diff options
author | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2017-09-17 21:06:42 +0200 |
---|---|---|
committer | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2017-09-17 21:06:42 +0200 |
commit | 0469377fd49450c1d7853c5ceecf08be9ce8df75 (patch) | |
tree | 847fd99b23035611d0dbb6a12e548a9a1b196bf6 | |
parent | 67e0d73709ef557b52ba0527291d68c17fd6c60a (diff) | |
download | gnunet-0469377fd49450c1d7853c5ceecf08be9ce8df75.tar.gz gnunet-0469377fd49450c1d7853c5ceecf08be9ce8df75.zip |
- rework issue api
-rw-r--r-- | src/identity-provider/gnunet-idp.c | 274 | ||||
-rw-r--r-- | src/identity-provider/gnunet-service-identity-provider.c | 571 | ||||
-rw-r--r-- | src/identity-provider/identity_attribute.c | 68 | ||||
-rw-r--r-- | src/identity-provider/identity_attribute.h | 41 | ||||
-rw-r--r-- | src/identity-provider/identity_provider.h | 50 | ||||
-rw-r--r-- | src/identity-provider/identity_provider_api.c | 118 | ||||
-rwxr-xr-x | src/identity-provider/test_idp.sh | 5 | ||||
-rwxr-xr-x | src/identity-provider/test_idp_issue.sh | 35 | ||||
-rw-r--r-- | src/include/gnunet_identity_provider_service.h | 160 | ||||
-rw-r--r-- | src/include/gnunet_protocols.h | 12 |
10 files changed, 1035 insertions, 299 deletions
diff --git a/src/identity-provider/gnunet-idp.c b/src/identity-provider/gnunet-idp.c index 264d77ba2..fdd4720e0 100644 --- a/src/identity-provider/gnunet-idp.c +++ b/src/identity-provider/gnunet-idp.c | |||
@@ -32,14 +32,14 @@ | |||
32 | #include "gnunet_signatures.h" | 32 | #include "gnunet_signatures.h" |
33 | 33 | ||
34 | /** | 34 | /** |
35 | * Init flag | 35 | * List attribute flag |
36 | */ | 36 | */ |
37 | static int init; | 37 | static int list; |
38 | 38 | ||
39 | /** | 39 | /** |
40 | * List attribute flag | 40 | * Relying party |
41 | */ | 41 | */ |
42 | static int list; | 42 | static char* rp; |
43 | 43 | ||
44 | /** | 44 | /** |
45 | * The attribute | 45 | * The attribute |
@@ -52,6 +52,11 @@ static char* attr_name; | |||
52 | static char* attr_value; | 52 | static char* attr_value; |
53 | 53 | ||
54 | /** | 54 | /** |
55 | * Attributes to issue | ||
56 | */ | ||
57 | static char* issue_attrs; | ||
58 | |||
59 | /** | ||
55 | * Ego name | 60 | * Ego name |
56 | */ | 61 | */ |
57 | static char* ego_name; | 62 | static char* ego_name; |
@@ -72,81 +77,77 @@ static struct GNUNET_IDENTITY_PROVIDER_Handle *idp_handle; | |||
72 | static struct GNUNET_IDENTITY_PROVIDER_Operation *idp_op; | 77 | static struct GNUNET_IDENTITY_PROVIDER_Operation *idp_op; |
73 | 78 | ||
74 | /** | 79 | /** |
75 | * Namestore handle | 80 | * Attribute iterator |
76 | */ | 81 | */ |
77 | static struct GNUNET_NAMESTORE_Handle *namestore_handle; | 82 | static struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *attr_iterator; |
78 | 83 | ||
79 | /** | 84 | /** |
80 | * Attribute iterator | 85 | * Master ABE key |
81 | */ | 86 | */ |
82 | static struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *attr_iterator; | 87 | static struct GNUNET_CRYPTO_AbeMasterKey *abe_key; |
83 | 88 | ||
84 | /** | 89 | /** |
85 | * Namestore queue | 90 | * ego private key |
86 | */ | 91 | */ |
87 | static struct GNUNET_NAMESTORE_QueueEntry *ns_qe; | 92 | static const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey; |
88 | 93 | ||
89 | /** | 94 | /** |
90 | * Master ABE key | 95 | * rp public key |
91 | */ | 96 | */ |
92 | static struct GNUNET_CRYPTO_AbeMasterKey *abe_key; | 97 | static struct GNUNET_CRYPTO_EcdsaPublicKey rp_key; |
98 | |||
99 | |||
100 | /** | ||
101 | * Attribute list | ||
102 | */ | ||
103 | static struct GNUNET_IDENTITY_PROVIDER_AttributeList *attr_list; | ||
93 | 104 | ||
94 | static void | 105 | static void |
95 | do_cleanup(void *cls) | 106 | do_cleanup(void *cls) |
96 | { | 107 | { |
97 | if (NULL != ns_qe) | ||
98 | GNUNET_NAMESTORE_cancel (ns_qe); | ||
99 | if (NULL != attr_iterator) | 108 | if (NULL != attr_iterator) |
100 | GNUNET_IDENTITY_PROVIDER_get_attributes_stop (attr_iterator); | 109 | GNUNET_IDENTITY_PROVIDER_get_attributes_stop (attr_iterator); |
101 | if (NULL != idp_handle) | 110 | if (NULL != idp_handle) |
102 | GNUNET_IDENTITY_PROVIDER_disconnect (idp_handle); | 111 | GNUNET_IDENTITY_PROVIDER_disconnect (idp_handle); |
103 | if (NULL != namestore_handle) | ||
104 | GNUNET_NAMESTORE_disconnect (namestore_handle); | ||
105 | if (NULL != identity_handle) | 112 | if (NULL != identity_handle) |
106 | GNUNET_IDENTITY_disconnect (identity_handle); | 113 | GNUNET_IDENTITY_disconnect (identity_handle); |
107 | if (NULL != abe_key) | 114 | if (NULL != abe_key) |
108 | GNUNET_free (abe_key); | 115 | GNUNET_free (abe_key); |
116 | if (NULL != attr_list) | ||
117 | GNUNET_free (attr_list); | ||
109 | } | 118 | } |
110 | 119 | ||
111 | static void | 120 | static void |
112 | ns_error_cb (void *cls) | 121 | ticket_issue_cb (void* cls, |
113 | { | 122 | const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket) |
114 | ns_qe = NULL; | ||
115 | GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, | ||
116 | "Failed."); | ||
117 | do_cleanup(NULL); | ||
118 | return; | ||
119 | } | ||
120 | |||
121 | static void | ||
122 | store_attr_cont (void *cls, | ||
123 | int32_t success, | ||
124 | const char*emsg) | ||
125 | { | 123 | { |
126 | ns_qe = NULL; | 124 | char* ticket_str; |
127 | if (GNUNET_SYSERR == success) { | 125 | if (NULL != ticket) { |
128 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 126 | ticket_str = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd, |
129 | "%s\n", emsg); | 127 | sizeof (uint64_t)); |
130 | } else { | ||
131 | GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, | 128 | GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, |
132 | "Sucessfully added identity attribute %s=%s\n", | 129 | "Got ticket, %s\n", |
133 | attr_name, attr_value); | 130 | ticket_str); |
131 | GNUNET_free (ticket_str); | ||
134 | } | 132 | } |
135 | GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); | 133 | GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); |
136 | } | 134 | } |
137 | 135 | ||
138 | static void | 136 | static void |
139 | store_abe_cont (void *cls, | 137 | store_attr_cont (void *cls, |
140 | int32_t success, | 138 | int32_t success, |
141 | const char*emsg) | 139 | const char*emsg) |
142 | { | 140 | { |
143 | ns_qe = NULL; | 141 | GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, |
142 | "Store continuation\n"); | ||
143 | |||
144 | if (GNUNET_SYSERR == success) { | 144 | if (GNUNET_SYSERR == success) { |
145 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 145 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
146 | "%s\n", emsg); | 146 | "%s\n", emsg); |
147 | } else { | 147 | } else { |
148 | GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, | 148 | GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, |
149 | "Bootstrapped ABE master key. Please run command again.\n"); | 149 | "Sucessfully added identity attribute %s=%s\n", |
150 | attr_name, attr_value); | ||
150 | } | 151 | } |
151 | GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); | 152 | GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); |
152 | } | 153 | } |
@@ -163,100 +164,75 @@ iter_error (void *cls) | |||
163 | static void | 164 | static void |
164 | iter_finished (void *cls) | 165 | iter_finished (void *cls) |
165 | { | 166 | { |
166 | attr_iterator = NULL; | 167 | struct GNUNET_IDENTITY_PROVIDER_Attribute *attr; |
167 | GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); | ||
168 | } | ||
169 | 168 | ||
170 | static void | ||
171 | iter_cb (void *cls, | ||
172 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, | ||
173 | const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr) | ||
174 | { | ||
175 | |||
176 | GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, | 169 | GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, |
177 | "%s: %s\n", attr->name, (char*)attr->data); | 170 | "Attribute collection finished!\n"); |
178 | GNUNET_IDENTITY_PROVIDER_get_attributes_next (attr_iterator); | 171 | attr_iterator = NULL; |
179 | } | 172 | if (list) { |
180 | |||
181 | static void | ||
182 | abe_lookup_cb (void *cls, | ||
183 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, | ||
184 | const char *label, | ||
185 | unsigned int rd_count, | ||
186 | const struct GNUNET_GNSRECORD_Data *rd) | ||
187 | { | ||
188 | struct GNUNET_GNSRECORD_Data new_record; | ||
189 | struct GNUNET_CRYPTO_AbeMasterKey *new_key; | ||
190 | int i; | ||
191 | ssize_t size; | ||
192 | ns_qe = NULL; | ||
193 | for (i=0;i<rd_count;i++) { | ||
194 | if (GNUNET_GNSRECORD_TYPE_ABE_MASTER != rd[i].record_type) | ||
195 | continue; | ||
196 | abe_key = GNUNET_CRYPTO_cpabe_deserialize_master_key (rd[i].data, | ||
197 | rd[i].data_size); | ||
198 | } | ||
199 | if (NULL == abe_key) { | ||
200 | new_key = GNUNET_CRYPTO_cpabe_create_master_key (); | ||
201 | size = GNUNET_CRYPTO_cpabe_serialize_master_key (new_key, | ||
202 | (void**)&new_record.data); | ||
203 | new_record.data_size = size; | ||
204 | new_record.record_type = GNUNET_GNSRECORD_TYPE_ABE_MASTER; | ||
205 | new_record.expiration_time = GNUNET_TIME_UNIT_DAYS.rel_value_us; | ||
206 | new_record.flags = GNUNET_GNSRECORD_RF_PRIVATE | GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; | ||
207 | ns_qe = GNUNET_NAMESTORE_records_store (namestore_handle, | ||
208 | zone, | ||
209 | "+", | ||
210 | 1, | ||
211 | &new_record, | ||
212 | &store_abe_cont, | ||
213 | NULL); | ||
214 | return; | ||
215 | } | ||
216 | if (init) { | ||
217 | GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); | 173 | GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); |
218 | return; | 174 | return; |
219 | } | 175 | } |
220 | 176 | ||
221 | if (list) { | 177 | if (issue_attrs) { |
222 | attr_iterator = GNUNET_IDENTITY_PROVIDER_get_attributes_start (idp_handle, | 178 | idp_op = GNUNET_IDENTITY_PROVIDER_idp_ticket_issue (idp_handle, |
223 | zone, | 179 | pkey, |
224 | &iter_error, | 180 | &rp_key, |
225 | NULL, | 181 | attr_list, |
226 | &iter_cb, | 182 | &ticket_issue_cb, |
227 | NULL, | 183 | NULL); |
228 | &iter_finished, | ||
229 | NULL); | ||
230 | return; | 184 | return; |
231 | } | 185 | } |
186 | attr = GNUNET_IDENTITY_PROVIDER_attribute_new (attr_name, | ||
187 | GNUNET_IDENTITY_PROVIDER_AT_STRING, | ||
188 | attr_value, | ||
189 | strlen (attr_value)); | ||
190 | GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, | ||
191 | "Adding attribute\n"); | ||
232 | 192 | ||
233 | struct GNUNET_IDENTITY_PROVIDER_Attribute *attr = GNUNET_IDENTITY_PROVIDER_attribute_new (attr_name, | ||
234 | GNUNET_IDENTITY_PROVIDER_AT_STRING, | ||
235 | attr_value, | ||
236 | strlen (attr_value)); | ||
237 | idp_op = GNUNET_IDENTITY_PROVIDER_attribute_store (idp_handle, | 193 | idp_op = GNUNET_IDENTITY_PROVIDER_attribute_store (idp_handle, |
238 | zone, | 194 | pkey, |
239 | attr, | 195 | attr, |
240 | &store_attr_cont, | 196 | &store_attr_cont, |
241 | NULL); | 197 | NULL); |
242 | 198 | ||
243 | /*size = GNUNET_CRYPTO_cpabe_encrypt (attr_value, | 199 | |
244 | strlen (attr_value) + 1, | 200 | } |
245 | attr_name, | 201 | |
246 | abe_key, | 202 | static void |
247 | (void**)&new_record.data); | 203 | iter_cb (void *cls, |
248 | new_record.data_size = size; | 204 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, |
249 | new_record.record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR; | 205 | const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr) |
250 | new_record.expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; | 206 | { |
251 | new_record.flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; | 207 | struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; |
252 | 208 | char *attrs_tmp; | |
253 | ns_qe = GNUNET_NAMESTORE_records_store (namestore_handle, | 209 | char *attr_str; |
254 | zone, | 210 | |
255 | attr_name, | 211 | if (issue_attrs) |
256 | 1, | 212 | { |
257 | &new_record, | 213 | attrs_tmp = GNUNET_strdup (issue_attrs); |
258 | &store_attr_cont, | 214 | attr_str = strtok (attrs_tmp, ","); |
259 | NULL);*/ | 215 | while (NULL != attr_str) { |
216 | if (0 != strcmp (attr_str, attr->name)) { | ||
217 | attr_str = strtok (NULL, ","); | ||
218 | continue; | ||
219 | } | ||
220 | le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry); | ||
221 | le->attribute = GNUNET_IDENTITY_PROVIDER_attribute_new (attr->name, | ||
222 | attr->attribute_type, | ||
223 | attr->data, | ||
224 | attr->data_size); | ||
225 | GNUNET_CONTAINER_DLL_insert (attr_list->list_head, | ||
226 | attr_list->list_tail, | ||
227 | le); | ||
228 | break; | ||
229 | } | ||
230 | GNUNET_free (attrs_tmp); | ||
231 | } else { | ||
232 | GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, | ||
233 | "%s: %s\n", attr->name, (char*)attr->data); | ||
234 | } | ||
235 | GNUNET_IDENTITY_PROVIDER_get_attributes_next (attr_iterator); | ||
260 | } | 236 | } |
261 | 237 | ||
262 | static void | 238 | static void |
@@ -265,19 +241,29 @@ ego_cb (void *cls, | |||
265 | void **ctx, | 241 | void **ctx, |
266 | const char *name) | 242 | const char *name) |
267 | { | 243 | { |
268 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey; | ||
269 | if (NULL == name) | 244 | if (NULL == name) |
270 | return; | 245 | return; |
271 | if (0 != strcmp (name, ego_name)) | 246 | if (0 != strcmp (name, ego_name)) |
272 | return; | 247 | return; |
273 | pkey = GNUNET_IDENTITY_ego_get_private_key (ego); | 248 | pkey = GNUNET_IDENTITY_ego_get_private_key (ego); |
274 | ns_qe = GNUNET_NAMESTORE_records_lookup (namestore_handle, | 249 | |
275 | pkey, | 250 | if (NULL != rp) |
276 | "+", | 251 | GNUNET_CRYPTO_ecdsa_public_key_from_string (rp, |
277 | &ns_error_cb, | 252 | strlen (rp), |
278 | NULL, | 253 | &rp_key); |
279 | &abe_lookup_cb, | 254 | |
280 | NULL); | 255 | attr_list = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList); |
256 | |||
257 | attr_iterator = GNUNET_IDENTITY_PROVIDER_get_attributes_start (idp_handle, | ||
258 | pkey, | ||
259 | &iter_error, | ||
260 | NULL, | ||
261 | &iter_cb, | ||
262 | NULL, | ||
263 | &iter_finished, | ||
264 | NULL); | ||
265 | |||
266 | |||
281 | } | 267 | } |
282 | 268 | ||
283 | static void | 269 | static void |
@@ -294,18 +280,6 @@ run (void *cls, | |||
294 | return; | 280 | return; |
295 | } | 281 | } |
296 | 282 | ||
297 | if ((NULL == attr_name) && !list && !init) | ||
298 | { | ||
299 | return; | ||
300 | } | ||
301 | if ((NULL == attr_value) && !list && !init) | ||
302 | { | ||
303 | GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, | ||
304 | _("Value is required\n")); | ||
305 | return; | ||
306 | } | ||
307 | |||
308 | namestore_handle = GNUNET_NAMESTORE_connect (c); | ||
309 | idp_handle = GNUNET_IDENTITY_PROVIDER_connect (c); | 283 | idp_handle = GNUNET_IDENTITY_PROVIDER_connect (c); |
310 | //Get Ego | 284 | //Get Ego |
311 | identity_handle = GNUNET_IDENTITY_connect (c, | 285 | identity_handle = GNUNET_IDENTITY_connect (c, |
@@ -337,14 +311,20 @@ main(int argc, char *const argv[]) | |||
337 | NULL, | 311 | NULL, |
338 | gettext_noop ("Ego"), | 312 | gettext_noop ("Ego"), |
339 | &ego_name), | 313 | &ego_name), |
314 | GNUNET_GETOPT_option_string ('r', | ||
315 | "rp", | ||
316 | NULL, | ||
317 | gettext_noop ("Audience (relying party)"), | ||
318 | &rp), | ||
340 | GNUNET_GETOPT_option_flag ('D', | 319 | GNUNET_GETOPT_option_flag ('D', |
341 | "dump", | 320 | "dump", |
342 | gettext_noop ("List attributes for Ego"), | 321 | gettext_noop ("List attributes for Ego"), |
343 | &list), | 322 | &list), |
344 | GNUNET_GETOPT_option_flag ('i', | 323 | GNUNET_GETOPT_option_string ('i', |
345 | "init", | 324 | "issue", |
346 | gettext_noop ("Initialize attribute store"), | 325 | NULL, |
347 | &init), | 326 | gettext_noop ("Issue a ticket"), |
327 | &issue_attrs), | ||
348 | GNUNET_GETOPT_OPTION_END | 328 | GNUNET_GETOPT_OPTION_END |
349 | }; | 329 | }; |
350 | return GNUNET_PROGRAM_run (argc, argv, "ct", | 330 | return GNUNET_PROGRAM_run (argc, argv, "ct", |
diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 0ce70aed3..b481c00c0 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c | |||
@@ -373,6 +373,45 @@ struct ParallelLookup | |||
373 | char *label; | 373 | char *label; |
374 | }; | 374 | }; |
375 | 375 | ||
376 | |||
377 | struct TicketIssueHandle | ||
378 | { | ||
379 | |||
380 | /** | ||
381 | * Client connection | ||
382 | */ | ||
383 | struct IdpClient *client; | ||
384 | |||
385 | /** | ||
386 | * Attributes to issue | ||
387 | */ | ||
388 | struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs; | ||
389 | |||
390 | /** | ||
391 | * Issuer Key | ||
392 | */ | ||
393 | struct GNUNET_CRYPTO_EcdsaPrivateKey identity; | ||
394 | |||
395 | /** | ||
396 | * Ticket to issue | ||
397 | */ | ||
398 | struct GNUNET_IDENTITY_PROVIDER_Ticket2 ticket; | ||
399 | |||
400 | /** | ||
401 | * QueueEntry | ||
402 | */ | ||
403 | struct GNUNET_NAMESTORE_QueueEntry *ns_qe; | ||
404 | |||
405 | /** | ||
406 | * request id | ||
407 | */ | ||
408 | uint32_t r_id; | ||
409 | }; | ||
410 | |||
411 | |||
412 | /** | ||
413 | * DEPRECATED | ||
414 | */ | ||
376 | struct IssueHandle | 415 | struct IssueHandle |
377 | { | 416 | { |
378 | 417 | ||
@@ -546,6 +585,120 @@ do_shutdown (void *cls) | |||
546 | cleanup(); | 585 | cleanup(); |
547 | } | 586 | } |
548 | 587 | ||
588 | /** | ||
589 | * Finished storing newly bootstrapped ABE key | ||
590 | */ | ||
591 | static void | ||
592 | bootstrap_store_cont (void *cls, | ||
593 | int32_t success, | ||
594 | const char *emsg) | ||
595 | { | ||
596 | struct AbeBootstrapHandle *abh = cls; | ||
597 | if (GNUNET_SYSERR == success) | ||
598 | { | ||
599 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
600 | "Failed to bootstrap ABE master %s\n", | ||
601 | emsg); | ||
602 | abh->proc (abh->proc_cls, NULL); | ||
603 | GNUNET_free (abh->abe_key); | ||
604 | GNUNET_free (abh); | ||
605 | return; | ||
606 | } | ||
607 | abh->proc (abh->proc_cls, abh->abe_key); | ||
608 | GNUNET_free (abh); | ||
609 | } | ||
610 | |||
611 | /** | ||
612 | * Generates and stores a new ABE key | ||
613 | */ | ||
614 | static void | ||
615 | bootstrap_store_task (void *cls) | ||
616 | { | ||
617 | struct AbeBootstrapHandle *abh = cls; | ||
618 | struct GNUNET_GNSRECORD_Data rd[1]; | ||
619 | |||
620 | rd[0].data_size = GNUNET_CRYPTO_cpabe_serialize_master_key (abh->abe_key, | ||
621 | (void**)&rd[0].data); | ||
622 | rd[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_MASTER; | ||
623 | rd[0].flags = GNUNET_GNSRECORD_RF_NONE | GNUNET_GNSRECORD_RF_PRIVATE; | ||
624 | rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane? | ||
625 | abh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, | ||
626 | &abh->identity, | ||
627 | "+", | ||
628 | 1, | ||
629 | rd, | ||
630 | &bootstrap_store_cont, | ||
631 | abh); | ||
632 | } | ||
633 | |||
634 | /** | ||
635 | * Error checking for ABE master | ||
636 | */ | ||
637 | static void | ||
638 | bootstrap_abe_error (void *cls) | ||
639 | { | ||
640 | struct AbeBootstrapHandle *abh = cls; | ||
641 | GNUNET_free (abh); | ||
642 | abh->proc (abh->proc_cls, NULL); | ||
643 | GNUNET_free (abh); | ||
644 | } | ||
645 | |||
646 | |||
647 | /** | ||
648 | * Handle ABE lookup in namestore | ||
649 | */ | ||
650 | static void | ||
651 | bootstrap_abe_result (void *cls, | ||
652 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, | ||
653 | const char *label, | ||
654 | unsigned int rd_count, | ||
655 | const struct GNUNET_GNSRECORD_Data *rd) | ||
656 | { | ||
657 | struct AbeBootstrapHandle *abh = cls; | ||
658 | struct GNUNET_CRYPTO_AbeMasterKey *abe_key; | ||
659 | int i; | ||
660 | |||
661 | for (i=0;i<rd_count;i++) { | ||
662 | if (GNUNET_GNSRECORD_TYPE_ABE_MASTER != rd[i].record_type) | ||
663 | continue; | ||
664 | abe_key = GNUNET_CRYPTO_cpabe_deserialize_master_key ((void**)rd[i].data, | ||
665 | rd[i].data_size); | ||
666 | abh->proc (abh->proc_cls, abe_key); | ||
667 | GNUNET_free (abh); | ||
668 | return; | ||
669 | } | ||
670 | |||
671 | //No ABE master found, bootstrapping... | ||
672 | abh->abe_key = GNUNET_CRYPTO_cpabe_create_master_key (); | ||
673 | GNUNET_SCHEDULER_add_now (&bootstrap_store_task, abh); | ||
674 | } | ||
675 | |||
676 | /** | ||
677 | * Bootstrap ABE master if it does not yet exists. | ||
678 | * Will call the AbeBootstrapResult processor when done. | ||
679 | */ | ||
680 | static void | ||
681 | bootstrap_abe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, | ||
682 | AbeBootstrapResult proc, | ||
683 | void* cls) | ||
684 | { | ||
685 | struct AbeBootstrapHandle *abh; | ||
686 | |||
687 | abh = GNUNET_new (struct AbeBootstrapHandle); | ||
688 | abh->proc = proc; | ||
689 | abh->proc_cls = cls; | ||
690 | abh->identity = *identity; | ||
691 | abh->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle, | ||
692 | identity, | ||
693 | "+", | ||
694 | &bootstrap_abe_error, | ||
695 | abh, | ||
696 | &bootstrap_abe_result, | ||
697 | abh); | ||
698 | |||
699 | } | ||
700 | |||
701 | |||
549 | 702 | ||
550 | static struct GNUNET_MQ_Envelope* | 703 | static struct GNUNET_MQ_Envelope* |
551 | create_exchange_result_message (const char* token, | 704 | create_exchange_result_message (const char* token, |
@@ -996,6 +1149,7 @@ attr_collect_finished (void *cls) | |||
996 | &handle_vattr_collection, | 1149 | &handle_vattr_collection, |
997 | handle); | 1150 | handle); |
998 | } | 1151 | } |
1152 | |||
999 | /** | 1153 | /** |
1000 | * Collect attributes for token | 1154 | * Collect attributes for token |
1001 | */ | 1155 | */ |
@@ -1293,36 +1447,6 @@ handle_exchange_message (void *cls, | |||
1293 | 1447 | ||
1294 | } | 1448 | } |
1295 | 1449 | ||
1296 | /** | ||
1297 | * Checks an issue message | ||
1298 | * | ||
1299 | * @param cls client sending the message | ||
1300 | * @param im message of type `struct IssueMessage` | ||
1301 | * @return #GNUNET_OK if @a im is well-formed | ||
1302 | */ | ||
1303 | static int | ||
1304 | check_issue_message(void *cls, | ||
1305 | const struct IssueMessage *im) | ||
1306 | { | ||
1307 | uint16_t size; | ||
1308 | |||
1309 | size = ntohs (im->header.size); | ||
1310 | if (size <= sizeof (struct IssueMessage)) | ||
1311 | { | ||
1312 | GNUNET_break (0); | ||
1313 | return GNUNET_SYSERR; | ||
1314 | } | ||
1315 | scopes = (char *) &im[1]; | ||
1316 | if ('\0' != scopes[size - sizeof (struct IssueMessage) - 1]) | ||
1317 | { | ||
1318 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1319 | "Malformed scopes received!\n"); | ||
1320 | GNUNET_break (0); | ||
1321 | return GNUNET_SYSERR; | ||
1322 | } | ||
1323 | return GNUNET_OK; | ||
1324 | } | ||
1325 | |||
1326 | void | 1450 | void |
1327 | attr_collect_task (void *cls) | 1451 | attr_collect_task (void *cls) |
1328 | { | 1452 | { |
@@ -1338,8 +1462,6 @@ attr_collect_task (void *cls) | |||
1338 | issue_handle); | 1462 | issue_handle); |
1339 | } | 1463 | } |
1340 | 1464 | ||
1341 | |||
1342 | |||
1343 | void | 1465 | void |
1344 | abe_key_lookup_error (void *cls) | 1466 | abe_key_lookup_error (void *cls) |
1345 | { | 1467 | { |
@@ -1372,6 +1494,38 @@ abe_key_lookup_result (void *cls, | |||
1372 | 1494 | ||
1373 | } | 1495 | } |
1374 | 1496 | ||
1497 | |||
1498 | /** | ||
1499 | * Checks an issue message | ||
1500 | * | ||
1501 | * @param cls client sending the message | ||
1502 | * @param im message of type `struct IssueMessage` | ||
1503 | * @return #GNUNET_OK if @a im is well-formed | ||
1504 | */ | ||
1505 | static int | ||
1506 | check_issue_message(void *cls, | ||
1507 | const struct IssueMessage *im) | ||
1508 | { | ||
1509 | uint16_t size; | ||
1510 | |||
1511 | size = ntohs (im->header.size); | ||
1512 | if (size <= sizeof (struct IssueMessage)) | ||
1513 | { | ||
1514 | GNUNET_break (0); | ||
1515 | return GNUNET_SYSERR; | ||
1516 | } | ||
1517 | scopes = (char *) &im[1]; | ||
1518 | if ('\0' != scopes[size - sizeof (struct IssueMessage) - 1]) | ||
1519 | { | ||
1520 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1521 | "Malformed scopes received!\n"); | ||
1522 | GNUNET_break (0); | ||
1523 | return GNUNET_SYSERR; | ||
1524 | } | ||
1525 | return GNUNET_OK; | ||
1526 | } | ||
1527 | |||
1528 | |||
1375 | /** | 1529 | /** |
1376 | * | 1530 | * |
1377 | * Handler for issue message | 1531 | * Handler for issue message |
@@ -1452,6 +1606,240 @@ handle_issue_message (void *cls, | |||
1452 | } | 1606 | } |
1453 | 1607 | ||
1454 | static void | 1608 | static void |
1609 | cleanup_ticket_issue_handle (struct TicketIssueHandle *handle) | ||
1610 | { | ||
1611 | struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; | ||
1612 | struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *tmp_le; | ||
1613 | |||
1614 | for (le = handle->attrs->list_head; NULL != le;) | ||
1615 | { | ||
1616 | GNUNET_free (le->attribute); | ||
1617 | tmp_le = le; | ||
1618 | le = le->next; | ||
1619 | GNUNET_free (tmp_le); | ||
1620 | } | ||
1621 | GNUNET_free (handle->attrs); | ||
1622 | if (NULL != handle->ns_qe) | ||
1623 | GNUNET_NAMESTORE_cancel (handle->ns_qe); | ||
1624 | GNUNET_free (handle); | ||
1625 | } | ||
1626 | |||
1627 | static void | ||
1628 | store_ticket_issue_cont (void *cls, | ||
1629 | int32_t success, | ||
1630 | const char *emsg) | ||
1631 | { | ||
1632 | struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket; | ||
1633 | struct TicketIssueHandle *handle = cls; | ||
1634 | struct TicketResultMessage *irm; | ||
1635 | struct GNUNET_MQ_Envelope *env; | ||
1636 | |||
1637 | handle->ns_qe = NULL; | ||
1638 | if (GNUNET_SYSERR == success) | ||
1639 | { | ||
1640 | cleanup_ticket_issue_handle (handle); | ||
1641 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", | ||
1642 | "Unknown Error\n"); | ||
1643 | GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); | ||
1644 | return; | ||
1645 | } | ||
1646 | env = GNUNET_MQ_msg_extra (irm, | ||
1647 | sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket2), | ||
1648 | GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT); | ||
1649 | ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket2 *)&irm[1]; | ||
1650 | *ticket = handle->ticket; | ||
1651 | irm->id = handle->r_id; | ||
1652 | |||
1653 | GNUNET_MQ_send (handle->client->mq, | ||
1654 | env); | ||
1655 | cleanup_ticket_issue_handle (handle); | ||
1656 | } | ||
1657 | |||
1658 | |||
1659 | |||
1660 | /** | ||
1661 | * Checks a ticket issue message | ||
1662 | * | ||
1663 | * @param cls client sending the message | ||
1664 | * @param im message of type `struct TicketIssueMessage` | ||
1665 | * @return #GNUNET_OK if @a im is well-formed | ||
1666 | */ | ||
1667 | static int | ||
1668 | check_ticket_issue_message(void *cls, | ||
1669 | const struct TicketIssueMessage *im) | ||
1670 | { | ||
1671 | uint16_t size; | ||
1672 | |||
1673 | size = ntohs (im->header.size); | ||
1674 | if (size <= sizeof (struct IssueMessage)) | ||
1675 | { | ||
1676 | GNUNET_break (0); | ||
1677 | return GNUNET_SYSERR; | ||
1678 | } | ||
1679 | return GNUNET_OK; | ||
1680 | } | ||
1681 | |||
1682 | int | ||
1683 | serialize_abe_keyinfo2 (const struct TicketIssueHandle *handle, | ||
1684 | const struct GNUNET_CRYPTO_AbeKey *rp_key, | ||
1685 | struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey, | ||
1686 | char **result) | ||
1687 | { | ||
1688 | struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey; | ||
1689 | struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; | ||
1690 | char *enc_keyinfo; | ||
1691 | char *serialized_key; | ||
1692 | char *buf; | ||
1693 | char *write_ptr; | ||
1694 | char attrs_str_len; | ||
1695 | ssize_t size; | ||
1696 | |||
1697 | struct GNUNET_CRYPTO_SymmetricSessionKey skey; | ||
1698 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; | ||
1699 | struct GNUNET_HashCode new_key_hash; | ||
1700 | ssize_t enc_size; | ||
1701 | |||
1702 | size = GNUNET_CRYPTO_cpabe_serialize_key (rp_key, | ||
1703 | (void**)&serialized_key); | ||
1704 | attrs_str_len = 0; | ||
1705 | for (le = handle->attrs->list_head; NULL != le; le = le->next) { | ||
1706 | attrs_str_len += strlen (le->attribute->name) + 1; | ||
1707 | } | ||
1708 | buf = GNUNET_malloc (attrs_str_len + size); | ||
1709 | write_ptr = buf; | ||
1710 | for (le = handle->attrs->list_head; NULL != le; le = le->next) { | ||
1711 | GNUNET_memcpy (write_ptr, | ||
1712 | le->attribute->name, | ||
1713 | strlen (le->attribute->name)); | ||
1714 | write_ptr[strlen (le->attribute->name)] = ','; | ||
1715 | write_ptr += strlen (le->attribute->name) + 1; | ||
1716 | } | ||
1717 | write_ptr--; | ||
1718 | write_ptr[0] = '\0'; //replace last , with a 0-terminator | ||
1719 | write_ptr++; | ||
1720 | GNUNET_memcpy (write_ptr, | ||
1721 | serialized_key, | ||
1722 | size); | ||
1723 | // ECDH keypair E = eG | ||
1724 | *ecdh_privkey = GNUNET_CRYPTO_ecdhe_key_create(); | ||
1725 | GNUNET_CRYPTO_ecdhe_key_get_public (*ecdh_privkey, | ||
1726 | &ecdh_pubkey); | ||
1727 | enc_keyinfo = GNUNET_malloc (size + attrs_str_len); | ||
1728 | // Derived key K = H(eB) | ||
1729 | GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdh_ecdsa (*ecdh_privkey, | ||
1730 | &handle->ticket.audience, | ||
1731 | &new_key_hash)); | ||
1732 | create_sym_key_from_ecdh(&new_key_hash, &skey, &iv); | ||
1733 | enc_size = GNUNET_CRYPTO_symmetric_encrypt (buf, | ||
1734 | size + attrs_str_len, | ||
1735 | &skey, &iv, | ||
1736 | enc_keyinfo); | ||
1737 | *result = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)+ | ||
1738 | enc_size); | ||
1739 | GNUNET_memcpy (*result, | ||
1740 | &ecdh_pubkey, | ||
1741 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); | ||
1742 | GNUNET_memcpy (*result + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey), | ||
1743 | enc_keyinfo, | ||
1744 | enc_size); | ||
1745 | GNUNET_free (enc_keyinfo); | ||
1746 | return sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)+enc_size; | ||
1747 | } | ||
1748 | |||
1749 | |||
1750 | |||
1751 | static void | ||
1752 | issue_ticket_after_abe_bootstrap (void *cls, | ||
1753 | struct GNUNET_CRYPTO_AbeMasterKey *abe_key) | ||
1754 | { | ||
1755 | struct TicketIssueHandle *ih = cls; | ||
1756 | struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; | ||
1757 | struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; | ||
1758 | struct GNUNET_GNSRECORD_Data code_record[1]; | ||
1759 | struct GNUNET_CRYPTO_AbeKey *rp_key; | ||
1760 | char *code_record_data; | ||
1761 | char **attrs; | ||
1762 | char *label; | ||
1763 | int attrs_len; | ||
1764 | int i; | ||
1765 | size_t code_record_len; | ||
1766 | |||
1767 | //Create new ABE key for RP | ||
1768 | attrs_len = 0; | ||
1769 | for (le = ih->attrs->list_head; NULL != le; le = le->next) | ||
1770 | attrs_len++; | ||
1771 | attrs = GNUNET_malloc (attrs_len); | ||
1772 | i = 0; | ||
1773 | for (le = ih->attrs->list_head; NULL != le; le = le->next) { | ||
1774 | attrs[i] = (char*) le->attribute->name; | ||
1775 | i++; | ||
1776 | } | ||
1777 | rp_key = GNUNET_CRYPTO_cpabe_create_key (abe_key, | ||
1778 | attrs); | ||
1779 | |||
1780 | //TODO review this wireformat | ||
1781 | code_record_len = serialize_abe_keyinfo2 (ih, | ||
1782 | rp_key, | ||
1783 | &ecdhe_privkey, | ||
1784 | &code_record_data); | ||
1785 | code_record[0].data = code_record_data; | ||
1786 | code_record[0].data_size = code_record_len; | ||
1787 | code_record[0].expiration_time = GNUNET_TIME_UNIT_DAYS.rel_value_us; | ||
1788 | code_record[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_KEY; | ||
1789 | code_record[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; | ||
1790 | |||
1791 | label = GNUNET_STRINGS_data_to_string_alloc (&ih->ticket.rnd, | ||
1792 | sizeof (uint64_t)); | ||
1793 | //Publish record | ||
1794 | ih->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, | ||
1795 | &ih->identity, | ||
1796 | label, | ||
1797 | 1, | ||
1798 | code_record, | ||
1799 | &store_ticket_issue_cont, | ||
1800 | ih); | ||
1801 | GNUNET_free (ecdhe_privkey); | ||
1802 | GNUNET_free (label); | ||
1803 | GNUNET_free (code_record_data); | ||
1804 | } | ||
1805 | |||
1806 | |||
1807 | /** | ||
1808 | * | ||
1809 | * Handler for ticket issue message | ||
1810 | * | ||
1811 | * @param cls unused | ||
1812 | * @param client who sent the message | ||
1813 | * @param message the message | ||
1814 | */ | ||
1815 | static void | ||
1816 | handle_ticket_issue_message (void *cls, | ||
1817 | const struct TicketIssueMessage *im) | ||
1818 | { | ||
1819 | struct TicketIssueHandle *ih; | ||
1820 | struct IdpClient *idp = cls; | ||
1821 | size_t attrs_len; | ||
1822 | |||
1823 | ih = GNUNET_new (struct TicketIssueHandle); | ||
1824 | attrs_len = ntohs (im->attr_len); | ||
1825 | ih->attrs = attribute_list_deserialize ((char*)&im[1], attrs_len); | ||
1826 | ih->r_id = im->id; | ||
1827 | ih->client = idp; | ||
1828 | ih->identity = im->identity; | ||
1829 | GNUNET_CRYPTO_ecdsa_key_get_public (&ih->identity, | ||
1830 | &ih->ticket.identity); | ||
1831 | ih->ticket.audience = im->rp; | ||
1832 | ih->ticket.rnd = | ||
1833 | GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG, | ||
1834 | UINT64_MAX); | ||
1835 | bootstrap_abe (&ih->identity, &issue_ticket_after_abe_bootstrap, ih); | ||
1836 | GNUNET_SERVICE_client_continue (idp->client); | ||
1837 | |||
1838 | } | ||
1839 | |||
1840 | |||
1841 | |||
1842 | static void | ||
1455 | cleanup_as_handle (struct AttributeStoreHandle *handle) | 1843 | cleanup_as_handle (struct AttributeStoreHandle *handle) |
1456 | { | 1844 | { |
1457 | if (NULL != handle->attribute) | 1845 | if (NULL != handle->attribute) |
@@ -1481,10 +1869,10 @@ attr_store_cont (void *cls, | |||
1481 | return; | 1869 | return; |
1482 | } | 1870 | } |
1483 | 1871 | ||
1484 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 1872 | GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, |
1485 | "Sending ATTRIBUTE_STORE_RESPONSE message\n"); | 1873 | "Sending ATTRIBUTE_STORE_RESPONSE message\n"); |
1486 | env = GNUNET_MQ_msg (acr_msg, | 1874 | env = GNUNET_MQ_msg (acr_msg, |
1487 | GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE); | 1875 | GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE); |
1488 | acr_msg->id = htonl (as_handle->r_id); | 1876 | acr_msg->id = htonl (as_handle->r_id); |
1489 | acr_msg->op_result = htonl (GNUNET_OK); | 1877 | acr_msg->op_result = htonl (GNUNET_OK); |
1490 | GNUNET_MQ_send (as_handle->client->mq, | 1878 | GNUNET_MQ_send (as_handle->client->mq, |
@@ -1500,6 +1888,8 @@ attr_store_task (void *cls) | |||
1500 | char* buf; | 1888 | char* buf; |
1501 | size_t buf_size; | 1889 | size_t buf_size; |
1502 | 1890 | ||
1891 | GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, | ||
1892 | "Storing attribute\n"); | ||
1503 | buf_size = attribute_serialize_get_size (as_handle->attribute); | 1893 | buf_size = attribute_serialize_get_size (as_handle->attribute); |
1504 | buf = GNUNET_malloc (buf_size); | 1894 | buf = GNUNET_malloc (buf_size); |
1505 | 1895 | ||
@@ -1529,108 +1919,13 @@ attr_store_task (void *cls) | |||
1529 | 1919 | ||
1530 | } | 1920 | } |
1531 | 1921 | ||
1532 | static void | ||
1533 | bootstrap_store_cont (void *cls, | ||
1534 | int32_t success, | ||
1535 | const char *emsg) | ||
1536 | { | ||
1537 | struct AbeBootstrapHandle *abh = cls; | ||
1538 | if (GNUNET_SYSERR == success) | ||
1539 | { | ||
1540 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1541 | "Failed to bootstrap ABE master %s\n", | ||
1542 | emsg); | ||
1543 | abh->proc (abh->proc_cls, NULL); | ||
1544 | GNUNET_free (abh->abe_key); | ||
1545 | GNUNET_free (abh); | ||
1546 | return; | ||
1547 | } | ||
1548 | abh->proc (abh->proc_cls, abh->abe_key); | ||
1549 | GNUNET_free (abh); | ||
1550 | } | ||
1551 | |||
1552 | static void | ||
1553 | bootstrap_store_task (void *cls) | ||
1554 | { | ||
1555 | struct AbeBootstrapHandle *abh = cls; | ||
1556 | struct GNUNET_GNSRECORD_Data rd[1]; | ||
1557 | |||
1558 | rd[0].data_size = GNUNET_CRYPTO_cpabe_serialize_master_key (abh->abe_key, | ||
1559 | (void**)&rd[0].data); | ||
1560 | rd[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_MASTER; | ||
1561 | rd[0].flags = GNUNET_GNSRECORD_RF_NONE | GNUNET_GNSRECORD_RF_PRIVATE; | ||
1562 | rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane? | ||
1563 | abh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, | ||
1564 | &abh->identity, | ||
1565 | "+", | ||
1566 | 1, | ||
1567 | rd, | ||
1568 | &bootstrap_store_cont, | ||
1569 | abh); | ||
1570 | } | ||
1571 | |||
1572 | static void | ||
1573 | bootstrap_abe_error (void *cls) | ||
1574 | { | ||
1575 | struct AbeBootstrapHandle *abh = cls; | ||
1576 | GNUNET_free (abh); | ||
1577 | abh->proc (abh->proc_cls, NULL); | ||
1578 | GNUNET_free (abh); | ||
1579 | } | ||
1580 | |||
1581 | |||
1582 | |||
1583 | static void | ||
1584 | bootstrap_abe_result (void *cls, | ||
1585 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, | ||
1586 | const char *label, | ||
1587 | unsigned int rd_count, | ||
1588 | const struct GNUNET_GNSRECORD_Data *rd) | ||
1589 | { | ||
1590 | struct AbeBootstrapHandle *abh = cls; | ||
1591 | struct GNUNET_CRYPTO_AbeMasterKey *abe_key; | ||
1592 | int i; | ||
1593 | |||
1594 | for (i=0;i<rd_count;i++) { | ||
1595 | if (GNUNET_GNSRECORD_TYPE_ABE_MASTER != rd[i].record_type) | ||
1596 | continue; | ||
1597 | abe_key = GNUNET_CRYPTO_cpabe_deserialize_master_key ((void**)rd[i].data, | ||
1598 | rd[i].data_size); | ||
1599 | abh->proc (abh->proc_cls, abe_key); | ||
1600 | GNUNET_free (abh); | ||
1601 | return; | ||
1602 | } | ||
1603 | |||
1604 | //No ABE master found, bootstrapping... | ||
1605 | abh->abe_key = GNUNET_CRYPTO_cpabe_create_master_key (); | ||
1606 | GNUNET_SCHEDULER_add_now (&bootstrap_store_task, abh); | ||
1607 | } | ||
1608 | |||
1609 | static void | ||
1610 | bootstrap_abe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, | ||
1611 | AbeBootstrapResult proc, | ||
1612 | void* cls) | ||
1613 | { | ||
1614 | struct AbeBootstrapHandle *abh; | ||
1615 | |||
1616 | abh = GNUNET_new (struct AbeBootstrapHandle); | ||
1617 | abh->proc = proc; | ||
1618 | abh->proc_cls = cls; | ||
1619 | abh->identity = *identity; | ||
1620 | abh->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle, | ||
1621 | identity, | ||
1622 | "+", | ||
1623 | &bootstrap_abe_error, | ||
1624 | abh, | ||
1625 | &bootstrap_abe_result, | ||
1626 | abh); | ||
1627 | |||
1628 | } | ||
1629 | 1922 | ||
1630 | static void | 1923 | static void |
1631 | store_after_abe_bootstrap (void *cls, | 1924 | store_after_abe_bootstrap (void *cls, |
1632 | struct GNUNET_CRYPTO_AbeMasterKey *abe_key) | 1925 | struct GNUNET_CRYPTO_AbeMasterKey *abe_key) |
1633 | { | 1926 | { |
1927 | GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, | ||
1928 | "Finished ABE bootstrap\n"); | ||
1634 | struct AttributeStoreHandle *ash = cls; | 1929 | struct AttributeStoreHandle *ash = cls; |
1635 | ash->abe_key = abe_key; | 1930 | ash->abe_key = abe_key; |
1636 | GNUNET_SCHEDULER_add_now (&attr_store_task, ash); | 1931 | GNUNET_SCHEDULER_add_now (&attr_store_task, ash); |
@@ -1674,6 +1969,8 @@ handle_attribute_store_message (void *cls, | |||
1674 | struct AttributeStoreHandle *as_handle; | 1969 | struct AttributeStoreHandle *as_handle; |
1675 | struct IdpClient *idp = cls; | 1970 | struct IdpClient *idp = cls; |
1676 | size_t data_len; | 1971 | size_t data_len; |
1972 | GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, | ||
1973 | "Received ATTRIBUTE_STORE message\n"); | ||
1677 | 1974 | ||
1678 | data_len = ntohs (sam->attr_len); | 1975 | data_len = ntohs (sam->attr_len); |
1679 | 1976 | ||
@@ -1681,14 +1978,13 @@ handle_attribute_store_message (void *cls, | |||
1681 | as_handle->attribute = attribute_deserialize ((char*)&sam[1], | 1978 | as_handle->attribute = attribute_deserialize ((char*)&sam[1], |
1682 | data_len); | 1979 | data_len); |
1683 | 1980 | ||
1684 | as_handle->r_id = sam->id; | 1981 | as_handle->r_id = ntohl (sam->id); |
1685 | as_handle->identity = sam->identity; | 1982 | as_handle->identity = sam->identity; |
1686 | GNUNET_CRYPTO_ecdsa_key_get_public (&sam->identity, | 1983 | GNUNET_CRYPTO_ecdsa_key_get_public (&sam->identity, |
1687 | &as_handle->identity_pkey); | 1984 | &as_handle->identity_pkey); |
1688 | 1985 | ||
1689 | GNUNET_SERVICE_client_continue (idp->client); | 1986 | GNUNET_SERVICE_client_continue (idp->client); |
1690 | as_handle->client = idp; | 1987 | as_handle->client = idp; |
1691 | |||
1692 | bootstrap_abe (&as_handle->identity, &store_after_abe_bootstrap, as_handle); | 1988 | bootstrap_abe (&as_handle->identity, &store_after_abe_bootstrap, as_handle); |
1693 | } | 1989 | } |
1694 | 1990 | ||
@@ -1697,6 +1993,9 @@ cleanup_iter_handle (struct AttributeIterator *ai) | |||
1697 | { | 1993 | { |
1698 | if (NULL != ai->abe_key) | 1994 | if (NULL != ai->abe_key) |
1699 | GNUNET_free (ai->abe_key); | 1995 | GNUNET_free (ai->abe_key); |
1996 | GNUNET_CONTAINER_DLL_remove (ai->client->op_head, | ||
1997 | ai->client->op_tail, | ||
1998 | ai); | ||
1700 | GNUNET_free (ai); | 1999 | GNUNET_free (ai); |
1701 | } | 2000 | } |
1702 | 2001 | ||
@@ -2036,5 +2335,9 @@ GNUNET_SERVICE_MAIN | |||
2036 | GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP, | 2335 | GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP, |
2037 | struct AttributeIterationStopMessage, | 2336 | struct AttributeIterationStopMessage, |
2038 | NULL), | 2337 | NULL), |
2338 | GNUNET_MQ_hd_var_size (ticket_issue_message, | ||
2339 | GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ISSUE, | ||
2340 | struct TicketIssueMessage, | ||
2341 | NULL), | ||
2039 | GNUNET_MQ_handler_end()); | 2342 | GNUNET_MQ_handler_end()); |
2040 | /* end of gnunet-service-identity-provider.c */ | 2343 | /* end of gnunet-service-identity-provider.c */ |
diff --git a/src/identity-provider/identity_attribute.c b/src/identity-provider/identity_attribute.c index 3794010b2..8cc94a731 100644 --- a/src/identity-provider/identity_attribute.c +++ b/src/identity-provider/identity_attribute.c | |||
@@ -63,17 +63,73 @@ attribute_new (const char* attr_name, | |||
63 | return attr; | 63 | return attr; |
64 | } | 64 | } |
65 | 65 | ||
66 | size_t | ||
67 | attribute_list_serialize_get_size (const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs) | ||
68 | { | ||
69 | struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; | ||
70 | size_t len = 0; | ||
71 | for (le = attrs->list_head; NULL != le; le = le->next) | ||
72 | len += attribute_serialize_get_size (le->attribute); | ||
73 | return len; | ||
74 | } | ||
75 | |||
76 | size_t | ||
77 | attribute_list_serialize (const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs, | ||
78 | char *result) | ||
79 | { | ||
80 | struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; | ||
81 | size_t len; | ||
82 | size_t total_len; | ||
83 | char* write_ptr; | ||
84 | |||
85 | write_ptr = result; | ||
86 | total_len = 0; | ||
87 | for (le = attrs->list_head; NULL != le; le = le->next) | ||
88 | { | ||
89 | len = attribute_serialize (le->attribute, | ||
90 | write_ptr); | ||
91 | total_len += len; | ||
92 | write_ptr += len; | ||
93 | } | ||
94 | return total_len; | ||
95 | } | ||
96 | |||
97 | struct GNUNET_IDENTITY_PROVIDER_AttributeList * | ||
98 | attribute_list_deserialize (const char* data, | ||
99 | size_t data_size) | ||
100 | { | ||
101 | struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs; | ||
102 | struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; | ||
103 | size_t attr_len; | ||
104 | const char* read_ptr; | ||
105 | |||
106 | if (data_size < sizeof (struct Attribute)) | ||
107 | return NULL; | ||
108 | |||
109 | attrs = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList); | ||
110 | read_ptr = data; | ||
111 | while (((data + data_size) - read_ptr) >= sizeof (struct Attribute)) | ||
112 | { | ||
113 | le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry); | ||
114 | le->attribute = attribute_deserialize (read_ptr, | ||
115 | data_size - (read_ptr - data)); | ||
116 | attr_len = attribute_serialize_get_size (le->attribute); | ||
117 | read_ptr += attr_len; | ||
118 | } | ||
119 | return attrs; | ||
120 | } | ||
121 | |||
66 | 122 | ||
67 | 123 | ||
68 | size_t | 124 | size_t |
69 | attribute_serialize_get_size (const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr) | 125 | attribute_serialize_get_size (const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr) |
70 | { | 126 | { |
71 | return sizeof (struct Attribute) | 127 | return sizeof (struct Attribute) |
72 | + strlen (attr->name) + 1 | 128 | + strlen (attr->name) |
73 | + attr->data_size; //TODO get data_size from plugin | 129 | + attr->data_size; //TODO get data_size from plugin |
74 | } | 130 | } |
75 | 131 | ||
76 | int | 132 | size_t |
77 | attribute_serialize (const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr, | 133 | attribute_serialize (const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr, |
78 | char *result) | 134 | char *result) |
79 | { | 135 | { |
@@ -96,7 +152,7 @@ attribute_serialize (const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr, | |||
96 | GNUNET_memcpy (write_ptr, attr->data, attr->data_size); | 152 | GNUNET_memcpy (write_ptr, attr->data, attr->data_size); |
97 | attr_ser->data_size = htons (data_len_ser); | 153 | attr_ser->data_size = htons (data_len_ser); |
98 | 154 | ||
99 | return GNUNET_OK; | 155 | return sizeof (struct Attribute) + strlen (attr->name) + attr->data_size; |
100 | } | 156 | } |
101 | 157 | ||
102 | struct GNUNET_IDENTITY_PROVIDER_Attribute * | 158 | struct GNUNET_IDENTITY_PROVIDER_Attribute * |
@@ -108,7 +164,7 @@ attribute_deserialize (const char* data, | |||
108 | size_t data_len; | 164 | size_t data_len; |
109 | size_t name_len; | 165 | size_t name_len; |
110 | char* write_ptr; | 166 | char* write_ptr; |
111 | 167 | ||
112 | if (data_size < sizeof (struct Attribute)) | 168 | if (data_size < sizeof (struct Attribute)) |
113 | return NULL; | 169 | return NULL; |
114 | 170 | ||
@@ -117,10 +173,10 @@ attribute_deserialize (const char* data, | |||
117 | data_len = ntohs (attr_ser->data_size); | 173 | data_len = ntohs (attr_ser->data_size); |
118 | name_len = ntohs (attr_ser->name_len); | 174 | name_len = ntohs (attr_ser->name_len); |
119 | attr = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_Attribute) | 175 | attr = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_Attribute) |
120 | + data_len + name_len + 1); | 176 | + data_len + name_len + 1); |
121 | attr->attribute_type = ntohs (attr_ser->attribute_type); | 177 | attr->attribute_type = ntohs (attr_ser->attribute_type); |
122 | attr->data_size = ntohs (attr_ser->data_size); | 178 | attr->data_size = ntohs (attr_ser->data_size); |
123 | 179 | ||
124 | write_ptr = (char*)&attr[1]; | 180 | write_ptr = (char*)&attr[1]; |
125 | GNUNET_memcpy (write_ptr, | 181 | GNUNET_memcpy (write_ptr, |
126 | &attr_ser[1], | 182 | &attr_ser[1], |
diff --git a/src/identity-provider/identity_attribute.h b/src/identity-provider/identity_attribute.h index 0d4f2bb76..00e520a38 100644 --- a/src/identity-provider/identity_attribute.h +++ b/src/identity-provider/identity_attribute.h | |||
@@ -51,6 +51,43 @@ struct Attribute | |||
51 | /** | 51 | /** |
52 | * Get required size for serialization buffer | 52 | * Get required size for serialization buffer |
53 | * | 53 | * |
54 | * @param attrs the attribute list to serialize | ||
55 | * | ||
56 | * @return the required buffer size | ||
57 | */ | ||
58 | size_t | ||
59 | attribute_list_serialize_get_size (const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs); | ||
60 | |||
61 | |||
62 | |||
63 | /** | ||
64 | * Serialize an attribute list | ||
65 | * | ||
66 | * @param attrs the attribute list to serialize | ||
67 | * @param result the serialized attribute | ||
68 | * | ||
69 | * @return length of serialized data | ||
70 | */ | ||
71 | size_t | ||
72 | attribute_list_serialize (const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs, | ||
73 | char *result); | ||
74 | |||
75 | /** | ||
76 | * Deserialize an attribute list | ||
77 | * | ||
78 | * @param data the serialized attribute list | ||
79 | * @param data_size the length of the serialized data | ||
80 | * | ||
81 | * @return a GNUNET_IDENTITY_PROVIDER_AttributeList, must be free'd by caller | ||
82 | */ | ||
83 | struct GNUNET_IDENTITY_PROVIDER_AttributeList * | ||
84 | attribute_list_deserialize (const char* data, | ||
85 | size_t data_size); | ||
86 | |||
87 | |||
88 | /** | ||
89 | * Get required size for serialization buffer | ||
90 | * | ||
54 | * @param attr the attribute to serialize | 91 | * @param attr the attribute to serialize |
55 | * | 92 | * |
56 | * @return the required buffer size | 93 | * @return the required buffer size |
@@ -66,9 +103,9 @@ attribute_serialize_get_size (const struct GNUNET_IDENTITY_PROVIDER_Attribute *a | |||
66 | * @param attr the attribute to serialize | 103 | * @param attr the attribute to serialize |
67 | * @param result the serialized attribute | 104 | * @param result the serialized attribute |
68 | * | 105 | * |
69 | * @return GNUNET_OK on success | 106 | * @return length of serialized data |
70 | */ | 107 | */ |
71 | int | 108 | size_t |
72 | attribute_serialize (const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr, | 109 | attribute_serialize (const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr, |
73 | char *result); | 110 | char *result); |
74 | 111 | ||
diff --git a/src/identity-provider/identity_provider.h b/src/identity-provider/identity_provider.h index 588d6d39a..098885e3c 100644 --- a/src/identity-provider/identity_provider.h +++ b/src/identity-provider/identity_provider.h | |||
@@ -45,7 +45,7 @@ struct GNUNET_IDENTITY_PROVIDER_Token | |||
45 | }; | 45 | }; |
46 | 46 | ||
47 | /** | 47 | /** |
48 | * The ticket | 48 | * The ticket DEPRECATED |
49 | */ | 49 | */ |
50 | struct GNUNET_IDENTITY_PROVIDER_Ticket | 50 | struct GNUNET_IDENTITY_PROVIDER_Ticket |
51 | { | 51 | { |
@@ -318,7 +318,55 @@ struct AttributeIterationStopMessage | |||
318 | 318 | ||
319 | }; | 319 | }; |
320 | 320 | ||
321 | /** | ||
322 | * Ticket issue message | ||
323 | */ | ||
324 | struct TicketIssueMessage | ||
325 | { | ||
326 | /** | ||
327 | * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ISSUE | ||
328 | */ | ||
329 | struct GNUNET_MessageHeader header; | ||
330 | |||
331 | /** | ||
332 | * Unique identifier for this request (for key collisions). | ||
333 | */ | ||
334 | uint32_t id GNUNET_PACKED; | ||
335 | |||
336 | /** | ||
337 | * Identity. | ||
338 | */ | ||
339 | struct GNUNET_CRYPTO_EcdsaPrivateKey identity; | ||
340 | |||
341 | /** | ||
342 | * Requesting party. | ||
343 | */ | ||
344 | struct GNUNET_CRYPTO_EcdsaPublicKey rp; | ||
321 | 345 | ||
346 | /** | ||
347 | * length of serialized attribute list | ||
348 | */ | ||
349 | uint32_t attr_len GNUNET_PACKED; | ||
350 | |||
351 | //Followed by a serialized attribute list | ||
352 | }; | ||
353 | |||
354 | /** | ||
355 | * Ticket result message | ||
356 | */ | ||
357 | struct TicketResultMessage | ||
358 | { | ||
359 | /** | ||
360 | * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT | ||
361 | */ | ||
362 | struct GNUNET_MessageHeader header; | ||
363 | |||
364 | /** | ||
365 | * Unique identifier for this request (for key collisions). | ||
366 | */ | ||
367 | uint32_t id GNUNET_PACKED; | ||
368 | |||
369 | }; | ||
322 | GNUNET_NETWORK_STRUCT_END | 370 | GNUNET_NETWORK_STRUCT_END |
323 | 371 | ||
324 | #endif | 372 | #endif |
diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c index c806735f6..74d15bbe0 100644 --- a/src/identity-provider/identity_provider_api.c +++ b/src/identity-provider/identity_provider_api.c | |||
@@ -81,6 +81,11 @@ struct GNUNET_IDENTITY_PROVIDER_Operation | |||
81 | GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus as_cb; | 81 | GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus as_cb; |
82 | 82 | ||
83 | /** | 83 | /** |
84 | * Ticket result callback | ||
85 | */ | ||
86 | GNUNET_IDENTITY_PROVIDER_TicketCallback tr_cb; | ||
87 | |||
88 | /** | ||
84 | * Envelope with the message for this queue entry. | 89 | * Envelope with the message for this queue entry. |
85 | */ | 90 | */ |
86 | struct GNUNET_MQ_Envelope *env; | 91 | struct GNUNET_MQ_Envelope *env; |
@@ -590,6 +595,62 @@ handle_attribute_result (void *cls, | |||
590 | GNUNET_assert (0); | 595 | GNUNET_assert (0); |
591 | } | 596 | } |
592 | 597 | ||
598 | /** | ||
599 | * Handle an incoming message of type | ||
600 | * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT | ||
601 | * | ||
602 | * @param cls | ||
603 | * @param msg the message we received | ||
604 | * @return #GNUNET_OK on success, #GNUNET_SYSERR on error | ||
605 | */ | ||
606 | static int | ||
607 | check_ticket_result (void *cls, | ||
608 | const struct TicketResultMessage *msg) | ||
609 | { | ||
610 | size_t msg_len; | ||
611 | |||
612 | msg_len = ntohs (msg->header.size); | ||
613 | if (msg_len < sizeof (struct TicketResultMessage)) | ||
614 | { | ||
615 | GNUNET_break (0); | ||
616 | return GNUNET_SYSERR; | ||
617 | } | ||
618 | return GNUNET_OK; | ||
619 | } | ||
620 | |||
621 | |||
622 | |||
623 | /** | ||
624 | * Handle an incoming message of type | ||
625 | * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT | ||
626 | * | ||
627 | * @param cls | ||
628 | * @param msg the message we received | ||
629 | */ | ||
630 | static void | ||
631 | handle_ticket_result (void *cls, | ||
632 | const struct TicketResultMessage *msg) | ||
633 | { | ||
634 | struct GNUNET_IDENTITY_PROVIDER_Handle *handle = cls; | ||
635 | struct GNUNET_IDENTITY_PROVIDER_Operation *op; | ||
636 | const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket; | ||
637 | uint32_t r_id = ntohl (msg->id); | ||
638 | |||
639 | for (op = handle->op_head; NULL != op; op = op->next) | ||
640 | if (op->r_id == r_id) | ||
641 | break; | ||
642 | if (NULL == op) | ||
643 | return; | ||
644 | GNUNET_CONTAINER_DLL_remove (handle->op_head, | ||
645 | handle->op_tail, | ||
646 | op); | ||
647 | ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket2 *)&msg[1]; | ||
648 | if (NULL != op->tr_cb) | ||
649 | op->tr_cb (op->cls, ticket); | ||
650 | GNUNET_free (op); | ||
651 | |||
652 | } | ||
653 | |||
593 | 654 | ||
594 | 655 | ||
595 | /** | 656 | /** |
@@ -617,6 +678,10 @@ reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h) | |||
617 | GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT, | 678 | GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT, |
618 | struct AttributeResultMessage, | 679 | struct AttributeResultMessage, |
619 | h), | 680 | h), |
681 | GNUNET_MQ_hd_var_size (ticket_result, | ||
682 | GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT, | ||
683 | struct TicketResultMessage, | ||
684 | h), | ||
620 | GNUNET_MQ_handler_end () | 685 | GNUNET_MQ_handler_end () |
621 | }; | 686 | }; |
622 | struct GNUNET_IDENTITY_PROVIDER_Operation *op; | 687 | struct GNUNET_IDENTITY_PROVIDER_Operation *op; |
@@ -1072,7 +1137,58 @@ GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_At | |||
1072 | } | 1137 | } |
1073 | 1138 | ||
1074 | 1139 | ||
1140 | /** TODO | ||
1141 | * Issues a ticket to another identity. The identity may use | ||
1142 | * @GNUNET_IDENTITY_PROVIDER_authorization_ticket_consume to consume the ticket | ||
1143 | * and retrieve the attributes specified in the AttributeList. | ||
1144 | * | ||
1145 | * @param h the identity provider to use | ||
1146 | * @param iss the issuing identity | ||
1147 | * @param rp the subject of the ticket (the relying party) | ||
1148 | * @param attr the attributes that the relying party is given access to | ||
1149 | * @param cb the callback | ||
1150 | * @param cb_cls the callback closure | ||
1151 | * @return handle to abort the operation | ||
1152 | */ | ||
1153 | struct GNUNET_IDENTITY_PROVIDER_Operation * | ||
1154 | GNUNET_IDENTITY_PROVIDER_idp_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h, | ||
1155 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss, | ||
1156 | const struct GNUNET_CRYPTO_EcdsaPublicKey *rp, | ||
1157 | const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs, | ||
1158 | GNUNET_IDENTITY_PROVIDER_TicketCallback cb, | ||
1159 | void *cb_cls) | ||
1160 | { | ||
1161 | struct GNUNET_IDENTITY_PROVIDER_Operation *op; | ||
1162 | struct TicketIssueMessage *tim; | ||
1163 | size_t attr_len; | ||
1164 | |||
1165 | op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation); | ||
1166 | op->h = h; | ||
1167 | op->tr_cb = cb; | ||
1168 | op->cls = cb_cls; | ||
1169 | op->r_id = h->r_id_gen++; | ||
1170 | GNUNET_CONTAINER_DLL_insert_tail (h->op_head, | ||
1171 | h->op_tail, | ||
1172 | op); | ||
1173 | attr_len = attribute_list_serialize_get_size (attrs); | ||
1174 | op->env = GNUNET_MQ_msg_extra (tim, | ||
1175 | attr_len, | ||
1176 | GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ISSUE); | ||
1177 | tim->identity = *iss; | ||
1178 | tim->rp = *rp; | ||
1179 | tim->id = htonl (op->r_id); | ||
1180 | |||
1181 | attribute_list_serialize (attrs, | ||
1182 | (char*)&tim[1]); | ||
1183 | |||
1184 | tim->attr_len = htons (attr_len); | ||
1185 | if (NULL != h->mq) | ||
1186 | GNUNET_MQ_send_copy (h->mq, | ||
1187 | op->env); | ||
1188 | return op; | ||
1189 | } | ||
1190 | |||
1075 | 1191 | ||
1076 | 1192 | ||
1077 | 1193 | ||
1078 | /* end of identity_provider_api.c */ | 1194 | /* end of identity_provider_api.c */ |
diff --git a/src/identity-provider/test_idp.sh b/src/identity-provider/test_idp.sh index ce5c5ca69..598d1008c 100755 --- a/src/identity-provider/test_idp.sh +++ b/src/identity-provider/test_idp.sh | |||
@@ -1,5 +1,5 @@ | |||
1 | #!/bin/bash | 1 | #!/bin/bash |
2 | trap "gnunet-arm -e -c test_idp_lookup.conf" SIGINT | 2 | #trap "gnunet-arm -e -c test_idp_lookup.conf" SIGINT |
3 | 3 | ||
4 | LOCATION=$(which gnunet-config) | 4 | LOCATION=$(which gnunet-config) |
5 | if [ -z $LOCATION ] | 5 | if [ -z $LOCATION ] |
@@ -25,8 +25,7 @@ which timeout &> /dev/null && DO_TIMEOUT="timeout 30" | |||
25 | TEST_ATTR="test" | 25 | TEST_ATTR="test" |
26 | gnunet-arm -s -c test_idp.conf | 26 | gnunet-arm -s -c test_idp.conf |
27 | gnunet-identity -C testego -c test_idp.conf | 27 | gnunet-identity -C testego -c test_idp.conf |
28 | gnunet-idp -e testego --init -c test_idp.conf | 28 | valgrind gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf |
29 | gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf | ||
30 | gnunet-idp -e testego -a name -V John -c test_idp.conf | 29 | gnunet-idp -e testego -a name -V John -c test_idp.conf |
31 | gnunet-idp -e testego -D -c test_idp.conf | 30 | gnunet-idp -e testego -D -c test_idp.conf |
32 | gnunet-arm -e -c test_idp.conf | 31 | gnunet-arm -e -c test_idp.conf |
diff --git a/src/identity-provider/test_idp_issue.sh b/src/identity-provider/test_idp_issue.sh new file mode 100755 index 000000000..306f238d9 --- /dev/null +++ b/src/identity-provider/test_idp_issue.sh | |||
@@ -0,0 +1,35 @@ | |||
1 | #!/bin/bash | ||
2 | trap "gnunet-arm -e -c test_idp_lookup.conf" SIGINT | ||
3 | |||
4 | LOCATION=$(which gnunet-config) | ||
5 | if [ -z $LOCATION ] | ||
6 | then | ||
7 | LOCATION="gnunet-config" | ||
8 | fi | ||
9 | $LOCATION --version 1> /dev/null | ||
10 | if test $? != 0 | ||
11 | then | ||
12 | echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" | ||
13 | exit 77 | ||
14 | fi | ||
15 | |||
16 | rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f` | ||
17 | |||
18 | # (1) PKEY1.user -> PKEY2.resu.user | ||
19 | # (2) PKEY2.resu -> PKEY3 | ||
20 | # (3) PKEY3.user -> PKEY4 | ||
21 | |||
22 | |||
23 | which timeout &> /dev/null && DO_TIMEOUT="timeout 30" | ||
24 | |||
25 | TEST_ATTR="test" | ||
26 | gnunet-arm -s -c test_idp.conf | ||
27 | gnunet-identity -C testego -c test_idp.conf | ||
28 | gnunet-identity -C rpego -c test_idp.conf | ||
29 | SUBJECT_KEY=$(gnunet-identity -d -c test_idp.conf | grep rpego | awk '{print $3}') | ||
30 | gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf | ||
31 | gnunet-idp -e testego -a name -V John -c test_idp.conf | ||
32 | gnunet-idp -e testego -D -c test_idp.conf | ||
33 | gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf | ||
34 | gnunet-namestore -z testego -D -c test_idp.conf | ||
35 | gnunet-arm -e -c test_idp.conf | ||
diff --git a/src/include/gnunet_identity_provider_service.h b/src/include/gnunet_identity_provider_service.h index aaa838a03..cc71646bc 100644 --- a/src/include/gnunet_identity_provider_service.h +++ b/src/include/gnunet_identity_provider_service.h | |||
@@ -57,11 +57,32 @@ struct GNUNET_IDENTITY_PROVIDER_Handle; | |||
57 | struct GNUNET_IDENTITY_PROVIDER_Token; | 57 | struct GNUNET_IDENTITY_PROVIDER_Token; |
58 | 58 | ||
59 | /** | 59 | /** |
60 | * Handle for a ticket | 60 | * Handle for a ticket DEPRECATED |
61 | */ | 61 | */ |
62 | struct GNUNET_IDENTITY_PROVIDER_Ticket; | 62 | struct GNUNET_IDENTITY_PROVIDER_Ticket; |
63 | 63 | ||
64 | /** | 64 | /** |
65 | * The ticket | ||
66 | */ | ||
67 | struct GNUNET_IDENTITY_PROVIDER_Ticket2 | ||
68 | { | ||
69 | /** | ||
70 | * The ticket issuer | ||
71 | */ | ||
72 | struct GNUNET_CRYPTO_EcdsaPublicKey identity; | ||
73 | |||
74 | /** | ||
75 | * The ticket audience | ||
76 | */ | ||
77 | struct GNUNET_CRYPTO_EcdsaPublicKey audience; | ||
78 | |||
79 | /** | ||
80 | * The ticket random (NBO) | ||
81 | */ | ||
82 | uint64_t rnd; | ||
83 | }; | ||
84 | |||
85 | /** | ||
65 | * Handle for an operation with the identity provider service. | 86 | * Handle for an operation with the identity provider service. |
66 | */ | 87 | */ |
67 | struct GNUNET_IDENTITY_PROVIDER_Operation; | 88 | struct GNUNET_IDENTITY_PROVIDER_Operation; |
@@ -117,7 +138,36 @@ struct GNUNET_IDENTITY_PROVIDER_Attribute | |||
117 | 138 | ||
118 | }; | 139 | }; |
119 | 140 | ||
141 | struct GNUNET_IDENTITY_PROVIDER_AttributeList | ||
142 | { | ||
143 | /** | ||
144 | * List head | ||
145 | */ | ||
146 | struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *list_head; | ||
120 | 147 | ||
148 | /** | ||
149 | * List tail | ||
150 | */ | ||
151 | struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *list_tail; | ||
152 | }; | ||
153 | |||
154 | struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry | ||
155 | { | ||
156 | /** | ||
157 | * DLL | ||
158 | */ | ||
159 | struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *prev; | ||
160 | |||
161 | /** | ||
162 | * DLL | ||
163 | */ | ||
164 | struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *next; | ||
165 | |||
166 | /** | ||
167 | * The attribute | ||
168 | */ | ||
169 | struct GNUNET_IDENTITY_PROVIDER_Attribute *attribute; | ||
170 | }; | ||
121 | 171 | ||
122 | /** | 172 | /** |
123 | * Method called when a token has been exchanged for a ticket. | 173 | * Method called when a token has been exchanged for a ticket. |
@@ -280,6 +330,114 @@ void | |||
280 | GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it); | 330 | GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it); |
281 | 331 | ||
282 | 332 | ||
333 | /** | ||
334 | * Method called when a token has been issued. | ||
335 | * On success returns a ticket that can be given to the audience to retrive the | ||
336 | * token | ||
337 | * | ||
338 | * @param cls closure | ||
339 | * @param grant the label in GNS pointing to the token | ||
340 | * @param ticket the ticket | ||
341 | * @param token the issued token | ||
342 | * @param name name assigned by the user for this ego, | ||
343 | * NULL if the user just deleted the ego and it | ||
344 | * must thus no longer be used | ||
345 | */ | ||
346 | typedef void | ||
347 | (*GNUNET_IDENTITY_PROVIDER_TicketCallback)(void *cls, | ||
348 | const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket); | ||
349 | |||
350 | |||
351 | /** TODO | ||
352 | * Issues a ticket to another identity. The identity may use | ||
353 | * @GNUNET_IDENTITY_PROVIDER_authorization_ticket_consume to consume the ticket | ||
354 | * and retrieve the attributes specified in the AttributeList. | ||
355 | * | ||
356 | * @param id the identity provider to use | ||
357 | * @param iss the issuing identity | ||
358 | * @param rp the subject of the ticket (the relying party) | ||
359 | * @param attr the attributes that the relying party is given access to | ||
360 | * @param cb the callback | ||
361 | * @param cb_cls the callback closure | ||
362 | * @return handle to abort the operation | ||
363 | */ | ||
364 | struct GNUNET_IDENTITY_PROVIDER_Operation * | ||
365 | GNUNET_IDENTITY_PROVIDER_idp_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *id, | ||
366 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss, | ||
367 | const struct GNUNET_CRYPTO_EcdsaPublicKey *rp, | ||
368 | const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs, | ||
369 | GNUNET_IDENTITY_PROVIDER_TicketCallback cb, | ||
370 | void *cb_cls); | ||
371 | |||
372 | /** TODO | ||
373 | * Revoked an issued ticket. The relying party will be unable to retrieve | ||
374 | * updated attributes. | ||
375 | * | ||
376 | * @param id the identity provider to use | ||
377 | * @param identity the issuing identity | ||
378 | * @param ticket the ticket to revoke | ||
379 | * @param cb the callback | ||
380 | * @param cb_cls the callback closure | ||
381 | * @return handle to abort the operation | ||
382 | */ | ||
383 | struct GNUNET_IDENTITY_PROVIDER_Operation * | ||
384 | GNUNET_IDENTITY_PROVIDER_idp_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle *id, | ||
385 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, | ||
386 | const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, | ||
387 | GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cb, | ||
388 | void *cb_cls); | ||
389 | |||
390 | |||
391 | |||
392 | /** TODO | ||
393 | * Consumes an issued ticket. The ticket is persisted | ||
394 | * and used to retrieve identity information from the issuer | ||
395 | * | ||
396 | * @param id the identity provider to use | ||
397 | * @param identity the identity that is the subject of the issued ticket (the relying party) | ||
398 | * @param ticket the issued ticket to consume | ||
399 | * @param cb the callback to call | ||
400 | * @param cb_cls the callback closure | ||
401 | * @return handle to abort the operation | ||
402 | */ | ||
403 | struct GNUNET_IDENTITY_PROVIDER_Operation * | ||
404 | GNUNET_IDENTITY_PROVIDER_rp_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *id, | ||
405 | const struct GNUNET_CRYPTO_EcdsaPrivateKey * identity, | ||
406 | const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, | ||
407 | GNUNET_IDENTITY_PROVIDER_AttributeResult cb, | ||
408 | void *cb_cls); | ||
409 | |||
410 | /** TODO | ||
411 | * Lists all tickets that have been issued to remote | ||
412 | * identites (relying parties) | ||
413 | * | ||
414 | * @param id the identity provider to use | ||
415 | * @param identity the issuing identity | ||
416 | * @param cb the callback to use | ||
417 | * @param cb_cls the callback closure | ||
418 | * @return handle to abort the operation | ||
419 | */ | ||
420 | struct GNUNET_IDENTITY_PROVIDER_Operation * | ||
421 | GNUNET_IDENTITY_PROVIDER_idp_tickets_list (struct GNUNET_IDENTITY_PROVIDER_Handle *id, | ||
422 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, | ||
423 | GNUNET_IDENTITY_PROVIDER_TicketCallback *cb, | ||
424 | void *cb_cls); | ||
425 | |||
426 | /** TODO | ||
427 | * Lists all attributes that are shared with this identity | ||
428 | * by remote parties | ||
429 | * | ||
430 | * @param id identity provider service to use | ||
431 | * @param identity the identity (relying party) | ||
432 | * @param cb the result callback | ||
433 | * @param cb_cls the result callback closure | ||
434 | * @return handle to abort the operation | ||
435 | */ | ||
436 | struct GNUNET_IDENTITY_PROVIDER_Operation * | ||
437 | GNUNET_IDENTITY_PROVIDER_rp_attributes_list (struct GNUNET_IDENTITY_PROVIDER_Handle *id, | ||
438 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, | ||
439 | GNUNET_IDENTITY_PROVIDER_AttributeResult *cb, | ||
440 | void *cb_cls); | ||
283 | 441 | ||
284 | /** | 442 | /** |
285 | * Issue a token for a specific audience. | 443 | * Issue a token for a specific audience. |
diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h index e498af1f5..1a7df377c 100644 --- a/src/include/gnunet_protocols.h +++ b/src/include/gnunet_protocols.h | |||
@@ -2640,17 +2640,21 @@ extern "C" | |||
2640 | 2640 | ||
2641 | #define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT 970 | 2641 | #define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT 970 |
2642 | 2642 | ||
2643 | #define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ISSUE 971 | ||
2644 | |||
2645 | #define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT 972 | ||
2646 | |||
2643 | /************************************************** | 2647 | /************************************************** |
2644 | * | 2648 | * |
2645 | * CREDENTIAL MESSAGE TYPES | 2649 | * CREDENTIAL MESSAGE TYPES |
2646 | */ | 2650 | */ |
2647 | #define GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY 971 | 2651 | #define GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY 981 |
2648 | 2652 | ||
2649 | #define GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT 972 | 2653 | #define GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT 982 |
2650 | 2654 | ||
2651 | #define GNUNET_MESSAGE_TYPE_CREDENTIAL_COLLECT 973 | 2655 | #define GNUNET_MESSAGE_TYPE_CREDENTIAL_COLLECT 983 |
2652 | 2656 | ||
2653 | #define GNUNET_MESSAGE_TYPE_CREDENTIAL_COLLECT_RESULT 974 | 2657 | #define GNUNET_MESSAGE_TYPE_CREDENTIAL_COLLECT_RESULT 984 |
2654 | 2658 | ||
2655 | /******************************************************************************/ | 2659 | /******************************************************************************/ |
2656 | 2660 | ||