diff options
author | Jacki <jacki@thejackimonster.de> | 2024-04-04 21:31:59 +0200 |
---|---|---|
committer | Jacki <jacki@thejackimonster.de> | 2024-04-04 21:31:59 +0200 |
commit | 087834e85fb20f98b6695f62cff2b5b65a32e542 (patch) | |
tree | 10fd694b8353f63373ec2473cb8ab4c9705f1c22 | |
parent | 19d2dd133c22de9d58972289ebe10eb6f2e29692 (diff) | |
download | gnunet-dev/thejackimonster/reclaim-changes.tar.gz gnunet-dev/thejackimonster/reclaim-changes.zip |
RECLAIM: Encrypt attribute references to restrict access from third partiesdev/thejackimonster/reclaim-changes
Signed-off-by: Jacki <jacki@thejackimonster.de>
-rw-r--r-- | src/service/reclaim/gnunet-service-reclaim_tickets.c | 52 |
1 files changed, 44 insertions, 8 deletions
diff --git a/src/service/reclaim/gnunet-service-reclaim_tickets.c b/src/service/reclaim/gnunet-service-reclaim_tickets.c index acd2b6859..740e82b27 100644 --- a/src/service/reclaim/gnunet-service-reclaim_tickets.c +++ b/src/service/reclaim/gnunet-service-reclaim_tickets.c | |||
@@ -1090,6 +1090,8 @@ lookup_authz_cb (void *cls, | |||
1090 | struct ParallelLookup *parallel_lookup; | 1090 | struct ParallelLookup *parallel_lookup; |
1091 | char *lbl; | 1091 | char *lbl; |
1092 | struct GNUNET_RECLAIM_PresentationListEntry *ale; | 1092 | struct GNUNET_RECLAIM_PresentationListEntry *ale; |
1093 | char *data; | ||
1094 | size_t data_size; | ||
1093 | 1095 | ||
1094 | cth->lookup_request = NULL; | 1096 | cth->lookup_request = NULL; |
1095 | 1097 | ||
@@ -1103,9 +1105,26 @@ lookup_authz_cb (void *cls, | |||
1103 | "reclaim_authz_lookups_count", | 1105 | "reclaim_authz_lookups_count", |
1104 | 1, | 1106 | 1, |
1105 | GNUNET_YES); | 1107 | GNUNET_YES); |
1106 | 1108 | ||
1109 | data_size = 0; | ||
1110 | for (int i = 0; i < rd_count; i++) | ||
1111 | if (rd[i].data_size > data_size) | ||
1112 | data_size = rd[i].data_size; | ||
1113 | |||
1114 | if (data_size <= GNUNET_CRYPTO_ENCRYPT_OVERHEAD_BYTES) | ||
1115 | goto cleanup; | ||
1116 | |||
1117 | data = GNUNET_malloc(data_size - GNUNET_CRYPTO_ENCRYPT_OVERHEAD_BYTES); | ||
1107 | for (int i = 0; i < rd_count; i++) | 1118 | for (int i = 0; i < rd_count; i++) |
1108 | { | 1119 | { |
1120 | data_size = rd[i].data_size - GNUNET_CRYPTO_ENCRYPT_OVERHEAD_BYTES; | ||
1121 | if (GNUNET_OK != GNUNET_CRYPTO_decrypt(rd[i].data, | ||
1122 | rd[i].data_size, | ||
1123 | &(cth->identity), | ||
1124 | data, | ||
1125 | data_size)) | ||
1126 | continue; | ||
1127 | |||
1109 | /** | 1128 | /** |
1110 | * Check if record is a credential presentation or an attribute | 1129 | * Check if record is a credential presentation or an attribute |
1111 | * reference. | 1130 | * reference. |
@@ -1115,14 +1134,14 @@ lookup_authz_cb (void *cls, | |||
1115 | case GNUNET_GNSRECORD_TYPE_RECLAIM_PRESENTATION: | 1134 | case GNUNET_GNSRECORD_TYPE_RECLAIM_PRESENTATION: |
1116 | ale = GNUNET_new (struct GNUNET_RECLAIM_PresentationListEntry); | 1135 | ale = GNUNET_new (struct GNUNET_RECLAIM_PresentationListEntry); |
1117 | ale->presentation = | 1136 | ale->presentation = |
1118 | GNUNET_RECLAIM_presentation_deserialize (rd[i].data, | 1137 | GNUNET_RECLAIM_presentation_deserialize (data, |
1119 | rd[i].data_size); | 1138 | data_size); |
1120 | GNUNET_CONTAINER_DLL_insert (cth->presentations->list_head, | 1139 | GNUNET_CONTAINER_DLL_insert (cth->presentations->list_head, |
1121 | cth->presentations->list_tail, | 1140 | cth->presentations->list_tail, |
1122 | ale); | 1141 | ale); |
1123 | break; | 1142 | break; |
1124 | case GNUNET_GNSRECORD_TYPE_RECLAIM_ATTRIBUTE_REF: | 1143 | case GNUNET_GNSRECORD_TYPE_RECLAIM_ATTRIBUTE_REF: |
1125 | lbl = GNUNET_STRINGS_data_to_string_alloc (rd[i].data, rd[i].data_size); | 1144 | lbl = GNUNET_STRINGS_data_to_string_alloc (data, data_size); |
1126 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Ticket reference found %s\n", lbl); | 1145 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Ticket reference found %s\n", lbl); |
1127 | parallel_lookup = GNUNET_new (struct ParallelLookup); | 1146 | parallel_lookup = GNUNET_new (struct ParallelLookup); |
1128 | parallel_lookup->handle = cth; | 1147 | parallel_lookup->handle = cth; |
@@ -1145,10 +1164,12 @@ lookup_authz_cb (void *cls, | |||
1145 | "Ignoring unknown record type %d", rd[i].record_type); | 1164 | "Ignoring unknown record type %d", rd[i].record_type); |
1146 | } | 1165 | } |
1147 | } | 1166 | } |
1167 | GNUNET_free(data); | ||
1148 | /** | 1168 | /** |
1149 | * We started lookups. Add a timeout task. | 1169 | * We started lookups. Add a timeout task. |
1150 | * FIXME: Really needed here? | 1170 | * FIXME: Really needed here? |
1151 | */ | 1171 | */ |
1172 | cleanup: | ||
1152 | if (NULL != cth->parallel_lookups_head) | 1173 | if (NULL != cth->parallel_lookups_head) |
1153 | { | 1174 | { |
1154 | cth->kill_task = GNUNET_SCHEDULER_add_delayed ( | 1175 | cth->kill_task = GNUNET_SCHEDULER_add_delayed ( |
@@ -1293,24 +1314,39 @@ issue_ticket (struct TicketIssueHandle *ih) | |||
1293 | struct GNUNET_GNSRECORD_Data *attrs_record; | 1314 | struct GNUNET_GNSRECORD_Data *attrs_record; |
1294 | char *label; | 1315 | char *label; |
1295 | char *tkt_data; | 1316 | char *tkt_data; |
1317 | char *data; | ||
1296 | int i; | 1318 | int i; |
1297 | int j; | 1319 | int j; |
1298 | int attrs_count = 0; | 1320 | int attrs_count = 0; |
1321 | size_t data_size = 0; | ||
1299 | 1322 | ||
1300 | for (le = ih->attrs->list_head; NULL != le; le = le->next) | 1323 | for (le = ih->attrs->list_head; NULL != le; le = le->next) |
1324 | { | ||
1325 | if (sizeof(le->attribute->id) > data_size) | ||
1326 | data_size = sizeof(le->attribute->id); | ||
1301 | attrs_count++; | 1327 | attrs_count++; |
1328 | } | ||
1302 | 1329 | ||
1303 | // Worst case we have one presentation per attribute | 1330 | // Worst case we have one presentation per attribute |
1304 | attrs_record = | 1331 | attrs_record = |
1305 | GNUNET_malloc (2 * attrs_count * sizeof(struct GNUNET_GNSRECORD_Data)); | 1332 | GNUNET_malloc (2 * attrs_count * sizeof(struct GNUNET_GNSRECORD_Data)); |
1333 | data = GNUNET_malloc (data_size + GNUNET_CRYPTO_ENCRYPT_OVERHEAD_BYTES); | ||
1306 | i = 0; | 1334 | i = 0; |
1307 | for (le = ih->attrs->list_head; NULL != le; le = le->next) | 1335 | for (le = ih->attrs->list_head; NULL != le; le = le->next) |
1308 | { | 1336 | { |
1309 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 1337 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1310 | "Adding list entry: %s\n", le->attribute->name); | 1338 | "Adding list entry: %s\n", le->attribute->name); |
1339 | |||
1340 | data_size = sizeof (le->attribute->id) + GNUNET_CRYPTO_ENCRYPT_OVERHEAD_BYTES; | ||
1341 | if (GNUNET_OK != GNUNET_CRYPTO_encrypt (&(le->attribute->id), | ||
1342 | sizeof (le->attribute->id), | ||
1343 | &(ih->ticket.audience), | ||
1344 | data, | ||
1345 | data_size)) | ||
1346 | continue; | ||
1311 | 1347 | ||
1312 | attrs_record[i].data = &le->attribute->id; | 1348 | attrs_record[i].data = data; |
1313 | attrs_record[i].data_size = sizeof(le->attribute->id); | 1349 | attrs_record[i].data_size = data_size; |
1314 | attrs_record[i].expiration_time = ticket_refresh_interval.rel_value_us; | 1350 | attrs_record[i].expiration_time = ticket_refresh_interval.rel_value_us; |
1315 | attrs_record[i].record_type = GNUNET_GNSRECORD_TYPE_RECLAIM_ATTRIBUTE_REF; | 1351 | attrs_record[i].record_type = GNUNET_GNSRECORD_TYPE_RECLAIM_ATTRIBUTE_REF; |
1316 | attrs_record[i].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; | 1352 | attrs_record[i].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; |
@@ -1327,8 +1363,7 @@ issue_ticket (struct TicketIssueHandle *ih) | |||
1327 | continue; | 1363 | continue; |
1328 | presentation = GNUNET_RECLAIM_presentation_deserialize ( | 1364 | presentation = GNUNET_RECLAIM_presentation_deserialize ( |
1329 | attrs_record[j].data, | 1365 | attrs_record[j].data, |
1330 | attrs_record[j]. | 1366 | attrs_record[j].data_size); |
1331 | data_size); | ||
1332 | if (NULL == presentation) | 1367 | if (NULL == presentation) |
1333 | { | 1368 | { |
1334 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | 1369 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
@@ -1420,6 +1455,7 @@ issue_ticket (struct TicketIssueHandle *ih) | |||
1420 | char *ptr = (char*) attrs_record[j].data; | 1455 | char *ptr = (char*) attrs_record[j].data; |
1421 | GNUNET_free (ptr); | 1456 | GNUNET_free (ptr); |
1422 | } | 1457 | } |
1458 | GNUNET_free (data); | ||
1423 | GNUNET_free (tkt_data); | 1459 | GNUNET_free (tkt_data); |
1424 | GNUNET_free (attrs_record); | 1460 | GNUNET_free (attrs_record); |
1425 | GNUNET_free (label); | 1461 | GNUNET_free (label); |