::size, and size.
|
static |
Core handler for flooded revocation messages.
cls | closure unused |
rm | revocation message |
Definition at line 496 of file gnunet-service-revocation.c.
References GNUNET_break_op, GNUNET_ERROR_TYPE_DEBUG, GNUNET_log, GNUNET_SYSERR, and publicize_rm().
Referenced by add_revocation().
|
static |
Callback for set operation results.
Called for each element in the result set. Each element contains a revocation, which we should validate and then add to our revocation list (and set).
cls | closure |
element | a result element, only valid if status is #GNUNET_SETU_STATUS_OK |
current_size | current set size |
status | see enum GNUNET_SETU_Status |
Definition at line 517 of file gnunet-service-revocation.c.
References _, GNUNET_SETU_Element::data, GNUNET_SETU_Element::element_type, gettext_noop, GNUNET_BLOCK_TYPE_REVOCATION, GNUNET_break, GNUNET_break_op, GNUNET_ERROR_TYPE_WARNING, GNUNET_i2s(), GNUNET_log, GNUNET_NO, GNUNET_SETU_STATUS_ADD_LOCAL, GNUNET_SETU_STATUS_DONE, GNUNET_SETU_STATUS_FAILURE, GNUNET_STATISTICS_update(), handle_p2p_revoke(), PeerEntry::id, GNUNET_SETU_Element::size, PeerEntry::so, stats, and status.
Referenced by handle_revocation_union_request().
|
static |
The timeout for performing the set union has expired, run the set operation on the revocation certificates.
cls | NULL |
Definition at line 582 of file gnunet-service-revocation.c.
References GNUNET_assert, GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_SETU_prepare(), PeerEntry::id, revocation_set_union_app_id, PeerEntry::so, and PeerEntry::transmit_task.
Referenced by handle_core_connect().
|
static |
Method called whenever a peer connects.
Sets up the PeerEntry and schedules the initial revocation set exchange with this peer.
cls | closure |
peer | peer identity this notification is about |
Definition at line 617 of file gnunet-service-revocation.c.
References GNUNET_CONTAINER_multipeermap_get(), GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_hash_cmp(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_memcmp, GNUNET_NO, GNUNET_SCHEDULER_add_delayed(), GNUNET_STATISTICS_update(), GNUNET_TIME_UNIT_SECONDS, mq, PeerEntry::mq, my_identity, new_peer_entry(), peers, stats, PeerEntry::transmit_task, and transmit_task_cb().
Referenced by run().
|
static |
Method called whenever a peer disconnects.
Deletes the PeerEntry and cancels any pending transmission requests to that peer.
cls | closure |
peer | peer identity this notification is about |
internal_cls | our struct PeerEntry for this peer |
Definition at line 681 of file gnunet-service-revocation.c.
References GNUNET_assert, GNUNET_CONTAINER_multipeermap_remove(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_i2s(), GNUNET_log, GNUNET_memcmp, GNUNET_NO, GNUNET_SCHEDULER_cancel(), GNUNET_SETU_operation_cancel(), GNUNET_STATISTICS_update(), GNUNET_YES, my_identity, peers, PeerEntry::so, stats, and PeerEntry::transmit_task.
Referenced by run().
|
static |
Free all values in a hash map.
cls | NULL |
key | the key |
value | value to free |
Definition at line 725 of file gnunet-service-revocation.c.
References GNUNET_free, GNUNET_OK, and value.
Referenced by shutdown_task().
|
static |
Task run during shutdown.
cls | unused |
Definition at line 740 of file gnunet-service-revocation.c.
References core_api, free_entry(), GNUNET_CONTAINER_multihashmap_destroy(), GNUNET_CONTAINER_multihashmap_iterate(), GNUNET_CONTAINER_multipeermap_destroy(), GNUNET_CORE_disconnect(), GNUNET_DISK_file_close(), GNUNET_NO, GNUNET_SETU_destroy(), GNUNET_SETU_listen_cancel(), GNUNET_STATISTICS_destroy(), peers, revocation_db, revocation_map, revocation_set, revocation_union_listen_handle, and stats.
Referenced by run().
|
static |
Called on core init/fail.
cls | service closure |
identity | the public identity of this peer |
Definition at line 786 of file gnunet-service-revocation.c.
References GNUNET_ERROR_TYPE_ERROR, GNUNET_log, GNUNET_SCHEDULER_shutdown(), identity, and my_identity.
Referenced by run().
|
static |
Called when another peer wants to do a set operation with the local peer.
If a listen error occurs, the 'request' is NULL.
cls | closure |
other_peer | the other peer |
context_msg | message with application specific information from the other peer |
request | request from the other peer (never NULL), use GNUNET_SETU_accept() to accept it, otherwise the request will be refused Note that we can't just return value from the listen callback, as it is also necessary to specify the set we want to do the operation with, which sometimes can be derived from the context message. It's necessary to specify the timeout. |
Definition at line 816 of file gnunet-service-revocation.c.
References add_revocation(), GNUNET_break, GNUNET_break_op, GNUNET_CONTAINER_multipeermap_get(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_OK, GNUNET_SCHEDULER_shutdown(), GNUNET_SETU_accept(), GNUNET_SETU_commit(), new_peer_entry(), peers, request, revocation_set, and PeerEntry::so.
Referenced by run().
|
static |
Handle network size estimate clients.
cls | closure |
server | the initialized server |
c | configuration to use |
Definition at line 865 of file gnunet-service-revocation.c.
References _, cfg, core_api, core_init(), epoch_duration, GNUNET_break, GNUNET_break_op, GNUNET_CONFIGURATION_get_value_filename(), GNUNET_CONFIGURATION_get_value_number(), GNUNET_CONFIGURATION_get_value_time(), GNUNET_CONTAINER_multihashmap_create(), GNUNET_CONTAINER_multihashmap_put(), GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY, GNUNET_CONTAINER_multipeermap_create(), GNUNET_CORE_connect(), GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_public_key_get_length(), GNUNET_DISK_file_open(), GNUNET_DISK_file_read(), GNUNET_DISK_file_size(), GNUNET_DISK_OPEN_CREATE, GNUNET_DISK_OPEN_READWRITE, GNUNET_DISK_PERM_GROUP_READ, GNUNET_DISK_PERM_OTHER_READ, GNUNET_DISK_PERM_USER_READ, GNUNET_DISK_PERM_USER_WRITE, GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log_config_invalid(), GNUNET_log_config_missing(), GNUNET_log_strerror_file, GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE, GNUNET_MQ_handler_end, GNUNET_MQ_hd_var_size, GNUNET_new, GNUNET_NO, GNUNET_OK, GNUNET_SCHEDULER_add_shutdown(), GNUNET_SCHEDULER_shutdown(), GNUNET_SETU_create(), GNUNET_SETU_listen(), GNUNET_STATISTICS_create(), GNUNET_YES, handle_core_connect(), handle_core_disconnect(), handle_revocation_union_request(), peers, pk, GNUNET_GNSRECORD_PowP::pow, revocation_db, revocation_map, revocation_set, revocation_set_union_app_id, revocation_union_listen_handle, revocation_work_required, shutdown_task(), and stats.
GNUNET_SERVICE_MAIN | ( | "revocation" | , |
GNUNET_SERVICE_OPTION_NONE | , | ||
& | run, | ||
& | client_connect_cb, | ||
& | client_disconnect_cb, | ||
NULL | , | ||
GNUNET_MQ_hd_var_size(query_message, GNUNET_MESSAGE_TYPE_REVOCATION_QUERY, struct QueryMessage, NULL) | , | ||
GNUNET_MQ_hd_var_size(revoke_message, GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE, struct RevokeMessage, NULL) | , | ||
GNUNET_MQ_handler_end() | |||
) |
Define "main" method using service macro.
|
static |
Set from all revocations known to us.
Definition at line 80 of file gnunet-service-revocation.c.
Referenced by handle_revocation_union_request(), publicize_rm(), run(), and shutdown_task().
|
static |
Hash map with all revoked keys, maps the hash of the public key to the respective struct RevokeMessage
.
Definition at line 86 of file gnunet-service-revocation.c.
Referenced by handle_query_message(), publicize_rm(), run(), and shutdown_task().
|
static |
Handle to our current configuration.
Definition at line 91 of file gnunet-service-revocation.c.
Referenced by run().
|
static |
Handle to the statistics service.
Definition at line 96 of file gnunet-service-revocation.c.
Referenced by add_revocation(), handle_core_connect(), handle_core_disconnect(), run(), and shutdown_task().
|
static |
Handle to the core service (for flooding)
Definition at line 101 of file gnunet-service-revocation.c.
Referenced by run(), and shutdown_task().
|
static |
Map of all connected peers.
Definition at line 106 of file gnunet-service-revocation.c.
Referenced by handle_core_connect(), handle_core_disconnect(), handle_revocation_union_request(), new_peer_entry(), publicize_rm(), run(), and shutdown_task().
|
static |
The peer identity of this peer.
Definition at line 111 of file gnunet-service-revocation.c.
Referenced by core_init(), handle_core_connect(), and handle_core_disconnect().
|
static |
File handle for the revocation database.
Definition at line 116 of file gnunet-service-revocation.c.
Referenced by publicize_rm(), run(), and shutdown_task().
|
static |
Handle for us listening to incoming revocation set union requests.
Definition at line 121 of file gnunet-service-revocation.c.
Referenced by run(), and shutdown_task().
|
static |
Amount of work required (W-bit collisions) for REVOCATION proofs, in collision-bits.
Definition at line 126 of file gnunet-service-revocation.c.
Referenced by run(), and verify_revoke_message().
|
static |
Length of an expiration expoch.
Definition at line 131 of file gnunet-service-revocation.c.
Referenced by run(), and verify_revoke_message().
|
static |
Our application ID for set union operations.
Must be the same for all (compatible) peers.
Definition at line 137 of file gnunet-service-revocation.c.
Referenced by run(), and transmit_task_cb().