diff options
author | Andreas Ebner <pansy007@googlemail.com> | 2019-07-07 15:04:40 +0200 |
---|---|---|
committer | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2019-10-07 12:15:06 +0200 |
commit | fc58d9d4241ed2dcd4b492b4f922ba959449a697 (patch) | |
tree | 812713718d2d93d70a3ee1a22b20d55e65969873 | |
parent | d2634b1f96dfd55ae4daef294bb6c05d687354c8 (diff) | |
download | gnunet-fc58d9d4241ed2dcd4b492b4f922ba959449a697.tar.gz gnunet-fc58d9d4241ed2dcd4b492b4f922ba959449a697.zip |
Implemented delegate sign and store function for GNS entries:
- functions to store and sign delegates (all types) including serialization/string_to_value/..
- solved (almost) all TODOs
- some renaming and cleanup in gnunet-credential.c
- valgrind checked
- test file adapted accordingly
-rw-r--r-- | src/credential/Makefile.am | 6 | ||||
-rw-r--r-- | src/credential/credential_api.c | 1 | ||||
-rw-r--r-- | src/credential/credential_serialization.c | 118 | ||||
-rw-r--r-- | src/credential/credential_serialization.h | 8 | ||||
-rw-r--r-- | src/credential/delegate.h | 79 | ||||
-rw-r--r-- | src/credential/delegate_misc.c | 250 | ||||
-rw-r--r-- | src/credential/delegate_misc.h | 36 | ||||
-rw-r--r-- | src/credential/gnunet-credential.c | 254 | ||||
-rw-r--r-- | src/credential/plugin_gnsrecord_credential.c | 125 | ||||
-rwxr-xr-x | src/credential/test_credential_own.sh | 34 | ||||
-rw-r--r-- | src/include/gnunet_credential_service.h | 62 |
11 files changed, 661 insertions, 312 deletions
diff --git a/src/credential/Makefile.am b/src/credential/Makefile.am index 5b14b3def..7d9ab4bea 100644 --- a/src/credential/Makefile.am +++ b/src/credential/Makefile.am | |||
@@ -69,11 +69,13 @@ gnunet_service_credential_LDADD = \ | |||
69 | 69 | ||
70 | 70 | ||
71 | libgnunetcredential_la_SOURCES = \ | 71 | libgnunetcredential_la_SOURCES = \ |
72 | credential_api.c credential.h \ | 72 | credential_api.c credential.h deleagte.h\ |
73 | credential_serialization.c \ | 73 | credential_serialization.c \ |
74 | credential_serialization.h \ | 74 | credential_serialization.h \ |
75 | credential_misc.c \ | 75 | credential_misc.c \ |
76 | credential_misc.h | 76 | credential_misc.h \ |
77 | delegate_misc.c \ | ||
78 | delegate_misc.h | ||
77 | libgnunetcredential_la_LIBADD = \ | 79 | libgnunetcredential_la_LIBADD = \ |
78 | $(top_builddir)/src/util/libgnunetutil.la $(XLIB) | 80 | $(top_builddir)/src/util/libgnunetutil.la $(XLIB) |
79 | libgnunetcredential_la_LDFLAGS = \ | 81 | libgnunetcredential_la_LDFLAGS = \ |
diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index 3cbaf6c21..be5ff25ae 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c | |||
@@ -30,6 +30,7 @@ | |||
30 | #include "gnunet_protocols.h" | 30 | #include "gnunet_protocols.h" |
31 | #include "gnunet_signatures.h" | 31 | #include "gnunet_signatures.h" |
32 | #include "credential.h" | 32 | #include "credential.h" |
33 | #include "delegate.h" | ||
33 | #include "credential_serialization.h" | 34 | #include "credential_serialization.h" |
34 | #include "gnunet_credential_service.h" | 35 | #include "gnunet_credential_service.h" |
35 | #include "gnunet_identity_service.h" | 36 | #include "gnunet_identity_service.h" |
diff --git a/src/credential/credential_serialization.c b/src/credential/credential_serialization.c index 40fa112dd..95b29a49c 100644 --- a/src/credential/credential_serialization.c +++ b/src/credential/credential_serialization.c | |||
@@ -31,6 +31,7 @@ | |||
31 | #include "gnunet_credential_service.h" | 31 | #include "gnunet_credential_service.h" |
32 | #include "gnunet_signatures.h" | 32 | #include "gnunet_signatures.h" |
33 | #include "credential.h" | 33 | #include "credential.h" |
34 | #include "delegate.h" | ||
34 | 35 | ||
35 | /** | 36 | /** |
36 | * Calculate how many bytes we will need to serialize | 37 | * Calculate how many bytes we will need to serialize |
@@ -402,6 +403,7 @@ GNUNET_CREDENTIAL_delegation_chain_deserialize (size_t len, | |||
402 | c_count, | 403 | c_count, |
403 | cd); | 404 | cd); |
404 | } | 405 | } |
406 | |||
405 | int | 407 | int |
406 | GNUNET_CREDENTIAL_credential_serialize (struct | 408 | GNUNET_CREDENTIAL_credential_serialize (struct |
407 | GNUNET_CREDENTIAL_Credential *cred, | 409 | GNUNET_CREDENTIAL_Credential *cred, |
@@ -475,5 +477,121 @@ GNUNET_CREDENTIAL_credential_deserialize (const char*data, | |||
475 | return cred; | 477 | return cred; |
476 | } | 478 | } |
477 | 479 | ||
480 | //TODO own file for delegate de/serialization | ||
481 | |||
482 | int | ||
483 | GNUNET_CREDENTIAL_delegate_serialize (struct GNUNET_CREDENTIAL_Delegate *cred, | ||
484 | char **data) | ||
485 | { | ||
486 | size_t size; | ||
487 | struct DelegateEntry *cdata; | ||
488 | int attr_len; | ||
489 | |||
490 | // +1 for \0 | ||
491 | if (0 == cred->subject_attribute_len){ | ||
492 | attr_len = cred->issuer_attribute_len + 1; | ||
493 | } else { | ||
494 | attr_len = cred->issuer_attribute_len + cred->subject_attribute_len + 1; | ||
495 | } | ||
496 | size = sizeof (struct DelegateEntry) + attr_len; | ||
497 | |||
498 | char tmp_str[attr_len]; | ||
499 | GNUNET_memcpy(tmp_str, cred->issuer_attribute, cred->issuer_attribute_len); | ||
500 | if (0 != cred->subject_attribute_len){ | ||
501 | GNUNET_memcpy(tmp_str + cred->issuer_attribute_len, cred->subject_attribute, cred->subject_attribute_len); | ||
502 | } | ||
503 | tmp_str[attr_len - 1] = '\0'; | ||
504 | |||
505 | *data = GNUNET_malloc (size); | ||
506 | cdata = (struct DelegateEntry*)*data; | ||
507 | cdata->subject_key = cred->subject_key; | ||
508 | cdata->issuer_key = cred->issuer_key; | ||
509 | cdata->expiration = GNUNET_htonll (cred->expiration.abs_value_us); | ||
510 | cdata->signature = cred->signature; | ||
511 | cdata->issuer_attribute_len = htonl (cred->issuer_attribute_len + 1); | ||
512 | if (0 == cred->subject_attribute_len){ | ||
513 | cdata->subject_attribute_len = htonl (0); | ||
514 | } else { | ||
515 | cdata->subject_attribute_len = htonl (cred->subject_attribute_len + 1); | ||
516 | } | ||
517 | cdata->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); | ||
518 | cdata->purpose.size = htonl (size - sizeof (struct GNUNET_CRYPTO_EcdsaSignature)); | ||
519 | |||
520 | GNUNET_memcpy (&cdata[1], | ||
521 | tmp_str, | ||
522 | attr_len); | ||
523 | |||
524 | if(GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL, | ||
525 | &cdata->purpose, | ||
526 | &cdata->signature, | ||
527 | &cdata->issuer_key)) | ||
528 | { | ||
529 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Serialize: Invalid delegate\n"); | ||
530 | //return NULL; | ||
531 | } | ||
532 | return size; | ||
533 | } | ||
534 | |||
535 | struct GNUNET_CREDENTIAL_Delegate* | ||
536 | GNUNET_CREDENTIAL_delegate_deserialize (const char* data, | ||
537 | size_t data_size) | ||
538 | { | ||
539 | struct GNUNET_CREDENTIAL_Delegate *cred; | ||
540 | struct DelegateEntry *cdata; | ||
541 | char *attr_combo_str; | ||
542 | |||
543 | if (data_size < sizeof (struct DelegateEntry)) | ||
544 | return NULL; | ||
545 | cdata = (struct DelegateEntry*)data; | ||
546 | if(GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL, | ||
547 | &cdata->purpose, | ||
548 | &cdata->signature, | ||
549 | &cdata->issuer_key)) | ||
550 | { | ||
551 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Deserialize: Invalid delegate\n"); | ||
552 | //return NULL; | ||
553 | } | ||
554 | attr_combo_str = (char*)&cdata[1]; | ||
555 | int iss_len = ntohl(cdata->issuer_attribute_len); | ||
556 | int sub_len = ntohl(cdata->subject_attribute_len); | ||
557 | int attr_combo_len = iss_len + sub_len; | ||
558 | |||
559 | cred = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_Delegate) + attr_combo_len); | ||
560 | |||
561 | cred->issuer_key = cdata->issuer_key; | ||
562 | cred->subject_key = cdata->subject_key; | ||
563 | GNUNET_memcpy (&cred[1], | ||
564 | attr_combo_str, | ||
565 | attr_combo_len); | ||
566 | cred->signature = cdata->signature; | ||
567 | |||
568 | // Parse the combo attribute string, split into issuer and subject | ||
569 | if(0 == sub_len){ | ||
570 | cred->issuer_attribute = attr_combo_str; | ||
571 | cred->issuer_attribute_len = attr_combo_len; | ||
572 | cred->subject_attribute = '\0'; | ||
573 | cred->subject_attribute_len = 0; | ||
574 | } else { | ||
575 | // -1: array index starts from 0 | ||
576 | char *tmp_str = GNUNET_malloc(iss_len); | ||
577 | GNUNET_memcpy(tmp_str, attr_combo_str, iss_len - 1); | ||
578 | tmp_str[iss_len] = '\0'; | ||
579 | cred->issuer_attribute = strdup(tmp_str); | ||
580 | cred->issuer_attribute_len = iss_len; | ||
581 | GNUNET_free(tmp_str); | ||
582 | |||
583 | // -1: both times, starting from 0 | ||
584 | tmp_str = GNUNET_malloc(sub_len); | ||
585 | GNUNET_memcpy(tmp_str, attr_combo_str + iss_len - 1, sub_len - 1); | ||
586 | tmp_str[sub_len] = '\0'; | ||
587 | cred->subject_attribute = strdup(tmp_str); | ||
588 | cred->subject_attribute_len = sub_len; | ||
589 | GNUNET_free(tmp_str); | ||
590 | } | ||
591 | |||
592 | cred->expiration.abs_value_us = GNUNET_ntohll (cdata->expiration); | ||
593 | |||
594 | return cred; | ||
595 | } | ||
478 | 596 | ||
479 | /* end of credential_serialization.c */ | 597 | /* end of credential_serialization.c */ |
diff --git a/src/credential/credential_serialization.h b/src/credential/credential_serialization.h index 65326de31..ebeae0d89 100644 --- a/src/credential/credential_serialization.h +++ b/src/credential/credential_serialization.h | |||
@@ -169,5 +169,13 @@ GNUNET_CREDENTIAL_credential_serialize (struct | |||
169 | struct GNUNET_CREDENTIAL_Credential* | 169 | struct GNUNET_CREDENTIAL_Credential* |
170 | GNUNET_CREDENTIAL_credential_deserialize (const char*data, | 170 | GNUNET_CREDENTIAL_credential_deserialize (const char*data, |
171 | size_t data_size); | 171 | size_t data_size); |
172 | |||
173 | int | ||
174 | GNUNET_CREDENTIAL_delegate_serialize (struct GNUNET_CREDENTIAL_Delegate *cred, | ||
175 | char **data); | ||
176 | |||
177 | struct GNUNET_CREDENTIAL_Delegate* | ||
178 | GNUNET_CREDENTIAL_delegate_deserialize (const char* data, | ||
179 | size_t data_size); | ||
172 | #endif | 180 | #endif |
173 | /* end of credential_serialization.h */ | 181 | /* end of credential_serialization.h */ |
diff --git a/src/credential/delegate.h b/src/credential/delegate.h new file mode 100644 index 000000000..e1bf112ef --- /dev/null +++ b/src/credential/delegate.h | |||
@@ -0,0 +1,79 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet | ||
3 | Copyright (C) 2012-2013 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | /** | ||
21 | * @file credential/delegate.h | ||
22 | * @brief IPC messages between CREDENTIAL API and CREDENTIAL service | ||
23 | * @author Martin Schanzenbach | ||
24 | */ | ||
25 | #ifndef DELEGATE_H | ||
26 | #define DELEGATE_H | ||
27 | |||
28 | #include "gnunet_credential_service.h" | ||
29 | |||
30 | GNUNET_NETWORK_STRUCT_BEGIN | ||
31 | |||
32 | struct DelegateEntry | ||
33 | { | ||
34 | |||
35 | /** | ||
36 | * The signature for this credential by the issuer | ||
37 | */ | ||
38 | struct GNUNET_CRYPTO_EcdsaSignature signature; | ||
39 | |||
40 | /** | ||
41 | * Signature meta | ||
42 | */ | ||
43 | struct GNUNET_CRYPTO_EccSignaturePurpose purpose; | ||
44 | |||
45 | /** | ||
46 | * Public key of the issuer | ||
47 | */ | ||
48 | struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; | ||
49 | |||
50 | /** | ||
51 | * Public key of the subject this credential was issued to | ||
52 | */ | ||
53 | struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; | ||
54 | |||
55 | /** | ||
56 | * Expiration time of this credential | ||
57 | */ | ||
58 | uint64_t expiration GNUNET_PACKED; | ||
59 | |||
60 | /** | ||
61 | * Issuer subject attribute length | ||
62 | */ | ||
63 | uint32_t issuer_attribute_len; | ||
64 | |||
65 | /** | ||
66 | * Issuer attribute length | ||
67 | */ | ||
68 | uint32_t subject_attribute_len; | ||
69 | |||
70 | /** | ||
71 | * Followed by the subject attribute string | ||
72 | */ | ||
73 | }; | ||
74 | |||
75 | |||
76 | GNUNET_NETWORK_STRUCT_END | ||
77 | |||
78 | #endif | ||
79 | |||
diff --git a/src/credential/delegate_misc.c b/src/credential/delegate_misc.c new file mode 100644 index 000000000..d900ccd1f --- /dev/null +++ b/src/credential/delegate_misc.c | |||
@@ -0,0 +1,250 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2009-2013, 2016 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | |||
22 | /** | ||
23 | * @file credential/delegate_misc.c | ||
24 | * @brief Misc API for delegate | ||
25 | * | ||
26 | * @author Martin Schanzenbach | ||
27 | */ | ||
28 | #include "platform.h" | ||
29 | #include "gnunet_util_lib.h" | ||
30 | #include "gnunet_constants.h" | ||
31 | #include "gnunet_credential_service.h" | ||
32 | #include "gnunet_signatures.h" | ||
33 | #include "delegate.h" | ||
34 | #include <inttypes.h> | ||
35 | |||
36 | char* | ||
37 | GNUNET_CREDENTIAL_delegate_to_string (const struct GNUNET_CREDENTIAL_Delegate *cred) | ||
38 | { | ||
39 | char *cred_str; | ||
40 | char *subject_pkey; | ||
41 | char *issuer_pkey; | ||
42 | char *signature; | ||
43 | |||
44 | subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->subject_key); | ||
45 | issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->issuer_key); | ||
46 | GNUNET_STRINGS_base64_encode ((char*)&cred->signature, | ||
47 | sizeof (struct GNUNET_CRYPTO_EcdsaSignature), | ||
48 | &signature); | ||
49 | if(0 == cred->subject_attribute_len){ | ||
50 | GNUNET_asprintf (&cred_str, | ||
51 | "%s.%s -> %s | %s | %"SCNu64, | ||
52 | issuer_pkey, | ||
53 | cred->issuer_attribute, | ||
54 | subject_pkey, | ||
55 | signature, | ||
56 | cred->expiration.abs_value_us); | ||
57 | } else { | ||
58 | GNUNET_asprintf (&cred_str, | ||
59 | "%s.%s -> %s.%s | %s | %"SCNu64, | ||
60 | issuer_pkey, | ||
61 | cred->issuer_attribute, | ||
62 | subject_pkey, | ||
63 | cred->subject_attribute, | ||
64 | signature, | ||
65 | cred->expiration.abs_value_us); | ||
66 | } | ||
67 | GNUNET_free (subject_pkey); | ||
68 | GNUNET_free (issuer_pkey); | ||
69 | GNUNET_free (signature); | ||
70 | |||
71 | return cred_str; | ||
72 | } | ||
73 | |||
74 | struct GNUNET_CREDENTIAL_Delegate* | ||
75 | GNUNET_CREDENTIAL_delegate_from_string (const char* s) | ||
76 | { | ||
77 | struct GNUNET_CREDENTIAL_Delegate *cred; | ||
78 | size_t enclen = (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8; | ||
79 | if (enclen % 5 > 0) | ||
80 | enclen += 5 - enclen % 5; | ||
81 | enclen /= 5; /* 260/5 = 52 */ | ||
82 | char subject_pkey[enclen + 1]; | ||
83 | char issuer_pkey[enclen + 1]; | ||
84 | char iss_attr[253 + 1]; | ||
85 | // Needs to be initialized, in case of Type 1 credential (A.a <- B) | ||
86 | char sub_attr[253 + 1] = ""; | ||
87 | char signature[256]; //TODO max payload size | ||
88 | |||
89 | struct GNUNET_CRYPTO_EcdsaSignature *sig; | ||
90 | struct GNUNET_TIME_Absolute etime_abs; | ||
91 | |||
92 | // If it's A.a <- B.b... | ||
93 | if (6 != SSCANF (s, | ||
94 | "%52s.%253s -> %52s.%253s | %s | %"SCNu64, | ||
95 | issuer_pkey, | ||
96 | iss_attr, | ||
97 | subject_pkey, | ||
98 | sub_attr, | ||
99 | signature, | ||
100 | &etime_abs.abs_value_us)) | ||
101 | { | ||
102 | // Try if it's A.a <- B | ||
103 | if (5 != SSCANF (s, | ||
104 | "%52s.%253s -> %52s | %s | %"SCNu64, | ||
105 | issuer_pkey, | ||
106 | iss_attr, | ||
107 | subject_pkey, | ||
108 | signature, | ||
109 | &etime_abs.abs_value_us)) | ||
110 | { | ||
111 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unable to parse DEL record string `%s'\n", s); | ||
112 | return NULL; | ||
113 | } | ||
114 | } | ||
115 | |||
116 | // +1 for \0 | ||
117 | int attr_len; | ||
118 | if(strcmp(sub_attr,"") == 0) { | ||
119 | attr_len = strlen (iss_attr) + 1; | ||
120 | } else { | ||
121 | attr_len = strlen (iss_attr) + strlen(sub_attr) + 1; | ||
122 | } | ||
123 | cred = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_Delegate) + attr_len); | ||
124 | |||
125 | char tmp_str[attr_len]; | ||
126 | GNUNET_memcpy(tmp_str, iss_attr, strlen(iss_attr)); | ||
127 | if(strcmp(sub_attr,"") != 0) { | ||
128 | GNUNET_memcpy(tmp_str + strlen(iss_attr), sub_attr, strlen(sub_attr)); | ||
129 | } | ||
130 | tmp_str[attr_len - 1] = '\0'; | ||
131 | |||
132 | GNUNET_CRYPTO_ecdsa_public_key_from_string (subject_pkey, | ||
133 | strlen (subject_pkey), | ||
134 | &cred->subject_key); | ||
135 | GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_pkey, | ||
136 | strlen (issuer_pkey), | ||
137 | &cred->issuer_key); | ||
138 | GNUNET_assert (sizeof (struct GNUNET_CRYPTO_EcdsaSignature) == GNUNET_STRINGS_base64_decode (signature, | ||
139 | strlen (signature), | ||
140 | (char**)&sig)); | ||
141 | cred->signature = *sig; | ||
142 | cred->expiration = etime_abs; | ||
143 | GNUNET_free (sig); | ||
144 | GNUNET_memcpy (&cred[1], | ||
145 | tmp_str, | ||
146 | attr_len); | ||
147 | |||
148 | cred->issuer_attribute_len = strlen (iss_attr); | ||
149 | cred->issuer_attribute = strdup(iss_attr); | ||
150 | if(strcmp(sub_attr,"") == 0) { | ||
151 | cred->subject_attribute_len = 0; | ||
152 | cred->subject_attribute = '\0'; | ||
153 | } else { | ||
154 | cred->subject_attribute_len = strlen (sub_attr); | ||
155 | cred->subject_attribute = strdup(sub_attr); | ||
156 | } | ||
157 | |||
158 | return cred; | ||
159 | } | ||
160 | |||
161 | /** | ||
162 | * Issue an attribute to a subject | ||
163 | * | ||
164 | * @param issuer the ego that should be used to issue the attribute | ||
165 | * @param subject the subject of the attribute | ||
166 | * @param attribute the name of the attribute | ||
167 | * @return handle to the queued request | ||
168 | */ | ||
169 | |||
170 | struct GNUNET_CREDENTIAL_Delegate * | ||
171 | GNUNET_CREDENTIAL_delegate_issue (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | ||
172 | struct GNUNET_CRYPTO_EcdsaPublicKey *subject, | ||
173 | const char *iss_attr, | ||
174 | const char *sub_attr, | ||
175 | struct GNUNET_TIME_Absolute *expiration) | ||
176 | { | ||
177 | struct DelegateEntry *crd; | ||
178 | struct GNUNET_CREDENTIAL_Delegate *cred; | ||
179 | size_t size; | ||
180 | int attr_len; | ||
181 | |||
182 | if (NULL == sub_attr){ | ||
183 | // +1 for \0 | ||
184 | attr_len = strlen (iss_attr) + 1; | ||
185 | } else { | ||
186 | attr_len = strlen (iss_attr) + strlen(sub_attr) + 1; | ||
187 | } | ||
188 | size = sizeof (struct DelegateEntry) + attr_len; | ||
189 | |||
190 | char tmp_str[attr_len]; | ||
191 | GNUNET_memcpy(tmp_str, iss_attr, strlen(iss_attr)); | ||
192 | if (NULL != sub_attr){ | ||
193 | GNUNET_memcpy(tmp_str + strlen(iss_attr), sub_attr, strlen(sub_attr)); | ||
194 | } | ||
195 | tmp_str[attr_len - 1] = '\0'; | ||
196 | |||
197 | crd = GNUNET_malloc (size); | ||
198 | crd->purpose.size = htonl (size - sizeof (struct GNUNET_CRYPTO_EcdsaSignature)); | ||
199 | crd->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); | ||
200 | GNUNET_CRYPTO_ecdsa_key_get_public (issuer, | ||
201 | &crd->issuer_key); | ||
202 | crd->subject_key = *subject; | ||
203 | crd->expiration = GNUNET_htonll (expiration->abs_value_us); | ||
204 | crd->issuer_attribute_len = htonl (strlen (iss_attr) + 1); | ||
205 | if (NULL == sub_attr){ | ||
206 | crd->subject_attribute_len = htonl (0); | ||
207 | } else { | ||
208 | crd->subject_attribute_len = htonl (strlen (sub_attr) + 1); | ||
209 | } | ||
210 | |||
211 | GNUNET_memcpy (&crd[1], | ||
212 | tmp_str, | ||
213 | attr_len); | ||
214 | |||
215 | if (GNUNET_OK != | ||
216 | GNUNET_CRYPTO_ecdsa_sign (issuer, | ||
217 | &crd->purpose, | ||
218 | &crd->signature)) | ||
219 | { | ||
220 | GNUNET_break (0); | ||
221 | GNUNET_free (crd); | ||
222 | return NULL; | ||
223 | } | ||
224 | |||
225 | cred = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_Delegate) + attr_len); | ||
226 | cred->signature = crd->signature; | ||
227 | cred->expiration = *expiration; | ||
228 | GNUNET_CRYPTO_ecdsa_key_get_public (issuer, | ||
229 | &cred->issuer_key); | ||
230 | |||
231 | cred->subject_key = *subject; | ||
232 | cred->issuer_attribute = strdup(iss_attr); | ||
233 | cred->issuer_attribute_len = strlen(iss_attr); | ||
234 | if (NULL == sub_attr){ | ||
235 | cred->subject_attribute = '\0'; | ||
236 | cred->subject_attribute_len = 0; | ||
237 | } else { | ||
238 | cred->subject_attribute = strdup(sub_attr); | ||
239 | cred->subject_attribute_len = strlen(sub_attr); | ||
240 | } | ||
241 | |||
242 | GNUNET_memcpy (&cred[1], | ||
243 | tmp_str, | ||
244 | attr_len); | ||
245 | |||
246 | GNUNET_free (crd); | ||
247 | return cred; | ||
248 | } | ||
249 | |||
250 | |||
diff --git a/src/credential/delegate_misc.h b/src/credential/delegate_misc.h new file mode 100644 index 000000000..936517437 --- /dev/null +++ b/src/credential/delegate_misc.h | |||
@@ -0,0 +1,36 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet | ||
3 | Copyright (C) 2012-2013 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | /** | ||
21 | * @file credential/delegate_misc.h | ||
22 | * @brief Delegate helper functions | ||
23 | */ | ||
24 | #ifndef DELEGATE_MISC_H | ||
25 | #define DELEGATE_MISC_H | ||
26 | |||
27 | #include "gnunet_credential_service.h" | ||
28 | |||
29 | char * | ||
30 | GNUNET_CREDENTIAL_delegate_to_string ( | ||
31 | const struct GNUNET_CREDENTIAL_Delegate *cred); | ||
32 | |||
33 | struct GNUNET_CREDENTIAL_Delegate * | ||
34 | GNUNET_CREDENTIAL_delegate_from_string (const char *str); | ||
35 | |||
36 | #endif | ||
diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index 35fa6ff8a..22fca7b00 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c | |||
@@ -28,6 +28,7 @@ | |||
28 | #include <gnunet_gnsrecord_lib.h> | 28 | #include <gnunet_gnsrecord_lib.h> |
29 | #include <gnunet_namestore_service.h> | 29 | #include <gnunet_namestore_service.h> |
30 | #include "credential_misc.h" | 30 | #include "credential_misc.h" |
31 | #include "delegate_misc.h" | ||
31 | #include "credential_serialization.h" | 32 | #include "credential_serialization.h" |
32 | 33 | ||
33 | /** | 34 | /** |
@@ -78,7 +79,7 @@ static struct GNUNET_SCHEDULER_Task *tt; | |||
78 | /** | 79 | /** |
79 | * Subject pubkey string | 80 | * Subject pubkey string |
80 | */ | 81 | */ |
81 | static char *subject_key; | 82 | static char *subject; |
82 | 83 | ||
83 | /** | 84 | /** |
84 | * Subject credential string | 85 | * Subject credential string |
@@ -147,11 +148,6 @@ static int create_ss; | |||
147 | static int sign_ss; | 148 | static int sign_ss; |
148 | 149 | ||
149 | /** | 150 | /** |
150 | * Add mode | ||
151 | */ | ||
152 | static int add_iss; | ||
153 | |||
154 | /** | ||
155 | * Signed issue credentials | 151 | * Signed issue credentials |
156 | */ | 152 | */ |
157 | static char *extension; | 153 | static char *extension; |
@@ -291,6 +287,7 @@ handle_verify_result (void *cls, | |||
291 | { | 287 | { |
292 | iss_key = GNUNET_CRYPTO_ecdsa_public_key_to_string (&dc[i].issuer_key); | 288 | iss_key = GNUNET_CRYPTO_ecdsa_public_key_to_string (&dc[i].issuer_key); |
293 | sub_key = GNUNET_CRYPTO_ecdsa_public_key_to_string (&dc[i].subject_key); | 289 | sub_key = GNUNET_CRYPTO_ecdsa_public_key_to_string (&dc[i].subject_key); |
290 | |||
294 | if (0 != dc[i].subject_attribute_len) | 291 | if (0 != dc[i].subject_attribute_len) |
295 | { | 292 | { |
296 | printf ("(%d) %s.%s <- %s.%s\n", i, | 293 | printf ("(%d) %s.%s <- %s.%s\n", i, |
@@ -409,108 +406,34 @@ identity_cb (void *cls, | |||
409 | &etime_abs); | 406 | &etime_abs); |
410 | 407 | ||
411 | res = GNUNET_CREDENTIAL_credential_to_string (crd); | 408 | res = GNUNET_CREDENTIAL_credential_to_string (crd); |
412 | fprintf(stderr,"Cred: %s\n", res); | ||
413 | GNUNET_free (crd); | 409 | GNUNET_free (crd); |
414 | printf ("%s\n", res); | 410 | printf ("%s\n", res); |
415 | GNUNET_SCHEDULER_shutdown (); | 411 | GNUNET_SCHEDULER_shutdown (); |
416 | } | 412 | } |
417 | 413 | ||
418 | |||
419 | static char | ||
420 | *strtokm(char *str, const char *delim) | ||
421 | { | ||
422 | static char *tok; | ||
423 | static char *next; | ||
424 | char *m; | ||
425 | |||
426 | if (delim == NULL) return NULL; | ||
427 | |||
428 | tok = (str) ? str : next; | ||
429 | if (tok == NULL) return NULL; | ||
430 | |||
431 | m = strstr(tok, delim); | ||
432 | |||
433 | if (m) { | ||
434 | next = m + strlen(delim); | ||
435 | *m = '\0'; | ||
436 | } else { | ||
437 | next = NULL; | ||
438 | } | ||
439 | |||
440 | if (m == tok || *tok == '\0') return strtokm(NULL, delim); | ||
441 | |||
442 | return tok; | ||
443 | } | ||
444 | |||
445 | void topntail(char *str) { | ||
446 | size_t len = strlen(str); | ||
447 | // check if last char is a space, if yes: remove 2 chars at the end | ||
448 | if(str[len-1] == ' ') | ||
449 | { | ||
450 | len -= 1; | ||
451 | } | ||
452 | // remove first and last char | ||
453 | memmove(str, str+1, len-2); | ||
454 | str[len-2] = 0; | ||
455 | } | ||
456 | |||
457 | static int | 414 | static int |
458 | parse_cmdl_param(const char *extensionstring) | 415 | parse_cmdl_param(const char *extensionstring) |
459 | { | 416 | { |
460 | fprintf(stderr, "Starting to parse extension string...\n"); | ||
461 | fprintf(stderr, "string to parse: %s\n", extensionstring); | ||
462 | |||
463 | //Example: | ||
464 | //--ego=epub --attribute=aasds --subject=DKCC5SMTBNV6W3VXDJ7A1N1YS6TRG7B3XC2S5N4HSXJEYYRFRCCG basd --ttl=60m | ||
465 | //--extension=NVTQZA44336VHKCP2SA20BR6899T621B2PJKC3V730AKXC37T6M0.aasds -> DKCC5SMTBNV6W3VXDJ7A1N1YS6TRG7B3XC2S5N4HSXJEYYRFRCCG | D1NuT8hHEUbkCURo1lkcSPKhYiydhv4nMkV042kc9J4MgIhB2/fQKLgJUyuGlJKvYgXLf4jHXNRHJe+aCLG7jw== | 1561126006528100 | ||
466 | |||
467 | //TODO: parse, wenn nicht als argument direkt geparsed werden kann | ||
468 | |||
469 | char cmd_para[100]; | ||
470 | char para_str[1024]; | ||
471 | char *token; | 417 | char *token; |
472 | char *tmp_str; | 418 | char *tmp_str; |
473 | int matches = 0; | 419 | int counter = 0; |
474 | 420 | ||
475 | tmp_str = GNUNET_strdup (extensionstring); | 421 | tmp_str = GNUNET_strdup (extensionstring); |
476 | // use special strtok to match multiple characters | 422 | // split string via strtok, assume parameters are in the right order |
477 | token = strtokm (tmp_str, "--"); | 423 | token = strtok (tmp_str, ";"); |
478 | while (NULL != token) { | 424 | while (NULL != token) { |
479 | // also fills the variables if "regex"-like match | 425 | |
480 | fprintf(stderr, "TOKEN: %s\n", token); | 426 | // fill variables depending on counter |
481 | // match everything till =, ignore = (%*c), match everything including whitespaces (required for the extension parameter) | 427 | if(0 == counter) { |
482 | matches = SSCANF (token, "%[^=]%*c%[^\n]", cmd_para, para_str); | 428 | expiration = GNUNET_strdup(token); |
483 | // string not well formatted | 429 | } else if(1 == counter) { |
484 | if (0 == matches) { | 430 | extension = GNUNET_strdup(token); |
485 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, ("Failed to parse to extensionstring.\n")); | ||
486 | GNUNET_SCHEDULER_shutdown (); | ||
487 | GNUNET_free (tmp_str); | ||
488 | return GNUNET_SYSERR; | ||
489 | } else { | 431 | } else { |
490 | fprintf(stderr,"Found command and parameter: %s %s\n", cmd_para, para_str); | 432 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Could not parse extension string\n"); |
491 | // assign values to variables, topntail to remove trailing/leading " | ||
492 | if(strcmp(cmd_para, "ego") == 0) { | ||
493 | fprintf(stderr,"ego found and parsed\n"); | ||
494 | topntail(para_str); | ||
495 | ego_name = GNUNET_strdup(para_str); | ||
496 | } else if(strcmp(cmd_para, "attribute") == 0) { | ||
497 | fprintf(stderr,"issuer found and parsed\n"); | ||
498 | topntail(para_str); | ||
499 | issuer_attr = GNUNET_strdup(para_str); | ||
500 | } else if(strcmp(cmd_para, "subject") == 0) { | ||
501 | fprintf(stderr,"subject found and parsed\n"); | ||
502 | topntail(para_str); | ||
503 | subject_key = GNUNET_strdup(para_str); | ||
504 | } else if(strcmp(cmd_para, "ttl") == 0) { | ||
505 | fprintf(stderr,"ttl found and parsed\n"); | ||
506 | expiration = GNUNET_strdup(para_str); | ||
507 | } else if(strcmp(cmd_para, "extension") == 0) { | ||
508 | fprintf(stderr,"extension found and parsed\n"); | ||
509 | topntail(para_str); | ||
510 | extension = GNUNET_strdup(para_str); | ||
511 | } | ||
512 | } | 433 | } |
513 | token = strtokm (NULL, "--"); | 434 | |
435 | counter++; | ||
436 | token = strtok (NULL, ";"); | ||
514 | } | 437 | } |
515 | GNUNET_free (tmp_str); | 438 | GNUNET_free (tmp_str); |
516 | 439 | ||
@@ -531,7 +454,7 @@ parse_expiration (const char *expirationstring, | |||
531 | int *etime_is_rel, | 454 | int *etime_is_rel, |
532 | uint64_t *etime) | 455 | uint64_t *etime) |
533 | { | 456 | { |
534 | // TODO just copied from gnunet-namestore.c | 457 | // copied from namestore/gnunet-namestore.c |
535 | struct GNUNET_TIME_Relative etime_rel; | 458 | struct GNUNET_TIME_Relative etime_rel; |
536 | struct GNUNET_TIME_Absolute etime_abs; | 459 | struct GNUNET_TIME_Absolute etime_abs; |
537 | 460 | ||
@@ -574,8 +497,7 @@ parse_expiration (const char *expirationstring, | |||
574 | static void | 497 | static void |
575 | error_cb (void *cls) | 498 | error_cb (void *cls) |
576 | { | 499 | { |
577 | // TODO: Better | 500 | fprintf(stderr, "Error occured during lookup, shutting down.\n"); |
578 | fprintf(stderr, "In add_error_cb\n"); | ||
579 | GNUNET_SCHEDULER_shutdown (); | 501 | GNUNET_SCHEDULER_shutdown (); |
580 | return; | 502 | return; |
581 | } | 503 | } |
@@ -584,8 +506,7 @@ add_continuation (void *cls, | |||
584 | int32_t success, | 506 | int32_t success, |
585 | const char *emsg) | 507 | const char *emsg) |
586 | { | 508 | { |
587 | fprintf(stderr, "Start: add_continuation\n"); | 509 | // TODO what does that do, can I somehow parse an empty callback on success or do I have to set the qe* to NULL? |
588 | |||
589 | struct GNUNET_NAMESTORE_QueueEntry **qe = cls; | 510 | struct GNUNET_NAMESTORE_QueueEntry **qe = cls; |
590 | *qe = NULL; | 511 | *qe = NULL; |
591 | 512 | ||
@@ -602,11 +523,6 @@ get_existing_record (void *cls, | |||
602 | struct GNUNET_GNSRECORD_Data rdn[rd_count + 1]; | 523 | struct GNUNET_GNSRECORD_Data rdn[rd_count + 1]; |
603 | struct GNUNET_GNSRECORD_Data *rde; | 524 | struct GNUNET_GNSRECORD_Data *rde; |
604 | 525 | ||
605 | fprintf(stderr, "Start: get_existing_record\n"); | ||
606 | |||
607 | fprintf(stderr, "count: %d\n", rd_count); | ||
608 | |||
609 | |||
610 | memset (rdn, 0, sizeof (struct GNUNET_GNSRECORD_Data)); | 526 | memset (rdn, 0, sizeof (struct GNUNET_GNSRECORD_Data)); |
611 | GNUNET_memcpy (&rdn[1], | 527 | GNUNET_memcpy (&rdn[1], |
612 | rd, | 528 | rd, |
@@ -615,7 +531,7 @@ get_existing_record (void *cls, | |||
615 | rde->data = data; | 531 | rde->data = data; |
616 | rde->data_size = data_size; | 532 | rde->data_size = data_size; |
617 | rde->record_type = type; | 533 | rde->record_type = type; |
618 | // TODO: flags | 534 | // Flags not required , TODO what have we said we do with that now? Look it up in my writing |
619 | /*if (1 == is_shadow) | 535 | /*if (1 == is_shadow) |
620 | rde->flags |= GNUNET_GNSRECORD_RF_SHADOW_RECORD; | 536 | rde->flags |= GNUNET_GNSRECORD_RF_SHADOW_RECORD; |
621 | if (1 != is_public) | 537 | if (1 != is_public) |
@@ -642,9 +558,8 @@ store_cb (void *cls, | |||
642 | const struct GNUNET_IDENTITY_Ego *ego) | 558 | const struct GNUNET_IDENTITY_Ego *ego) |
643 | { | 559 | { |
644 | const struct GNUNET_CONFIGURATION_Handle *cfg = cls; | 560 | const struct GNUNET_CONFIGURATION_Handle *cfg = cls; |
645 | struct GNUNET_CRYPTO_EcdsaPublicKey pub; | ||
646 | 561 | ||
647 | fprintf(stderr, "Start: store_cb\n"); | 562 | el = NULL; |
648 | 563 | ||
649 | ns = GNUNET_NAMESTORE_connect (cfg); | 564 | ns = GNUNET_NAMESTORE_connect (cfg); |
650 | if (NULL == ns) | 565 | if (NULL == ns) |
@@ -656,14 +571,9 @@ store_cb (void *cls, | |||
656 | } | 571 | } |
657 | 572 | ||
658 | // Key handling | 573 | // Key handling |
659 | fprintf(stderr, "Connected to ns\n"); | ||
660 | zone_pkey = *GNUNET_IDENTITY_ego_get_private_key (ego); | 574 | zone_pkey = *GNUNET_IDENTITY_ego_get_private_key (ego); |
661 | fprintf(stderr, "Got zone_pkey\n"); | ||
662 | // TODO rename to zone_pub? | ||
663 | GNUNET_CRYPTO_ecdsa_key_get_public (&zone_pkey, &pub); | ||
664 | 575 | ||
665 | // Check relevant cmdline parameters | 576 | // Check relevant cmdline parameters |
666 | // name ⁼ issuer_attr | ||
667 | if (NULL == issuer_attr) | 577 | if (NULL == issuer_attr) |
668 | { | 578 | { |
669 | fprintf (stderr, "Missing option -attribute for operation 'create'.\n"); | 579 | fprintf (stderr, "Missing option -attribute for operation 'create'.\n"); |
@@ -671,9 +581,7 @@ store_cb (void *cls, | |||
671 | return; | 581 | return; |
672 | } | 582 | } |
673 | 583 | ||
674 | // TODO later, rename subject_key to subject | 584 | if (NULL == subject) |
675 | // value ⁼ subject_key | ||
676 | if (NULL == subject_key) | ||
677 | { | 585 | { |
678 | fprintf (stderr, "Missing option -subject for operation 'create'.'\n"); | 586 | fprintf (stderr, "Missing option -subject for operation 'create'.'\n"); |
679 | GNUNET_SCHEDULER_shutdown (); | 587 | GNUNET_SCHEDULER_shutdown (); |
@@ -682,20 +590,18 @@ store_cb (void *cls, | |||
682 | 590 | ||
683 | // String to value conversion for storage | 591 | // String to value conversion for storage |
684 | if (GNUNET_OK != GNUNET_GNSRECORD_string_to_value (type, | 592 | if (GNUNET_OK != GNUNET_GNSRECORD_string_to_value (type, |
685 | subject_key, | 593 | subject, |
686 | &data, | 594 | &data, |
687 | &data_size)) | 595 | &data_size)) |
688 | { | 596 | { |
689 | fprintf (stderr, "Value `%s' invalid for record type `%s'\n", | 597 | fprintf (stderr, "Value `%s' invalid for record type `%s'\n", |
690 | subject_key, | 598 | subject, |
691 | typestring); | 599 | typestring); |
692 | GNUNET_SCHEDULER_shutdown (); | 600 | GNUNET_SCHEDULER_shutdown (); |
693 | return; | 601 | return; |
694 | } | 602 | } |
695 | fprintf (stderr, "Data size: `%lu'\n", data_size); | ||
696 | 603 | ||
697 | // Take care of expiration | 604 | // Take care of expiration |
698 | |||
699 | if (NULL == expiration) | 605 | if (NULL == expiration) |
700 | { | 606 | { |
701 | fprintf (stderr, "Missing option -e for operation 'create'\n"); | 607 | fprintf (stderr, "Missing option -e for operation 'create'\n"); |
@@ -728,13 +634,12 @@ sign_cb (void *cls, | |||
728 | const struct GNUNET_IDENTITY_Ego *ego) | 634 | const struct GNUNET_IDENTITY_Ego *ego) |
729 | { | 635 | { |
730 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; | 636 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; |
731 | struct GNUNET_CREDENTIAL_Credential *crd; | 637 | struct GNUNET_CREDENTIAL_Delegate *crd; |
732 | struct GNUNET_TIME_Absolute etime_abs; | 638 | struct GNUNET_TIME_Absolute etime_abs; |
733 | struct GNUNET_TIME_Relative etime_rel; | 639 | struct GNUNET_TIME_Relative etime_rel; |
734 | char *res; | 640 | char *res; |
735 | 641 | ||
736 | el = NULL; | 642 | el = NULL; |
737 | |||
738 | 643 | ||
739 | // work on expiration time | 644 | // work on expiration time |
740 | if (NULL == expiration) | 645 | if (NULL == expiration) |
@@ -752,19 +657,34 @@ sign_cb (void *cls, | |||
752 | return; | 657 | return; |
753 | } | 658 | } |
754 | 659 | ||
755 | // if contains a space - split it by the first space only - assume first token entry is subject_key | 660 | // if contains a space - split it by the first space only - assume first entry is subject followed by attribute(s) |
756 | fprintf (stderr, "Start splitting\n"); | ||
757 | char *space; | 661 | char *space; |
758 | int idx; | 662 | int idx; |
759 | space = strchr(subject_key, ' '); | 663 | char *subject_pubkey_str; |
760 | idx = (int)(space - subject_key); | 664 | char *subject_attr; |
761 | 665 | ||
762 | // TODO rename subject_key to subject | 666 | space = strchr(subject, ' '); |
763 | char *subject_pubkey_str = GNUNET_malloc(idx+1); | 667 | if(NULL == space) |
764 | GNUNET_memcpy(subject_pubkey_str, subject_key, idx); | 668 | { |
765 | subject_pubkey_str[idx] = '\0'; | 669 | // only contains subject key e.g. A.a <- B |
766 | 670 | subject_pubkey_str = subject; | |
767 | fprintf(stderr, "idx: %d, str: %s\n", idx, subject_pubkey_str); | 671 | subject_attr = '\0'; |
672 | } else { | ||
673 | // subject contains: key attr1.attr2.attr3... | ||
674 | // split subject into subject_pubkey_str and subject_attr | ||
675 | idx = (int)(space - subject); | ||
676 | |||
677 | subject_pubkey_str = GNUNET_malloc(idx+1); | ||
678 | GNUNET_memcpy(subject_pubkey_str, subject, idx); | ||
679 | subject_pubkey_str[idx] = '\0'; | ||
680 | |||
681 | int sub_attr_len = strlen(subject) - idx - 1; | ||
682 | // +1 for the \0 | ||
683 | subject_attr = GNUNET_malloc(sub_attr_len + 1); | ||
684 | // +1 to remove the space "key attr" (or whatever separator) | ||
685 | GNUNET_memcpy(subject_attr, subject + idx + 1, sub_attr_len); | ||
686 | subject_attr[sub_attr_len] = '\0'; | ||
687 | } | ||
768 | 688 | ||
769 | // work on keys | 689 | // work on keys |
770 | privkey = GNUNET_IDENTITY_ego_get_private_key (ego); | 690 | privkey = GNUNET_IDENTITY_ego_get_private_key (ego); |
@@ -778,18 +698,15 @@ sign_cb (void *cls, | |||
778 | return; | 698 | return; |
779 | } | 699 | } |
780 | 700 | ||
781 | // Sign credential / TODO not credential but delegate (new method), not only pass subject_pkey but also subject_attr | 701 | // Sign delegate |
782 | // gnunet-credential --issue --ego=registrarb --subject=$ALICE_KEY --attribute=$REG_STUD_ATTR --ttl=5m -c test_credential_lookup.conf | 702 | crd = GNUNET_CREDENTIAL_delegate_issue (privkey, |
783 | // gnunet-credential --create --ego=epub --attribute="a" --subject="B b" --where="ss" -E 60m | ||
784 | // TODO: only signs subject_pkey at the moment, also requires subject_attr (or both in subject_key) | ||
785 | crd = GNUNET_CREDENTIAL_credential_issue (privkey, | ||
786 | &subject_pkey, | 703 | &subject_pkey, |
787 | issuer_attr, | 704 | issuer_attr, |
705 | subject_attr, | ||
788 | &etime_abs); | 706 | &etime_abs); |
789 | res = GNUNET_CREDENTIAL_credential_to_string (crd); | 707 | res = GNUNET_CREDENTIAL_delegate_to_string (crd); |
790 | fprintf(stderr,"Dele: %s\n", res); | ||
791 | GNUNET_free (crd); | 708 | GNUNET_free (crd); |
792 | printf ("--ego=\"%s\" --attribute=\"%s\" --subject=\"%s\" --ttl=%s --extension=\"%s\"\n", ego_name, issuer_attr, subject_key, expiration, res); | 709 | printf ("%s;%s\n", expiration, res); |
793 | 710 | ||
794 | GNUNET_free_non_null (ego_name); | 711 | GNUNET_free_non_null (ego_name); |
795 | ego_name = NULL; | 712 | ego_name = NULL; |
@@ -819,18 +736,14 @@ run (void *cls, | |||
819 | GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); | 736 | GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); |
820 | 737 | ||
821 | if (GNUNET_YES == create_is) { | 738 | if (GNUNET_YES == create_is) { |
822 | fprintf(stderr, "Starting to create issuer side...\n"); | ||
823 | |||
824 | if (NULL == ego_name) { | 739 | if (NULL == ego_name) { |
825 | fprintf (stderr, "ego required\n"); | 740 | fprintf (stderr, "ego required\n"); |
826 | GNUNET_SCHEDULER_shutdown (); | 741 | GNUNET_SCHEDULER_shutdown (); |
827 | return; | 742 | return; |
828 | } | 743 | } |
829 | 744 | ||
745 | // Lookup ego, on success call store_cb and store as ATTRIBUTE type | ||
830 | type = GNUNET_GNSRECORD_TYPE_ATTRIBUTE; | 746 | type = GNUNET_GNSRECORD_TYPE_ATTRIBUTE; |
831 | //TODO: Store normally (at issuer, for backward search) | ||
832 | // stuff from gnunet-namestore.c of namestore folder | ||
833 | fprintf (stderr, "Start: Store issuer side\n"); | ||
834 | el = GNUNET_IDENTITY_ego_lookup (cfg, | 747 | el = GNUNET_IDENTITY_ego_lookup (cfg, |
835 | ego_name, | 748 | ego_name, |
836 | &store_cb, | 749 | &store_cb, |
@@ -839,8 +752,7 @@ run (void *cls, | |||
839 | } | 752 | } |
840 | 753 | ||
841 | if (GNUNET_YES == create_ss) { | 754 | if (GNUNET_YES == create_ss) { |
842 | fprintf(stderr, "Starting to create subject side...\n"); | 755 | // check if signed parameter has been passed in cmd line call |
843 | // check if "credential"/signed parameter filled | ||
844 | if (NULL == extension) { | 756 | if (NULL == extension) { |
845 | fprintf (stderr, "'extension' required\n"); | 757 | fprintf (stderr, "'extension' required\n"); |
846 | GNUNET_SCHEDULER_shutdown (); | 758 | GNUNET_SCHEDULER_shutdown (); |
@@ -850,19 +762,10 @@ run (void *cls, | |||
850 | // parses all the passed parameters | 762 | // parses all the passed parameters |
851 | parse_cmdl_param(extension); | 763 | parse_cmdl_param(extension); |
852 | 764 | ||
853 | fprintf (stderr,"List of parsed attributes:\n"); | 765 | type = GNUNET_GNSRECORD_TYPE_DELEGATE; |
854 | fprintf (stderr,"Ego: %s\n", ego_name); | 766 | subject = extension; |
855 | fprintf (stderr,"Attribute: %s\n", issuer_attr); | 767 | issuer_attr = GNUNET_GNS_EMPTY_LABEL_AT; |
856 | fprintf (stderr,"Subject: %s\n", subject_key); | 768 | // Store subject side |
857 | fprintf (stderr,"ttl: %s\n", expiration); | ||
858 | fprintf (stderr,"Extension: %s\n", extension); | ||
859 | |||
860 | //TODO: subject key does not have to be returned, extension replaces it | ||
861 | //TODO: use own delegation type, implement string_to_value and value_to_string methods of plugin | ||
862 | //type = GNUNET_GNSRECORD_TYPE_DELEGATE; | ||
863 | type = GNUNET_GNSRECORD_TYPE_CREDENTIAL; | ||
864 | subject_key = extension; | ||
865 | fprintf (stderr, "Start: Store subject side\n"); | ||
866 | el = GNUNET_IDENTITY_ego_lookup (cfg, | 769 | el = GNUNET_IDENTITY_ego_lookup (cfg, |
867 | ego_name, | 770 | ego_name, |
868 | &store_cb, | 771 | &store_cb, |
@@ -872,26 +775,19 @@ run (void *cls, | |||
872 | } | 775 | } |
873 | 776 | ||
874 | if (GNUNET_YES == sign_ss) { | 777 | if (GNUNET_YES == sign_ss) { |
875 | fprintf(stderr, "Starting to sign subject side...\n"); | ||
876 | |||
877 | if (NULL == ego_name) { | 778 | if (NULL == ego_name) { |
878 | fprintf (stderr, "ego required\n"); | 779 | fprintf (stderr, "ego required\n"); |
879 | GNUNET_SCHEDULER_shutdown (); | 780 | GNUNET_SCHEDULER_shutdown (); |
880 | return; | 781 | return; |
881 | } | 782 | } |
882 | 783 | if (NULL == subject) | |
883 | if (NULL == subject_key) | ||
884 | { | 784 | { |
885 | fprintf (stderr, "Subject public key needed\n"); | 785 | fprintf (stderr, "Subject public key needed\n"); |
886 | GNUNET_SCHEDULER_shutdown (); | 786 | GNUNET_SCHEDULER_shutdown (); |
887 | return; | 787 | return; |
888 | |||
889 | } | 788 | } |
890 | 789 | ||
891 | //TODO: Sign like credential and return to store subject side | 790 | // lookup ego and call function sign_cb on success |
892 | //TODO: Return everything as an input for the add | ||
893 | //TODO: Idee: Gleich add machen, statt return und neues add | ||
894 | fprintf (stderr, "Start: Sign, return and subject side store\n"); | ||
895 | el = GNUNET_IDENTITY_ego_lookup (cfg, | 791 | el = GNUNET_IDENTITY_ego_lookup (cfg, |
896 | ego_name, | 792 | ego_name, |
897 | &sign_cb, | 793 | &sign_cb, |
@@ -940,7 +836,7 @@ run (void *cls, | |||
940 | 836 | ||
941 | } | 837 | } |
942 | 838 | ||
943 | if (NULL == subject_key) | 839 | if (NULL == subject) |
944 | { | 840 | { |
945 | fprintf (stderr, | 841 | fprintf (stderr, |
946 | _("Subject public key needed\n")); | 842 | _("Subject public key needed\n")); |
@@ -949,13 +845,13 @@ run (void *cls, | |||
949 | 845 | ||
950 | } | 846 | } |
951 | if (GNUNET_OK != | 847 | if (GNUNET_OK != |
952 | GNUNET_CRYPTO_ecdsa_public_key_from_string (subject_key, | 848 | GNUNET_CRYPTO_ecdsa_public_key_from_string (subject, |
953 | strlen (subject_key), | 849 | strlen (subject), |
954 | &subject_pkey)) | 850 | &subject_pkey)) |
955 | { | 851 | { |
956 | fprintf (stderr, | 852 | fprintf (stderr, |
957 | _("Subject public key `%s' is not well-formed\n"), | 853 | _("Subject public key `%s' is not well-formed\n"), |
958 | subject_key); | 854 | subject); |
959 | GNUNET_SCHEDULER_shutdown (); | 855 | GNUNET_SCHEDULER_shutdown (); |
960 | return; | 856 | return; |
961 | } | 857 | } |
@@ -1061,7 +957,6 @@ run (void *cls, | |||
1061 | _("Please specify name to lookup, subject key and issuer key!\n")); | 957 | _("Please specify name to lookup, subject key and issuer key!\n")); |
1062 | GNUNET_SCHEDULER_shutdown (); | 958 | GNUNET_SCHEDULER_shutdown (); |
1063 | } | 959 | } |
1064 | fprintf (stderr, "In the end it doesnt even shutdown\n"); | ||
1065 | return; | 960 | return; |
1066 | } | 961 | } |
1067 | 962 | ||
@@ -1088,8 +983,8 @@ main (int argc, char *const *argv) | |||
1088 | GNUNET_GETOPT_option_string ('s', | 983 | GNUNET_GETOPT_option_string ('s', |
1089 | "subject", | 984 | "subject", |
1090 | "PKEY", | 985 | "PKEY", |
1091 | gettext_noop ("The public key of the subject to lookup the credential for"), | 986 | gettext_noop ("The public key of the subject to lookup the credential for, or for issuer side storage: subject and its attributes"), |
1092 | &subject_key), | 987 | &subject), |
1093 | GNUNET_GETOPT_option_string ('b', | 988 | GNUNET_GETOPT_option_string ('b', |
1094 | "credential", | 989 | "credential", |
1095 | "CRED", | 990 | "CRED", |
@@ -1103,7 +998,7 @@ main (int argc, char *const *argv) | |||
1103 | GNUNET_GETOPT_option_string ('e', | 998 | GNUNET_GETOPT_option_string ('e', |
1104 | "ego", | 999 | "ego", |
1105 | "EGO", | 1000 | "EGO", |
1106 | gettext_noop ("The ego to use"), | 1001 | gettext_noop ("The ego/zone name to use"), |
1107 | &ego_name), | 1002 | &ego_name), |
1108 | GNUNET_GETOPT_option_string ('a', | 1003 | GNUNET_GETOPT_option_string ('a', |
1109 | "attribute", | 1004 | "attribute", |
@@ -1119,10 +1014,9 @@ main (int argc, char *const *argv) | |||
1119 | "collect", | 1014 | "collect", |
1120 | gettext_noop ("collect credentials"), | 1015 | gettext_noop ("collect credentials"), |
1121 | &collect), | 1016 | &collect), |
1122 | |||
1123 | GNUNET_GETOPT_option_flag ('U', | 1017 | GNUNET_GETOPT_option_flag ('U', |
1124 | "createIssuerSide", | 1018 | "createIssuerSide", |
1125 | gettext_noop ("TODO: rename create to --issue, Create and issue a credential issuer side."), | 1019 | gettext_noop ("Create and issue a credential issuer side."), |
1126 | &create_is), | 1020 | &create_is), |
1127 | GNUNET_GETOPT_option_flag ('C', | 1021 | GNUNET_GETOPT_option_flag ('C', |
1128 | "createSubjectSide", | 1022 | "createSubjectSide", |
@@ -1132,14 +1026,10 @@ main (int argc, char *const *argv) | |||
1132 | "signSubjectSide", | 1026 | "signSubjectSide", |
1133 | gettext_noop ("Create, sign and return a credential subject side."), | 1027 | gettext_noop ("Create, sign and return a credential subject side."), |
1134 | &sign_ss), | 1028 | &sign_ss), |
1135 | GNUNET_GETOPT_option_flag ('A', | ||
1136 | "add", | ||
1137 | gettext_noop ("Add credential to the namestore of an ego"), | ||
1138 | &add_iss), | ||
1139 | GNUNET_GETOPT_option_string ('x', | 1029 | GNUNET_GETOPT_option_string ('x', |
1140 | "extension", | 1030 | "extension", |
1141 | "EXT", | 1031 | "EXT", |
1142 | gettext_noop ("Signed issue credentials"), | 1032 | gettext_noop ("Signed credentials that should be issued to a zone/ego"), |
1143 | &extension), | 1033 | &extension), |
1144 | GNUNET_GETOPT_OPTION_END | 1034 | GNUNET_GETOPT_OPTION_END |
1145 | }; | 1035 | }; |
diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index a4c3a94e8..f2fb0b1a6 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c | |||
@@ -28,6 +28,7 @@ | |||
28 | #include "gnunet_util_lib.h" | 28 | #include "gnunet_util_lib.h" |
29 | 29 | ||
30 | #include "credential_misc.h" | 30 | #include "credential_misc.h" |
31 | #include "delegate_misc.h" | ||
31 | #include "credential_serialization.h" | 32 | #include "credential_serialization.h" |
32 | #include "gnunet_credential_service.h" | 33 | #include "gnunet_credential_service.h" |
33 | #include "gnunet_gnsrecord_lib.h" | 34 | #include "gnunet_gnsrecord_lib.h" |
@@ -46,7 +47,6 @@ static char * | |||
46 | credential_value_to_string (void *cls, uint32_t type, const void *data, | 47 | credential_value_to_string (void *cls, uint32_t type, const void *data, |
47 | size_t data_size) | 48 | size_t data_size) |
48 | { | 49 | { |
49 | |||
50 | const char *cdata; | 50 | const char *cdata; |
51 | 51 | ||
52 | switch (type) { | 52 | switch (type) { |
@@ -94,8 +94,6 @@ credential_value_to_string (void *cls, uint32_t type, const void *data, | |||
94 | } | 94 | } |
95 | GNUNET_free (subject_pkey); | 95 | GNUNET_free (subject_pkey); |
96 | } | 96 | } |
97 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "############### attr str: %s \n", attr_str); | ||
98 | //DEBUG ############### attr str: BKX50FK9QYNTFGPR6647CDASM63G21NEJC02QP58NHN7B7M8TKT0 student | ||
99 | return attr_str; | 97 | return attr_str; |
100 | } | 98 | } |
101 | case GNUNET_GNSRECORD_TYPE_CREDENTIAL: { | 99 | case GNUNET_GNSRECORD_TYPE_CREDENTIAL: { |
@@ -107,10 +105,14 @@ credential_value_to_string (void *cls, uint32_t type, const void *data, | |||
107 | GNUNET_free (cred); | 105 | GNUNET_free (cred); |
108 | return cred_str; | 106 | return cred_str; |
109 | } | 107 | } |
110 | case GNUNET_GNSRECORD_TYPE_DELEGATE: { | 108 | case GNUNET_GNSRECORD_TYPE_DELEGATE: { |
111 | printf("####################################vts\n"); | 109 | struct GNUNET_CREDENTIAL_Delegate *cred; |
112 | 110 | char *cred_str; | |
113 | return GNUNET_strndup (data, data_size); | 111 | |
112 | cred = GNUNET_CREDENTIAL_delegate_deserialize (data, data_size); | ||
113 | cred_str = GNUNET_CREDENTIAL_delegate_to_string (cred); | ||
114 | GNUNET_free (cred); | ||
115 | return cred_str; | ||
114 | } | 116 | } |
115 | default: | 117 | default: |
116 | return NULL; | 118 | return NULL; |
@@ -137,8 +139,6 @@ credential_string_to_value (void *cls, uint32_t type, const char *s, | |||
137 | return GNUNET_SYSERR; | 139 | return GNUNET_SYSERR; |
138 | switch (type) { | 140 | switch (type) { |
139 | case GNUNET_GNSRECORD_TYPE_ATTRIBUTE: { | 141 | case GNUNET_GNSRECORD_TYPE_ATTRIBUTE: { |
140 | printf ("Start: string_to_value attribute\n"); | ||
141 | |||
142 | struct GNUNET_CREDENTIAL_DelegationRecord *sets; | 142 | struct GNUNET_CREDENTIAL_DelegationRecord *sets; |
143 | char attr_str[253 + 1]; | 143 | char attr_str[253 + 1]; |
144 | char subject_pkey[52 + 1]; | 144 | char subject_pkey[52 + 1]; |
@@ -217,8 +217,6 @@ credential_string_to_value (void *cls, uint32_t type, const char *s, | |||
217 | return GNUNET_OK; | 217 | return GNUNET_OK; |
218 | } | 218 | } |
219 | case GNUNET_GNSRECORD_TYPE_CREDENTIAL: { | 219 | case GNUNET_GNSRECORD_TYPE_CREDENTIAL: { |
220 | printf ("Start: string_to_value credential\n"); | ||
221 | |||
222 | struct GNUNET_CREDENTIAL_Credential *cred; | 220 | struct GNUNET_CREDENTIAL_Credential *cred; |
223 | cred = GNUNET_CREDENTIAL_credential_from_string (s); | 221 | cred = GNUNET_CREDENTIAL_credential_from_string (s); |
224 | 222 | ||
@@ -226,110 +224,11 @@ credential_string_to_value (void *cls, uint32_t type, const char *s, | |||
226 | return GNUNET_OK; | 224 | return GNUNET_OK; |
227 | } | 225 | } |
228 | case GNUNET_GNSRECORD_TYPE_DELEGATE: { | 226 | case GNUNET_GNSRECORD_TYPE_DELEGATE: { |
229 | printf ("Start: string_to_value delegate\n"); | 227 | struct GNUNET_CREDENTIAL_Delegate *cred; |
230 | 228 | cred = GNUNET_CREDENTIAL_delegate_from_string (s); | |
231 | char* tmp_str; | ||
232 | char* token; | ||
233 | int matches = 0; | ||
234 | int entries = 0; | ||
235 | size_t tmp_data_size = 0; | ||
236 | char issuer_attr_str[253 + 1], subject_attr_str[253 + 1]; | ||
237 | char issuer_pkey[52 + 1], subject_pkey[52 + 1]; | ||
238 | int i; | ||
239 | |||
240 | // Split AND | ||
241 | tmp_str = GNUNET_strdup (s); | ||
242 | // Split string by ',' and first entry stored in token | ||
243 | token = strtok (tmp_str, ","); | ||
244 | // TODO: Use of this except for entry counting and format checking (why tmp_data size in the function above?) | ||
245 | while(NULL != token) { | ||
246 | printf("DEL############### tokenX %s\n", token); | ||
247 | |||
248 | // TODO: only for type A.a <- B.b, missing other types, especially with multiple roles on the right side | ||
249 | // Alles splitten mit "%s %s <- %s %s ..." oder lieber "%s %s <- %s" und das dem lookup überlassen? Dann aber feld größe unknown | ||
250 | |||
251 | // Match with string and fill variables | ||
252 | matches = SSCANF (token, "%s %s <- %s %s", issuer_pkey, issuer_attr_str, subject_pkey, subject_attr_str); | ||
253 | printf("DEL############### issuerpkey %s, issueratt %s, subjectpkey %s, subjectattr %s\n", | ||
254 | issuer_pkey, issuer_attr_str, subject_pkey, subject_attr_str); | ||
255 | |||
256 | // Doesn't match string, DEL record string wrong formatted, throw error | ||
257 | if (2 >= matches) { | ||
258 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
259 | _ ("Unable to parse DEL record string `%s'\n"), s); | ||
260 | GNUNET_free (tmp_str); | ||
261 | return GNUNET_SYSERR; | ||
262 | } | ||
263 | |||
264 | printf("DEL############### matches %d\n", matches); | ||
265 | if (3 == matches) { | ||
266 | // Type A.a <- B | ||
267 | printf("DEL############### A.a <-B found\n"); | ||
268 | } | ||
269 | if (4 == matches) { | ||
270 | printf("DEL############### A.a <- B.b found\n"); | ||
271 | } | ||
272 | |||
273 | // Get next entry of tmp_str (pointer still saved), store entry in token, NULL if no more entries | ||
274 | token = strtok(NULL, ","); | ||
275 | entries++; | ||
276 | } | ||
277 | // TODO fill tmp_data_size (but what's that) | ||
278 | |||
279 | tmp_str = GNUNET_strdup (s); | ||
280 | token = strtok (tmp_str, ","); | ||
281 | if (NULL == token) { | ||
282 | GNUNET_free (tmp_str); | ||
283 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Malformed string %s\n", s); | ||
284 | return GNUNET_SYSERR; | ||
285 | } | ||
286 | |||
287 | // TODO own GNUNET_CREDENTIAL_Delegation struct (when I know the format) | ||
288 | struct GNUNET_CREDENTIAL_Delegation set[entries]; | ||
289 | // sets memory to be 0, starting at *set for the size of struct * entries | ||
290 | memset (set, 0, sizeof (struct GNUNET_CREDENTIAL_Delegation) * entries); | ||
291 | |||
292 | for (i = 0; i < entries; i++) { | ||
293 | matches = SSCANF (token, "%s %s <- %s %s", issuer_pkey, issuer_attr_str, subject_pkey, subject_attr_str); | ||
294 | |||
295 | // Set public keys of issuer and subject | ||
296 | GNUNET_CRYPTO_ecdsa_public_key_from_string ( | ||
297 | issuer_pkey, strlen (issuer_pkey), &set[i].issuer_key); | ||
298 | GNUNET_CRYPTO_ecdsa_public_key_from_string ( | ||
299 | subject_pkey, strlen (subject_pkey), &set[i].subject_key); | ||
300 | |||
301 | // Set issuer attribute, always present | ||
302 | set[i].issuer_attribute_len = strlen (issuer_attr_str) + 1; | ||
303 | set[i].issuer_attribute = GNUNET_strdup (issuer_attr_str); | ||
304 | |||
305 | if (4 == matches) { | ||
306 | // A.a <- B.b | ||
307 | set[i].subject_attribute_len = strlen (subject_attr_str) + 1; | ||
308 | set[i].subject_attribute = GNUNET_strdup (subject_attr_str); | ||
309 | } | ||
310 | |||
311 | // If more entries, then token string can take the next entry (separated by ',') by calling strtok again | ||
312 | token = strtok (NULL, ","); | ||
313 | } | ||
314 | //TODO: own method | ||
315 | //tmp_data_size = GNUNET_CREDENTIAL_delegation_set_get_size (entries, set); | ||
316 | |||
317 | if (-1 == tmp_data_size) { | ||
318 | GNUNET_free (tmp_str); | ||
319 | return GNUNET_SYSERR; | ||
320 | } | ||
321 | |||
322 | //TODO: serialize | ||
323 | |||
324 | |||
325 | |||
326 | |||
327 | |||
328 | |||
329 | 229 | ||
230 | *data_size = GNUNET_CREDENTIAL_delegate_serialize (cred, (char **)data); | ||
330 | 231 | ||
331 | *data_size = strlen (s); | ||
332 | *data = GNUNET_strdup (s); | ||
333 | return GNUNET_OK; | 232 | return GNUNET_OK; |
334 | } | 233 | } |
335 | default: | 234 | default: |
diff --git a/src/credential/test_credential_own.sh b/src/credential/test_credential_own.sh index a5f567511..d10d1b2ea 100755 --- a/src/credential/test_credential_own.sh +++ b/src/credential/test_credential_own.sh | |||
@@ -43,24 +43,28 @@ REG_STUD_ATTR="student" | |||
43 | END_ATTR="end" | 43 | END_ATTR="end" |
44 | 44 | ||
45 | TEST_CREDENTIAL="mygnunetcreds" | 45 | TEST_CREDENTIAL="mygnunetcreds" |
46 | # Test for forward search (0) StateU.student -> EOrg.end | 46 | # Own issuer side storage: |
47 | # gnunet-namestore -p -z eorg -a -n "@" -t DEL -V "$STATEU_KEY $STATE_STUD_ATTR <- $EORG_KEY $END_ATTR" -e 60m -c test_credential_lookup.conf | 47 | gnunet-credential --createIssuerSide --ego=epub --attribute="issside" --subject="$EORG_KEY asd" --ttl=5m |
48 | # gnunet-namestore -D -z eorg | 48 | |
49 | 49 | gnunet-namestore -D -z epub | |
50 | # Alternative Format that is being implemented at the moment: | 50 | |
51 | # Issuerside: | 51 | # Own subject side storage: |
52 | # gnunet-credential --create --ego=A --attribute="a" --subject="B.b" --where="is" | 52 | SIGNED=`$DO_TIMEOUT gnunet-credential --signSubjectSide --ego=epub --attribute="abcd" --subject="$EORG_KEY" --ttl=5m` |
53 | gnunet-credential --createIssuerSide --ego=epub --attribute="aasds" --subject="$EORG_KEY basd" --ttl=60m | 53 | gnunet-credential --createSubjectSide --ego=eorg --extension "$SIGNED" |
54 | SIGNED=`$DO_TIMEOUT gnunet-credential --signSubjectSide --ego=epub --attribute="asd" --subject="$EORG_KEY basd" --ttl=60m` | 54 | |
55 | echo $SIGNED | 55 | SIGNED=`$DO_TIMEOUT gnunet-credential --signSubjectSide --ego=epub --attribute="abcd" --subject="$EORG_KEY efghijklmno" --ttl=5m` |
56 | gnunet-credential --createSubjectSide --extension "$SIGNED" | 56 | gnunet-credential --createSubjectSide --ego=eorg --extension "$SIGNED" |
57 | # Subjectside: | 57 | |
58 | # X = gnunet-credential --create -e E -a "a" -s "B.b" -w ss | 58 | SIGNED=`$DO_TIMEOUT gnunet-credential --signSubjectSide --ego=epub --attribute="abcd" --subject="$EORG_KEY efghijklmno.pqr" --ttl=5m` |
59 | # gnunet-credential --add -e E -x X | 59 | gnunet-credential --createSubjectSide --ego=eorg --extension "$SIGNED" |
60 | |||
61 | SIGNED=`$DO_TIMEOUT gnunet-credential --signSubjectSide --ego=epub --attribute="abcd.stu" --subject="$EORG_KEY efghijklmno.pqr" --ttl=5m` | ||
62 | gnunet-credential --createSubjectSide --ego=eorg --extension "$SIGNED" | ||
63 | |||
64 | gnunet-namestore -D -z eorg | ||
60 | 65 | ||
61 | # (1) EPub assigns the attribute "discount" to all entities that have been assigned "preferred" by EOrg | 66 | # (1) EPub assigns the attribute "discount" to all entities that have been assigned "preferred" by EOrg |
62 | gnunet-namestore -p -z epub -a -n $DISC_ATTR -t ATTR -V "$EORG_KEY $PREF_ATTR" -e 5m -c test_credential_lookup.conf | 67 | gnunet-namestore -p -z epub -a -n $DISC_ATTR -t ATTR -V "$EORG_KEY $PREF_ATTR" -e 5m -c test_credential_lookup.conf |
63 | gnunet-namestore -D -z epub | ||
64 | 68 | ||
65 | # (2) EOrg assigns the attribute "preferred" to all entities that have been assigned "student" by StateU | 69 | # (2) EOrg assigns the attribute "preferred" to all entities that have been assigned "student" by StateU |
66 | gnunet-namestore -p -z eorg -a -n $PREF_ATTR -t ATTR -V "$STATEU_KEY $STATE_STUD_ATTR" -e 5m -c test_credential_lookup.conf | 70 | gnunet-namestore -p -z eorg -a -n $PREF_ATTR -t ATTR -V "$STATEU_KEY $STATE_STUD_ATTR" -e 5m -c test_credential_lookup.conf |
diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h index 05cdb7c9f..7b179e99f 100644 --- a/src/include/gnunet_credential_service.h +++ b/src/include/gnunet_credential_service.h | |||
@@ -202,6 +202,53 @@ struct GNUNET_CREDENTIAL_Credential | |||
202 | const char *issuer_attribute; | 202 | const char *issuer_attribute; |
203 | }; | 203 | }; |
204 | 204 | ||
205 | /** | ||
206 | * A delegate | ||
207 | */ | ||
208 | struct GNUNET_CREDENTIAL_Delegate { | ||
209 | |||
210 | /** | ||
211 | * The issuer of the credential | ||
212 | */ | ||
213 | struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; | ||
214 | |||
215 | /** | ||
216 | * Public key of the subject this credential was issued to | ||
217 | */ | ||
218 | struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; | ||
219 | |||
220 | /** | ||
221 | * Signature of this credential | ||
222 | */ | ||
223 | struct GNUNET_CRYPTO_EcdsaSignature signature; | ||
224 | |||
225 | /** | ||
226 | * Expiration of this credential | ||
227 | */ | ||
228 | struct GNUNET_TIME_Absolute expiration; | ||
229 | |||
230 | /** | ||
231 | * Length of the issuer attribute | ||
232 | */ | ||
233 | uint32_t issuer_attribute_len; | ||
234 | |||
235 | /** | ||
236 | * The issuer attribute | ||
237 | */ | ||
238 | const char *issuer_attribute; | ||
239 | |||
240 | /** | ||
241 | * Length of the subject attribute | ||
242 | */ | ||
243 | uint32_t subject_attribute_len; | ||
244 | |||
245 | /** | ||
246 | * The subject attribute | ||
247 | */ | ||
248 | const char *subject_attribute; | ||
249 | |||
250 | }; | ||
251 | |||
205 | 252 | ||
206 | 253 | ||
207 | /** | 254 | /** |
@@ -363,6 +410,21 @@ GNUNET_CREDENTIAL_credential_issue (const struct | |||
363 | const char *attribute, | 410 | const char *attribute, |
364 | struct GNUNET_TIME_Absolute *expiration); | 411 | struct GNUNET_TIME_Absolute *expiration); |
365 | 412 | ||
413 | /** | ||
414 | * Issue an attribute to a subject | ||
415 | * | ||
416 | * @param issuer the ego that should be used to issue the attribute | ||
417 | * @param subject the subject of the attribute | ||
418 | * @param attribute the name of the attribute | ||
419 | * @param expiration the TTL of the credential | ||
420 | * @return handle to the queued request | ||
421 | */ | ||
422 | struct GNUNET_CREDENTIAL_Delegate* | ||
423 | GNUNET_CREDENTIAL_delegate_issue (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | ||
424 | struct GNUNET_CRYPTO_EcdsaPublicKey *subject, | ||
425 | const char *iss_attr, | ||
426 | const char *sub_attr, | ||
427 | struct GNUNET_TIME_Absolute *expiration); | ||
366 | 428 | ||
367 | 429 | ||
368 | /** | 430 | /** |