diff options
author | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2016-12-18 16:52:59 +0100 |
---|---|---|
committer | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2016-12-18 16:52:59 +0100 |
commit | 33e847bf4edc06be68589467d0f6a31c07d911ac (patch) | |
tree | d635352dbea2aa448395d52703351ec8c7242fe4 /src/credential | |
parent | 9c5ecc381458c941fdb70f1f4a47e76daac4eda5 (diff) | |
download | gnunet-33e847bf4edc06be68589467d0f6a31c07d911ac.tar.gz gnunet-33e847bf4edc06be68589467d0f6a31c07d911ac.zip |
-fixes
Diffstat (limited to 'src/credential')
-rw-r--r-- | src/credential/Makefile.am | 5 | ||||
-rw-r--r-- | src/credential/credential.h | 76 | ||||
-rw-r--r-- | src/credential/credential_api.c | 48 | ||||
-rw-r--r-- | src/credential/credential_serialization.c | 159 | ||||
-rw-r--r-- | src/credential/credential_serialization.h | 20 | ||||
-rw-r--r-- | src/credential/gnunet-credential.c | 21 | ||||
-rw-r--r-- | src/credential/gnunet-service-credential.c | 150 | ||||
-rw-r--r-- | src/credential/plugin_gnsrecord_credential.c | 115 | ||||
-rw-r--r-- | src/credential/plugin_rest_credential.c | 258 | ||||
-rwxr-xr-x | src/credential/test_credential_issue.sh | 4 | ||||
-rw-r--r-- | src/credential/test_credential_lookup.conf | 2 | ||||
-rwxr-xr-x | src/credential/test_credential_verify_simple.sh | 2 |
12 files changed, 532 insertions, 328 deletions
diff --git a/src/credential/Makefile.am b/src/credential/Makefile.am index 5f3b60270..0d9aed71b 100644 --- a/src/credential/Makefile.am +++ b/src/credential/Makefile.am | |||
@@ -74,8 +74,9 @@ gnunet_service_credential_LDADD = \ | |||
74 | 74 | ||
75 | 75 | ||
76 | libgnunetcredential_la_SOURCES = \ | 76 | libgnunetcredential_la_SOURCES = \ |
77 | credential_api.c credential.h \ | 77 | credential_api.c \ |
78 | credential_serialization.c | 78 | credential_serialization.c \ |
79 | credential_misc.c | ||
79 | libgnunetcredential_la_LIBADD = \ | 80 | libgnunetcredential_la_LIBADD = \ |
80 | $(top_builddir)/src/util/libgnunetutil.la $(XLIB) | 81 | $(top_builddir)/src/util/libgnunetutil.la $(XLIB) |
81 | libgnunetcredential_la_LDFLAGS = \ | 82 | libgnunetcredential_la_LDFLAGS = \ |
diff --git a/src/credential/credential.h b/src/credential/credential.h index 3ba8e9c9e..c5c0183cc 100644 --- a/src/credential/credential.h +++ b/src/credential/credential.h | |||
@@ -103,6 +103,82 @@ struct VerifyResultMessage | |||
103 | 103 | ||
104 | }; | 104 | }; |
105 | 105 | ||
106 | struct DelegationRecordData | ||
107 | { | ||
108 | /** | ||
109 | * Subject key | ||
110 | */ | ||
111 | struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; | ||
112 | |||
113 | /** | ||
114 | * Subject attributes | ||
115 | */ | ||
116 | uint32_t subject_attribute_len GNUNET_PACKED; | ||
117 | }; | ||
118 | |||
119 | |||
120 | struct ChainEntry | ||
121 | { | ||
122 | /** | ||
123 | * Issuer key | ||
124 | */ | ||
125 | struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; | ||
126 | |||
127 | /** | ||
128 | * Subject key | ||
129 | */ | ||
130 | struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; | ||
131 | |||
132 | /** | ||
133 | * Issuer attributes | ||
134 | */ | ||
135 | uint32_t issuer_attribute_len GNUNET_PACKED; | ||
136 | |||
137 | /** | ||
138 | * Subject attributes | ||
139 | */ | ||
140 | uint32_t subject_attribute_len GNUNET_PACKED; | ||
141 | }; | ||
142 | |||
143 | |||
144 | struct CredentialEntry | ||
145 | { | ||
146 | |||
147 | /** | ||
148 | * The signature for this credential by the issuer | ||
149 | */ | ||
150 | struct GNUNET_CRYPTO_EcdsaSignature signature; | ||
151 | |||
152 | /** | ||
153 | * Signature meta | ||
154 | */ | ||
155 | struct GNUNET_CRYPTO_EccSignaturePurpose purpose; | ||
156 | |||
157 | /** | ||
158 | * Public key of the issuer | ||
159 | */ | ||
160 | struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; | ||
161 | |||
162 | /** | ||
163 | * Public key of the subject this credential was issued to | ||
164 | */ | ||
165 | struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; | ||
166 | |||
167 | /** | ||
168 | * Expiration time of this credential | ||
169 | */ | ||
170 | uint64_t expiration GNUNET_PACKED; | ||
171 | |||
172 | /** | ||
173 | * Issuer attribute length | ||
174 | */ | ||
175 | uint32_t issuer_attribute_len; | ||
176 | |||
177 | /** | ||
178 | * Followed by the attribute string | ||
179 | */ | ||
180 | }; | ||
181 | |||
106 | 182 | ||
107 | GNUNET_NETWORK_STRUCT_END | 183 | GNUNET_NETWORK_STRUCT_END |
108 | 184 | ||
diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index d9e01c1d3..e991b4153 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c | |||
@@ -430,52 +430,4 @@ GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, | |||
430 | return vr; | 430 | return vr; |
431 | } | 431 | } |
432 | 432 | ||
433 | /** | ||
434 | * Issue an attribute to a subject | ||
435 | * | ||
436 | * @param handle handle to the Credential service | ||
437 | * @param issuer the ego that should be used to issue the attribute | ||
438 | * @param subject the subject of the attribute | ||
439 | * @param attribute the name of the attribute | ||
440 | * @return handle to the queued request | ||
441 | */ | ||
442 | struct GNUNET_CREDENTIAL_CredentialRecordData * | ||
443 | GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle, | ||
444 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | ||
445 | struct GNUNET_CRYPTO_EcdsaPublicKey *subject, | ||
446 | const char *attribute, | ||
447 | struct GNUNET_TIME_Absolute *expiration) | ||
448 | { | ||
449 | struct GNUNET_CREDENTIAL_CredentialRecordData *crd; | ||
450 | |||
451 | crd = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (attribute) + 1); | ||
452 | |||
453 | crd->purpose.size = htonl (strlen (attribute) + 1 + | ||
454 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + | ||
455 | sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | ||
456 | sizeof (uint64_t)); | ||
457 | |||
458 | crd->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); | ||
459 | GNUNET_CRYPTO_ecdsa_key_get_public (issuer, | ||
460 | &crd->issuer_key); | ||
461 | crd->subject_key = *subject; | ||
462 | crd->expiration = GNUNET_htonll (expiration->abs_value_us); | ||
463 | GNUNET_memcpy (&crd[1], | ||
464 | attribute, | ||
465 | strlen (attribute)); | ||
466 | if (GNUNET_OK != | ||
467 | GNUNET_CRYPTO_ecdsa_sign (issuer, | ||
468 | &crd->purpose, | ||
469 | &crd->signature)) | ||
470 | { | ||
471 | GNUNET_break (0); | ||
472 | GNUNET_free (crd); | ||
473 | return NULL; | ||
474 | } | ||
475 | return crd; | ||
476 | } | ||
477 | |||
478 | |||
479 | |||
480 | |||
481 | /* end of credential_api.c */ | 433 | /* end of credential_api.c */ |
diff --git a/src/credential/credential_serialization.c b/src/credential/credential_serialization.c index b08920d96..0586e6baa 100644 --- a/src/credential/credential_serialization.c +++ b/src/credential/credential_serialization.c | |||
@@ -29,48 +29,8 @@ | |||
29 | #include "gnunet_util_lib.h" | 29 | #include "gnunet_util_lib.h" |
30 | #include "gnunet_constants.h" | 30 | #include "gnunet_constants.h" |
31 | #include "gnunet_credential_service.h" | 31 | #include "gnunet_credential_service.h" |
32 | 32 | #include "gnunet_signatures.h" | |
33 | GNUNET_NETWORK_STRUCT_BEGIN | 33 | #include "credential.h" |
34 | |||
35 | struct DelegationRecordData | ||
36 | { | ||
37 | /** | ||
38 | * Subject key | ||
39 | */ | ||
40 | struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; | ||
41 | |||
42 | /** | ||
43 | * Subject attributes | ||
44 | */ | ||
45 | uint32_t subject_attribute_len GNUNET_PACKED; | ||
46 | }; | ||
47 | |||
48 | |||
49 | struct ChainEntry | ||
50 | { | ||
51 | /** | ||
52 | * Issuer key | ||
53 | */ | ||
54 | struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; | ||
55 | |||
56 | /** | ||
57 | * Subject key | ||
58 | */ | ||
59 | struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; | ||
60 | |||
61 | /** | ||
62 | * Issuer attributes | ||
63 | */ | ||
64 | uint32_t issuer_attribute_len GNUNET_PACKED; | ||
65 | |||
66 | /** | ||
67 | * Subject attributes | ||
68 | */ | ||
69 | uint32_t subject_attribute_len GNUNET_PACKED; | ||
70 | }; | ||
71 | |||
72 | GNUNET_NETWORK_STRUCT_END | ||
73 | |||
74 | 34 | ||
75 | /** | 35 | /** |
76 | * Calculate how many bytes we will need to serialize | 36 | * Calculate how many bytes we will need to serialize |
@@ -83,7 +43,7 @@ GNUNET_NETWORK_STRUCT_END | |||
83 | */ | 43 | */ |
84 | size_t | 44 | size_t |
85 | GNUNET_CREDENTIAL_delegation_set_get_size (unsigned int ds_count, | 45 | GNUNET_CREDENTIAL_delegation_set_get_size (unsigned int ds_count, |
86 | const struct GNUNET_CREDENTIAL_DelegationSetRecord *dsr) | 46 | const struct GNUNET_CREDENTIAL_DelegationSet *dsr) |
87 | { | 47 | { |
88 | unsigned int i; | 48 | unsigned int i; |
89 | size_t ret; | 49 | size_t ret; |
@@ -110,7 +70,7 @@ GNUNET_CREDENTIAL_delegation_set_get_size (unsigned int ds_count, | |||
110 | */ | 70 | */ |
111 | ssize_t | 71 | ssize_t |
112 | GNUNET_CREDENTIAL_delegation_set_serialize (unsigned int d_count, | 72 | GNUNET_CREDENTIAL_delegation_set_serialize (unsigned int d_count, |
113 | const struct GNUNET_CREDENTIAL_DelegationSetRecord *dsr, | 73 | const struct GNUNET_CREDENTIAL_DelegationSet *dsr, |
114 | size_t dest_size, | 74 | size_t dest_size, |
115 | char *dest) | 75 | char *dest) |
116 | { | 76 | { |
@@ -156,7 +116,7 @@ int | |||
156 | GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len, | 116 | GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len, |
157 | const char *src, | 117 | const char *src, |
158 | unsigned int d_count, | 118 | unsigned int d_count, |
159 | struct GNUNET_CREDENTIAL_DelegationSetRecord *dsr) | 119 | struct GNUNET_CREDENTIAL_DelegationSet *dsr) |
160 | { | 120 | { |
161 | struct DelegationRecordData rec; | 121 | struct DelegationRecordData rec; |
162 | unsigned int i; | 122 | unsigned int i; |
@@ -173,7 +133,7 @@ GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len, | |||
173 | dsr[i].subject_attribute_len = ntohl ((uint32_t) rec.subject_attribute_len); | 133 | dsr[i].subject_attribute_len = ntohl ((uint32_t) rec.subject_attribute_len); |
174 | if (off + dsr[i].subject_attribute_len > len) | 134 | if (off + dsr[i].subject_attribute_len > len) |
175 | return GNUNET_SYSERR; | 135 | return GNUNET_SYSERR; |
176 | dsr[i].subject_attribute = &src[off]; | 136 | dsr[i].subject_attribute = (char*)&src[off]; |
177 | off += dsr[i].subject_attribute_len; | 137 | off += dsr[i].subject_attribute_len; |
178 | } | 138 | } |
179 | return GNUNET_OK; | 139 | return GNUNET_OK; |
@@ -198,7 +158,7 @@ GNUNET_CREDENTIAL_delegation_chain_get_size (unsigned int d_count, | |||
198 | size_t ret; | 158 | size_t ret; |
199 | 159 | ||
200 | ret = sizeof (struct ChainEntry) * (d_count); | 160 | ret = sizeof (struct ChainEntry) * (d_count); |
201 | ret += sizeof (struct ChainEntry) * (c_count); | 161 | ret += sizeof (struct CredentialEntry) * (c_count); |
202 | 162 | ||
203 | for (i=0; i<d_count;i++) | 163 | for (i=0; i<d_count;i++) |
204 | { | 164 | { |
@@ -235,6 +195,7 @@ GNUNET_CREDENTIAL_delegation_chain_serialize (unsigned int d_count, | |||
235 | char *dest) | 195 | char *dest) |
236 | { | 196 | { |
237 | struct ChainEntry rec; | 197 | struct ChainEntry rec; |
198 | struct CredentialEntry c_rec; | ||
238 | unsigned int i; | 199 | unsigned int i; |
239 | size_t off; | 200 | size_t off; |
240 | 201 | ||
@@ -268,16 +229,19 @@ GNUNET_CREDENTIAL_delegation_chain_serialize (unsigned int d_count, | |||
268 | } | 229 | } |
269 | for (i=0;i<c_count;i++) | 230 | for (i=0;i<c_count;i++) |
270 | { | 231 | { |
271 | rec.issuer_attribute_len = htonl ((uint32_t) cd[i].issuer_attribute_len); | 232 | c_rec.issuer_attribute_len = htonl ((uint32_t) cd[i].issuer_attribute_len); |
272 | rec.subject_attribute_len = htonl (0); | 233 | c_rec.issuer_key = cd[i].issuer_key; |
273 | rec.issuer_key = cd[i].issuer_key; | 234 | c_rec.subject_key = cd[i].subject_key; |
274 | rec.subject_key = cd[i].subject_key; | 235 | c_rec.signature = cd[i].signature; |
275 | if (off + sizeof (rec) > dest_size) | 236 | c_rec.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); |
237 | c_rec.purpose.size = htonl ((sizeof (struct CredentialEntry) + cd[i].issuer_attribute_len) - sizeof (struct GNUNET_CRYPTO_EcdsaSignature)); | ||
238 | c_rec.expiration = htonl ((uint32_t) cd[i].expiration.abs_value_us); | ||
239 | if (off + sizeof (c_rec) > dest_size) | ||
276 | return -1; | 240 | return -1; |
277 | GNUNET_memcpy (&dest[off], | 241 | GNUNET_memcpy (&dest[off], |
278 | &rec, | 242 | &c_rec, |
279 | sizeof (rec)); | 243 | sizeof (c_rec)); |
280 | off += sizeof (rec); | 244 | off += sizeof (c_rec); |
281 | if (off + cd[i].issuer_attribute_len > dest_size) | 245 | if (off + cd[i].issuer_attribute_len > dest_size) |
282 | return -1; | 246 | return -1; |
283 | GNUNET_memcpy (&dest[off], | 247 | GNUNET_memcpy (&dest[off], |
@@ -310,6 +274,7 @@ GNUNET_CREDENTIAL_delegation_chain_deserialize (size_t len, | |||
310 | struct GNUNET_CREDENTIAL_Credential *cd) | 274 | struct GNUNET_CREDENTIAL_Credential *cd) |
311 | { | 275 | { |
312 | struct ChainEntry rec; | 276 | struct ChainEntry rec; |
277 | struct CredentialEntry c_rec; | ||
313 | unsigned int i; | 278 | unsigned int i; |
314 | size_t off; | 279 | size_t off; |
315 | 280 | ||
@@ -335,13 +300,15 @@ GNUNET_CREDENTIAL_delegation_chain_deserialize (size_t len, | |||
335 | } | 300 | } |
336 | for (i=0;i<c_count;i++) | 301 | for (i=0;i<c_count;i++) |
337 | { | 302 | { |
338 | if (off + sizeof (rec) > len) | 303 | if (off + sizeof (c_rec) > len) |
339 | return GNUNET_SYSERR; | 304 | return GNUNET_SYSERR; |
340 | GNUNET_memcpy (&rec, &src[off], sizeof (rec)); | 305 | GNUNET_memcpy (&c_rec, &src[off], sizeof (c_rec)); |
341 | cd[i].issuer_attribute_len = ntohl ((uint32_t) rec.issuer_attribute_len); | 306 | cd[i].issuer_attribute_len = ntohl ((uint32_t) c_rec.issuer_attribute_len); |
342 | cd[i].issuer_key = rec.issuer_key; | 307 | cd[i].issuer_key = c_rec.issuer_key; |
343 | cd[i].subject_key = rec.subject_key; | 308 | cd[i].subject_key = c_rec.subject_key; |
344 | off += sizeof (rec); | 309 | cd[i].signature = c_rec.signature; |
310 | cd[i].expiration.abs_value_us = ntohl((uint32_t) c_rec.expiration); | ||
311 | off += sizeof (c_rec); | ||
345 | if (off + cd[i].issuer_attribute_len > len) | 312 | if (off + cd[i].issuer_attribute_len > len) |
346 | return GNUNET_SYSERR; | 313 | return GNUNET_SYSERR; |
347 | cd[i].issuer_attribute = &src[off]; | 314 | cd[i].issuer_attribute = &src[off]; |
@@ -350,4 +317,74 @@ GNUNET_CREDENTIAL_delegation_chain_deserialize (size_t len, | |||
350 | return GNUNET_OK; | 317 | return GNUNET_OK; |
351 | } | 318 | } |
352 | 319 | ||
320 | |||
321 | int | ||
322 | GNUNET_CREDENTIAL_credential_serialize (struct GNUNET_CREDENTIAL_Credential *cred, | ||
323 | char **data) | ||
324 | { | ||
325 | size_t size; | ||
326 | struct CredentialEntry *cdata; | ||
327 | |||
328 | size = sizeof (struct CredentialEntry) + strlen (cred->issuer_attribute) + 1; | ||
329 | *data = GNUNET_malloc (size); | ||
330 | cdata = (struct CredentialEntry*)*data; | ||
331 | cdata->subject_key = cred->subject_key; | ||
332 | cdata->issuer_key = cred->issuer_key; | ||
333 | cdata->expiration = GNUNET_htonll (cred->expiration.abs_value_us); | ||
334 | cdata->signature = cred->signature; | ||
335 | cdata->issuer_attribute_len = htonl (strlen (cred->issuer_attribute) + 1); | ||
336 | cdata->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); | ||
337 | cdata->purpose.size = htonl (size - sizeof (struct GNUNET_CRYPTO_EcdsaSignature)); | ||
338 | GNUNET_memcpy (&cdata[1], | ||
339 | cred->issuer_attribute, | ||
340 | strlen (cred->issuer_attribute)); | ||
341 | |||
342 | if(GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL, | ||
343 | &cdata->purpose, | ||
344 | &cdata->signature, | ||
345 | &cdata->issuer_key)) | ||
346 | { | ||
347 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
348 | "Invalid credential\n"); | ||
349 | //return NULL; | ||
350 | } | ||
351 | return size; | ||
352 | } | ||
353 | |||
354 | struct GNUNET_CREDENTIAL_Credential* | ||
355 | GNUNET_CREDENTIAL_credential_deserialize (const char* data, | ||
356 | size_t data_size) | ||
357 | { | ||
358 | struct GNUNET_CREDENTIAL_Credential *cred; | ||
359 | struct CredentialEntry *cdata; | ||
360 | char *issuer_attribute; | ||
361 | |||
362 | if (data_size < sizeof (struct CredentialEntry)) | ||
363 | return NULL; | ||
364 | cdata = (struct CredentialEntry*)data; | ||
365 | if(GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL, | ||
366 | &cdata->purpose, | ||
367 | &cdata->signature, | ||
368 | &cdata->issuer_key)) | ||
369 | { | ||
370 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
371 | "Invalid credential\n"); | ||
372 | //return NULL; | ||
373 | } | ||
374 | issuer_attribute = (char*)&cdata[1]; | ||
375 | |||
376 | cred = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_Credential) + ntohl(cdata->issuer_attribute_len)); | ||
377 | |||
378 | cred->issuer_key = cdata->issuer_key; | ||
379 | cred->subject_key = cdata->subject_key; | ||
380 | GNUNET_memcpy (&cred[1], | ||
381 | issuer_attribute, | ||
382 | ntohl (cdata->issuer_attribute_len)); | ||
383 | cred->signature = cdata->signature; | ||
384 | cred->issuer_attribute = (char*)&cred[1]; | ||
385 | cred->expiration.abs_value_us = GNUNET_ntohll (cdata->expiration); | ||
386 | return cred; | ||
387 | } | ||
388 | |||
389 | |||
353 | /* end of credential_serialization.c */ | 390 | /* end of credential_serialization.c */ |
diff --git a/src/credential/credential_serialization.h b/src/credential/credential_serialization.h index 39ac0103b..eb1327f34 100644 --- a/src/credential/credential_serialization.h +++ b/src/credential/credential_serialization.h | |||
@@ -25,6 +25,9 @@ | |||
25 | * and credentials | 25 | * and credentials |
26 | * @author Martin Schanzenbach | 26 | * @author Martin Schanzenbach |
27 | */ | 27 | */ |
28 | #ifndef CREDENTIAL_SERIALIZATION_H | ||
29 | #define CREDENTIAL_SERIALIZATION_H | ||
30 | |||
28 | #include "platform.h" | 31 | #include "platform.h" |
29 | #include "gnunet_util_lib.h" | 32 | #include "gnunet_util_lib.h" |
30 | #include "gnunet_constants.h" | 33 | #include "gnunet_constants.h" |
@@ -40,7 +43,7 @@ | |||
40 | */ | 43 | */ |
41 | size_t | 44 | size_t |
42 | GNUNET_CREDENTIAL_delegation_set_get_size (unsigned int ds_count, | 45 | GNUNET_CREDENTIAL_delegation_set_get_size (unsigned int ds_count, |
43 | const struct GNUNET_CREDENTIAL_DelegationSetRecord *dsr); | 46 | const struct GNUNET_CREDENTIAL_DelegationSet *dsr); |
44 | 47 | ||
45 | /** | 48 | /** |
46 | * Serizalize the given delegation record entries | 49 | * Serizalize the given delegation record entries |
@@ -53,7 +56,7 @@ GNUNET_CREDENTIAL_delegation_set_get_size (unsigned int ds_count, | |||
53 | */ | 56 | */ |
54 | ssize_t | 57 | ssize_t |
55 | GNUNET_CREDENTIAL_delegation_set_serialize (unsigned int d_count, | 58 | GNUNET_CREDENTIAL_delegation_set_serialize (unsigned int d_count, |
56 | const struct GNUNET_CREDENTIAL_DelegationSetRecord *dsr, | 59 | const struct GNUNET_CREDENTIAL_DelegationSet *dsr, |
57 | size_t dest_size, | 60 | size_t dest_size, |
58 | char *dest); | 61 | char *dest); |
59 | 62 | ||
@@ -71,7 +74,7 @@ int | |||
71 | GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len, | 74 | GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len, |
72 | const char *src, | 75 | const char *src, |
73 | unsigned int d_count, | 76 | unsigned int d_count, |
74 | struct GNUNET_CREDENTIAL_DelegationSetRecord *dsr); | 77 | struct GNUNET_CREDENTIAL_DelegationSet *dsr); |
75 | 78 | ||
76 | /** | 79 | /** |
77 | * Calculate how many bytes we will need to serialize | 80 | * Calculate how many bytes we will need to serialize |
@@ -127,4 +130,13 @@ GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len, | |||
127 | struct GNUNET_CREDENTIAL_Delegation *dd, | 130 | struct GNUNET_CREDENTIAL_Delegation *dd, |
128 | unsigned int c_count, | 131 | unsigned int c_count, |
129 | struct GNUNET_CREDENTIAL_Credential *cd); | 132 | struct GNUNET_CREDENTIAL_Credential *cd); |
130 | /* end of credential_serialization.h */ | 133 | |
134 | int | ||
135 | GNUNET_CREDENTIAL_credential_serialize (struct GNUNET_CREDENTIAL_Credential *cred, | ||
136 | char **data); | ||
137 | |||
138 | struct GNUNET_CREDENTIAL_Credential* | ||
139 | GNUNET_CREDENTIAL_credential_deserialize (const char* data, | ||
140 | size_t data_size); | ||
141 | #endif | ||
142 | /* end of credential_serialization.h */ | ||
diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index a743458d5..b31c2f66e 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c | |||
@@ -26,6 +26,8 @@ | |||
26 | #include <gnunet_util_lib.h> | 26 | #include <gnunet_util_lib.h> |
27 | #include <gnunet_credential_service.h> | 27 | #include <gnunet_credential_service.h> |
28 | #include <gnunet_gnsrecord_lib.h> | 28 | #include <gnunet_gnsrecord_lib.h> |
29 | #include "credential_misc.h" | ||
30 | #include "credential_serialization.h" | ||
29 | 31 | ||
30 | /** | 32 | /** |
31 | * Configuration we are using. | 33 | * Configuration we are using. |
@@ -220,7 +222,7 @@ identity_cb (void *cls, | |||
220 | const struct GNUNET_IDENTITY_Ego *ego) | 222 | const struct GNUNET_IDENTITY_Ego *ego) |
221 | { | 223 | { |
222 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; | 224 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; |
223 | struct GNUNET_CREDENTIAL_CredentialRecordData *crd; | 225 | struct GNUNET_CREDENTIAL_Credential *crd; |
224 | struct GNUNET_TIME_Absolute etime_abs; | 226 | struct GNUNET_TIME_Absolute etime_abs; |
225 | struct GNUNET_TIME_Relative etime_rel; | 227 | struct GNUNET_TIME_Relative etime_rel; |
226 | char *res; | 228 | char *res; |
@@ -261,14 +263,13 @@ identity_cb (void *cls, | |||
261 | privkey = GNUNET_IDENTITY_ego_get_private_key (ego); | 263 | privkey = GNUNET_IDENTITY_ego_get_private_key (ego); |
262 | GNUNET_free_non_null (issuer_ego_name); | 264 | GNUNET_free_non_null (issuer_ego_name); |
263 | issuer_ego_name = NULL; | 265 | issuer_ego_name = NULL; |
264 | crd = GNUNET_CREDENTIAL_issue (credential, | 266 | crd = GNUNET_CREDENTIAL_credential_issue (privkey, |
265 | privkey, | 267 | &subject_pkey, |
266 | &subject_pkey, | 268 | issuer_attr, |
267 | issuer_attr, | 269 | &etime_abs); |
268 | &etime_abs); | 270 | |
269 | res = GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_CREDENTIAL, | 271 | res = GNUNET_CREDENTIAL_credential_to_string (crd); |
270 | crd, | 272 | GNUNET_free (crd); |
271 | sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (issuer_attr) + 1); | ||
272 | printf ("%s\n", res); | 273 | printf ("%s\n", res); |
273 | GNUNET_SCHEDULER_shutdown (); | 274 | GNUNET_SCHEDULER_shutdown (); |
274 | } | 275 | } |
@@ -354,7 +355,7 @@ run (void *cls, | |||
354 | _("You must provide issuer and subject attributes\n")); | 355 | _("You must provide issuer and subject attributes\n")); |
355 | GNUNET_SCHEDULER_shutdown (); | 356 | GNUNET_SCHEDULER_shutdown (); |
356 | } | 357 | } |
357 | 358 | ||
358 | printf ("Trying to find a chain from a credential under %s of %s to the attribute %s issued by %s\n", | 359 | printf ("Trying to find a chain from a credential under %s of %s to the attribute %s issued by %s\n", |
359 | subject_credential, subject_key, issuer_attr, issuer_key); | 360 | subject_credential, subject_key, issuer_attr, issuer_key); |
360 | 361 | ||
diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index 2b3eb8b4c..55907e0d7 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c | |||
@@ -46,7 +46,7 @@ | |||
46 | 46 | ||
47 | struct VerifyRequestHandle; | 47 | struct VerifyRequestHandle; |
48 | 48 | ||
49 | struct DelegationSetEntry; | 49 | struct DelegationSetQueueEntry; |
50 | 50 | ||
51 | 51 | ||
52 | struct DelegationChainEntry | 52 | struct DelegationChainEntry |
@@ -101,12 +101,7 @@ struct CredentialRecordEntry | |||
101 | /** | 101 | /** |
102 | * Payload | 102 | * Payload |
103 | */ | 103 | */ |
104 | struct GNUNET_CREDENTIAL_CredentialRecordData *data; | 104 | struct GNUNET_CREDENTIAL_Credential *credential; |
105 | |||
106 | /** | ||
107 | * Size | ||
108 | */ | ||
109 | uint64_t data_size; | ||
110 | }; | 105 | }; |
111 | 106 | ||
112 | /** | 107 | /** |
@@ -128,17 +123,17 @@ struct DelegationQueueEntry | |||
128 | /** | 123 | /** |
129 | * Sets under this Queue | 124 | * Sets under this Queue |
130 | */ | 125 | */ |
131 | struct DelegationSetEntry *set_entries_head; | 126 | struct DelegationSetQueueEntry *set_entries_head; |
132 | 127 | ||
133 | /** | 128 | /** |
134 | * Sets under this Queue | 129 | * Sets under this Queue |
135 | */ | 130 | */ |
136 | struct DelegationSetEntry *set_entries_tail; | 131 | struct DelegationSetQueueEntry *set_entries_tail; |
137 | 132 | ||
138 | /** | 133 | /** |
139 | * Parent set | 134 | * Parent set |
140 | */ | 135 | */ |
141 | struct DelegationSetEntry *parent_set; | 136 | struct DelegationSetQueueEntry *parent_set; |
142 | 137 | ||
143 | /** | 138 | /** |
144 | * Required solutions | 139 | * Required solutions |
@@ -150,17 +145,17 @@ struct DelegationQueueEntry | |||
150 | * DLL for delegation sets | 145 | * DLL for delegation sets |
151 | * Used for AND delegation set | 146 | * Used for AND delegation set |
152 | */ | 147 | */ |
153 | struct DelegationSetEntry | 148 | struct DelegationSetQueueEntry |
154 | { | 149 | { |
155 | /** | 150 | /** |
156 | * DLL | 151 | * DLL |
157 | */ | 152 | */ |
158 | struct DelegationSetEntry *next; | 153 | struct DelegationSetQueueEntry *next; |
159 | 154 | ||
160 | /** | 155 | /** |
161 | * DLL | 156 | * DLL |
162 | */ | 157 | */ |
163 | struct DelegationSetEntry *prev; | 158 | struct DelegationSetQueueEntry *prev; |
164 | 159 | ||
165 | /** | 160 | /** |
166 | * GNS handle | 161 | * GNS handle |
@@ -299,7 +294,7 @@ struct VerifyRequestHandle | |||
299 | /** | 294 | /** |
300 | * Root Delegation Set | 295 | * Root Delegation Set |
301 | */ | 296 | */ |
302 | struct DelegationSetEntry *root_set; | 297 | struct DelegationSetQueueEntry *root_set; |
303 | 298 | ||
304 | /** | 299 | /** |
305 | * Current Delegation Pointer | 300 | * Current Delegation Pointer |
@@ -307,16 +302,6 @@ struct VerifyRequestHandle | |||
307 | struct DelegationQueueEntry *current_delegation; | 302 | struct DelegationQueueEntry *current_delegation; |
308 | 303 | ||
309 | /** | 304 | /** |
310 | * The found credential | ||
311 | */ | ||
312 | struct GNUNET_CREDENTIAL_CredentialRecordData *credential; | ||
313 | |||
314 | /** | ||
315 | * Length of the credential | ||
316 | */ | ||
317 | uint32_t credential_size; | ||
318 | |||
319 | /** | ||
320 | * request id | 305 | * request id |
321 | */ | 306 | */ |
322 | uint32_t request_id; | 307 | uint32_t request_id; |
@@ -351,10 +336,10 @@ static struct GNUNET_GNS_Handle *gns; | |||
351 | 336 | ||
352 | 337 | ||
353 | static void | 338 | static void |
354 | cleanup_delegation_set (struct DelegationSetEntry *ds_entry) | 339 | cleanup_delegation_set (struct DelegationSetQueueEntry *ds_entry) |
355 | { | 340 | { |
356 | struct DelegationQueueEntry *dq_entry; | 341 | struct DelegationQueueEntry *dq_entry; |
357 | struct DelegationSetEntry *child; | 342 | struct DelegationSetQueueEntry *child; |
358 | 343 | ||
359 | if (NULL == ds_entry) | 344 | if (NULL == ds_entry) |
360 | return; | 345 | return; |
@@ -414,8 +399,6 @@ cleanup_handle (struct VerifyRequestHandle *vrh) | |||
414 | GNUNET_GNS_lookup_cancel (vrh->lookup_request); | 399 | GNUNET_GNS_lookup_cancel (vrh->lookup_request); |
415 | vrh->lookup_request = NULL; | 400 | vrh->lookup_request = NULL; |
416 | } | 401 | } |
417 | if (NULL != vrh->credential) | ||
418 | GNUNET_free (vrh->credential); | ||
419 | cleanup_delegation_set (vrh->root_set); | 402 | cleanup_delegation_set (vrh->root_set); |
420 | if (NULL != vrh->issuer_attribute) | 403 | if (NULL != vrh->issuer_attribute) |
421 | GNUNET_free (vrh->issuer_attribute); | 404 | GNUNET_free (vrh->issuer_attribute); |
@@ -426,8 +409,8 @@ cleanup_handle (struct VerifyRequestHandle *vrh) | |||
426 | GNUNET_CONTAINER_DLL_remove (vrh->cred_chain_head, | 409 | GNUNET_CONTAINER_DLL_remove (vrh->cred_chain_head, |
427 | vrh->cred_chain_tail, | 410 | vrh->cred_chain_tail, |
428 | cr_entry); | 411 | cr_entry); |
429 | if (NULL != cr_entry->data) | 412 | if (NULL != cr_entry->credential); |
430 | GNUNET_free (cr_entry->data); | 413 | GNUNET_free (cr_entry->credential); |
431 | GNUNET_free (cr_entry); | 414 | GNUNET_free (cr_entry); |
432 | } | 415 | } |
433 | GNUNET_free (vrh); | 416 | GNUNET_free (vrh); |
@@ -518,48 +501,45 @@ send_lookup_response (struct VerifyRequestHandle *vrh) | |||
518 | struct GNUNET_MQ_Envelope *env; | 501 | struct GNUNET_MQ_Envelope *env; |
519 | struct VerifyResultMessage *rmsg; | 502 | struct VerifyResultMessage *rmsg; |
520 | struct DelegationChainEntry *dce; | 503 | struct DelegationChainEntry *dce; |
521 | size_t size = vrh->credential_size; | ||
522 | struct GNUNET_CREDENTIAL_Delegation dd[vrh->delegation_chain_size]; | 504 | struct GNUNET_CREDENTIAL_Delegation dd[vrh->delegation_chain_size]; |
523 | struct GNUNET_CREDENTIAL_Credential cred[vrh->cred_chain_size]; | 505 | struct GNUNET_CREDENTIAL_Credential cred[vrh->cred_chain_size]; |
524 | struct GNUNET_CREDENTIAL_CredentialRecordData *crd; | ||
525 | struct CredentialRecordEntry *cd; | 506 | struct CredentialRecordEntry *cd; |
507 | size_t size; | ||
526 | int i; | 508 | int i; |
527 | 509 | ||
528 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 510 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
529 | "Sending response\n"); | 511 | "Sending response\n"); |
530 | i = 0; | 512 | dce = vrh->delegation_chain_head; |
531 | for (dce = vrh->delegation_chain_head; | 513 | for (i=0;i<vrh->delegation_chain_size;i++) |
532 | NULL != dce; | ||
533 | dce = dce->next) | ||
534 | { | 514 | { |
535 | dd[i].issuer_key = dce->issuer_key; | 515 | dd[i].issuer_key = dce->issuer_key; |
536 | dd[i].subject_key = dce->subject_key; | 516 | dd[i].subject_key = dce->subject_key; |
537 | dd[i].issuer_attribute = dce->issuer_attribute; | 517 | dd[i].issuer_attribute = dce->issuer_attribute; |
538 | dd[i].issuer_attribute_len = strlen (dce->issuer_attribute)+1; | 518 | dd[i].issuer_attribute_len = strlen (dce->issuer_attribute)+1; |
539 | dd[i].subject_attribute_len = 0; | 519 | dd[i].subject_attribute_len = 0; |
520 | dd[i].subject_attribute = NULL; | ||
540 | if (NULL != dce->subject_attribute) | 521 | if (NULL != dce->subject_attribute) |
541 | { | 522 | { |
542 | dd[i].subject_attribute = dce->subject_attribute; | 523 | dd[i].subject_attribute = dce->subject_attribute; |
543 | dd[i].subject_attribute_len = strlen(dce->subject_attribute)+1; | 524 | dd[i].subject_attribute_len = strlen(dce->subject_attribute)+1; |
544 | } | 525 | } |
545 | i++; | 526 | dce = dce->next; |
546 | } | 527 | } |
547 | 528 | ||
548 | /** | 529 | /** |
549 | * Get serialized record data | 530 | * Get serialized record data |
550 | * Append at the end of rmsg | 531 | * Append at the end of rmsg |
551 | */ | 532 | */ |
552 | i = 0; | 533 | cd = vrh->cred_chain_head; |
553 | for (cd = vrh->cred_chain_head; | 534 | for (i=0;i<vrh->cred_chain_size;i++) |
554 | NULL != cd; | ||
555 | cd = cd->next) | ||
556 | { | 535 | { |
557 | crd = cd->data; | 536 | cred[i].issuer_key = cd->credential->issuer_key; |
558 | cred[i].issuer_key = crd->issuer_key; | 537 | cred[i].subject_key = cd->credential->subject_key; |
559 | cred[i].subject_key = crd->subject_key; | 538 | cred[i].issuer_attribute_len = strlen(cd->credential->issuer_attribute)+1; |
560 | cred[i].issuer_attribute_len = strlen((char*)&crd[1])+1; | 539 | cred[i].issuer_attribute = cd->credential->issuer_attribute; |
561 | cred[i].issuer_attribute = (char*)&crd[1]; | 540 | cred[i].expiration = cd->credential->expiration; |
562 | i++; | 541 | cred[i].signature = cd->credential->signature; |
542 | cd = cd->next; | ||
563 | } | 543 | } |
564 | size = GNUNET_CREDENTIAL_delegation_chain_get_size (vrh->delegation_chain_size, | 544 | size = GNUNET_CREDENTIAL_delegation_chain_get_size (vrh->delegation_chain_size, |
565 | dd, | 545 | dd, |
@@ -573,18 +553,18 @@ send_lookup_response (struct VerifyRequestHandle *vrh) | |||
573 | rmsg->d_count = htonl (vrh->delegation_chain_size); | 553 | rmsg->d_count = htonl (vrh->delegation_chain_size); |
574 | rmsg->c_count = htonl (vrh->cred_chain_size); | 554 | rmsg->c_count = htonl (vrh->cred_chain_size); |
575 | 555 | ||
576 | if (NULL != vrh->credential) | 556 | if (0 < vrh->cred_chain_size) |
577 | rmsg->cred_found = htonl (GNUNET_YES); | 557 | rmsg->cred_found = htonl (GNUNET_YES); |
578 | else | 558 | else |
579 | rmsg->cred_found = htonl (GNUNET_NO); | 559 | rmsg->cred_found = htonl (GNUNET_NO); |
580 | 560 | ||
581 | GNUNET_assert (-1 != | 561 | GNUNET_assert (-1 != |
582 | GNUNET_CREDENTIAL_delegation_chain_serialize (vrh->delegation_chain_size, | 562 | GNUNET_CREDENTIAL_delegation_chain_serialize (vrh->delegation_chain_size, |
583 | dd, | 563 | dd, |
584 | vrh->cred_chain_size, | 564 | vrh->cred_chain_size, |
585 | cred, | 565 | cred, |
586 | size, | 566 | size, |
587 | (char*)&rmsg[1])); | 567 | (char*)&rmsg[1])); |
588 | 568 | ||
589 | GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(vrh->client), | 569 | GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(vrh->client), |
590 | env); | 570 | env); |
@@ -604,12 +584,11 @@ backward_resolution (void* cls, | |||
604 | { | 584 | { |
605 | 585 | ||
606 | struct VerifyRequestHandle *vrh; | 586 | struct VerifyRequestHandle *vrh; |
607 | struct GNUNET_CREDENTIAL_CredentialRecordData *cred; | 587 | const struct GNUNET_CREDENTIAL_DelegationRecord *sets; |
608 | const struct GNUNET_CREDENTIAL_DelegationRecordData *sets; | ||
609 | struct CredentialRecordEntry *cred_pointer; | 588 | struct CredentialRecordEntry *cred_pointer; |
610 | struct DelegationSetEntry *current_set; | 589 | struct DelegationSetQueueEntry *current_set; |
611 | struct DelegationSetEntry *ds_entry; | 590 | struct DelegationSetQueueEntry *ds_entry; |
612 | struct DelegationSetEntry *tmp_set; | 591 | struct DelegationSetQueueEntry *tmp_set; |
613 | struct DelegationQueueEntry *dq_entry; | 592 | struct DelegationQueueEntry *dq_entry; |
614 | char *expanded_attr; | 593 | char *expanded_attr; |
615 | char *lookup_attribute; | 594 | char *lookup_attribute; |
@@ -631,15 +610,15 @@ backward_resolution (void* cls, | |||
631 | continue; | 610 | continue; |
632 | 611 | ||
633 | sets = rd[i].data; | 612 | sets = rd[i].data; |
634 | struct GNUNET_CREDENTIAL_DelegationSetRecord set[ntohl(sets->set_count)]; | 613 | struct GNUNET_CREDENTIAL_DelegationSet set[ntohl(sets->set_count)]; |
635 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 614 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
636 | "Found new attribute delegation with %d sets. Creating new Job...\n", | 615 | "Found new attribute delegation with %d sets. Creating new Job...\n", |
637 | ntohl (sets->set_count)); | 616 | ntohl (sets->set_count)); |
638 | 617 | ||
639 | if (GNUNET_OK !=GNUNET_CREDENTIAL_delegation_set_deserialize (GNUNET_ntohll(sets->data_size), | 618 | if (GNUNET_OK !=GNUNET_CREDENTIAL_delegation_set_deserialize (GNUNET_ntohll(sets->data_size), |
640 | (const char*)&sets[1], | 619 | (const char*)&sets[1], |
641 | ntohl(sets->set_count), | 620 | ntohl(sets->set_count), |
642 | set)) | 621 | set)) |
643 | { | 622 | { |
644 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 623 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
645 | "Failed to deserialize!\n"); | 624 | "Failed to deserialize!\n"); |
@@ -654,7 +633,7 @@ backward_resolution (void* cls, | |||
654 | // Each AND | 633 | // Each AND |
655 | for (j=0; j<ntohl(sets->set_count); j++) | 634 | for (j=0; j<ntohl(sets->set_count); j++) |
656 | { | 635 | { |
657 | ds_entry = GNUNET_new (struct DelegationSetEntry); | 636 | ds_entry = GNUNET_new (struct DelegationSetQueueEntry); |
658 | if (NULL != current_set->attr_trailer) | 637 | if (NULL != current_set->attr_trailer) |
659 | { | 638 | { |
660 | if (0 == set[j].subject_attribute_len) | 639 | if (0 == set[j].subject_attribute_len) |
@@ -706,16 +685,17 @@ backward_resolution (void* cls, | |||
706 | for(cred_pointer = vrh->cred_chain_head; cred_pointer != NULL; | 685 | for(cred_pointer = vrh->cred_chain_head; cred_pointer != NULL; |
707 | cred_pointer = cred_pointer->next) | 686 | cred_pointer = cred_pointer->next) |
708 | { | 687 | { |
709 | cred = cred_pointer->data; | ||
710 | if(0 != memcmp (&set->subject_key, | 688 | if(0 != memcmp (&set->subject_key, |
711 | &cred_pointer->data->issuer_key, | 689 | &cred_pointer->credential->issuer_key, |
712 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))) | 690 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))) |
713 | continue; | 691 | continue; |
714 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 692 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
715 | "Checking if %s matches %s\n", | 693 | "Checking if %s matches %s\n", |
716 | ds_entry->unresolved_attribute_delegation, (char*)&cred[1]); | 694 | ds_entry->unresolved_attribute_delegation, |
695 | cred_pointer->credential->issuer_attribute); | ||
717 | 696 | ||
718 | if (0 != strcmp (ds_entry->unresolved_attribute_delegation, (char*)&cred[1])) | 697 | if (0 != strcmp (ds_entry->unresolved_attribute_delegation, |
698 | cred_pointer->credential->issuer_attribute)) | ||
719 | continue; | 699 | continue; |
720 | 700 | ||
721 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 701 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
@@ -742,11 +722,6 @@ backward_resolution (void* cls, | |||
742 | { | 722 | { |
743 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 723 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
744 | "All solutions found\n"); | 724 | "All solutions found\n"); |
745 | vrh->credential = GNUNET_malloc (cred_pointer->data_size); | ||
746 | memcpy (vrh->credential, | ||
747 | cred, | ||
748 | cred_pointer->data_size); | ||
749 | vrh->credential_size = cred_pointer->data_size; | ||
750 | //Found match | 725 | //Found match |
751 | send_lookup_response (vrh); | 726 | send_lookup_response (vrh); |
752 | return; | 727 | return; |
@@ -822,8 +797,8 @@ handle_credential_query (void* cls, | |||
822 | const struct GNUNET_GNSRECORD_Data *rd) | 797 | const struct GNUNET_GNSRECORD_Data *rd) |
823 | { | 798 | { |
824 | struct VerifyRequestHandle *vrh = cls; | 799 | struct VerifyRequestHandle *vrh = cls; |
825 | struct DelegationSetEntry *ds_entry; | 800 | struct DelegationSetQueueEntry *ds_entry; |
826 | const struct GNUNET_CREDENTIAL_CredentialRecordData *crd; | 801 | struct GNUNET_CREDENTIAL_Credential *crd; |
827 | struct CredentialRecordEntry *cr_entry; | 802 | struct CredentialRecordEntry *cr_entry; |
828 | int cred_record_count; | 803 | int cred_record_count; |
829 | int i; | 804 | int i; |
@@ -835,22 +810,16 @@ handle_credential_query (void* cls, | |||
835 | if (GNUNET_GNSRECORD_TYPE_CREDENTIAL != rd[i].record_type) | 810 | if (GNUNET_GNSRECORD_TYPE_CREDENTIAL != rd[i].record_type) |
836 | continue; | 811 | continue; |
837 | cred_record_count++; | 812 | cred_record_count++; |
838 | crd = rd[i].data; | 813 | crd = GNUNET_CREDENTIAL_credential_deserialize (rd[i].data, |
839 | if(GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL, | 814 | rd[i].data_size); |
840 | &crd->purpose, | 815 | if (NULL == crd) |
841 | &crd->signature, | ||
842 | &crd->issuer_key)) | ||
843 | { | 816 | { |
844 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | 817 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
845 | "Invalid credential found\n"); | 818 | "Invalid credential found\n"); |
846 | continue; | 819 | continue; |
847 | } | 820 | } |
848 | cr_entry = GNUNET_new (struct CredentialRecordEntry); | 821 | cr_entry = GNUNET_new (struct CredentialRecordEntry); |
849 | cr_entry->data = GNUNET_malloc (rd[i].data_size); | 822 | cr_entry->credential = crd; |
850 | memcpy (cr_entry->data, | ||
851 | crd, | ||
852 | rd[i].data_size); | ||
853 | cr_entry->data_size = rd[i].data_size; | ||
854 | GNUNET_CONTAINER_DLL_insert_tail (vrh->cred_chain_head, | 823 | GNUNET_CONTAINER_DLL_insert_tail (vrh->cred_chain_head, |
855 | vrh->cred_chain_tail, | 824 | vrh->cred_chain_tail, |
856 | cr_entry); | 825 | cr_entry); |
@@ -860,13 +829,8 @@ handle_credential_query (void* cls, | |||
860 | &vrh->issuer_key, | 829 | &vrh->issuer_key, |
861 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) | 830 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) |
862 | continue; | 831 | continue; |
863 | if (0 != strcmp ((char*)&crd[1], vrh->issuer_attribute)) | 832 | if (0 != strcmp (crd->issuer_attribute, vrh->issuer_attribute)) |
864 | continue; | 833 | continue; |
865 | vrh->credential = GNUNET_malloc (rd[i].data_size); | ||
866 | memcpy (vrh->credential, | ||
867 | rd[i].data, | ||
868 | rd[i].data_size); | ||
869 | vrh->credential_size = rd[i].data_size; | ||
870 | //Found match prematurely | 834 | //Found match prematurely |
871 | send_lookup_response (vrh); | 835 | send_lookup_response (vrh); |
872 | return; | 836 | return; |
@@ -884,7 +848,7 @@ handle_credential_query (void* cls, | |||
884 | ".gnu"); | 848 | ".gnu"); |
885 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 849 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
886 | "Looking up %s\n", issuer_attribute_name); | 850 | "Looking up %s\n", issuer_attribute_name); |
887 | ds_entry = GNUNET_new (struct DelegationSetEntry); | 851 | ds_entry = GNUNET_new (struct DelegationSetQueueEntry); |
888 | ds_entry->issuer_key = GNUNET_new (struct GNUNET_CRYPTO_EcdsaPublicKey); | 852 | ds_entry->issuer_key = GNUNET_new (struct GNUNET_CRYPTO_EcdsaPublicKey); |
889 | memcpy (ds_entry->issuer_key, | 853 | memcpy (ds_entry->issuer_key, |
890 | &vrh->issuer_key, | 854 | &vrh->issuer_key, |
diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index 1358afdb1..5c3c03832 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c | |||
@@ -31,7 +31,7 @@ | |||
31 | #include "gnunet_gnsrecord_plugin.h" | 31 | #include "gnunet_gnsrecord_plugin.h" |
32 | #include "gnunet_signatures.h" | 32 | #include "gnunet_signatures.h" |
33 | #include "credential_serialization.h" | 33 | #include "credential_serialization.h" |
34 | 34 | #include "credential_misc.h" | |
35 | 35 | ||
36 | /** | 36 | /** |
37 | * Convert the 'value' of a record to a string. | 37 | * Convert the 'value' of a record to a string. |
@@ -55,18 +55,18 @@ credential_value_to_string (void *cls, | |||
55 | { | 55 | { |
56 | case GNUNET_GNSRECORD_TYPE_ATTRIBUTE: | 56 | case GNUNET_GNSRECORD_TYPE_ATTRIBUTE: |
57 | { | 57 | { |
58 | struct GNUNET_CREDENTIAL_DelegationRecordData sets; | 58 | struct GNUNET_CREDENTIAL_DelegationRecord sets; |
59 | char *attr_str; | 59 | char *attr_str; |
60 | char *subject_pkey; | 60 | char *subject_pkey; |
61 | char *tmp_str; | 61 | char *tmp_str; |
62 | int i; | 62 | int i; |
63 | if (data_size < sizeof (struct GNUNET_CREDENTIAL_DelegationRecordData)) | 63 | if (data_size < sizeof (struct GNUNET_CREDENTIAL_DelegationRecord)) |
64 | return NULL; /* malformed */ | 64 | return NULL; /* malformed */ |
65 | memcpy (&sets, | 65 | memcpy (&sets, |
66 | data, | 66 | data, |
67 | sizeof (sets)); | 67 | sizeof (sets)); |
68 | cdata = data; | 68 | cdata = data; |
69 | struct GNUNET_CREDENTIAL_DelegationSetRecord set[ntohl(sets.set_count)]; | 69 | struct GNUNET_CREDENTIAL_DelegationSet set[ntohl(sets.set_count)]; |
70 | if (GNUNET_OK != GNUNET_CREDENTIAL_delegation_set_deserialize (GNUNET_ntohll (sets.data_size), | 70 | if (GNUNET_OK != GNUNET_CREDENTIAL_delegation_set_deserialize (GNUNET_ntohll (sets.data_size), |
71 | &cdata[sizeof (sets)], | 71 | &cdata[sizeof (sets)], |
72 | ntohl (sets.set_count), | 72 | ntohl (sets.set_count), |
@@ -116,38 +116,13 @@ credential_value_to_string (void *cls, | |||
116 | } | 116 | } |
117 | case GNUNET_GNSRECORD_TYPE_CREDENTIAL: | 117 | case GNUNET_GNSRECORD_TYPE_CREDENTIAL: |
118 | { | 118 | { |
119 | struct GNUNET_CREDENTIAL_CredentialRecordData cred; | 119 | struct GNUNET_CREDENTIAL_Credential *cred; |
120 | struct GNUNET_TIME_Absolute etime_abs; | ||
121 | char *cred_str; | 120 | char *cred_str; |
122 | char *subject_pkey; | ||
123 | char *issuer_pkey; | ||
124 | char *signature; | ||
125 | const char *expiration; | ||
126 | |||
127 | 121 | ||
128 | if (data_size < sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData)) | 122 | cred = GNUNET_CREDENTIAL_credential_deserialize (data, |
129 | return NULL; /* malformed */ | 123 | data_size); |
130 | memcpy (&cred, | 124 | cred_str = GNUNET_CREDENTIAL_credential_to_string (cred); |
131 | data, | 125 | GNUNET_free (cred); |
132 | sizeof (cred)); | ||
133 | cdata = data; | ||
134 | subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.subject_key); | ||
135 | issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.issuer_key); | ||
136 | etime_abs.abs_value_us = GNUNET_ntohll(cred.expiration); | ||
137 | expiration = GNUNET_STRINGS_absolute_time_to_string (etime_abs); | ||
138 | GNUNET_STRINGS_base64_encode ((char*)&cred.signature, | ||
139 | sizeof (struct GNUNET_CRYPTO_EcdsaSignature), | ||
140 | &signature); | ||
141 | GNUNET_asprintf (&cred_str, | ||
142 | "%s.%s -> %s | %s | %s", | ||
143 | issuer_pkey, | ||
144 | &cdata[sizeof (cred)], | ||
145 | subject_pkey, | ||
146 | signature, | ||
147 | expiration); | ||
148 | GNUNET_free (subject_pkey); | ||
149 | GNUNET_free (issuer_pkey); | ||
150 | GNUNET_free (signature); | ||
151 | return cred_str; | 126 | return cred_str; |
152 | } | 127 | } |
153 | default: | 128 | default: |
@@ -180,7 +155,7 @@ credential_string_to_value (void *cls, | |||
180 | { | 155 | { |
181 | case GNUNET_GNSRECORD_TYPE_ATTRIBUTE: | 156 | case GNUNET_GNSRECORD_TYPE_ATTRIBUTE: |
182 | { | 157 | { |
183 | struct GNUNET_CREDENTIAL_DelegationRecordData *sets; | 158 | struct GNUNET_CREDENTIAL_DelegationRecord *sets; |
184 | char attr_str[253 + 1]; | 159 | char attr_str[253 + 1]; |
185 | char subject_pkey[52 + 1]; | 160 | char subject_pkey[52 + 1]; |
186 | char *token; | 161 | char *token; |
@@ -194,7 +169,7 @@ credential_string_to_value (void *cls, | |||
194 | token = strtok (tmp_str, ","); | 169 | token = strtok (tmp_str, ","); |
195 | entries = 0; | 170 | entries = 0; |
196 | tmp_data_size = 0; | 171 | tmp_data_size = 0; |
197 | *data_size = sizeof (struct GNUNET_CREDENTIAL_DelegationRecordData); | 172 | *data_size = sizeof (struct GNUNET_CREDENTIAL_DelegationRecord); |
198 | while (NULL != token) | 173 | while (NULL != token) |
199 | { | 174 | { |
200 | matches = SSCANF (token, | 175 | matches = SSCANF (token, |
@@ -210,9 +185,9 @@ credential_string_to_value (void *cls, | |||
210 | return GNUNET_SYSERR; | 185 | return GNUNET_SYSERR; |
211 | } | 186 | } |
212 | if (1 == matches) { | 187 | if (1 == matches) { |
213 | tmp_data_size += sizeof (struct GNUNET_CREDENTIAL_DelegationSetRecord); | 188 | tmp_data_size += sizeof (struct GNUNET_CREDENTIAL_DelegationRecordSet); |
214 | } else if (2 == matches) { | 189 | } else if (2 == matches) { |
215 | tmp_data_size += sizeof (struct GNUNET_CREDENTIAL_DelegationSetRecord) + strlen (attr_str) + 1; | 190 | tmp_data_size += sizeof (struct GNUNET_CREDENTIAL_DelegationRecordSet) + strlen (attr_str) + 1; |
216 | } | 191 | } |
217 | entries++; | 192 | entries++; |
218 | token = strtok (NULL, ","); | 193 | token = strtok (NULL, ","); |
@@ -220,8 +195,7 @@ credential_string_to_value (void *cls, | |||
220 | GNUNET_free (tmp_str); | 195 | GNUNET_free (tmp_str); |
221 | tmp_str = GNUNET_strdup (s); | 196 | tmp_str = GNUNET_strdup (s); |
222 | token = strtok (tmp_str, ","); | 197 | token = strtok (tmp_str, ","); |
223 | struct GNUNET_CREDENTIAL_DelegationSetRecord *set; | 198 | struct GNUNET_CREDENTIAL_DelegationSet set[entries]; |
224 | set = GNUNET_malloc (entries * sizeof (struct GNUNET_CREDENTIAL_DelegationSetRecord)); | ||
225 | for (i=0;i<entries;i++) | 199 | for (i=0;i<entries;i++) |
226 | { | 200 | { |
227 | matches = SSCANF (token, | 201 | matches = SSCANF (token, |
@@ -239,6 +213,7 @@ credential_string_to_value (void *cls, | |||
239 | } | 213 | } |
240 | tmp_data_size = GNUNET_CREDENTIAL_delegation_set_get_size (entries, | 214 | tmp_data_size = GNUNET_CREDENTIAL_delegation_set_get_size (entries, |
241 | set); | 215 | set); |
216 | |||
242 | if (-1 == tmp_data_size) | 217 | if (-1 == tmp_data_size) |
243 | return GNUNET_SYSERR; | 218 | return GNUNET_SYSERR; |
244 | *data_size += tmp_data_size; | 219 | *data_size += tmp_data_size; |
@@ -247,6 +222,11 @@ credential_string_to_value (void *cls, | |||
247 | set, | 222 | set, |
248 | tmp_data_size, | 223 | tmp_data_size, |
249 | (char*)&sets[1]); | 224 | (char*)&sets[1]); |
225 | for (i=0;i<entries;i++) | ||
226 | { | ||
227 | if (0 != set[i].subject_attribute_len) | ||
228 | GNUNET_free ((char*)set[i].subject_attribute); | ||
229 | } | ||
250 | sets->set_count = htonl (entries); | 230 | sets->set_count = htonl (entries); |
251 | sets->data_size = GNUNET_htonll (tmp_data_size); | 231 | sets->data_size = GNUNET_htonll (tmp_data_size); |
252 | 232 | ||
@@ -255,58 +235,11 @@ credential_string_to_value (void *cls, | |||
255 | } | 235 | } |
256 | case GNUNET_GNSRECORD_TYPE_CREDENTIAL: | 236 | case GNUNET_GNSRECORD_TYPE_CREDENTIAL: |
257 | { | 237 | { |
258 | struct GNUNET_CREDENTIAL_CredentialRecordData *cred; | 238 | struct GNUNET_CREDENTIAL_Credential *cred; |
259 | 239 | cred = GNUNET_CREDENTIAL_credential_from_string (s); | |
260 | size_t enclen = (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8; | ||
261 | if (enclen % 5 > 0) | ||
262 | enclen += 5 - enclen % 5; | ||
263 | enclen /= 5; /* 260/5 = 52 */ | ||
264 | char subject_pkey[enclen + 1]; | ||
265 | char issuer_pkey[enclen + 1]; | ||
266 | char name[253 + 1]; | ||
267 | char signature[128]; //TODO max payload size | ||
268 | char expiration[256]; | ||
269 | |||
270 | struct GNUNET_CRYPTO_EcdsaSignature *sig; | ||
271 | struct GNUNET_TIME_Absolute etime_abs; | ||
272 | |||
273 | if (5 != SSCANF (s, | ||
274 | "%52s.%253s -> %52s | %s | %255[0-9a-zA-Z: ]", | ||
275 | issuer_pkey, | ||
276 | name, | ||
277 | subject_pkey, | ||
278 | signature, | ||
279 | expiration)) | ||
280 | { | ||
281 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
282 | _("Unable to parse CRED record string `%s'\n"), | ||
283 | s); | ||
284 | return GNUNET_SYSERR; | ||
285 | } | ||
286 | *data_size = sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (name) + 1; | ||
287 | *data = cred = GNUNET_malloc (*data_size); | ||
288 | GNUNET_CRYPTO_ecdsa_public_key_from_string (subject_pkey, | ||
289 | strlen (subject_pkey), | ||
290 | &cred->subject_key); | ||
291 | GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_pkey, | ||
292 | strlen (issuer_pkey), | ||
293 | &cred->issuer_key); | ||
294 | GNUNET_STRINGS_fancy_time_to_absolute (expiration, | ||
295 | &etime_abs); | ||
296 | GNUNET_STRINGS_base64_decode (signature, | ||
297 | strlen (signature), | ||
298 | (char**)&sig); | ||
299 | cred->signature = *sig; | ||
300 | cred->expiration = GNUNET_htonll (etime_abs.abs_value_us); | ||
301 | cred->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); | ||
302 | cred->purpose.size = htonl (strlen (name) + 1 + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | ||
303 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + sizeof (uint64_t)); | ||
304 | GNUNET_free (sig); | ||
305 | GNUNET_memcpy (&cred[1], | ||
306 | name, | ||
307 | strlen (name)); | ||
308 | |||
309 | 240 | ||
241 | *data_size = GNUNET_CREDENTIAL_credential_serialize (cred, | ||
242 | (char**)data); | ||
310 | return GNUNET_OK; | 243 | return GNUNET_OK; |
311 | } | 244 | } |
312 | default: | 245 | default: |
diff --git a/src/credential/plugin_rest_credential.c b/src/credential/plugin_rest_credential.c index 11e6fb276..2df65d7ad 100644 --- a/src/credential/plugin_rest_credential.c +++ b/src/credential/plugin_rest_credential.c | |||
@@ -37,6 +37,14 @@ | |||
37 | 37 | ||
38 | #define GNUNET_REST_API_NS_CREDENTIAL "/credential" | 38 | #define GNUNET_REST_API_NS_CREDENTIAL "/credential" |
39 | 39 | ||
40 | #define GNUNET_REST_API_NS_CREDENTIAL_ISSUE "/credential/issue" | ||
41 | |||
42 | #define GNUNET_REST_API_NS_CREDENTIAL_VERIFY "/credential/verify" | ||
43 | |||
44 | #define GNUNET_REST_JSONAPI_CREDENTIAL_EXPIRATION "expiration" | ||
45 | |||
46 | #define GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_KEY "subject_key" | ||
47 | |||
40 | #define GNUNET_REST_JSONAPI_CREDENTIAL "credential" | 48 | #define GNUNET_REST_JSONAPI_CREDENTIAL "credential" |
41 | 49 | ||
42 | #define GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO "credential" | 50 | #define GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO "credential" |
@@ -57,7 +65,7 @@ struct Plugin | |||
57 | 65 | ||
58 | const struct GNUNET_CONFIGURATION_Handle *cfg; | 66 | const struct GNUNET_CONFIGURATION_Handle *cfg; |
59 | 67 | ||
60 | struct VerifyHandle | 68 | struct RequestHandle |
61 | { | 69 | { |
62 | /** | 70 | /** |
63 | * Handle to Credential service. | 71 | * Handle to Credential service. |
@@ -70,6 +78,21 @@ struct VerifyHandle | |||
70 | struct GNUNET_CREDENTIAL_Request *verify_request; | 78 | struct GNUNET_CREDENTIAL_Request *verify_request; |
71 | 79 | ||
72 | /** | 80 | /** |
81 | * Handle to issue request | ||
82 | */ | ||
83 | struct GNUNET_CREDENTIAL_Request *issue_request; | ||
84 | |||
85 | /** | ||
86 | * Handle to identity | ||
87 | */ | ||
88 | struct GNUNET_IDENTITY_Handle *identity; | ||
89 | |||
90 | /** | ||
91 | * Handle to identity operation | ||
92 | */ | ||
93 | struct GNUNET_IDENTITY_Operation *id_op; | ||
94 | |||
95 | /** | ||
73 | * Handle to rest request | 96 | * Handle to rest request |
74 | */ | 97 | */ |
75 | struct GNUNET_REST_RequestHandle *rest_handle; | 98 | struct GNUNET_REST_RequestHandle *rest_handle; |
@@ -133,7 +156,7 @@ struct VerifyHandle | |||
133 | * @param handle Handle to clean up | 156 | * @param handle Handle to clean up |
134 | */ | 157 | */ |
135 | static void | 158 | static void |
136 | cleanup_handle (struct VerifyHandle *handle) | 159 | cleanup_handle (struct RequestHandle *handle) |
137 | { | 160 | { |
138 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 161 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
139 | "Cleaning up\n"); | 162 | "Cleaning up\n"); |
@@ -145,16 +168,13 @@ cleanup_handle (struct VerifyHandle *handle) | |||
145 | if (NULL != handle->subject_attr) | 168 | if (NULL != handle->subject_attr) |
146 | GNUNET_free (handle->subject_attr); | 169 | GNUNET_free (handle->subject_attr); |
147 | if (NULL != handle->verify_request) | 170 | if (NULL != handle->verify_request) |
148 | { | ||
149 | GNUNET_CREDENTIAL_verify_cancel (handle->verify_request); | 171 | GNUNET_CREDENTIAL_verify_cancel (handle->verify_request); |
150 | handle->verify_request = NULL; | ||
151 | } | ||
152 | if (NULL != handle->credential) | 172 | if (NULL != handle->credential) |
153 | { | ||
154 | GNUNET_CREDENTIAL_disconnect (handle->credential); | 173 | GNUNET_CREDENTIAL_disconnect (handle->credential); |
155 | handle->credential = NULL; | 174 | if (NULL != handle->id_op) |
156 | } | 175 | GNUNET_IDENTITY_cancel (handle->id_op); |
157 | 176 | if (NULL != handle->identity) | |
177 | GNUNET_IDENTITY_disconnect (handle->identity); | ||
158 | if (NULL != handle->timeout_task) | 178 | if (NULL != handle->timeout_task) |
159 | { | 179 | { |
160 | GNUNET_SCHEDULER_cancel (handle->timeout_task); | 180 | GNUNET_SCHEDULER_cancel (handle->timeout_task); |
@@ -172,7 +192,7 @@ cleanup_handle (struct VerifyHandle *handle) | |||
172 | static void | 192 | static void |
173 | do_error (void *cls) | 193 | do_error (void *cls) |
174 | { | 194 | { |
175 | struct VerifyHandle *handle = cls; | 195 | struct RequestHandle *handle = cls; |
176 | struct MHD_Response *resp; | 196 | struct MHD_Response *resp; |
177 | 197 | ||
178 | resp = GNUNET_REST_create_response (NULL); | 198 | resp = GNUNET_REST_create_response (NULL); |
@@ -280,7 +300,7 @@ handle_verify_response (void *cls, | |||
280 | struct GNUNET_CREDENTIAL_Credential *cred) | 300 | struct GNUNET_CREDENTIAL_Credential *cred) |
281 | { | 301 | { |
282 | 302 | ||
283 | struct VerifyHandle *handle = cls; | 303 | struct RequestHandle *handle = cls; |
284 | struct MHD_Response *resp; | 304 | struct MHD_Response *resp; |
285 | struct GNUNET_JSONAPI_Document *json_document; | 305 | struct GNUNET_JSONAPI_Document *json_document; |
286 | struct GNUNET_JSONAPI_Resource *json_resource; | 306 | struct GNUNET_JSONAPI_Resource *json_resource; |
@@ -355,7 +375,7 @@ verify_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle, | |||
355 | const char* url, | 375 | const char* url, |
356 | void *cls) | 376 | void *cls) |
357 | { | 377 | { |
358 | struct VerifyHandle *handle = cls; | 378 | struct RequestHandle *handle = cls; |
359 | struct GNUNET_HashCode key; | 379 | struct GNUNET_HashCode key; |
360 | char *tmp; | 380 | char *tmp; |
361 | char *entity_attr; | 381 | char *entity_attr; |
@@ -478,6 +498,213 @@ verify_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle, | |||
478 | 498 | ||
479 | } | 499 | } |
480 | 500 | ||
501 | void | ||
502 | send_cred_response (struct RequestHandle *handle, | ||
503 | struct GNUNET_CREDENTIAL_Credential *cred) | ||
504 | { | ||
505 | struct MHD_Response *resp; | ||
506 | struct GNUNET_JSONAPI_Document *json_document; | ||
507 | struct GNUNET_JSONAPI_Resource *json_resource; | ||
508 | json_t *cred_obj; | ||
509 | char *result; | ||
510 | char *issuer; | ||
511 | char *subject; | ||
512 | char *signature; | ||
513 | char *id; | ||
514 | |||
515 | GNUNET_assert (NULL == cred); | ||
516 | issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->issuer_key); | ||
517 | if (NULL == issuer) | ||
518 | { | ||
519 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
520 | "Subject malformed\n"); | ||
521 | return; | ||
522 | } | ||
523 | GNUNET_asprintf (&id, | ||
524 | "%s.%s", | ||
525 | issuer, | ||
526 | (char*)&cred[1]); | ||
527 | subject = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->subject_key); | ||
528 | if (NULL == subject) | ||
529 | { | ||
530 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
531 | "Subject malformed\n"); | ||
532 | return; | ||
533 | } | ||
534 | GNUNET_STRINGS_base64_encode ((char*)&cred->signature, | ||
535 | sizeof (struct GNUNET_CRYPTO_EcdsaSignature), | ||
536 | &signature); | ||
537 | json_document = GNUNET_JSONAPI_document_new (); | ||
538 | json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO, | ||
539 | id); | ||
540 | GNUNET_free (id); | ||
541 | cred_obj = json_object(); | ||
542 | json_object_set_new (cred_obj, "issuer", json_string (issuer)); | ||
543 | json_object_set_new (cred_obj, "subject", json_string (subject)); | ||
544 | json_object_set_new (cred_obj, "expiration", json_integer( cred->expiration.abs_value_us)); | ||
545 | json_object_set_new (cred_obj, "signature", json_string (signature)); | ||
546 | GNUNET_JSONAPI_resource_add_attr (json_resource, | ||
547 | GNUNET_REST_JSONAPI_CREDENTIAL, | ||
548 | cred_obj); | ||
549 | GNUNET_JSONAPI_document_resource_add (json_document, json_resource); | ||
550 | GNUNET_JSONAPI_document_serialize (json_document, &result); | ||
551 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
552 | "Result %s\n", | ||
553 | result); | ||
554 | json_decref (cred_obj); | ||
555 | GNUNET_JSONAPI_document_delete (json_document); | ||
556 | resp = GNUNET_REST_create_response (result); | ||
557 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | ||
558 | GNUNET_free (result); | ||
559 | GNUNET_free (signature); | ||
560 | GNUNET_free (issuer); | ||
561 | GNUNET_free (subject); | ||
562 | cleanup_handle (handle); | ||
563 | } | ||
564 | |||
565 | void | ||
566 | get_cred_issuer_cb (void *cls, | ||
567 | struct GNUNET_IDENTITY_Ego *ego, | ||
568 | void **ctx, | ||
569 | const char *name) | ||
570 | { | ||
571 | struct RequestHandle *handle = cls; | ||
572 | struct GNUNET_TIME_Absolute etime_abs; | ||
573 | struct GNUNET_TIME_Relative etime_rel; | ||
574 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer_key; | ||
575 | struct GNUNET_HashCode key; | ||
576 | struct GNUNET_CREDENTIAL_Credential *cred; | ||
577 | char* expiration_str; | ||
578 | char* tmp; | ||
579 | |||
580 | handle->id_op = NULL; | ||
581 | |||
582 | if (NULL == name) | ||
583 | { | ||
584 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
585 | "Issuer not configured!\n"); | ||
586 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
587 | return; | ||
588 | } | ||
589 | |||
590 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
591 | "Connecting to credential service...\n"); | ||
592 | handle->credential = GNUNET_CREDENTIAL_connect (cfg); | ||
593 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
594 | "Connected\n"); | ||
595 | if (NULL == handle->credential) | ||
596 | { | ||
597 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
598 | "Connecting to CREDENTIAL failed\n"); | ||
599 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
600 | return; | ||
601 | } | ||
602 | GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_CREDENTIAL_EXPIRATION, | ||
603 | strlen (GNUNET_REST_JSONAPI_CREDENTIAL_EXPIRATION), | ||
604 | &key); | ||
605 | if ( GNUNET_NO == | ||
606 | GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | ||
607 | &key) ) | ||
608 | { | ||
609 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
610 | "Missing expiration\n"); | ||
611 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
612 | return; | ||
613 | } | ||
614 | expiration_str = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, | ||
615 | &key); | ||
616 | if (GNUNET_OK == GNUNET_STRINGS_fancy_time_to_relative (expiration_str, | ||
617 | &etime_rel)) | ||
618 | { | ||
619 | etime_abs = GNUNET_TIME_relative_to_absolute (etime_rel); | ||
620 | } else if (GNUNET_OK != GNUNET_STRINGS_fancy_time_to_absolute (expiration_str, | ||
621 | &etime_abs)) | ||
622 | { | ||
623 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
624 | "Malformed expiration: %s\n", expiration_str); | ||
625 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
626 | return; | ||
627 | } | ||
628 | GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_CREDENTIAL_ISSUER_ATTR, | ||
629 | strlen (GNUNET_REST_JSONAPI_CREDENTIAL_ISSUER_ATTR), | ||
630 | &key); | ||
631 | if ( GNUNET_NO == | ||
632 | GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | ||
633 | &key) ) | ||
634 | { | ||
635 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
636 | "Missing issuer attribute\n"); | ||
637 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
638 | return; | ||
639 | } | ||
640 | handle->issuer_attr = GNUNET_strdup(GNUNET_CONTAINER_multihashmap_get | ||
641 | (handle->rest_handle->url_param_map, | ||
642 | &key)); | ||
643 | GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_KEY, | ||
644 | strlen (GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_KEY), | ||
645 | &key); | ||
646 | if ( GNUNET_NO == | ||
647 | GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | ||
648 | &key) ) | ||
649 | { | ||
650 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
651 | "Missing subject\n"); | ||
652 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
653 | return; | ||
654 | } | ||
655 | tmp = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, | ||
656 | &key); | ||
657 | if (NULL == tmp) | ||
658 | { | ||
659 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
660 | "Malformed subject\n"); | ||
661 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
662 | return; | ||
663 | } | ||
664 | if (GNUNET_OK != | ||
665 | GNUNET_CRYPTO_ecdsa_public_key_from_string (tmp, | ||
666 | strlen (tmp), | ||
667 | &handle->subject_key)) { | ||
668 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
669 | "Malformed subject key\n"); | ||
670 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
671 | return; | ||
672 | } | ||
673 | issuer_key = GNUNET_IDENTITY_ego_get_private_key (ego); | ||
674 | cred = GNUNET_CREDENTIAL_credential_issue (issuer_key, | ||
675 | &handle->subject_key, | ||
676 | handle->issuer_attr, | ||
677 | &etime_abs); | ||
678 | if (NULL == cred) | ||
679 | { | ||
680 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
681 | "Failed to create credential\n"); | ||
682 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
683 | return; | ||
684 | } | ||
685 | send_cred_response (handle, cred); | ||
686 | } | ||
687 | |||
688 | |||
689 | static void | ||
690 | issue_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle, | ||
691 | const char* url, | ||
692 | void *cls) | ||
693 | { | ||
694 | struct RequestHandle *handle = cls; | ||
695 | |||
696 | handle->identity = GNUNET_IDENTITY_connect (cfg, | ||
697 | NULL, | ||
698 | NULL); | ||
699 | handle->id_op = GNUNET_IDENTITY_get(handle->identity, | ||
700 | "credential-issuer", | ||
701 | &get_cred_issuer_cb, | ||
702 | handle); | ||
703 | handle->timeout_task = GNUNET_SCHEDULER_add_delayed (handle->timeout, | ||
704 | &do_error, | ||
705 | handle); | ||
706 | } | ||
707 | |||
481 | /** | 708 | /** |
482 | * Handle rest request | 709 | * Handle rest request |
483 | * | 710 | * |
@@ -489,7 +716,7 @@ options_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
489 | void *cls) | 716 | void *cls) |
490 | { | 717 | { |
491 | struct MHD_Response *resp; | 718 | struct MHD_Response *resp; |
492 | struct VerifyHandle *handle = cls; | 719 | struct RequestHandle *handle = cls; |
493 | 720 | ||
494 | //For GNS, independent of path return all options | 721 | //For GNS, independent of path return all options |
495 | resp = GNUNET_REST_create_response (NULL); | 722 | resp = GNUNET_REST_create_response (NULL); |
@@ -519,7 +746,7 @@ rest_credential_process_request(struct GNUNET_REST_RequestHandle *conndata_handl | |||
519 | GNUNET_REST_ResultProcessor proc, | 746 | GNUNET_REST_ResultProcessor proc, |
520 | void *proc_cls) | 747 | void *proc_cls) |
521 | { | 748 | { |
522 | struct VerifyHandle *handle = GNUNET_new (struct VerifyHandle); | 749 | struct RequestHandle *handle = GNUNET_new (struct RequestHandle); |
523 | struct GNUNET_REST_RequestHandlerError err; | 750 | struct GNUNET_REST_RequestHandlerError err; |
524 | 751 | ||
525 | handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; | 752 | handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; |
@@ -528,7 +755,8 @@ rest_credential_process_request(struct GNUNET_REST_RequestHandle *conndata_handl | |||
528 | handle->rest_handle = conndata_handle; | 755 | handle->rest_handle = conndata_handle; |
529 | 756 | ||
530 | static const struct GNUNET_REST_RequestHandler handlers[] = { | 757 | static const struct GNUNET_REST_RequestHandler handlers[] = { |
531 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_CREDENTIAL, &verify_cred_cont}, | 758 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_CREDENTIAL_VERIFY, &verify_cred_cont}, |
759 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_CREDENTIAL_ISSUE, &issue_cred_cont}, | ||
532 | {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_CREDENTIAL, &options_cont}, | 760 | {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_CREDENTIAL, &options_cont}, |
533 | GNUNET_REST_HANDLER_END | 761 | GNUNET_REST_HANDLER_END |
534 | }; | 762 | }; |
diff --git a/src/credential/test_credential_issue.sh b/src/credential/test_credential_issue.sh index b2ced204a..158d91c5b 100755 --- a/src/credential/test_credential_issue.sh +++ b/src/credential/test_credential_issue.sh | |||
@@ -39,6 +39,6 @@ then | |||
39 | fi | 39 | fi |
40 | #Try import | 40 | #Try import |
41 | $DO_TIMEOUT gnunet-namestore -a -z testsubject -n c1 -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf | 41 | $DO_TIMEOUT gnunet-namestore -a -z testsubject -n c1 -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf |
42 | 42 | RES=$? | |
43 | gnunet-arm -e -c test_credential_lookup.conf | 43 | gnunet-arm -e -c test_credential_lookup.conf |
44 | exit $? | 44 | exit $RES |
diff --git a/src/credential/test_credential_lookup.conf b/src/credential/test_credential_lookup.conf index f4bf36c52..7aa193abd 100644 --- a/src/credential/test_credential_lookup.conf +++ b/src/credential/test_credential_lookup.conf | |||
@@ -14,7 +14,7 @@ AUTOSTART = YES | |||
14 | #PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/credlog | 14 | #PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/credlog |
15 | 15 | ||
16 | [rest] | 16 | [rest] |
17 | PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/restlog | 17 | #PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/restlog |
18 | 18 | ||
19 | [gns] | 19 | [gns] |
20 | #PREFIX = valgrind --leak-check=full --track-origins=yes | 20 | #PREFIX = valgrind --leak-check=full --track-origins=yes |
diff --git a/src/credential/test_credential_verify_simple.sh b/src/credential/test_credential_verify_simple.sh index 924f2ab4a..c4fd8c7a3 100755 --- a/src/credential/test_credential_verify_simple.sh +++ b/src/credential/test_credential_verify_simple.sh | |||
@@ -39,7 +39,7 @@ RES_CRED=`gnunet-credential --verify --issuer=$ISSUER_KEY --attribute=$TEST_ATTR | |||
39 | gnunet-namestore -z testsubject -d -n $TEST_CREDENTIAL -t CRED -e never -c test_credential_lookup.conf | 39 | gnunet-namestore -z testsubject -d -n $TEST_CREDENTIAL -t CRED -e never -c test_credential_lookup.conf |
40 | gnunet-identity -D testsubject -c test_credential_lookup.conf | 40 | gnunet-identity -D testsubject -c test_credential_lookup.conf |
41 | gnunet-arm -e -c test_credential_lookup.conf | 41 | gnunet-arm -e -c test_credential_lookup.conf |
42 | 42 | echo $RES_CRED | |
43 | #TODO3 proper test | 43 | #TODO3 proper test |
44 | if [ "$RES_CRED" == "Successful." ] | 44 | if [ "$RES_CRED" == "Successful." ] |
45 | then | 45 | then |