aboutsummaryrefslogtreecommitdiff
path: root/src/credential
diff options
context:
space:
mode:
authorSchanzenbach, Martin <mschanzenbach@posteo.de>2016-12-07 14:56:57 +0100
committerSchanzenbach, Martin <mschanzenbach@posteo.de>2016-12-07 14:56:57 +0100
commit671f7c5fb4dcb596a2b6d065c2cd5f39be3fb431 (patch)
treeaed247d008042de00dd238cf2433c881521d12ed /src/credential
parent3ea628e269dc3ebec59336cfb2f883161a031662 (diff)
downloadgnunet-671f7c5fb4dcb596a2b6d065c2cd5f39be3fb431.tar.gz
gnunet-671f7c5fb4dcb596a2b6d065c2cd5f39be3fb431.zip
- add delegation resolution
Diffstat (limited to 'src/credential')
-rw-r--r--src/credential/gnunet-service-credential.c102
-rw-r--r--src/credential/plugin_gnsrecord_credential.c53
-rwxr-xr-xsrc/credential/test_credential_verify.sh11
3 files changed, 131 insertions, 35 deletions
diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c
index 662c26a5e..bf85b1583 100644
--- a/src/credential/gnunet-service-credential.c
+++ b/src/credential/gnunet-service-credential.c
@@ -100,6 +100,11 @@ struct AttributeQueueEntry
100 * Parent attribute delegation 100 * Parent attribute delegation
101 */ 101 */
102 struct AttributeQueueEntry *parent; 102 struct AttributeQueueEntry *parent;
103
104 /**
105 * Trailing attribute context
106 */
107 char *attr_trailer;
103}; 108};
104 109
105 110
@@ -364,40 +369,74 @@ start_backward_resolution (void* cls,
364 const struct GNUNET_CREDENTIAL_AttributeRecordData *attr; 369 const struct GNUNET_CREDENTIAL_AttributeRecordData *attr;
365 struct CredentialRecordEntry *cred_pointer; 370 struct CredentialRecordEntry *cred_pointer;
366 struct AttributeQueueEntry *attr_entry; 371 struct AttributeQueueEntry *attr_entry;
372 char *expanded_attr;
373 char *check_attr;
367 int i; 374 int i;
375
376 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
377 "Got %d attrs\n", rd_count);
368 378
369 for (i=0; i < rd_count; i++) 379 for (i=0; i < rd_count; i++)
370 { 380 {
371 if (GNUNET_GNSRECORD_TYPE_ATTRIBUTE != rd[i].record_type) 381 if (GNUNET_GNSRECORD_TYPE_ATTRIBUTE != rd[i].record_type)
372 continue; 382 continue;
383
373 attr = rd[i].data; 384 attr = rd[i].data;
385 attr_entry = GNUNET_new (struct AttributeQueueEntry);
386 attr_entry->data_size = rd[i].data_size;
387 if (NULL != vrh->current_attribute &&
388 NULL != vrh->current_attribute->attr_trailer)
389 {
390 if (rd[i].data_size == sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData))
391 {
392 GNUNET_asprintf (&expanded_attr,
393 "%s",
394 vrh->current_attribute->attr_trailer);
395
396 } else {
397 GNUNET_asprintf (&expanded_attr,
398 "%s.%s",
399 (char*)&attr[1],
400 vrh->current_attribute->attr_trailer);
401 }
402 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
403 "Expanded to %s\n", expanded_attr);
404 attr_entry->data_size += strlen (vrh->current_attribute->attr_trailer) + 1;
405 } else {
406 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
407 "Not Expanding %s\n", (char*)&attr[1]);
408 }
409 attr_entry->data = GNUNET_malloc (attr_entry->data_size);
410 memcpy (attr_entry->data,
411 rd[i].data,
412 rd[i].data_size);
413 if (NULL != vrh->current_attribute && NULL != vrh->current_attribute->attr_trailer)
414 {
415 memcpy ((char*)&attr_entry->data[1],
416 expanded_attr,
417 strlen (expanded_attr));
418 }
419 check_attr = (char*)&attr_entry->data[1];
420 check_attr[attr_entry->data_size] = '\0';
421 attr_entry->parent = vrh->current_attribute;
422
423 GNUNET_CONTAINER_DLL_insert (vrh->attr_queue_head,
424 vrh->attr_queue_tail,
425 attr_entry);
374 for(cred_pointer = vrh->cred_chain_head; cred_pointer != NULL; 426 for(cred_pointer = vrh->cred_chain_head; cred_pointer != NULL;
375 cred_pointer = cred_pointer->next){ 427 cred_pointer = cred_pointer->next){
376 cred = cred_pointer->data; 428 cred = cred_pointer->data;
377
378 attr_entry = GNUNET_new (struct AttributeQueueEntry);
379
380 attr_entry->data = GNUNET_malloc (rd[i].data_size);
381 memcpy (attr_entry->data,
382 rd[i].data,
383 rd[i].data_size);
384 attr_entry->data_size = rd[i].data_size;
385
386 attr_entry->parent = vrh->current_attribute;
387
388 GNUNET_CONTAINER_DLL_insert (vrh->attr_queue_head,
389 vrh->attr_queue_tail,
390 attr_entry);
391
392 if(0 != memcmp (&attr->subject_key, 429 if(0 != memcmp (&attr->subject_key,
393 &cred_pointer->data->issuer_key, 430 &cred_pointer->data->issuer_key,
394 sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))) 431 sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)))
395 continue; 432 continue;
433 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
434 "Checking if %s matches %s\n",
435 (char*)&attr_entry->data[1], (char*)&cred[1]);
396 436
397 if (0 != strcmp ((char*)&attr[1], (char*)&cred[1])) 437 if (0 != strcmp ((char*)&attr_entry->data[1], (char*)&cred[1]))
398 continue; 438 continue;
399 439
400
401 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 440 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
402 "Found issuer\n"); 441 "Found issuer\n");
403 vrh->credential = GNUNET_malloc (rd[i].data_size); 442 vrh->credential = GNUNET_malloc (rd[i].data_size);
@@ -417,9 +456,9 @@ start_backward_resolution (void* cls,
417 //Start from next to head 456 //Start from next to head
418 vrh->current_attribute = vrh->attr_queue_head; 457 vrh->current_attribute = vrh->attr_queue_head;
419 458
420 if(vrh->current_attribute != NULL) 459 if(NULL == vrh->current_attribute)
421 { 460 {
422 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 461 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
423 "We are all out of attributes...\n"); 462 "We are all out of attributes...\n");
424 send_lookup_response (vrh); 463 send_lookup_response (vrh);
425 return; 464 return;
@@ -432,14 +471,32 @@ start_backward_resolution (void* cls,
432 471
433 472
434 //Start with backward resolution 473 //Start with backward resolution
474 char issuer_attribute_name[strlen ((char*)&vrh->current_attribute->data[1])];
475 char *lookup_attr;
476 strcpy (issuer_attribute_name,
477 (char*)&vrh->current_attribute->data[1]);
478 char *next_attr = strtok (issuer_attribute_name, ".");
479 GNUNET_asprintf (&lookup_attr,
480 "%s.gnu",
481 next_attr);
482 next_attr += strlen (next_attr) + 1;
483 vrh->current_attribute->attr_trailer = GNUNET_strdup (next_attr);
484
485 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
486 "Looking up %s\n", lookup_attr);
487 if (NULL != vrh->current_attribute->attr_trailer)
488 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
489 "%s still to go...\n", vrh->current_attribute->attr_trailer);
490
435 vrh->lookup_request = GNUNET_GNS_lookup (gns, 491 vrh->lookup_request = GNUNET_GNS_lookup (gns,
436 (char*)&vrh->current_attribute->data[1], 492 lookup_attr,
437 &vrh->current_attribute->data->subject_key, //issuer_key, 493 &vrh->current_attribute->data->subject_key, //issuer_key,
438 GNUNET_GNSRECORD_TYPE_ATTRIBUTE, 494 GNUNET_GNSRECORD_TYPE_ATTRIBUTE,
439 GNUNET_GNS_LO_DEFAULT, 495 GNUNET_GNS_LO_DEFAULT,
440 NULL, //shorten_key, always NULL 496 NULL, //shorten_key, always NULL
441 &start_backward_resolution, 497 &start_backward_resolution,
442 vrh); 498 vrh);
499 GNUNET_free (lookup_attr);
443} 500}
444 501
445 502
@@ -513,8 +570,6 @@ handle_credential_query (void* cls,
513 570
514 } 571 }
515 572
516 GNUNET_break (0); //TODO remove when implemented
517
518 /** 573 /**
519 * Check for attributes from the issuer and follow the chain 574 * Check for attributes from the issuer and follow the chain
520 * till you get the required subject's attributes 575 * till you get the required subject's attributes
@@ -524,6 +579,9 @@ handle_credential_query (void* cls,
524 vrh->issuer_attribute); 579 vrh->issuer_attribute);
525 strcpy (issuer_attribute_name + strlen (vrh->issuer_attribute), 580 strcpy (issuer_attribute_name + strlen (vrh->issuer_attribute),
526 ".gnu"); 581 ".gnu");
582 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
583 "Looking up %s\n", issuer_attribute_name);
584
527 //Start with backward resolution 585 //Start with backward resolution
528 GNUNET_GNS_lookup (gns, 586 GNUNET_GNS_lookup (gns,
529 issuer_attribute_name, 587 issuer_attribute_name,
diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c
index 90ac393d0..ece4be1e3 100644
--- a/src/credential/plugin_gnsrecord_credential.c
+++ b/src/credential/plugin_gnsrecord_credential.c
@@ -65,10 +65,15 @@ credential_value_to_string (void *cls,
65 sizeof (attr)); 65 sizeof (attr));
66 cdata = data; 66 cdata = data;
67 subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&attr.subject_key); 67 subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&attr.subject_key);
68 GNUNET_asprintf (&attr_str, 68 if (data_size == sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData))
69 "%s.%s", 69 {
70 subject_pkey, 70 return subject_pkey;
71 &cdata[sizeof (attr)]); 71 } else {
72 GNUNET_asprintf (&attr_str,
73 "%s %s",
74 subject_pkey,
75 &cdata[sizeof (attr)]);
76 }
72 GNUNET_free (subject_pkey); 77 GNUNET_free (subject_pkey);
73 return attr_str; 78 return attr_str;
74 } 79 }
@@ -82,7 +87,7 @@ credential_value_to_string (void *cls,
82 char *signature; 87 char *signature;
83 const char *expiration; 88 const char *expiration;
84 89
85 90
86 if (data_size < sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData)) 91 if (data_size < sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData))
87 return NULL; /* malformed */ 92 return NULL; /* malformed */
88 memcpy (&cred, 93 memcpy (&cred,
@@ -136,6 +141,41 @@ credential_string_to_value (void *cls,
136 return GNUNET_SYSERR; 141 return GNUNET_SYSERR;
137 switch (type) 142 switch (type)
138 { 143 {
144 case GNUNET_GNSRECORD_TYPE_ATTRIBUTE:
145 {
146 struct GNUNET_CREDENTIAL_AttributeRecordData *attr;
147 char attr_str[253 + 1];
148 char subject_pkey[52 + 1];
149 int matches = 0;
150 matches = SSCANF (s,
151 "%s %s",
152 subject_pkey,
153 attr_str);
154 if (0 == matches)
155 {
156 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
157 _("Unable to parse ATTR record string `%s'\n"),
158 s);
159 return GNUNET_SYSERR;
160
161 }
162 if (1 == matches) {
163 *data_size = sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData);
164 } else if (2 == matches) {
165 *data_size = sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData) + strlen (attr_str) + 1;
166 }
167 *data = attr = GNUNET_malloc (*data_size);
168 GNUNET_CRYPTO_ecdsa_public_key_from_string (subject_pkey,
169 strlen (subject_pkey),
170 &attr->subject_key);
171 if (NULL != attr_str)
172 GNUNET_memcpy (&attr[1],
173 attr_str,
174 strlen (attr_str));
175
176
177 return GNUNET_OK;
178 }
139 case GNUNET_GNSRECORD_TYPE_CREDENTIAL: 179 case GNUNET_GNSRECORD_TYPE_CREDENTIAL:
140 { 180 {
141 struct GNUNET_CREDENTIAL_CredentialRecordData *cred; 181 struct GNUNET_CREDENTIAL_CredentialRecordData *cred;
@@ -183,7 +223,7 @@ credential_string_to_value (void *cls,
183 cred->expiration = GNUNET_htonll (etime_abs.abs_value_us); 223 cred->expiration = GNUNET_htonll (etime_abs.abs_value_us);
184 cred->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); 224 cred->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL);
185 cred->purpose.size = htonl (strlen (name) + 1 + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + 225 cred->purpose.size = htonl (strlen (name) + 1 + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
186 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + sizeof (uint64_t)); 226 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + sizeof (uint64_t));
187 GNUNET_free (sig); 227 GNUNET_free (sig);
188 GNUNET_memcpy (&cred[1], 228 GNUNET_memcpy (&cred[1],
189 name, 229 name,
@@ -207,6 +247,7 @@ static struct {
207 uint32_t number; 247 uint32_t number;
208} name_map[] = { 248} name_map[] = {
209 { "CRED", GNUNET_GNSRECORD_TYPE_CREDENTIAL }, 249 { "CRED", GNUNET_GNSRECORD_TYPE_CREDENTIAL },
250 { "ATTR", GNUNET_GNSRECORD_TYPE_ATTRIBUTE },
210 { NULL, UINT32_MAX } 251 { NULL, UINT32_MAX }
211}; 252};
212 253
diff --git a/src/credential/test_credential_verify.sh b/src/credential/test_credential_verify.sh
index 6e5ba4647..ab3c78f41 100755
--- a/src/credential/test_credential_verify.sh
+++ b/src/credential/test_credential_verify.sh
@@ -31,7 +31,8 @@ TEST_ATTR="user"
31INTERMEDIATE_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testintermediate | awk '{print $3}') 31INTERMEDIATE_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testintermediate | awk '{print $3}')
32SUBJECT_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testsubject | awk '{print $3}') 32SUBJECT_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testsubject | awk '{print $3}')
33ISSUER_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testissuer | awk '{print $3}') 33ISSUER_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testissuer | awk '{print $3}')
34CRED=`$DO_TIMEOUT gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR -c test_credential_lookup.conf` 34AUTHORITY_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testauthority | awk '{print $3}')
35CRED=`$DO_TIMEOUT gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR --ttl=5m -c test_credential_lookup.conf`
35 36
36TEST_CREDENTIAL="t1" 37TEST_CREDENTIAL="t1"
37gnunet-namestore -p -z testsubject -a -n $TEST_CREDENTIAL -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf 38gnunet-namestore -p -z testsubject -a -n $TEST_CREDENTIAL -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf
@@ -43,17 +44,13 @@ AUTHORITY_ATTR="test"
43gnunet-namestore -p -z testauthority -a -n $AUTHORITY_ATTR -t ATTR -V "$INTERMEDIATE_KEY $INTERMEDIATE_ATTR.$TEST_ATTR" -e 5m -c test_credential_lookup.conf 44gnunet-namestore -p -z testauthority -a -n $AUTHORITY_ATTR -t ATTR -V "$INTERMEDIATE_KEY $INTERMEDIATE_ATTR.$TEST_ATTR" -e 5m -c test_credential_lookup.conf
44 45
45#TODO2 Add -z swich like in gnunet-gns 46#TODO2 Add -z swich like in gnunet-gns
46#RES_CRED=`$DO_TIMEOUT gnunet-credential --verify --issuer=$ISSUER_KEY --attribute="$TEST_ATTR" --subject=$SUBJECT_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf` 47RES_CRED=`gnunet-credential --verify --issuer=$AUTHORITY_KEY --attribute=$AUTHORITY_ATTR --subject=$SUBJECT_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf`
47valgrind gnunet-credential --verify --issuer=$AUTHORITY_KEY --attribute=$AUTHORITY_ATTR --subject=$SUBJECT_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf
48 48
49#TODO cleanup properly 49#TODO cleanup properly
50gnunet-namestore -z testsubject -d -n $TEST_CREDENTIAL -t CRED -e never -c test_credential_lookup.conf 50gnunet-namestore -z testsubject -d -n $TEST_CREDENTIAL -t CRED -e never -c test_credential_lookup.conf
51gnunet-arm -e -c test_credential_lookup.conf 51gnunet-arm -e -c test_credential_lookup.conf
52 52
53#TODO3 proper test 53if [ "$RES_CRED" == "Successful." ]
54exit 0
55
56if [ "$RES_CRED" == "Ok!" ]
57then 54then
58 exit 0 55 exit 0
59else 56else