aboutsummaryrefslogtreecommitdiff
path: root/src/credential
diff options
context:
space:
mode:
authorSchanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de>2016-11-20 00:23:49 +0100
committerSchanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de>2016-11-20 00:23:49 +0100
commit18f106166cf64cc72206cd35301276aa21ca100a (patch)
treea5f472d1d7f76366a9cfc23189ee5a44d7b2f38d /src/credential
parent691aa85bfaec80c08330db772499a123b2ac2373 (diff)
downloadgnunet-18f106166cf64cc72206cd35301276aa21ca100a.tar.gz
gnunet-18f106166cf64cc72206cd35301276aa21ca100a.zip
- move towards verification
Diffstat (limited to 'src/credential')
-rw-r--r--src/credential/credential.h16
-rw-r--r--src/credential/credential_api.c153
-rw-r--r--src/credential/gnunet-credential.c26
-rw-r--r--src/credential/gnunet-service-credential.c227
-rw-r--r--src/credential/plugin_gnsrecord_credential.c48
5 files changed, 240 insertions, 230 deletions
diff --git a/src/credential/credential.h b/src/credential/credential.h
index 597c34a3d..2acaf73a5 100644
--- a/src/credential/credential.h
+++ b/src/credential/credential.h
@@ -30,12 +30,12 @@
30GNUNET_NETWORK_STRUCT_BEGIN 30GNUNET_NETWORK_STRUCT_BEGIN
31 31
32/** 32/**
33 * Message from client to Credential service to lookup credentials. 33 * Message from client to Credential service to verify attributes.
34 */ 34 */
35struct LookupMessage 35struct VerifyMessage
36{ 36{
37 /** 37 /**
38 * Header of type #GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP 38 * Header of type #GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY
39 */ 39 */
40 struct GNUNET_MessageHeader header; 40 struct GNUNET_MessageHeader header;
41 41
@@ -54,7 +54,7 @@ struct LookupMessage
54 */ 54 */
55 uint32_t id GNUNET_PACKED; 55 uint32_t id GNUNET_PACKED;
56 56
57 /* Followed by the zero-terminated credential to look up */ 57 /* Followed by the zero-terminated attributes to look up */
58 58
59}; 59};
60 60
@@ -62,10 +62,10 @@ struct LookupMessage
62/** 62/**
63 * Message from CREDENTIAL service to client: new results. 63 * Message from CREDENTIAL service to client: new results.
64 */ 64 */
65struct LookupResultMessage 65struct VerifyResultMessage
66{ 66{
67 /** 67 /**
68 * Header of type #GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP_RESULT 68 * Header of type #GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT
69 */ 69 */
70 struct GNUNET_MessageHeader header; 70 struct GNUNET_MessageHeader header;
71 71
@@ -78,9 +78,9 @@ struct LookupResultMessage
78 /** 78 /**
79 * The number of credentials in the response 79 * The number of credentials in the response
80 */ 80 */
81 uint32_t cd_count GNUNET_PACKED; 81 uint32_t ad_count GNUNET_PACKED;
82 82
83 /* followed by cd_count GNUNET_CREDENTIAL_RecordData structs*/ 83 /* followed by ad_count GNUNET_CREDENTIAL_RecordData structs*/
84 84
85}; 85};
86 86
diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c
index 1efe2d089..4864d54d0 100644
--- a/src/credential/credential_api.c
+++ b/src/credential/credential_api.c
@@ -36,20 +36,20 @@
36#define LOG(kind,...) GNUNET_log_from (kind, "credential-api",__VA_ARGS__) 36#define LOG(kind,...) GNUNET_log_from (kind, "credential-api",__VA_ARGS__)
37 37
38/** 38/**
39 * Handle to a lookup request 39 * Handle to a verify request
40 */ 40 */
41struct GNUNET_CREDENTIAL_LookupRequest 41struct GNUNET_CREDENTIAL_VerifyRequest
42{ 42{
43 43
44 /** 44 /**
45 * DLL 45 * DLL
46 */ 46 */
47 struct GNUNET_CREDENTIAL_LookupRequest *next; 47 struct GNUNET_CREDENTIAL_VerifyRequest *next;
48 48
49 /** 49 /**
50 * DLL 50 * DLL
51 */ 51 */
52 struct GNUNET_CREDENTIAL_LookupRequest *prev; 52 struct GNUNET_CREDENTIAL_VerifyRequest *prev;
53 53
54 /** 54 /**
55 * handle to credential service 55 * handle to credential service
@@ -57,12 +57,12 @@ struct GNUNET_CREDENTIAL_LookupRequest
57 struct GNUNET_CREDENTIAL_Handle *credential_handle; 57 struct GNUNET_CREDENTIAL_Handle *credential_handle;
58 58
59 /** 59 /**
60 * processor to call on lookup result 60 * processor to call on verify result
61 */ 61 */
62 GNUNET_CREDENTIAL_LookupResultProcessor lookup_proc; 62 GNUNET_CREDENTIAL_VerifyResultProcessor verify_proc;
63 63
64 /** 64 /**
65 * @e lookup_proc closure 65 * @e verify_proc closure
66 */ 66 */
67 void *proc_cls; 67 void *proc_cls;
68 68
@@ -96,14 +96,14 @@ struct GNUNET_CREDENTIAL_Handle
96 struct GNUNET_MQ_Handle *mq; 96 struct GNUNET_MQ_Handle *mq;
97 97
98 /** 98 /**
99 * Head of linked list of active lookup requests. 99 * Head of linked list of active verify requests.
100 */ 100 */
101 struct GNUNET_CREDENTIAL_LookupRequest *lookup_head; 101 struct GNUNET_CREDENTIAL_VerifyRequest *verify_head;
102 102
103 /** 103 /**
104 * Tail of linked list of active lookup requests. 104 * Tail of linked list of active verify requests.
105 */ 105 */
106 struct GNUNET_CREDENTIAL_LookupRequest *lookup_tail; 106 struct GNUNET_CREDENTIAL_VerifyRequest *verify_tail;
107 107
108 /** 108 /**
109 * Reconnect task 109 * Reconnect task
@@ -192,7 +192,7 @@ mq_error_handler (void *cls,
192 */ 192 */
193static int 193static int
194check_result (void *cls, 194check_result (void *cls,
195 const struct LookupResultMessage *lookup_msg) 195 const struct VerifyResultMessage *vr_msg)
196{ 196{
197 //TODO 197 //TODO
198 return GNUNET_OK; 198 return GNUNET_OK;
@@ -207,30 +207,30 @@ check_result (void *cls,
207 */ 207 */
208static void 208static void
209handle_result (void *cls, 209handle_result (void *cls,
210 const struct LookupResultMessage *lookup_msg) 210 const struct VerifyResultMessage *vr_msg)
211{ 211{
212 struct GNUNET_CREDENTIAL_Handle *handle = cls; 212 struct GNUNET_CREDENTIAL_Handle *handle = cls;
213 uint32_t cd_count = ntohl (lookup_msg->cd_count); 213 uint32_t ad_count = ntohl (vr_msg->ad_count);
214 struct GNUNET_CREDENTIAL_RecordData cd[cd_count]; 214 struct GNUNET_CREDENTIAL_RecordData ad[ad_count];
215 uint32_t r_id = ntohl (lookup_msg->id); 215 uint32_t r_id = ntohl (vr_msg->id);
216 struct GNUNET_CREDENTIAL_LookupRequest *lr; 216 struct GNUNET_CREDENTIAL_VerifyRequest *vr;
217 GNUNET_CREDENTIAL_LookupResultProcessor proc; 217 GNUNET_CREDENTIAL_VerifyResultProcessor proc;
218 void *proc_cls; 218 void *proc_cls;
219 219
220 LOG (GNUNET_ERROR_TYPE_DEBUG, 220 LOG (GNUNET_ERROR_TYPE_DEBUG,
221 "Received lookup reply from CREDENTIAL service (%u credentials)\n", 221 "Received verify reply from CREDENTIAL service (%u credentials)\n",
222 (unsigned int) cd_count); 222 (unsigned int) ad_count);
223 for (lr = handle->lookup_head; NULL != lr; lr = lr->next) 223 for (vr = handle->verify_head; NULL != vr; vr = vr->next)
224 if (lr->r_id == r_id) 224 if (vr->r_id == r_id)
225 break; 225 break;
226 if (NULL == lr) 226 if (NULL == vr)
227 return; 227 return;
228 proc = lr->lookup_proc; 228 proc = vr->verify_proc;
229 proc_cls = lr->proc_cls; 229 proc_cls = vr->proc_cls;
230 GNUNET_CONTAINER_DLL_remove (handle->lookup_head, 230 GNUNET_CONTAINER_DLL_remove (handle->verify_head,
231 handle->lookup_tail, 231 handle->verify_tail,
232 lr); 232 vr);
233 GNUNET_free (lr); 233 GNUNET_free (vr);
234 /** 234 /**
235 GNUNET_assert (GNUNET_OK == 235 GNUNET_assert (GNUNET_OK ==
236 GNUNET_CREDENTIAL_records_deserialize (mlen, 236 GNUNET_CREDENTIAL_records_deserialize (mlen,
@@ -240,8 +240,8 @@ handle_result (void *cls,
240 */ 240 */
241 proc (proc_cls, 241 proc (proc_cls,
242 NULL, 242 NULL,
243 cd_count, 243 ad_count,
244 cd); // TODO 244 ad); // TODO
245} 245}
246 246
247 247
@@ -255,12 +255,12 @@ reconnect (struct GNUNET_CREDENTIAL_Handle *handle)
255{ 255{
256 struct GNUNET_MQ_MessageHandler handlers[] = { 256 struct GNUNET_MQ_MessageHandler handlers[] = {
257 GNUNET_MQ_hd_var_size (result, 257 GNUNET_MQ_hd_var_size (result,
258 GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP_RESULT, 258 GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT,
259 struct LookupResultMessage, 259 struct VerifyResultMessage,
260 NULL), 260 NULL),
261 GNUNET_MQ_handler_end () 261 GNUNET_MQ_handler_end ()
262 }; 262 };
263 struct GNUNET_CREDENTIAL_LookupRequest *lh; 263 struct GNUNET_CREDENTIAL_VerifyRequest *vr;
264 264
265 GNUNET_assert (NULL == handle->mq); 265 GNUNET_assert (NULL == handle->mq);
266 LOG (GNUNET_ERROR_TYPE_DEBUG, 266 LOG (GNUNET_ERROR_TYPE_DEBUG,
@@ -272,9 +272,9 @@ reconnect (struct GNUNET_CREDENTIAL_Handle *handle)
272 handle); 272 handle);
273 if (NULL == handle->mq) 273 if (NULL == handle->mq)
274 return; 274 return;
275 for (lh = handle->lookup_head; NULL != lh; lh = lh->next) 275 for (vr = handle->verify_head; NULL != vr; vr = vr->next)
276 GNUNET_MQ_send_copy (handle->mq, 276 GNUNET_MQ_send_copy (handle->mq,
277 lh->env); 277 vr->env);
278} 278}
279 279
280 280
@@ -319,31 +319,31 @@ GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle)
319 GNUNET_SCHEDULER_cancel (handle->reconnect_task); 319 GNUNET_SCHEDULER_cancel (handle->reconnect_task);
320 handle->reconnect_task = NULL; 320 handle->reconnect_task = NULL;
321 } 321 }
322 GNUNET_assert (NULL == handle->lookup_head); 322 GNUNET_assert (NULL == handle->verify_head);
323 GNUNET_free (handle); 323 GNUNET_free (handle);
324} 324}
325 325
326 326
327/** 327/**
328 * Cancel pending lookup request 328 * Cancel pending verify request
329 * 329 *
330 * @param lr the lookup request to cancel 330 * @param lr the verify request to cancel
331 */ 331 */
332void 332void
333GNUNET_CREDENTIAL_lookup_cancel (struct GNUNET_CREDENTIAL_LookupRequest *lr) 333GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_VerifyRequest *vr)
334{ 334{
335 struct GNUNET_CREDENTIAL_Handle *handle = lr->credential_handle; 335 struct GNUNET_CREDENTIAL_Handle *handle = vr->credential_handle;
336 336
337 GNUNET_CONTAINER_DLL_remove (handle->lookup_head, 337 GNUNET_CONTAINER_DLL_remove (handle->verify_head,
338 handle->lookup_tail, 338 handle->verify_tail,
339 lr); 339 vr);
340 GNUNET_MQ_discard (lr->env); 340 GNUNET_MQ_discard (vr->env);
341 GNUNET_free (lr); 341 GNUNET_free (vr);
342} 342}
343 343
344 344
345/** 345/**
346 * Perform an asynchronous lookup operation for a credential. 346 * Perform an asynchronous verify operation for a credential.
347 * 347 *
348 * @param handle handle to the Credential service 348 * @param handle handle to the Credential service
349 * @param credential the credential to look up 349 * @param credential the credential to look up
@@ -352,58 +352,57 @@ GNUNET_CREDENTIAL_lookup_cancel (struct GNUNET_CREDENTIAL_LookupRequest *lr)
352 * @param proc_cls closure for processor 352 * @param proc_cls closure for processor
353 * @return handle to the queued request 353 * @return handle to the queued request
354 */ 354 */
355struct GNUNET_CREDENTIAL_LookupRequest* 355struct GNUNET_CREDENTIAL_VerifyRequest*
356GNUNET_CREDENTIAL_lookup (struct GNUNET_CREDENTIAL_Handle *handle, 356GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle,
357 const char *credential, 357 const char *issuer_attribute,
358 const struct GNUNET_IDENTITY_Ego *subject, 358 const char *subject_attribute,
359 const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key, 359 const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key,
360 const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, 360 const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key,
361 uint32_t credential_flags, 361 uint32_t credential_flags,
362 uint32_t max_delegation_depth, 362 GNUNET_CREDENTIAL_VerifyResultProcessor proc,
363 GNUNET_CREDENTIAL_LookupResultProcessor proc,
364 void *proc_cls) 363 void *proc_cls)
365{ 364{
366 /* IPC to shorten credential names, return shorten_handle */ 365 /* IPC to shorten credential names, return shorten_handle */
367 struct LookupMessage *lookup_msg; 366 struct VerifyMessage *v_msg;
368 struct GNUNET_CREDENTIAL_LookupRequest *lr; 367 struct GNUNET_CREDENTIAL_VerifyRequest *vr;
369 size_t nlen; 368 size_t nlen;
370 369
371 if (NULL == credential) 370 if (NULL == issuer_attribute)
372 { 371 {
373 GNUNET_break (0); 372 GNUNET_break (0);
374 return NULL; 373 return NULL;
375 } 374 }
376 //DEBUG LOG 375 //DEBUG LOG
377 LOG (GNUNET_ERROR_TYPE_DEBUG, 376 LOG (GNUNET_ERROR_TYPE_DEBUG,
378 "Trying to lookup `%s' in CREDENTIAL\n", 377 "Trying to verify `%s' in CREDENTIAL\n",
379 credential); 378 issuer_attribute);
380 nlen = strlen (credential) + 1; 379 nlen = strlen (issuer_attribute) + 1;
381 if (nlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (*lr)) 380 if (nlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (*vr))
382 { 381 {
383 GNUNET_break (0); 382 GNUNET_break (0);
384 return NULL; 383 return NULL;
385 } 384 }
386 lr = GNUNET_new (struct GNUNET_CREDENTIAL_LookupRequest); 385 vr = GNUNET_new (struct GNUNET_CREDENTIAL_VerifyRequest);
387 lr->credential_handle = handle; 386 vr->credential_handle = handle;
388 lr->lookup_proc = proc; 387 vr->verify_proc = proc;
389 lr->proc_cls = proc_cls; 388 vr->proc_cls = proc_cls;
390 lr->r_id = handle->r_id_gen++; 389 vr->r_id = handle->r_id_gen++;
391 lr->env = GNUNET_MQ_msg_extra (lookup_msg, 390 vr->env = GNUNET_MQ_msg_extra (v_msg,
392 nlen, 391 nlen,
393 GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP); 392 GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY);
394 lookup_msg->id = htonl (lr->r_id); 393 v_msg->id = htonl (vr->r_id);
395 lookup_msg->subject_key = *subject_key; 394 v_msg->subject_key = *subject_key;
396 lookup_msg->issuer_key = *issuer_key; 395 v_msg->issuer_key = *issuer_key;
397 GNUNET_memcpy (&lookup_msg[1], 396 GNUNET_memcpy (&v_msg[1],
398 credential, 397 subject_attribute,
399 nlen); 398 nlen);
400 GNUNET_CONTAINER_DLL_insert (handle->lookup_head, 399 GNUNET_CONTAINER_DLL_insert (handle->verify_head,
401 handle->lookup_tail, 400 handle->verify_tail,
402 lr); 401 vr);
403 if (NULL != handle->mq) 402 if (NULL != handle->mq)
404 GNUNET_MQ_send_copy (handle->mq, 403 GNUNET_MQ_send_copy (handle->mq,
405 lr->env); 404 vr->env);
406 return lr; 405 return vr;
407} 406}
408 407
409 408
diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c
index 363ed03fc..94a4b3899 100644
--- a/src/credential/gnunet-credential.c
+++ b/src/credential/gnunet-credential.c
@@ -48,9 +48,9 @@ static struct GNUNET_TIME_Relative timeout;
48static char *lookup_credential; 48static char *lookup_credential;
49 49
50/** 50/**
51 * Handle to lookup request 51 * Handle to verify request
52 */ 52 */
53static struct GNUNET_CREDENTIAL_LookupRequest *lookup_request; 53static struct GNUNET_CREDENTIAL_VerifyRequest *verify_request;
54 54
55/** 55/**
56 * Lookup an ego with the identity service. 56 * Lookup an ego with the identity service.
@@ -87,11 +87,6 @@ static char *issuer_key;
87 */ 87 */
88static int credential_flags; 88static int credential_flags;
89 89
90/*
91 * Maximum delegation depth
92 */
93static int max_delegation_depth;
94
95 90
96 91
97/** 92/**
@@ -118,10 +113,10 @@ do_shutdown (void *cls)
118 GNUNET_IDENTITY_cancel (id_op); 113 GNUNET_IDENTITY_cancel (id_op);
119 id_op = NULL; 114 id_op = NULL;
120 } 115 }
121 if (NULL != lookup_request) 116 if (NULL != verify_request)
122 { 117 {
123 GNUNET_CREDENTIAL_lookup_cancel (lookup_request); 118 GNUNET_CREDENTIAL_verify_cancel (verify_request);
124 lookup_request = NULL; 119 verify_request = NULL;
125 } 120 }
126 if (NULL != identity) 121 if (NULL != identity)
127 { 122 {
@@ -162,14 +157,14 @@ do_timeout (void *cls)
162 * @param cd array of @a cd_count records with the results 157 * @param cd array of @a cd_count records with the results
163 */ 158 */
164static void 159static void
165handle_lookup_result (void *cls, 160handle_verify_result (void *cls,
166 struct GNUNET_IDENTITY_Ego *issuer, 161 struct GNUNET_IDENTITY_Ego *issuer,
167 uint16_t issuer_len, 162 uint16_t issuer_len,
168 const struct GNUNET_CREDENTIAL_RecordData *data) 163 const struct GNUNET_CREDENTIAL_RecordData *data)
169{ 164{
170 165
171 166
172 lookup_request = NULL; 167 verify_request = NULL;
173 if (0 == issuer_len) 168 if (0 == issuer_len)
174 printf ("No results.\n"); 169 printf ("No results.\n");
175 else 170 else
@@ -223,14 +218,13 @@ lookup_credentials (struct GNUNET_IDENTITY_Ego *ego)
223 return; 218 return;
224 } 219 }
225 220
226 lookup_request = GNUNET_CREDENTIAL_lookup(credential, 221 verify_request = GNUNET_CREDENTIAL_verify(credential,
222 "",
227 lookup_credential, 223 lookup_credential,
228 ego,
229 &subject_pkey, 224 &subject_pkey,
230 &issuer_pkey, 225 &issuer_pkey,
231 credential_flags, 226 credential_flags,
232 max_delegation_depth, 227 &handle_verify_result,
233 &handle_lookup_result,
234 NULL); 228 NULL);
235 return; 229 return;
236 } 230 }
diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c
index de0592637..114041be1 100644
--- a/src/credential/gnunet-service-credential.c
+++ b/src/credential/gnunet-service-credential.c
@@ -45,17 +45,17 @@
45/** 45/**
46 * DLL for record 46 * DLL for record
47 */ 47 */
48struct CredentialRecordEntry 48struct AttributeRecordEntry
49{ 49{
50 /** 50 /**
51 * DLL 51 * DLL
52 */ 52 */
53 struct CredentialRecordEntry *next; 53 struct AttributeRecordEntry *next;
54 54
55 /** 55 /**
56 * DLL 56 * DLL
57 */ 57 */
58 struct CredentialRecordEntry *prev; 58 struct AttributeRecordEntry *prev;
59 59
60 60
61 /** 61 /**
@@ -67,18 +67,18 @@ struct CredentialRecordEntry
67/** 67/**
68 * Handle to a lookup operation from api 68 * Handle to a lookup operation from api
69 */ 69 */
70struct ClientLookupHandle 70struct VerifyRequestHandle
71{ 71{
72 72
73 /** 73 /**
74 * We keep these in a DLL. 74 * We keep these in a DLL.
75 */ 75 */
76 struct ClientLookupHandle *next; 76 struct VerifyRequestHandle *next;
77 77
78 /** 78 /**
79 * We keep these in a DLL. 79 * We keep these in a DLL.
80 */ 80 */
81 struct ClientLookupHandle *prev; 81 struct VerifyRequestHandle *prev;
82 82
83 /** 83 /**
84 * Handle to the requesting client 84 * Handle to the requesting client
@@ -91,19 +91,24 @@ struct ClientLookupHandle
91 struct GNUNET_GNS_LookupRequest *lookup_request; 91 struct GNUNET_GNS_LookupRequest *lookup_request;
92 92
93 /** 93 /**
94 * Authority public key 94 * Issuer public key
95 */ 95 */
96 struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; 96 struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key;
97 97
98 /** 98 /**
99 * Credential Chain 99 * Subject public key
100 */ 100 */
101 struct CredentialRecordEntry *cred_chain_head; 101 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
102 102
103 /** 103 /**
104 * Credential Chain 104 * Attribute Chain
105 */ 105 */
106 struct CredentialRecordEntry *cred_chain_tail; 106 struct AttributeRecordEntry *attr_chain_head;
107
108 /**
109 * Attribute Chain
110 */
111 struct AttributeRecordEntry *attr_chain_tail;
107 112
108 /** 113 /**
109 * request id 114 * request id
@@ -116,12 +121,12 @@ struct ClientLookupHandle
116/** 121/**
117 * Head of the DLL. 122 * Head of the DLL.
118 */ 123 */
119static struct ClientLookupHandle *clh_head; 124static struct VerifyRequestHandle *vrh_head;
120 125
121/** 126/**
122 * Tail of the DLL. 127 * Tail of the DLL.
123 */ 128 */
124static struct ClientLookupHandle *clh_tail; 129static struct VerifyRequestHandle *vrh_tail;
125 130
126/** 131/**
127 * Handle to the statistics service 132 * Handle to the statistics service
@@ -144,17 +149,17 @@ static struct GNUNET_GNS_Handle *gns;
144static void 149static void
145shutdown_task (void *cls) 150shutdown_task (void *cls)
146{ 151{
147 struct ClientLookupHandle *clh; 152 struct VerifyRequestHandle *vrh;
148 153
149 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 154 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
150 "Shutting down!\n"); 155 "Shutting down!\n");
151 while (NULL != (clh = clh_head)) 156 while (NULL != (vrh = vrh_head))
152 { 157 {
153 //CREDENTIAL_resolver_lookup_cancel (clh->lookup); 158 //CREDENTIAL_resolver_lookup_cancel (clh->lookup);
154 GNUNET_CONTAINER_DLL_remove (clh_head, 159 GNUNET_CONTAINER_DLL_remove (vrh_head,
155 clh_tail, 160 vrh_tail,
156 clh); 161 vrh);
157 GNUNET_free (clh); 162 GNUNET_free (vrh);
158 } 163 }
159 164
160 165
@@ -168,28 +173,38 @@ shutdown_task (void *cls)
168} 173}
169 174
170/** 175/**
171 * Checks a #GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP message 176 * Checks a #GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY message
172 * 177 *
173 * @param cls client sending the message 178 * @param cls client sending the message
174 * @param l_msg message of type `struct LookupMessage` 179 * @param v_msg message of type `struct VerifyMessage`
175 * @return #GNUNET_OK if @a l_msg is well-formed 180 * @return #GNUNET_OK if @a v_msg is well-formed
176 */ 181 */
177static int 182static int
178check_lookup (void *cls, 183check_verify (void *cls,
179 const struct LookupMessage *l_msg) 184 const struct VerifyMessage *v_msg)
180{ 185{
181 size_t msg_size; 186 size_t msg_size;
182 const char* cred; 187 size_t attr_len;
188 const char* s_attr;
189 const char* i_attr;
183 190
184 msg_size = ntohs (l_msg->header.size); 191 msg_size = ntohs (v_msg->header.size);
185 if (msg_size < sizeof (struct LookupMessage)) 192 if (msg_size < sizeof (struct VerifyMessage))
193 {
194 GNUNET_break (0);
195 return GNUNET_SYSERR;
196 }
197 i_attr = (const char *) &v_msg[1];
198 if ( ('\0' != i_attr[v_msg->header.size - sizeof (struct VerifyMessage) - 1]) ||
199 (strlen (i_attr) > GNUNET_CREDENTIAL_MAX_LENGTH) )
186 { 200 {
187 GNUNET_break (0); 201 GNUNET_break (0);
188 return GNUNET_SYSERR; 202 return GNUNET_SYSERR;
189 } 203 }
190 cred = (const char *) &l_msg[1]; 204 attr_len = strlen (i_attr);
191 if ( ('\0' != cred[l_msg->header.size - sizeof (struct LookupMessage) - 1]) || 205 s_attr = ((const char *) &v_msg[1]) + attr_len + 1;
192 (strlen (cred) > GNUNET_CREDENTIAL_MAX_LENGTH) ) 206 if ( ('\0' != s_attr[v_msg->header.size - sizeof (struct VerifyMessage) - 1]) ||
207 (strlen (s_attr) > GNUNET_CREDENTIAL_MAX_LENGTH) )
193 { 208 {
194 GNUNET_break (0); 209 GNUNET_break (0);
195 return GNUNET_SYSERR; 210 return GNUNET_SYSERR;
@@ -199,7 +214,7 @@ check_lookup (void *cls,
199 214
200 215
201/** 216/**
202 * Reply to client with the result from our lookup. 217 * Result from GNS lookup.
203 * 218 *
204 * @param cls the closure (our client lookup handle) 219 * @param cls the closure (our client lookup handle)
205 * @param rd_count the number of records in @a rd 220 * @param rd_count the number of records in @a rd
@@ -210,139 +225,147 @@ send_lookup_response (void* cls,
210 uint32_t rd_count, 225 uint32_t rd_count,
211 const struct GNUNET_GNSRECORD_Data *rd) 226 const struct GNUNET_GNSRECORD_Data *rd)
212{ 227{
213 struct ClientLookupHandle *clh = cls; 228 struct VerifyRequestHandle *vrh = cls;
214 size_t len; 229 size_t len;
215 int i; 230 int i;
216 int cred_record_count; 231 int attr_record_count;
217 struct GNUNET_MQ_Envelope *env; 232 struct GNUNET_MQ_Envelope *env;
218 struct LookupResultMessage *rmsg; 233 struct VerifyResultMessage *rmsg;
219 const struct GNUNET_CREDENTIAL_RecordData *crd; 234 const struct GNUNET_CREDENTIAL_RecordData *ard;
220 struct CredentialRecordEntry *cr_entry; 235 struct AttributeRecordEntry *ar_entry;
221 236
222 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 237 attr_record_count = 0;
223 "Sending LOOKUP_RESULT message with %u results\n",
224 (unsigned int) rd_count);
225
226 cred_record_count = 0;
227 for (i=0; i < rd_count; i++) 238 for (i=0; i < rd_count; i++)
228 { 239 {
229 if (GNUNET_GNSRECORD_TYPE_CREDENTIAL != rd[i].record_type) 240 if (GNUNET_GNSRECORD_TYPE_ATTRIBUTE != rd[i].record_type)
230 continue; 241 continue;
231 cred_record_count++; 242 attr_record_count++;
232 crd = rd[i].data; 243 ard = rd[i].data;
233 /** 244 /**
234 * TODO: Check for: 245 * TODO:
235 * - First time we come here subject must be subject prvided by client 246 * Check if we have already found our credential here
236 * - After that is has to be the prev issuer 247 * If so return success
237 * - Terminate condition: issuer is clh->authority_key 248 * Else
238 * 249 * Save all found attributes/issues and prepare forward
239 * In any case: 250 * resolution of issuer attribute
240 * Append crd to result list of RecordData
241 */ 251 */
242 cr_entry = GNUNET_new (struct CredentialRecordEntry); 252 ar_entry = GNUNET_new (struct AttributeRecordEntry);
243 cr_entry->record_data = *crd; 253 ar_entry->record_data = *ard;
244 GNUNET_CONTAINER_DLL_insert_tail (clh->cred_chain_head, 254 GNUNET_CONTAINER_DLL_insert_tail (vrh->attr_chain_head,
245 clh->cred_chain_tail, 255 vrh->attr_chain_tail,
246 cr_entry); 256 ar_entry);
247 257
248 } 258 }
249 259
250 /** 260 /**
251 * Get serialized record data size 261 * Get serialized record data size
252 */ 262 */
253 len = cred_record_count * sizeof (struct GNUNET_CREDENTIAL_RecordData); 263 len = attr_record_count * sizeof (struct GNUNET_CREDENTIAL_RecordData);
254 264
255 /** 265 /**
256 * Prepare a lookup result response message for the client 266 * Prepare a lookup result response message for the client
257 */ 267 */
258 env = GNUNET_MQ_msg_extra (rmsg, 268 env = GNUNET_MQ_msg_extra (rmsg,
259 len, 269 len,
260 GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP_RESULT); 270 GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT);
261 //Assign id so that client can find associated request 271 //Assign id so that client can find associated request
262 rmsg->id = clh->request_id; 272 rmsg->id = vrh->request_id;
263 rmsg->cd_count = htonl (cred_record_count); 273 rmsg->ad_count = htonl (attr_record_count);
264 274
265 /** 275 /**
266 * Get serialized record data 276 * Get serialized record data
267 * Append at the end of rmsg 277 * Append at the end of rmsg
268 */ 278 */
269 i = 0; 279 i = 0;
270 struct GNUNET_CREDENTIAL_RecordData *tmp_record = (struct GNUNET_CREDENTIAL_RecordData*) &rmsg[1]; 280 struct GNUNET_CREDENTIAL_RecordData *tmp_record = (struct GNUNET_CREDENTIAL_RecordData*) &rmsg[1];
271 for (cr_entry = clh->cred_chain_head; NULL != cr_entry; cr_entry = cr_entry->next) 281 for (ar_entry = vrh->attr_chain_head; NULL != ar_entry; ar_entry = ar_entry->next)
272 { 282 {
273 memcpy (tmp_record, 283 memcpy (tmp_record,
274 &cr_entry->record_data, 284 &ar_entry->record_data,
275 sizeof (struct GNUNET_CREDENTIAL_RecordData)); 285 sizeof (struct GNUNET_CREDENTIAL_RecordData));
276 tmp_record++; 286 tmp_record++;
277 } 287 }
278 GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(clh->client), 288 GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(vrh->client),
279 env); 289 env);
280 290
281 GNUNET_CONTAINER_DLL_remove (clh_head, clh_tail, clh); 291 GNUNET_CONTAINER_DLL_remove (vrh_head, vrh_tail, vrh);
282 292
283 /** 293 /**
284 * TODO: 294 * TODO:
285 * - Free DLL 295 * - Free DLL
286 * - Refactor into cleanup_handle() function for this 296 * - Refactor into cleanup_handle() function for this
287 */ 297 */
288 GNUNET_free (clh); 298 GNUNET_free (vrh);
289 299
290 GNUNET_STATISTICS_update (statistics, 300 GNUNET_STATISTICS_update (statistics,
291 "Completed lookups", 1, 301 "Completed verifications", 1,
292 GNUNET_NO); 302 GNUNET_NO);
293 GNUNET_STATISTICS_update (statistics, 303 GNUNET_STATISTICS_update (statistics,
294 "Records resolved", 304 "Attributes resolved",
295 rd_count, 305 rd_count,
296 GNUNET_NO); 306 GNUNET_NO);
297} 307}
298 308
299/** 309/**
300 * Handle lookup requests from client 310 * Handle attribute verification requests from client
301 * 311 *
302 * @param cls the closure 312 * @param cls the closure
303 * @param client the client 313 * @param client the client
304 * @param message the message 314 * @param message the message
305 */ 315 */
306static void 316static void
307handle_lookup (void *cls, 317handle_verify (void *cls,
308 const struct LookupMessage *l_msg) 318 const struct VerifyMessage *v_msg)
309{ 319{
310 char credential[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; 320 char issuer_attribute[GNUNET_CREDENTIAL_MAX_LENGTH + 1];
311 struct ClientLookupHandle *clh; 321 char subject_attribute[GNUNET_CREDENTIAL_MAX_LENGTH + 1];
322 size_t issuer_attribute_len;
323 struct VerifyRequestHandle *vrh;
312 struct GNUNET_SERVICE_Client *client = cls; 324 struct GNUNET_SERVICE_Client *client = cls;
313 char *credentialptr = credential; 325 char *attrptr = issuer_attribute;
314 const char *utf_in; 326 const char *utf_in;
315 327
316 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 328 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
317 "Received LOOKUP message\n"); 329 "Received VERIFY message\n");
318 330
319 utf_in = (const char *) &l_msg[1]; 331 utf_in = (const char *) &v_msg[1];
320 GNUNET_STRINGS_utf8_tolower (utf_in, credentialptr); 332 GNUNET_STRINGS_utf8_tolower (utf_in, attrptr);
321 clh = GNUNET_new (struct ClientLookupHandle); 333 issuer_attribute_len = strlen (utf_in);
322 GNUNET_CONTAINER_DLL_insert (clh_head, clh_tail, clh); 334 utf_in = (const char *) (&v_msg[1] + issuer_attribute_len + 1);
323 clh->client = client; 335 attrptr = subject_attribute;
324 clh->request_id = l_msg->id; 336 GNUNET_STRINGS_utf8_tolower (utf_in, attrptr);
325 clh->issuer_key = l_msg->issuer_key; 337 vrh = GNUNET_new (struct VerifyRequestHandle);
326 338 GNUNET_CONTAINER_DLL_insert (vrh_head, vrh_tail, vrh);
327 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 339 vrh->client = client;
328 "Sending LOOKUP_RESULT message with >%u results\n", 340 vrh->request_id = v_msg->id;
329 0); 341 vrh->issuer_key = v_msg->issuer_key;
330 342 vrh->subject_key = v_msg->subject_key;
331 if (NULL == credential) 343
344 if (NULL == subject_attribute)
332 { 345 {
333 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 346 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
334 "No credential provided\n"); 347 "No subject attribute provided!\n");
335 send_lookup_response (clh, 0, NULL); 348 send_lookup_response (vrh, 0, NULL);
336 return; 349 return;
337 } 350 }
338 clh->lookup_request = GNUNET_GNS_lookup (gns, 351 if (NULL == issuer_attribute)
339 credential, 352 {
340 &l_msg->subject_key, //subject_pkey, 353 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
341 GNUNET_GNSRECORD_TYPE_CREDENTIAL, 354 "No issuer attribute provided!\n");
342 GNUNET_GNS_LO_DEFAULT, //TODO configurable? credential.conf 355 send_lookup_response (vrh, 0, NULL);
356 return;
357 }
358 /**
359 * First, get attribute from subject
360 */
361 vrh->lookup_request = GNUNET_GNS_lookup (gns,
362 subject_attribute,
363 &v_msg->subject_key, //subject_pkey,
364 GNUNET_GNSRECORD_TYPE_ATTRIBUTE,
365 GNUNET_GNS_LO_DEFAULT,
343 NULL, //shorten_key, always NULL 366 NULL, //shorten_key, always NULL
344 &send_lookup_response, 367 &send_lookup_response,
345 clh); 368 vrh);
346} 369}
347 370
348 371
@@ -416,9 +439,9 @@ GNUNET_SERVICE_MAIN
416 &client_connect_cb, 439 &client_connect_cb,
417 &client_disconnect_cb, 440 &client_disconnect_cb,
418 NULL, 441 NULL,
419 GNUNET_MQ_hd_var_size (lookup, 442 GNUNET_MQ_hd_var_size (verify,
420 GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP, 443 GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY,
421 struct LookupMessage, 444 struct VerifyMessage,
422 NULL), 445 NULL),
423 GNUNET_MQ_handler_end()); 446 GNUNET_MQ_handler_end());
424 447
diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c
index 6ae3b8980..3ff00737b 100644
--- a/src/credential/plugin_gnsrecord_credential.c
+++ b/src/credential/plugin_gnsrecord_credential.c
@@ -58,7 +58,6 @@ credential_value_to_string (void *cls,
58 char *subject_pkey; 58 char *subject_pkey;
59 char *issuer_pkey; 59 char *issuer_pkey;
60 uint32_t cf; // Credential flags 60 uint32_t cf; // Credential flags
61 uint32_t mdd; // Max delegation depth
62 if (data_size < sizeof (struct GNUNET_CREDENTIAL_RecordData)) 61 if (data_size < sizeof (struct GNUNET_CREDENTIAL_RecordData))
63 return NULL; /* malformed */ 62 return NULL; /* malformed */
64 memcpy (&cred, 63 memcpy (&cred,
@@ -68,14 +67,12 @@ credential_value_to_string (void *cls,
68 subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.subject_key); 67 subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.subject_key);
69 issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.issuer_key); 68 issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.issuer_key);
70 cf = ntohl (cred.credential_flags); 69 cf = ntohl (cred.credential_flags);
71 mdd = ntohl (cred.max_delegation_depth);
72 70
73 GNUNET_asprintf (&cred_str, 71 GNUNET_asprintf (&cred_str,
74 "%s %s %u %u %s", 72 "%s %s %u %s",
75 subject_pkey, 73 subject_pkey,
76 issuer_pkey, 74 issuer_pkey,
77 (unsigned int) cf, 75 (unsigned int) cf,
78 (unsigned int) mdd,
79 &cdata[sizeof (cred)]); 76 &cdata[sizeof (cred)]);
80 GNUNET_free (subject_pkey); 77 GNUNET_free (subject_pkey);
81 GNUNET_free (issuer_pkey); 78 GNUNET_free (issuer_pkey);
@@ -112,26 +109,24 @@ credential_string_to_value (void *cls,
112 return GNUNET_SYSERR; 109 return GNUNET_SYSERR;
113 switch (type) 110 switch (type)
114 { 111 {
115 case GNUNET_GNSRECORD_TYPE_CREDENTIAL: 112 case GNUNET_GNSRECORD_TYPE_CREDENTIAL:
116 { 113 {
117 struct GNUNET_CREDENTIAL_RecordData *cred; 114 struct GNUNET_CREDENTIAL_RecordData *cred;
118 unsigned int cf; // credential flags 115 unsigned int cf; // credential flags
119 unsigned int mdd; // max delegation depth
120 116
121 size_t enclen = (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8; 117 size_t enclen = (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8;
122 if (enclen % 5 > 0) 118 if (enclen % 5 > 0)
123 enclen += 5 - enclen % 5; 119 enclen += 5 - enclen % 5;
124 enclen /= 5; /* 260/5 = 52 */ 120 enclen /= 5; /* 260/5 = 52 */
125 char subject_pkey[enclen + 1]; 121 char subject_pkey[enclen + 1];
126 char issuer_pkey[enclen + 1]; 122 char issuer_pkey[enclen + 1];
127 char name[253 + 1]; 123 char name[253 + 1];
128 124
129 if (5 != SSCANF (s, 125 if (5 != SSCANF (s,
130 "%52s %52s %u %u %253s", 126 "%52s %52s %u %253s",
131 subject_pkey, 127 subject_pkey,
132 issuer_pkey, 128 issuer_pkey,
133 &cf, 129 &cf,
134 &mdd,
135 name)) 130 name))
136 { 131 {
137 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 132 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
@@ -148,18 +143,17 @@ credential_string_to_value (void *cls,
148 strlen (issuer_pkey), 143 strlen (issuer_pkey),
149 &cred->issuer_key); 144 &cred->issuer_key);
150 cred->credential_flags = htonl (cf); 145 cred->credential_flags = htonl (cf);
151 cred->max_delegation_depth = htonl (mdd);
152 GNUNET_memcpy (&cred[1], 146 GNUNET_memcpy (&cred[1],
153 name, 147 name,
154 strlen (name)); 148 strlen (name));
155 149
156 150
157 *data = GNUNET_strdup (s); 151 *data = GNUNET_strdup (s);
158 *data_size = strlen (s); 152 *data_size = strlen (s);
159 return GNUNET_OK; 153 return GNUNET_OK;
160 } 154 }
161 default: 155 default:
162 return GNUNET_SYSERR; 156 return GNUNET_SYSERR;
163 } 157 }
164} 158}
165 159
@@ -186,13 +180,13 @@ static struct {
186 */ 180 */
187static uint32_t 181static uint32_t
188credential_typename_to_number (void *cls, 182credential_typename_to_number (void *cls,
189 const char *gns_typename) 183 const char *gns_typename)
190{ 184{
191 unsigned int i; 185 unsigned int i;
192 186
193 i=0; 187 i=0;
194 while ( (name_map[i].name != NULL) && 188 while ( (name_map[i].name != NULL) &&
195 (0 != strcasecmp (gns_typename, name_map[i].name)) ) 189 (0 != strcasecmp (gns_typename, name_map[i].name)) )
196 i++; 190 i++;
197 return name_map[i].number; 191 return name_map[i].number;
198} 192}
@@ -207,13 +201,13 @@ credential_typename_to_number (void *cls,
207 */ 201 */
208static const char * 202static const char *
209credential_number_to_typename (void *cls, 203credential_number_to_typename (void *cls,
210 uint32_t type) 204 uint32_t type)
211{ 205{
212 unsigned int i; 206 unsigned int i;
213 207
214 i=0; 208 i=0;
215 while ( (name_map[i].name != NULL) && 209 while ( (name_map[i].name != NULL) &&
216 (type != name_map[i].number) ) 210 (type != name_map[i].number) )
217 i++; 211 i++;
218 return name_map[i].name; 212 return name_map[i].name;
219} 213}