- rework issue api

author: Schanzenbach, Martin <mschanzenbach@posteo.de> 2017-09-17 21:06:42 +0200
committer: Schanzenbach, Martin <mschanzenbach@posteo.de> 2017-09-17 21:06:42 +0200
commit: 0469377fd49450c1d7853c5ceecf08be9ce8df75 (patch)
tree: 847fd99b23035611d0dbb6a12e548a9a1b196bf6 /src/identity-provider/gnunet-service-identity-provider.c
parent: 67e0d73709ef557b52ba0527291d68c17fd6c60a (diff)
download: gnunet-0469377fd49450c1d7853c5ceecf08be9ce8df75.tar.gz
gnunet-0469377fd49450c1d7853c5ceecf08be9ce8df75.zip
1 files changed, 437 insertions, 134 deletions
diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c
index 0ce70aed3..b481c00c0 100644
--- a/src/identity-provider/gnunet-service-identity-provider.c
+++ b/src/identity-provider/gnunet-service-identity-provider.c
@@ -373,6 +373,45 @@ struct ParallelLookup
  char *label;
 };
+struct TicketIssueHandle
+{
+  /**
+   * Client connection
+   */
+  struct IdpClient *client;
+  /**
+   * Attributes to issue
+   */
+  struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs;
+  /**
+   * Issuer Key
+   */
+  struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
+  /**
+   * Ticket to issue
+   */
+  struct GNUNET_IDENTITY_PROVIDER_Ticket2 ticket;
+  /**
+   * QueueEntry
+   */
+  struct GNUNET_NAMESTORE_QueueEntry *ns_qe;
+  /**
+   * request id
+   */
+  uint32_t r_id;
+};
+/**
+ * DEPRECATED
+ */
 struct IssueHandle
 {
@@ -546,6 +585,120 @@ do_shutdown (void *cls)
  cleanup();
 }
+/**
+ * Finished storing newly bootstrapped ABE key
+ */
+static void
+bootstrap_store_cont (void *cls,
+                      int32_t success,
+                      const char *emsg)
+{
+  struct AbeBootstrapHandle *abh = cls;
+  if (GNUNET_SYSERR == success)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Failed to bootstrap ABE master %s\n",
+                emsg);
+    abh->proc (abh->proc_cls, NULL);
+    GNUNET_free (abh->abe_key);
+    GNUNET_free (abh);
+    return;
+  }
+  abh->proc (abh->proc_cls, abh->abe_key);
+  GNUNET_free (abh);
+}
+/**
+ * Generates and stores a new ABE key
+ */
+static void
+bootstrap_store_task (void *cls)
+{
+  struct AbeBootstrapHandle *abh = cls;
+  struct GNUNET_GNSRECORD_Data rd[1];
+  rd[0].data_size = GNUNET_CRYPTO_cpabe_serialize_master_key (abh->abe_key,
+                                                              (void**)&rd[0].data);
+  rd[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_MASTER;
+  rd[0].flags = GNUNET_GNSRECORD_RF_NONE | GNUNET_GNSRECORD_RF_PRIVATE;
+  rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane?
+  abh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
+                                               &abh->identity,
+                                               "+",
+                                               1,
+                                               rd,
+                                               &bootstrap_store_cont,
+                                               abh);
+}
+/**
+ * Error checking for ABE master
+ */
+static void
+bootstrap_abe_error (void *cls)
+{
+  struct AbeBootstrapHandle *abh = cls;
+  GNUNET_free (abh);
+  abh->proc (abh->proc_cls, NULL);
+  GNUNET_free (abh);
+}
+/**
+ * Handle ABE lookup in namestore
+ */
+static void
+bootstrap_abe_result (void *cls,
+                      const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                      const char *label,
+                      unsigned int rd_count,
+                      const struct GNUNET_GNSRECORD_Data *rd)
+{
+  struct AbeBootstrapHandle *abh = cls;
+  struct GNUNET_CRYPTO_AbeMasterKey *abe_key;
+  int i;
+  for (i=0;i<rd_count;i++) {
+    if (GNUNET_GNSRECORD_TYPE_ABE_MASTER != rd[i].record_type)
+      continue;
+    abe_key = GNUNET_CRYPTO_cpabe_deserialize_master_key ((void**)rd[i].data,
+                                                          rd[i].data_size);
+    abh->proc (abh->proc_cls, abe_key);
+    GNUNET_free (abh);
+    return;
+  }
+  //No ABE master found, bootstrapping...
+  abh->abe_key = GNUNET_CRYPTO_cpabe_create_master_key ();
+  GNUNET_SCHEDULER_add_now (&bootstrap_store_task, abh);
+}
+/**
+ * Bootstrap ABE master if it does not yet exists.
+ * Will call the AbeBootstrapResult processor when done.
+ */
+static void
+bootstrap_abe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
+               AbeBootstrapResult proc,
+               void* cls)
+{
+  struct AbeBootstrapHandle *abh;
+  abh = GNUNET_new (struct AbeBootstrapHandle);
+  abh->proc = proc;
+  abh->proc_cls = cls;
+  abh->identity = *identity;
+  abh->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle,
+                                                identity,
+                                                "+",
+                                                &bootstrap_abe_error,
+                                                abh,
+                                                &bootstrap_abe_result,
+                                                abh);
+}
 static struct GNUNET_MQ_Envelope*
 create_exchange_result_message (const char* token,
@@ -996,6 +1149,7 @@ attr_collect_finished (void *cls)
                                                          &handle_vattr_collection,
                                                          handle);
 }
 /**
 * Collect attributes for token
 */
@@ -1293,36 +1447,6 @@ handle_exchange_message (void *cls,
 }
-/**
- * Checks an issue message
- *
- * @param cls client sending the message
- * @param im message of type `struct IssueMessage`
- * @return #GNUNET_OK if @a im is well-formed
- */
-static int
-check_issue_message(void *cls,
-                    const struct IssueMessage *im)
-{
-  uint16_t size;
-  size = ntohs (im->header.size);
-  if (size <= sizeof (struct IssueMessage))
-  {
-    GNUNET_break (0);
-    return GNUNET_SYSERR;
-  }
-  scopes = (char *) &im[1];
-  if ('\0' != scopes[size - sizeof (struct IssueMessage) - 1])
-  {
-    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                "Malformed scopes received!\n");
-    GNUNET_break (0);
-    return GNUNET_SYSERR;
-  }
-  return GNUNET_OK;
-}
 void
 attr_collect_task (void *cls)
 {
@@ -1338,8 +1462,6 @@ attr_collect_task (void *cls)
                                                               issue_handle);
 }
 void
 abe_key_lookup_error (void *cls)
 {
@@ -1372,6 +1494,38 @@ abe_key_lookup_result (void *cls,
 }
+/**
+ * Checks an issue message
+ *
+ * @param cls client sending the message
+ * @param im message of type `struct IssueMessage`
+ * @return #GNUNET_OK if @a im is well-formed
+ */
+static int
+check_issue_message(void *cls,
+                    const struct IssueMessage *im)
+{
+  uint16_t size;
+  size = ntohs (im->header.size);
+  if (size <= sizeof (struct IssueMessage))
+  {
+    GNUNET_break (0);
+    return GNUNET_SYSERR;
+  }
+  scopes = (char *) &im[1];
+  if ('\0' != scopes[size - sizeof (struct IssueMessage) - 1])
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Malformed scopes received!\n");
+    GNUNET_break (0);
+    return GNUNET_SYSERR;
+  }
+  return GNUNET_OK;
+}
 /**
 *
 * Handler for issue message
@@ -1452,6 +1606,240 @@ handle_issue_message (void *cls,
 }
 static void
+cleanup_ticket_issue_handle (struct TicketIssueHandle *handle)
+{
+  struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le;
+  struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *tmp_le;
+  for (le = handle->attrs->list_head; NULL != le;)
+  {
+    GNUNET_free (le->attribute);
+    tmp_le = le;
+    le = le->next;
+    GNUNET_free (tmp_le);
+  }
+  GNUNET_free (handle->attrs);
+  if (NULL != handle->ns_qe)
+    GNUNET_NAMESTORE_cancel (handle->ns_qe);
+  GNUNET_free (handle);
+}
+static void
+store_ticket_issue_cont (void *cls,
+                        int32_t success,
+                        const char *emsg)
+{
+  struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket;
+  struct TicketIssueHandle *handle = cls;
+  struct TicketResultMessage *irm;
+  struct GNUNET_MQ_Envelope *env;
+  handle->ns_qe = NULL;
+  if (GNUNET_SYSERR == success)
+  {
+    cleanup_ticket_issue_handle (handle);
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n",
+                "Unknown Error\n");
+    GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);
+    return;
+  }
+  env = GNUNET_MQ_msg_extra (irm,
+                             sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket2),
+                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT);
+  ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket2 *)&irm[1];
+  *ticket = handle->ticket;
+  irm->id = handle->r_id;
+  GNUNET_MQ_send (handle->client->mq,
+                  env);
+  cleanup_ticket_issue_handle (handle);
+}
+/**
+ * Checks a ticket issue message
+ *
+ * @param cls client sending the message
+ * @param im message of type `struct TicketIssueMessage`
+ * @return #GNUNET_OK if @a im is well-formed
+ */
+static int
+check_ticket_issue_message(void *cls,
+                           const struct TicketIssueMessage *im)
+{
+  uint16_t size;
+  size = ntohs (im->header.size);
+  if (size <= sizeof (struct IssueMessage))
+  {
+    GNUNET_break (0);
+    return GNUNET_SYSERR;
+  }
+  return GNUNET_OK;
+}
+int
+serialize_abe_keyinfo2 (const struct TicketIssueHandle *handle,
+                 const struct GNUNET_CRYPTO_AbeKey *rp_key,
+                 struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey,
+                 char **result)
+{
+  struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey;
+  struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le;
+  char *enc_keyinfo;
+  char *serialized_key;
+  char *buf;
+  char *write_ptr;
+  char attrs_str_len;
+  ssize_t size;
+  
+  struct GNUNET_CRYPTO_SymmetricSessionKey skey;
+  struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
+  struct GNUNET_HashCode new_key_hash;
+  ssize_t enc_size;
+  
+  size = GNUNET_CRYPTO_cpabe_serialize_key (rp_key,
+                                            (void**)&serialized_key);
+  attrs_str_len = 0;
+  for (le = handle->attrs->list_head; NULL != le; le = le->next) {
+    attrs_str_len += strlen (le->attribute->name) + 1;
+  }
+  buf = GNUNET_malloc (attrs_str_len + size);
+  write_ptr = buf;
+  for (le = handle->attrs->list_head; NULL != le; le = le->next) {
+    GNUNET_memcpy (write_ptr,
+                   le->attribute->name,
+                   strlen (le->attribute->name));
+    write_ptr[strlen (le->attribute->name)] = ',';
+    write_ptr += strlen (le->attribute->name) + 1;
+  }
+  write_ptr--;
+  write_ptr[0] = '\0'; //replace last , with a 0-terminator
+  write_ptr++;
+  GNUNET_memcpy (write_ptr,
+                 serialized_key,
+                 size);
+  // ECDH keypair E = eG
+  *ecdh_privkey = GNUNET_CRYPTO_ecdhe_key_create();
+  GNUNET_CRYPTO_ecdhe_key_get_public (*ecdh_privkey,
+                                      &ecdh_pubkey);
+  enc_keyinfo = GNUNET_malloc (size + attrs_str_len);
+  // Derived key K = H(eB)
+  GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdh_ecdsa (*ecdh_privkey,
+                                                        &handle->ticket.audience,
+                                                        &new_key_hash));
+  create_sym_key_from_ecdh(&new_key_hash, &skey, &iv);
+  enc_size = GNUNET_CRYPTO_symmetric_encrypt (buf,
+                                              size + attrs_str_len,
+                                              &skey, &iv,
+                                              enc_keyinfo);
+  *result = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)+
+                           enc_size);
+  GNUNET_memcpy (*result,
+                 &ecdh_pubkey,
+                 sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
+  GNUNET_memcpy (*result + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey),
+                 enc_keyinfo,
+                 enc_size);
+  GNUNET_free (enc_keyinfo);
+  return sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)+enc_size;
+}
+static void
+issue_ticket_after_abe_bootstrap (void *cls,
+                           struct GNUNET_CRYPTO_AbeMasterKey *abe_key)
+{
+  struct TicketIssueHandle *ih = cls;
+  struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le;
+  struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey;
+  struct GNUNET_GNSRECORD_Data code_record[1];
+  struct GNUNET_CRYPTO_AbeKey *rp_key;
+  char *code_record_data;
+  char **attrs;
+  char *label;
+  int attrs_len;
+  int i;
+  size_t code_record_len;
+  //Create new ABE key for RP
+  attrs_len = 0;
+  for (le = ih->attrs->list_head; NULL != le; le = le->next)
+    attrs_len++;
+  attrs = GNUNET_malloc (attrs_len);
+  i = 0;
+  for (le = ih->attrs->list_head; NULL != le; le = le->next) {
+    attrs[i] = (char*) le->attribute->name;
+    i++;
+  }
+  rp_key = GNUNET_CRYPTO_cpabe_create_key (abe_key,
+                                           attrs);
+  
+  //TODO review this wireformat
+  code_record_len = serialize_abe_keyinfo2 (ih,
+                                            rp_key,
+                                            &ecdhe_privkey,
+                                            &code_record_data);
+  code_record[0].data = code_record_data;
+  code_record[0].data_size = code_record_len;
+  code_record[0].expiration_time = GNUNET_TIME_UNIT_DAYS.rel_value_us;
+  code_record[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_KEY;
+  code_record[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
+  label = GNUNET_STRINGS_data_to_string_alloc (&ih->ticket.rnd,
+                                               sizeof (uint64_t));
+  //Publish record
+  ih->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
+                                              &ih->identity,
+                                              label,
+                                              1,
+                                              code_record,
+                                              &store_ticket_issue_cont,
+                                              ih);
+  GNUNET_free (ecdhe_privkey);
+  GNUNET_free (label);
+  GNUNET_free (code_record_data);
+}
+/**
+ *
+ * Handler for ticket issue message
+ *
+ * @param cls unused
+ * @param client who sent the message
+ * @param message the message
+ */
+static void
+handle_ticket_issue_message (void *cls,
+                             const struct TicketIssueMessage *im)
+{
+  struct TicketIssueHandle *ih;
+  struct IdpClient *idp = cls;
+  size_t attrs_len;
+  ih = GNUNET_new (struct TicketIssueHandle);
+  attrs_len = ntohs (im->attr_len);
+  ih->attrs = attribute_list_deserialize ((char*)&im[1], attrs_len);
+  ih->r_id = im->id;
+  ih->client = idp;
+  ih->identity = im->identity;
+  GNUNET_CRYPTO_ecdsa_key_get_public (&ih->identity,
+                                      &ih->ticket.identity);
+  ih->ticket.audience = im->rp;
+  ih->ticket.rnd =
+    GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG,
+                              UINT64_MAX);
+  bootstrap_abe (&ih->identity, &issue_ticket_after_abe_bootstrap, ih);
+  GNUNET_SERVICE_client_continue (idp->client);
+}
+static void
 cleanup_as_handle (struct AttributeStoreHandle *handle)
 {
  if (NULL != handle->attribute)
@@ -1481,10 +1869,10 @@ attr_store_cont (void *cls,
    return;
  }
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+  GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
-              "Sending ATTRIBUTE_STORE_RESPONSE message\n");
+              "Sending ATTRIBUTE_STORE_RESPONSE message\n");
  env = GNUNET_MQ_msg (acr_msg,
-                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE);
+                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE);
  acr_msg->id = htonl (as_handle->r_id);
  acr_msg->op_result = htonl (GNUNET_OK);
  GNUNET_MQ_send (as_handle->client->mq,
@@ -1500,6 +1888,8 @@ attr_store_task (void *cls)
  char* buf;
  size_t buf_size;
+  GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
+              "Storing attribute\n");
  buf_size = attribute_serialize_get_size (as_handle->attribute);
  buf = GNUNET_malloc (buf_size);
@@ -1529,108 +1919,13 @@ attr_store_task (void *cls)
 }
-static void
-bootstrap_store_cont (void *cls,
-                      int32_t success,
-                      const char *emsg)
-{
-  struct AbeBootstrapHandle *abh = cls;
-  if (GNUNET_SYSERR == success)
-  {
-    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                "Failed to bootstrap ABE master %s\n",
-                emsg);
-    abh->proc (abh->proc_cls, NULL);
-    GNUNET_free (abh->abe_key);
-    GNUNET_free (abh);
-    return;
-  }
-  abh->proc (abh->proc_cls, abh->abe_key);
-  GNUNET_free (abh);
-}
-static void
-bootstrap_store_task (void *cls)
-{
-  struct AbeBootstrapHandle *abh = cls;
-  struct GNUNET_GNSRECORD_Data rd[1];
-  rd[0].data_size = GNUNET_CRYPTO_cpabe_serialize_master_key (abh->abe_key,
-                                                              (void**)&rd[0].data);
-  rd[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_MASTER;
-  rd[0].flags = GNUNET_GNSRECORD_RF_NONE | GNUNET_GNSRECORD_RF_PRIVATE;
-  rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane?
-  abh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
-                                               &abh->identity,
-                                               "+",
-                                               1,
-                                               rd,
-                                               &bootstrap_store_cont,
-                                               abh);
-}
-static void
-bootstrap_abe_error (void *cls)
-{
-  struct AbeBootstrapHandle *abh = cls;
-  GNUNET_free (abh);
-  abh->proc (abh->proc_cls, NULL);
-  GNUNET_free (abh);
-}
-static void
-bootstrap_abe_result (void *cls,
-                      const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
-                      const char *label,
-                      unsigned int rd_count,
-                      const struct GNUNET_GNSRECORD_Data *rd)
-{
-  struct AbeBootstrapHandle *abh = cls;
-  struct GNUNET_CRYPTO_AbeMasterKey *abe_key;
-  int i;
-  for (i=0;i<rd_count;i++) {
-    if (GNUNET_GNSRECORD_TYPE_ABE_MASTER != rd[i].record_type)
-      continue;
-    abe_key = GNUNET_CRYPTO_cpabe_deserialize_master_key ((void**)rd[i].data,
-                                                          rd[i].data_size);
-    abh->proc (abh->proc_cls, abe_key);
-    GNUNET_free (abh);
-    return;
-  }
-  //No ABE master found, bootstrapping...
-  abh->abe_key = GNUNET_CRYPTO_cpabe_create_master_key ();
-  GNUNET_SCHEDULER_add_now (&bootstrap_store_task, abh);
-}
-static void
-bootstrap_abe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
-               AbeBootstrapResult proc,
-               void* cls)
-{
-  struct AbeBootstrapHandle *abh;
-  abh = GNUNET_new (struct AbeBootstrapHandle);
-  abh->proc = proc;
-  abh->proc_cls = cls;
-  abh->identity = *identity;
-  abh->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle,
-                                                identity,
-                                                "+",
-                                                &bootstrap_abe_error,
-                                                abh,
-                                                &bootstrap_abe_result,
-                                                abh);
-}
 static void
 store_after_abe_bootstrap (void *cls,
                           struct GNUNET_CRYPTO_AbeMasterKey *abe_key)
 {
+  GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
+              "Finished ABE bootstrap\n");
  struct AttributeStoreHandle *ash = cls;
  ash->abe_key = abe_key;
  GNUNET_SCHEDULER_add_now (&attr_store_task, ash);
@@ -1674,6 +1969,8 @@ handle_attribute_store_message (void *cls,
  struct AttributeStoreHandle *as_handle;
  struct IdpClient *idp = cls;
  size_t data_len;
+  GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
+              "Received ATTRIBUTE_STORE message\n");
  data_len = ntohs (sam->attr_len);
@@ -1681,14 +1978,13 @@ handle_attribute_store_message (void *cls,
  as_handle->attribute = attribute_deserialize ((char*)&sam[1],
                                                data_len);
-  as_handle->r_id = sam->id;
+  as_handle->r_id = ntohl (sam->id);
  as_handle->identity = sam->identity;
  GNUNET_CRYPTO_ecdsa_key_get_public (&sam->identity,
                                      &as_handle->identity_pkey);
  GNUNET_SERVICE_client_continue (idp->client);
  as_handle->client = idp;
  bootstrap_abe (&as_handle->identity, &store_after_abe_bootstrap, as_handle);
 }
@@ -1697,6 +1993,9 @@ cleanup_iter_handle (struct AttributeIterator *ai)
 {
  if (NULL != ai->abe_key)
    GNUNET_free (ai->abe_key);
+  GNUNET_CONTAINER_DLL_remove (ai->client->op_head,
+                               ai->client->op_tail,
+                               ai);
  GNUNET_free (ai);
 }
@@ -2036,5 +2335,9 @@ GNUNET_SERVICE_MAIN
                          GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP,
                          struct AttributeIterationStopMessage,
                          NULL),
+ GNUNET_MQ_hd_var_size (ticket_issue_message,
+                        GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ISSUE,
+                        struct TicketIssueMessage,
+                        NULL),
 GNUNET_MQ_handler_end());
 /* end of gnunet-service-identity-provider.c */
author	Schanzenbach, Martin <mschanzenbach@posteo.de>	2017-09-17 21:06:42 +0200
committer	Schanzenbach, Martin <mschanzenbach@posteo.de>	2017-09-17 21:06:42 +0200
commit	0469377fd49450c1d7853c5ceecf08be9ce8df75 (patch)
tree	847fd99b23035611d0dbb6a12e548a9a1b196bf6 /src/identity-provider/gnunet-service-identity-provider.c
parent	67e0d73709ef557b52ba0527291d68c17fd6c60a (diff)
download	gnunet-0469377fd49450c1d7853c5ceecf08be9ce8df75.tar.gz gnunet-0469377fd49450c1d7853c5ceecf08be9ce8df75.zip

diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 0ce70aed3..b481c00c0 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c
@@ -373,6 +373,45 @@ struct ParallelLookup
373	char *label;	373	char *label;
374	};	374	};
375		375
		376
		377	struct TicketIssueHandle
		378	{
		379
		380	/**
		381	* Client connection
		382	*/
		383	struct IdpClient *client;
		384
		385	/**
		386	* Attributes to issue
		387	*/
		388	struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs;
		389
		390	/**
		391	* Issuer Key
		392	*/
		393	struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
		394
		395	/**
		396	* Ticket to issue
		397	*/
		398	struct GNUNET_IDENTITY_PROVIDER_Ticket2 ticket;
		399
		400	/**
		401	* QueueEntry
		402	*/
		403	struct GNUNET_NAMESTORE_QueueEntry *ns_qe;
		404
		405	/**
		406	* request id
		407	*/
		408	uint32_t r_id;
		409	};
		410
		411
		412	/**
		413	* DEPRECATED
		414	*/
376	struct IssueHandle	415	struct IssueHandle
377	{	416	{
378		417
@@ -546,6 +585,120 @@ do_shutdown (void *cls)
546	cleanup();	585	cleanup();
547	}	586	}
548		587
		588	/**
		589	* Finished storing newly bootstrapped ABE key
		590	*/
		591	static void
		592	bootstrap_store_cont (void *cls,
		593	int32_t success,
		594	const char *emsg)
		595	{
		596	struct AbeBootstrapHandle *abh = cls;
		597	if (GNUNET_SYSERR == success)
		598	{
		599	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
		600	"Failed to bootstrap ABE master %s\n",
		601	emsg);
		602	abh->proc (abh->proc_cls, NULL);
		603	GNUNET_free (abh->abe_key);
		604	GNUNET_free (abh);
		605	return;
		606	}
		607	abh->proc (abh->proc_cls, abh->abe_key);
		608	GNUNET_free (abh);
		609	}
		610
		611	/**
		612	* Generates and stores a new ABE key
		613	*/
		614	static void
		615	bootstrap_store_task (void *cls)
		616	{
		617	struct AbeBootstrapHandle *abh = cls;
		618	struct GNUNET_GNSRECORD_Data rd[1];
		619
		620	rd[0].data_size = GNUNET_CRYPTO_cpabe_serialize_master_key (abh->abe_key,
		621	(void**)&rd[0].data);
		622	rd[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_MASTER;
		623	rd[0].flags = GNUNET_GNSRECORD_RF_NONE \| GNUNET_GNSRECORD_RF_PRIVATE;
		624	rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane?
		625	abh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
		626	&abh->identity,
		627	"+",
		628	1,
		629	rd,
		630	&bootstrap_store_cont,
		631	abh);
		632	}
		633
		634	/**
		635	* Error checking for ABE master
		636	*/
		637	static void
		638	bootstrap_abe_error (void *cls)
		639	{
		640	struct AbeBootstrapHandle *abh = cls;
		641	GNUNET_free (abh);
		642	abh->proc (abh->proc_cls, NULL);
		643	GNUNET_free (abh);
		644	}
		645
		646
		647	/**
		648	* Handle ABE lookup in namestore
		649	*/
		650	static void
		651	bootstrap_abe_result (void *cls,
		652	const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
		653	const char *label,
		654	unsigned int rd_count,
		655	const struct GNUNET_GNSRECORD_Data *rd)
		656	{
		657	struct AbeBootstrapHandle *abh = cls;
		658	struct GNUNET_CRYPTO_AbeMasterKey *abe_key;
		659	int i;
		660
		661	for (i=0;i<rd_count;i++) {
		662	if (GNUNET_GNSRECORD_TYPE_ABE_MASTER != rd[i].record_type)
		663	continue;
		664	abe_key = GNUNET_CRYPTO_cpabe_deserialize_master_key ((void**)rd[i].data,
		665	rd[i].data_size);
		666	abh->proc (abh->proc_cls, abe_key);
		667	GNUNET_free (abh);
		668	return;
		669	}
		670
		671	//No ABE master found, bootstrapping...
		672	abh->abe_key = GNUNET_CRYPTO_cpabe_create_master_key ();
		673	GNUNET_SCHEDULER_add_now (&bootstrap_store_task, abh);
		674	}
		675
		676	/**
		677	* Bootstrap ABE master if it does not yet exists.
		678	* Will call the AbeBootstrapResult processor when done.
		679	*/
		680	static void
		681	bootstrap_abe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
		682	AbeBootstrapResult proc,
		683	void* cls)
		684	{
		685	struct AbeBootstrapHandle *abh;
		686
		687	abh = GNUNET_new (struct AbeBootstrapHandle);
		688	abh->proc = proc;
		689	abh->proc_cls = cls;
		690	abh->identity = *identity;
		691	abh->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle,
		692	identity,
		693	"+",
		694	&bootstrap_abe_error,
		695	abh,
		696	&bootstrap_abe_result,
		697	abh);
		698
		699	}
		700
		701
549		702
550	static struct GNUNET_MQ_Envelope*	703	static struct GNUNET_MQ_Envelope*
551	create_exchange_result_message (const char* token,	704	create_exchange_result_message (const char* token,
@@ -996,6 +1149,7 @@ attr_collect_finished (void *cls)
996	&handle_vattr_collection,	1149	&handle_vattr_collection,
997	handle);	1150	handle);
998	}	1151	}
		1152
999	/**	1153	/**
1000	* Collect attributes for token	1154	* Collect attributes for token
1001	*/	1155	*/
@@ -1293,36 +1447,6 @@ handle_exchange_message (void *cls,
1293		1447
1294	}	1448	}
1295		1449
1296	/**
1297	* Checks an issue message
1298	*
1299	* @param cls client sending the message
1300	* @param im message of type `struct IssueMessage`
1301	* @return #GNUNET_OK if @a im is well-formed
1302	*/
1303	static int
1304	check_issue_message(void *cls,
1305	const struct IssueMessage *im)
1306	{
1307	uint16_t size;
1308
1309	size = ntohs (im->header.size);
1310	if (size <= sizeof (struct IssueMessage))
1311	{
1312	GNUNET_break (0);
1313	return GNUNET_SYSERR;
1314	}
1315	scopes = (char *) &im[1];
1316	if ('\0' != scopes[size - sizeof (struct IssueMessage) - 1])
1317	{
1318	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1319	"Malformed scopes received!\n");
1320	GNUNET_break (0);
1321	return GNUNET_SYSERR;
1322	}
1323	return GNUNET_OK;
1324	}
1325
1326	void	1450	void
1327	attr_collect_task (void *cls)	1451	attr_collect_task (void *cls)
1328	{	1452	{
@@ -1338,8 +1462,6 @@ attr_collect_task (void *cls)
1338	issue_handle);	1462	issue_handle);
1339	}	1463	}
1340		1464
1341
1342
1343	void	1465	void
1344	abe_key_lookup_error (void *cls)	1466	abe_key_lookup_error (void *cls)
1345	{	1467	{
@@ -1372,6 +1494,38 @@ abe_key_lookup_result (void *cls,
1372		1494
1373	}	1495	}
1374		1496
		1497
		1498	/**
		1499	* Checks an issue message
		1500	*
		1501	* @param cls client sending the message
		1502	* @param im message of type `struct IssueMessage`
		1503	* @return #GNUNET_OK if @a im is well-formed
		1504	*/
		1505	static int
		1506	check_issue_message(void *cls,
		1507	const struct IssueMessage *im)
		1508	{
		1509	uint16_t size;
		1510
		1511	size = ntohs (im->header.size);
		1512	if (size <= sizeof (struct IssueMessage))
		1513	{
		1514	GNUNET_break (0);
		1515	return GNUNET_SYSERR;
		1516	}
		1517	scopes = (char *) &im[1];
		1518	if ('\0' != scopes[size - sizeof (struct IssueMessage) - 1])
		1519	{
		1520	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
		1521	"Malformed scopes received!\n");
		1522	GNUNET_break (0);
		1523	return GNUNET_SYSERR;
		1524	}
		1525	return GNUNET_OK;
		1526	}
		1527
		1528
1375	/**	1529	/**
1376	*	1530	*
1377	* Handler for issue message	1531	* Handler for issue message
@@ -1452,6 +1606,240 @@ handle_issue_message (void *cls,
1452	}	1606	}
1453		1607
1454	static void	1608	static void
		1609	cleanup_ticket_issue_handle (struct TicketIssueHandle *handle)
		1610	{
		1611	struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le;
		1612	struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *tmp_le;
		1613
		1614	for (le = handle->attrs->list_head; NULL != le;)
		1615	{
		1616	GNUNET_free (le->attribute);
		1617	tmp_le = le;
		1618	le = le->next;
		1619	GNUNET_free (tmp_le);
		1620	}
		1621	GNUNET_free (handle->attrs);
		1622	if (NULL != handle->ns_qe)
		1623	GNUNET_NAMESTORE_cancel (handle->ns_qe);
		1624	GNUNET_free (handle);
		1625	}
		1626
		1627	static void
		1628	store_ticket_issue_cont (void *cls,
		1629	int32_t success,
		1630	const char *emsg)
		1631	{
		1632	struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket;
		1633	struct TicketIssueHandle *handle = cls;
		1634	struct TicketResultMessage *irm;
		1635	struct GNUNET_MQ_Envelope *env;
		1636
		1637	handle->ns_qe = NULL;
		1638	if (GNUNET_SYSERR == success)
		1639	{
		1640	cleanup_ticket_issue_handle (handle);
		1641	GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n",
		1642	"Unknown Error\n");
		1643	GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);
		1644	return;
		1645	}
		1646	env = GNUNET_MQ_msg_extra (irm,
		1647	sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket2),
		1648	GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT);
		1649	ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket2 *)&irm[1];
		1650	*ticket = handle->ticket;
		1651	irm->id = handle->r_id;
		1652
		1653	GNUNET_MQ_send (handle->client->mq,
		1654	env);
		1655	cleanup_ticket_issue_handle (handle);
		1656	}
		1657
		1658
		1659
		1660	/**
		1661	* Checks a ticket issue message
		1662	*
		1663	* @param cls client sending the message
		1664	* @param im message of type `struct TicketIssueMessage`
		1665	* @return #GNUNET_OK if @a im is well-formed
		1666	*/
		1667	static int
		1668	check_ticket_issue_message(void *cls,
		1669	const struct TicketIssueMessage *im)
		1670	{
		1671	uint16_t size;
		1672
		1673	size = ntohs (im->header.size);
		1674	if (size <= sizeof (struct IssueMessage))
		1675	{
		1676	GNUNET_break (0);
		1677	return GNUNET_SYSERR;
		1678	}
		1679	return GNUNET_OK;
		1680	}
		1681
		1682	int
		1683	serialize_abe_keyinfo2 (const struct TicketIssueHandle *handle,
		1684	const struct GNUNET_CRYPTO_AbeKey *rp_key,
		1685	struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey,
		1686	char **result)
		1687	{
		1688	struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey;
		1689	struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le;
		1690	char *enc_keyinfo;
		1691	char *serialized_key;
		1692	char *buf;
		1693	char *write_ptr;
		1694	char attrs_str_len;
		1695	ssize_t size;
		1696
		1697	struct GNUNET_CRYPTO_SymmetricSessionKey skey;
		1698	struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
		1699	struct GNUNET_HashCode new_key_hash;
		1700	ssize_t enc_size;
		1701
		1702	size = GNUNET_CRYPTO_cpabe_serialize_key (rp_key,
		1703	(void**)&serialized_key);
		1704	attrs_str_len = 0;
		1705	for (le = handle->attrs->list_head; NULL != le; le = le->next) {
		1706	attrs_str_len += strlen (le->attribute->name) + 1;
		1707	}
		1708	buf = GNUNET_malloc (attrs_str_len + size);
		1709	write_ptr = buf;
		1710	for (le = handle->attrs->list_head; NULL != le; le = le->next) {
		1711	GNUNET_memcpy (write_ptr,
		1712	le->attribute->name,
		1713	strlen (le->attribute->name));
		1714	write_ptr[strlen (le->attribute->name)] = ',';
		1715	write_ptr += strlen (le->attribute->name) + 1;
		1716	}
		1717	write_ptr--;
		1718	write_ptr[0] = '\0'; //replace last , with a 0-terminator
		1719	write_ptr++;
		1720	GNUNET_memcpy (write_ptr,
		1721	serialized_key,
		1722	size);
		1723	// ECDH keypair E = eG
		1724	*ecdh_privkey = GNUNET_CRYPTO_ecdhe_key_create();
		1725	GNUNET_CRYPTO_ecdhe_key_get_public (*ecdh_privkey,
		1726	&ecdh_pubkey);
		1727	enc_keyinfo = GNUNET_malloc (size + attrs_str_len);
		1728	// Derived key K = H(eB)
		1729	GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdh_ecdsa (*ecdh_privkey,
		1730	&handle->ticket.audience,
		1731	&new_key_hash));
		1732	create_sym_key_from_ecdh(&new_key_hash, &skey, &iv);
		1733	enc_size = GNUNET_CRYPTO_symmetric_encrypt (buf,
		1734	size + attrs_str_len,
		1735	&skey, &iv,
		1736	enc_keyinfo);
		1737	*result = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)+
		1738	enc_size);
		1739	GNUNET_memcpy (*result,
		1740	&ecdh_pubkey,
		1741	sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
		1742	GNUNET_memcpy (*result + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey),
		1743	enc_keyinfo,
		1744	enc_size);
		1745	GNUNET_free (enc_keyinfo);
		1746	return sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)+enc_size;
		1747	}
		1748
		1749
		1750
		1751	static void
		1752	issue_ticket_after_abe_bootstrap (void *cls,
		1753	struct GNUNET_CRYPTO_AbeMasterKey *abe_key)
		1754	{
		1755	struct TicketIssueHandle *ih = cls;
		1756	struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le;
		1757	struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey;
		1758	struct GNUNET_GNSRECORD_Data code_record[1];
		1759	struct GNUNET_CRYPTO_AbeKey *rp_key;
		1760	char *code_record_data;
		1761	char **attrs;
		1762	char *label;
		1763	int attrs_len;
		1764	int i;
		1765	size_t code_record_len;
		1766
		1767	//Create new ABE key for RP
		1768	attrs_len = 0;
		1769	for (le = ih->attrs->list_head; NULL != le; le = le->next)
		1770	attrs_len++;
		1771	attrs = GNUNET_malloc (attrs_len);
		1772	i = 0;
		1773	for (le = ih->attrs->list_head; NULL != le; le = le->next) {
		1774	attrs[i] = (char*) le->attribute->name;
		1775	i++;
		1776	}
		1777	rp_key = GNUNET_CRYPTO_cpabe_create_key (abe_key,
		1778	attrs);
		1779
		1780	//TODO review this wireformat
		1781	code_record_len = serialize_abe_keyinfo2 (ih,
		1782	rp_key,
		1783	&ecdhe_privkey,
		1784	&code_record_data);
		1785	code_record[0].data = code_record_data;
		1786	code_record[0].data_size = code_record_len;
		1787	code_record[0].expiration_time = GNUNET_TIME_UNIT_DAYS.rel_value_us;
		1788	code_record[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_KEY;
		1789	code_record[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
		1790
		1791	label = GNUNET_STRINGS_data_to_string_alloc (&ih->ticket.rnd,
		1792	sizeof (uint64_t));
		1793	//Publish record
		1794	ih->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
		1795	&ih->identity,
		1796	label,
		1797	1,
		1798	code_record,
		1799	&store_ticket_issue_cont,
		1800	ih);
		1801	GNUNET_free (ecdhe_privkey);
		1802	GNUNET_free (label);
		1803	GNUNET_free (code_record_data);
		1804	}
		1805
		1806
		1807	/**
		1808	*
		1809	* Handler for ticket issue message
		1810	*
		1811	* @param cls unused
		1812	* @param client who sent the message
		1813	* @param message the message
		1814	*/
		1815	static void
		1816	handle_ticket_issue_message (void *cls,
		1817	const struct TicketIssueMessage *im)
		1818	{
		1819	struct TicketIssueHandle *ih;
		1820	struct IdpClient *idp = cls;
		1821	size_t attrs_len;
		1822
		1823	ih = GNUNET_new (struct TicketIssueHandle);
		1824	attrs_len = ntohs (im->attr_len);
		1825	ih->attrs = attribute_list_deserialize ((char*)&im[1], attrs_len);
		1826	ih->r_id = im->id;
		1827	ih->client = idp;
		1828	ih->identity = im->identity;
		1829	GNUNET_CRYPTO_ecdsa_key_get_public (&ih->identity,
		1830	&ih->ticket.identity);
		1831	ih->ticket.audience = im->rp;
		1832	ih->ticket.rnd =
		1833	GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG,
		1834	UINT64_MAX);
		1835	bootstrap_abe (&ih->identity, &issue_ticket_after_abe_bootstrap, ih);
		1836	GNUNET_SERVICE_client_continue (idp->client);
		1837
		1838	}
		1839
		1840
		1841
		1842	static void
1455	cleanup_as_handle (struct AttributeStoreHandle *handle)	1843	cleanup_as_handle (struct AttributeStoreHandle *handle)
1456	{	1844	{
1457	if (NULL != handle->attribute)	1845	if (NULL != handle->attribute)
@@ -1481,10 +1869,10 @@ attr_store_cont (void *cls,
1481	return;	1869	return;
1482	}	1870	}
1483		1871
1484	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	1872	GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
1485	"Sending ATTRIBUTE_STORE_RESPONSE message\n");	1873	"Sending ATTRIBUTE_STORE_RESPONSE message\n");
1486	env = GNUNET_MQ_msg (acr_msg,	1874	env = GNUNET_MQ_msg (acr_msg,
1487	GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE);	1875	GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE);
1488	acr_msg->id = htonl (as_handle->r_id);	1876	acr_msg->id = htonl (as_handle->r_id);
1489	acr_msg->op_result = htonl (GNUNET_OK);	1877	acr_msg->op_result = htonl (GNUNET_OK);
1490	GNUNET_MQ_send (as_handle->client->mq,	1878	GNUNET_MQ_send (as_handle->client->mq,
@@ -1500,6 +1888,8 @@ attr_store_task (void *cls)
1500	char* buf;	1888	char* buf;
1501	size_t buf_size;	1889	size_t buf_size;
1502		1890
		1891	GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
		1892	"Storing attribute\n");
1503	buf_size = attribute_serialize_get_size (as_handle->attribute);	1893	buf_size = attribute_serialize_get_size (as_handle->attribute);
1504	buf = GNUNET_malloc (buf_size);	1894	buf = GNUNET_malloc (buf_size);
1505		1895
@@ -1529,108 +1919,13 @@ attr_store_task (void *cls)
1529		1919
1530	}	1920	}
1531		1921
1532	static void
1533	bootstrap_store_cont (void *cls,
1534	int32_t success,
1535	const char *emsg)
1536	{
1537	struct AbeBootstrapHandle *abh = cls;
1538	if (GNUNET_SYSERR == success)
1539	{
1540	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1541	"Failed to bootstrap ABE master %s\n",
1542	emsg);
1543	abh->proc (abh->proc_cls, NULL);
1544	GNUNET_free (abh->abe_key);
1545	GNUNET_free (abh);
1546	return;
1547	}
1548	abh->proc (abh->proc_cls, abh->abe_key);
1549	GNUNET_free (abh);
1550	}
1551
1552	static void
1553	bootstrap_store_task (void *cls)
1554	{
1555	struct AbeBootstrapHandle *abh = cls;
1556	struct GNUNET_GNSRECORD_Data rd[1];
1557
1558	rd[0].data_size = GNUNET_CRYPTO_cpabe_serialize_master_key (abh->abe_key,
1559	(void**)&rd[0].data);
1560	rd[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_MASTER;
1561	rd[0].flags = GNUNET_GNSRECORD_RF_NONE \| GNUNET_GNSRECORD_RF_PRIVATE;
1562	rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane?
1563	abh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
1564	&abh->identity,
1565	"+",
1566	1,
1567	rd,
1568	&bootstrap_store_cont,
1569	abh);
1570	}
1571
1572	static void
1573	bootstrap_abe_error (void *cls)
1574	{
1575	struct AbeBootstrapHandle *abh = cls;
1576	GNUNET_free (abh);
1577	abh->proc (abh->proc_cls, NULL);
1578	GNUNET_free (abh);
1579	}
1580
1581
1582
1583	static void
1584	bootstrap_abe_result (void *cls,
1585	const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
1586	const char *label,
1587	unsigned int rd_count,
1588	const struct GNUNET_GNSRECORD_Data *rd)
1589	{
1590	struct AbeBootstrapHandle *abh = cls;
1591	struct GNUNET_CRYPTO_AbeMasterKey *abe_key;
1592	int i;
1593
1594	for (i=0;i<rd_count;i++) {
1595	if (GNUNET_GNSRECORD_TYPE_ABE_MASTER != rd[i].record_type)
1596	continue;
1597	abe_key = GNUNET_CRYPTO_cpabe_deserialize_master_key ((void**)rd[i].data,
1598	rd[i].data_size);
1599	abh->proc (abh->proc_cls, abe_key);
1600	GNUNET_free (abh);
1601	return;
1602	}
1603
1604	//No ABE master found, bootstrapping...
1605	abh->abe_key = GNUNET_CRYPTO_cpabe_create_master_key ();
1606	GNUNET_SCHEDULER_add_now (&bootstrap_store_task, abh);
1607	}
1608
1609	static void
1610	bootstrap_abe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
1611	AbeBootstrapResult proc,
1612	void* cls)
1613	{
1614	struct AbeBootstrapHandle *abh;
1615
1616	abh = GNUNET_new (struct AbeBootstrapHandle);
1617	abh->proc = proc;
1618	abh->proc_cls = cls;
1619	abh->identity = *identity;
1620	abh->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle,
1621	identity,
1622	"+",
1623	&bootstrap_abe_error,
1624	abh,
1625	&bootstrap_abe_result,
1626	abh);
1627
1628	}
1629		1922
1630	static void	1923	static void
1631	store_after_abe_bootstrap (void *cls,	1924	store_after_abe_bootstrap (void *cls,
1632	struct GNUNET_CRYPTO_AbeMasterKey *abe_key)	1925	struct GNUNET_CRYPTO_AbeMasterKey *abe_key)
1633	{	1926	{
		1927	GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
		1928	"Finished ABE bootstrap\n");
1634	struct AttributeStoreHandle *ash = cls;	1929	struct AttributeStoreHandle *ash = cls;
1635	ash->abe_key = abe_key;	1930	ash->abe_key = abe_key;
1636	GNUNET_SCHEDULER_add_now (&attr_store_task, ash);	1931	GNUNET_SCHEDULER_add_now (&attr_store_task, ash);
@@ -1674,6 +1969,8 @@ handle_attribute_store_message (void *cls,
1674	struct AttributeStoreHandle *as_handle;	1969	struct AttributeStoreHandle *as_handle;
1675	struct IdpClient *idp = cls;	1970	struct IdpClient *idp = cls;
1676	size_t data_len;	1971	size_t data_len;
		1972	GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
		1973	"Received ATTRIBUTE_STORE message\n");
1677		1974
1678	data_len = ntohs (sam->attr_len);	1975	data_len = ntohs (sam->attr_len);
1679		1976
@@ -1681,14 +1978,13 @@ handle_attribute_store_message (void *cls,
1681	as_handle->attribute = attribute_deserialize ((char*)&sam[1],	1978	as_handle->attribute = attribute_deserialize ((char*)&sam[1],
1682	data_len);	1979	data_len);
1683		1980
1684	as_handle->r_id = sam->id;	1981	as_handle->r_id = ntohl (sam->id);
1685	as_handle->identity = sam->identity;	1982	as_handle->identity = sam->identity;
1686	GNUNET_CRYPTO_ecdsa_key_get_public (&sam->identity,	1983	GNUNET_CRYPTO_ecdsa_key_get_public (&sam->identity,
1687	&as_handle->identity_pkey);	1984	&as_handle->identity_pkey);
1688		1985
1689	GNUNET_SERVICE_client_continue (idp->client);	1986	GNUNET_SERVICE_client_continue (idp->client);
1690	as_handle->client = idp;	1987	as_handle->client = idp;
1691
1692	bootstrap_abe (&as_handle->identity, &store_after_abe_bootstrap, as_handle);	1988	bootstrap_abe (&as_handle->identity, &store_after_abe_bootstrap, as_handle);
1693	}	1989	}
1694		1990
@@ -1697,6 +1993,9 @@ cleanup_iter_handle (struct AttributeIterator *ai)
1697	{	1993	{
1698	if (NULL != ai->abe_key)	1994	if (NULL != ai->abe_key)
1699	GNUNET_free (ai->abe_key);	1995	GNUNET_free (ai->abe_key);
		1996	GNUNET_CONTAINER_DLL_remove (ai->client->op_head,
		1997	ai->client->op_tail,
		1998	ai);
1700	GNUNET_free (ai);	1999	GNUNET_free (ai);
1701	}	2000	}
1702		2001
@@ -2036,5 +2335,9 @@ GNUNET_SERVICE_MAIN
2036	GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP,	2335	GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP,
2037	struct AttributeIterationStopMessage,	2336	struct AttributeIterationStopMessage,
2038	NULL),	2337	NULL),
		2338	GNUNET_MQ_hd_var_size (ticket_issue_message,
		2339	GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ISSUE,
		2340	struct TicketIssueMessage,
		2341	NULL),
2039	GNUNET_MQ_handler_end());	2342	GNUNET_MQ_handler_end());
2040	/* end of gnunet-service-identity-provider.c */	2343	/* end of gnunet-service-identity-provider.c */