-more revocation

author: Schanzenbach, Martin <mschanzenbach@posteo.de> 2017-10-06 22:31:12 +0200
committer: Schanzenbach, Martin <mschanzenbach@posteo.de> 2017-10-06 22:31:12 +0200
commit: 58d4e0f0447ae4efc6b3f4ba8a3d612c22f7cbb4 (patch)
tree: bf2e393a42ea0d802abf8b4e066133f122a1d320 /src
parent: 46b73f8d138ade01499165f62edb683c87c777c4 (diff)
download: gnunet-58d4e0f0447ae4efc6b3f4ba8a3d612c22f7cbb4.tar.gz
gnunet-58d4e0f0447ae4efc6b3f4ba8a3d612c22f7cbb4.zip
3 files changed, 195 insertions, 29 deletions
diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c
index 95d8b93b2..dd78dd9aa 100644
--- a/src/identity-provider/gnunet-service-identity-provider.c
+++ b/src/identity-provider/gnunet-service-identity-provider.c
@@ -482,6 +482,10 @@ struct TicketRevocationHandle
   */
  struct GNUNET_CRYPTO_AbeMasterKey *abe_key;
+  /**
+   * Offset
+   */
+  uint32_t offset;
  /**
   * request id
@@ -770,7 +774,8 @@ cleanup_ticket_issue_handle (struct TicketIssueHandle *handle)
 static void
 send_ticket_result (struct IdpClient *client,
                    uint32_t r_id,
-                    const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
+                    const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
+                    const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs)
 {
  struct TicketResultMessage *irm;
  struct GNUNET_MQ_Envelope *env;
@@ -778,7 +783,8 @@ send_ticket_result (struct IdpClient *client,
  /* store ticket in DB */
  if (GNUNET_OK != TKT_database->store_ticket (TKT_database->cls,
-                                               ticket))
+                                               ticket,
+                                               attrs))
  {
    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                "Unable to store ticket after issue\n");
@@ -813,14 +819,16 @@ store_ticket_issue_cont (void *cls,
  }
  send_ticket_result (handle->client,
                      handle->r_id,
-                      &handle->ticket);
+                      &handle->ticket,
+                      handle->attrs);
  cleanup_ticket_issue_handle (handle);
 }
 int
-serialize_abe_keyinfo2 (const struct TicketIssueHandle *handle,
+serialize_abe_keyinfo2 (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
+                        const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs,
                        const struct GNUNET_CRYPTO_AbeKey *rp_key,
                        struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey,
                        char **result)
@@ -842,14 +850,14 @@ serialize_abe_keyinfo2 (const struct TicketIssueHandle *handle,
  size = GNUNET_CRYPTO_cpabe_serialize_key (rp_key,
                                            (void**)&serialized_key);
  attrs_str_len = 0;
-  for (le = handle->attrs->list_head; NULL != le; le = le->next) {
+  for (le = attrs->list_head; NULL != le; le = le->next) {
    attrs_str_len += strlen (le->attribute->name) + 1;
  }
  buf = GNUNET_malloc (attrs_str_len + size);
  write_ptr = buf;
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Writing attributes\n");
-  for (le = handle->attrs->list_head; NULL != le; le = le->next) {
+  for (le = attrs->list_head; NULL != le; le = le->next) {
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "%s\n", le->attribute->name);
@@ -873,7 +881,7 @@ serialize_abe_keyinfo2 (const struct TicketIssueHandle *handle,
  enc_keyinfo = GNUNET_malloc (size + attrs_str_len);
  // Derived key K = H(eB)
  GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdh_ecdsa (*ecdh_privkey,
-                                                        &handle->ticket.audience,
+                                                        &ticket->audience,
                                                        &new_key_hash));
  create_sym_key_from_ecdh(&new_key_hash, &skey, &iv);
  enc_size = GNUNET_CRYPTO_symmetric_encrypt (buf,
@@ -925,7 +933,8 @@ issue_ticket_after_abe_bootstrap (void *cls,
                                           attrs);
  //TODO review this wireformat
-  code_record_len = serialize_abe_keyinfo2 (ih,
+  code_record_len = serialize_abe_keyinfo2 (&ih->ticket,
+                                            ih->attrs,
                                            rp_key,
                                            &ecdhe_privkey,
                                            &code_record_data);
@@ -1008,6 +1017,124 @@ handle_issue_ticket_message (void *cls,
 }
+/**
+ * Process ticket from database
+ *
+ * @param cls struct TicketIterationProcResult
+ * @param ticket the ticket
+ * @param attrs the attributes
+ */
+static void
+ticket_reissue_proc (void *cls,
+                     const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
+                     const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs);
+static void
+reissue_ticket_cont (void *cls,
+                     int32_t success,
+                     const char *emsg)
+{
+  struct TicketRevocationHandle *rh = cls;
+  rh->ns_qe = NULL;
+  if (GNUNET_SYSERR == success)
+  {
+    //TODO cleanup_ticket_revocation_handle (handle);
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n",
+                "Unknown Error\n");
+    GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);
+    return;
+  }
+  rh->offset++;
+  GNUNET_assert (GNUNET_SYSERR !=
+                 TKT_database->iterate_tickets (TKT_database->cls,
+                                                &rh->ticket.identity,
+                                                GNUNET_NO,
+                                                rh->offset,
+                                                &ticket_reissue_proc,
+                                                rh));
+}
+/**
+ * Process ticket from database
+ *
+ * @param cls struct TicketIterationProcResult
+ * @param ticket the ticket
+ * @param attrs the attributes
+ */
+static void
+ticket_reissue_proc (void *cls,
+                     const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
+                     const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs)
+{
+  struct TicketRevocationHandle *rh = cls;
+  struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le;
+  struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey;
+  struct GNUNET_GNSRECORD_Data code_record[1];
+  struct GNUNET_CRYPTO_AbeKey *rp_key;
+  char *code_record_data;
+  char **attr_arr;
+  char *label;
+  int attrs_len;
+  int i;
+  size_t code_record_len;
+  if (NULL == ticket)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Iteration done\n");
+    /* Send reply ? */
+    GNUNET_break (0);
+    return;
+  }
+  //Create new ABE key for RP
+  attrs_len = 0;
+  for (le = attrs->list_head; NULL != le; le = le->next)
+    attrs_len++;
+  attr_arr = GNUNET_malloc ((attrs_len + 1)*sizeof (char*));
+  i = 0;
+  for (le = attrs->list_head; NULL != le; le = le->next) {
+    attr_arr[i] = (char*) le->attribute->name;
+    i++;
+  }
+  attr_arr[i] = NULL;
+  rp_key = GNUNET_CRYPTO_cpabe_create_key (rh->abe_key,
+                                           attr_arr);
+  //TODO review this wireformat
+  code_record_len = serialize_abe_keyinfo2 (&rh->ticket,
+                                            rh->attrs,
+                                            rp_key,
+                                            &ecdhe_privkey,
+                                            &code_record_data);
+  code_record[0].data = code_record_data;
+  code_record[0].data_size = code_record_len;
+  code_record[0].expiration_time = GNUNET_TIME_UNIT_DAYS.rel_value_us;
+  code_record[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_KEY;
+  code_record[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
+  label = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd,
+                                               sizeof (uint64_t));
+  //Publish record
+  rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
+                                              &rh->identity,
+                                              label,
+                                              1,
+                                              code_record,
+                                              &reissue_ticket_cont,
+                                              rh);
+  GNUNET_free (ecdhe_privkey);
+  GNUNET_free (label);
+  GNUNET_free (attr_arr);
+  GNUNET_free (code_record_data);
+}
 static void
 attr_reenc_cont (void *cls,
                 int32_t success,
@@ -1017,6 +1144,7 @@ attr_reenc_cont (void *cls,
  struct GNUNET_GNSRECORD_Data rd[1];
  size_t buf_size;
  char *buf;
+  int ret;
  if (GNUNET_SYSERR == success)
  {
@@ -1032,7 +1160,18 @@ attr_reenc_cont (void *cls,
  if (NULL == rh->attrs->list_head)
  {
    /* Done, issue new keys */
-    GNUNET_break (0); //TODO
+    GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
+                "Revocation Phase IV: Reissuing Tickets\n");
+    if (GNUNET_SYSERR ==
+        (ret = TKT_database->iterate_tickets (TKT_database->cls,
+                                              &rh->ticket.identity,
+                                              GNUNET_NO,
+                                              rh->offset,
+                                              &ticket_reissue_proc,
+                                              rh)))
+    {
+      GNUNET_break (0);
+    }
    return;
  }
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -1083,9 +1222,10 @@ reenc_after_abe_bootstrap (void *cls,
  if (NULL == rh->attrs->list_head)
  {
    /* No attributes to reencrypt, this is odd... */
+    GNUNET_break (0);
  } else {
-    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+    GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
-                "Re-encrypting attribute\n");
+                "Revocation Phase III: Re-encrypting attributes\n");
    buf_size = attribute_serialize_get_size (rh->attrs->list_head->attribute);
    buf = GNUNET_malloc (buf_size);
@@ -1131,7 +1271,8 @@ static void
 revoke_collect_iter_finished (void *cls)
 {
  struct TicketRevocationHandle *rh = cls;
+  GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
+              "Revocation Phase II: Invalidating old ABE Master\n");
  /* Bootstrap new abe key */
  bootstrap_abe (&rh->identity, &reenc_after_abe_bootstrap, rh, GNUNET_YES);
 }
@@ -1188,7 +1329,8 @@ collect_after_abe_bootstrap (void *cls,
  rh->abe_key = cls;
  GNUNET_assert (NULL != abe_key);
+  GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
+              "Revocation Phase I: Collecting attributes\n");
  /* Reencrypt all attributes with new key */
  rh->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle,
                                                     &rh->identity,
@@ -1334,7 +1476,8 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count,
  /* Store ticket in DB */
  if (GNUNET_OK != TKT_database->store_ticket (TKT_database->cls,
-                                               &handle->ticket))
+                                               &handle->ticket,
+                                               handle->attrs))
  {
    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                "Unable to store ticket after consume\n");
@@ -1914,7 +2057,8 @@ struct TicketIterationProcResult
 */
 static void
 ticket_iterate_proc (void *cls,
-                     const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
+                     const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
+                     const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs)
 {
  struct TicketIterationProcResult *proc = cls;
@@ -1928,7 +2072,8 @@ ticket_iterate_proc (void *cls,
  proc->res_iteration_finished = IT_SUCCESS_MORE_AVAILABLE;
  send_ticket_result (proc->ti->client,
                      proc->ti->r_id,
-                      ticket);
+                      ticket,
+                      attrs);
 }
diff --git a/src/identity-provider/plugin_identity_provider_sqlite.c b/src/identity-provider/plugin_identity_provider_sqlite.c
index ff2d3a22e..ac4e3c686 100644
--- a/src/identity-provider/plugin_identity_provider_sqlite.c
+++ b/src/identity-provider/plugin_identity_provider_sqlite.c
@@ -27,6 +27,7 @@
 #include "platform.h"
 #include "gnunet_identity_provider_service.h"
 #include "gnunet_identity_provider_plugin.h"
+#include "identity_attribute.h"
 #include "gnunet_sq_lib.h"
 #include <sqlite3.h>
@@ -252,7 +253,8 @@ database_setup (struct Plugin *plugin)
        "CREATE TABLE identity001tickets ("
        " identity BLOB NOT NULL DEFAULT '',"
        " audience BLOB NOT NULL DEFAULT '',"
-              " rnd INT8 NOT NULL DEFAULT ''"
+              " rnd INT8 NOT NULL DEFAULT '',"
+        " attributes BLOB NOT NULL DEFAULT ''"
        ")",
        NULL, NULL, NULL) != SQLITE_OK))
  {
@@ -267,8 +269,8 @@ database_setup (struct Plugin *plugin)
  if ( (SQLITE_OK !=
        sq_prepare (plugin->dbh,
-                    "INSERT INTO identity001tickets (identity, audience, rnd)"
+                    "INSERT INTO identity001tickets (identity, audience, rnd, attributes)"
-                    " VALUES (?, ?, ?)",
+                    " VALUES (?, ?, ?, ?)",
                    &plugin->store_ticket)) ||
       (SQLITE_OK !=
        sq_prepare (plugin->dbh,
@@ -276,13 +278,13 @@ database_setup (struct Plugin *plugin)
                    &plugin->delete_ticket)) ||
       (SQLITE_OK !=
        sq_prepare (plugin->dbh,
-                    "SELECT identity,audience,rnd"
+                    "SELECT identity,audience,rnd,attributes"
                    " FROM identity001tickets WHERE identity=?"
                    " ORDER BY rnd LIMIT 1 OFFSET ?",
                    &plugin->iterate_tickets)) ||
       (SQLITE_OK !=
        sq_prepare (plugin->dbh,
-                    "SELECT identity,audience,rnd"
+                    "SELECT identity,audience,rnd,attributes"
                    " FROM identity001tickets WHERE audience=?"
                    " ORDER BY rnd LIMIT 1 OFFSET ?",
                    &plugin->iterate_tickets_by_audience)) ) 
@@ -358,9 +360,12 @@ database_shutdown (struct Plugin *plugin)
 */
 static int
 identity_provider_sqlite_store_ticket (void *cls,
-                                        const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
+                                       const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
+                                       const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs)
 {
  struct Plugin *plugin = cls;
+  size_t attrs_len;
+  char *attrs_ser;
  int n;
  { 
@@ -384,11 +389,16 @@ identity_provider_sqlite_store_ticket (void *cls,
    n = sqlite3_step (plugin->delete_ticket);
    GNUNET_SQ_reset (plugin->dbh,
                     plugin->delete_ticket);
+    
+    attrs_len = attribute_list_serialize_get_size (attrs);
+    attrs_ser = GNUNET_malloc (attrs_len);
+    attribute_list_serialize (attrs,
+                              attrs_ser);
    struct GNUNET_SQ_QueryParam sparams[] = {
      GNUNET_SQ_query_param_auto_from_type (&ticket->identity),
      GNUNET_SQ_query_param_auto_from_type (&ticket->audience),
      GNUNET_SQ_query_param_uint64 (&ticket->rnd),
+      GNUNET_SQ_query_param_fixed_size (attrs_ser, attrs_len),
      GNUNET_SQ_query_param_end
    };
@@ -406,6 +416,7 @@ identity_provider_sqlite_store_ticket (void *cls,
    n = sqlite3_step (plugin->store_ticket);
    GNUNET_SQ_reset (plugin->dbh,
                     plugin->store_ticket);
+    GNUNET_free (attrs_ser);
  }
  switch (n)
  {
@@ -503,8 +514,11 @@ get_ticket_and_call_iterator (struct Plugin *plugin,
                              void *iter_cls)
 {
  struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
+  struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs;
  int ret;
  int sret;
+  size_t attrs_len;
+  char *attrs_ser;
  ret = GNUNET_NO;
  if (SQLITE_ROW == (sret = sqlite3_step (stmt)))
@@ -513,6 +527,8 @@ get_ticket_and_call_iterator (struct Plugin *plugin,
      GNUNET_SQ_result_spec_auto_from_type (&ticket.identity),
      GNUNET_SQ_result_spec_auto_from_type (&ticket.audience),
      GNUNET_SQ_result_spec_uint64 (&ticket.rnd),
+      GNUNET_SQ_result_spec_variable_size ((void**)&attrs_ser,
+                                           &attrs_len),
      GNUNET_SQ_result_spec_end
    };
@@ -525,10 +541,13 @@ get_ticket_and_call_iterator (struct Plugin *plugin,
    }
    else
    {
-        if (NULL != iter)
+      attrs = attribute_list_deserialize (attrs_ser,
-          iter (iter_cls,
+                                          attrs_len);
-                &ticket);
+      if (NULL != iter)
-        ret = GNUNET_YES;
+        iter (iter_cls,
+              &ticket,
+              attrs);
+      ret = GNUNET_YES;
    }
    GNUNET_SQ_cleanup_result (rs);
  }
diff --git a/src/include/gnunet_identity_provider_plugin.h b/src/include/gnunet_identity_provider_plugin.h
index 27d7eb44f..e34ed3f1a 100644
--- a/src/include/gnunet_identity_provider_plugin.h
+++ b/src/include/gnunet_identity_provider_plugin.h
@@ -50,7 +50,8 @@ extern "C"
 * @param ticket the ticket
 */
 typedef void (*GNUNET_IDENTITY_PROVIDER_TicketIterator) (void *cls,
-                                                 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket);
+                                                 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
+             const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs);
 /**
@@ -72,7 +73,8 @@ struct GNUNET_IDENTITY_PROVIDER_PluginFunctions
   * @return #GNUNET_OK on success, else #GNUNET_SYSERR
   */
  int (*store_ticket) (void *cls,
-                        const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket);
+                        const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
+      const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs);
  /**
   * Delete a ticket from the database.
author	Schanzenbach, Martin <mschanzenbach@posteo.de>	2017-10-06 22:31:12 +0200
committer	Schanzenbach, Martin <mschanzenbach@posteo.de>	2017-10-06 22:31:12 +0200
commit	58d4e0f0447ae4efc6b3f4ba8a3d612c22f7cbb4 (patch)
tree	bf2e393a42ea0d802abf8b4e066133f122a1d320 /src
parent	46b73f8d138ade01499165f62edb683c87c777c4 (diff)
download	gnunet-58d4e0f0447ae4efc6b3f4ba8a3d612c22f7cbb4.tar.gz gnunet-58d4e0f0447ae4efc6b3f4ba8a3d612c22f7cbb4.zip

diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 95d8b93b2..dd78dd9aa 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c
@@ -482,6 +482,10 @@ struct TicketRevocationHandle
482	*/	482	*/
483	struct GNUNET_CRYPTO_AbeMasterKey *abe_key;	483	struct GNUNET_CRYPTO_AbeMasterKey *abe_key;
484		484
		485	/**
		486	* Offset
		487	*/
		488	uint32_t offset;
485		489
486	/**	490	/**
487	* request id	491	* request id
@@ -770,7 +774,8 @@ cleanup_ticket_issue_handle (struct TicketIssueHandle *handle)
770	static void	774	static void
771	send_ticket_result (struct IdpClient *client,	775	send_ticket_result (struct IdpClient *client,
772	uint32_t r_id,	776	uint32_t r_id,
773	const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)	777	const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
		778	const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs)
774	{	779	{
775	struct TicketResultMessage *irm;	780	struct TicketResultMessage *irm;
776	struct GNUNET_MQ_Envelope *env;	781	struct GNUNET_MQ_Envelope *env;
@@ -778,7 +783,8 @@ send_ticket_result (struct IdpClient *client,
778		783
779	/* store ticket in DB */	784	/* store ticket in DB */
780	if (GNUNET_OK != TKT_database->store_ticket (TKT_database->cls,	785	if (GNUNET_OK != TKT_database->store_ticket (TKT_database->cls,
781	ticket))	786	ticket,
		787	attrs))
782	{	788	{
783	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,	789	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
784	"Unable to store ticket after issue\n");	790	"Unable to store ticket after issue\n");
@@ -813,14 +819,16 @@ store_ticket_issue_cont (void *cls,
813	}	819	}
814	send_ticket_result (handle->client,	820	send_ticket_result (handle->client,
815	handle->r_id,	821	handle->r_id,
816	&handle->ticket);	822	&handle->ticket,
		823	handle->attrs);
817	cleanup_ticket_issue_handle (handle);	824	cleanup_ticket_issue_handle (handle);
818	}	825	}
819		826
820		827
821		828
822	int	829	int
823	serialize_abe_keyinfo2 (const struct TicketIssueHandle *handle,	830	serialize_abe_keyinfo2 (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
		831	const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs,
824	const struct GNUNET_CRYPTO_AbeKey *rp_key,	832	const struct GNUNET_CRYPTO_AbeKey *rp_key,
825	struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey,	833	struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey,
826	char **result)	834	char **result)
@@ -842,14 +850,14 @@ serialize_abe_keyinfo2 (const struct TicketIssueHandle *handle,
842	size = GNUNET_CRYPTO_cpabe_serialize_key (rp_key,	850	size = GNUNET_CRYPTO_cpabe_serialize_key (rp_key,
843	(void**)&serialized_key);	851	(void**)&serialized_key);
844	attrs_str_len = 0;	852	attrs_str_len = 0;
845	for (le = handle->attrs->list_head; NULL != le; le = le->next) {	853	for (le = attrs->list_head; NULL != le; le = le->next) {
846	attrs_str_len += strlen (le->attribute->name) + 1;	854	attrs_str_len += strlen (le->attribute->name) + 1;
847	}	855	}
848	buf = GNUNET_malloc (attrs_str_len + size);	856	buf = GNUNET_malloc (attrs_str_len + size);
849	write_ptr = buf;	857	write_ptr = buf;
850	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	858	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
851	"Writing attributes\n");	859	"Writing attributes\n");
852	for (le = handle->attrs->list_head; NULL != le; le = le->next) {	860	for (le = attrs->list_head; NULL != le; le = le->next) {
853	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	861	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
854	"%s\n", le->attribute->name);	862	"%s\n", le->attribute->name);
855		863
@@ -873,7 +881,7 @@ serialize_abe_keyinfo2 (const struct TicketIssueHandle *handle,
873	enc_keyinfo = GNUNET_malloc (size + attrs_str_len);	881	enc_keyinfo = GNUNET_malloc (size + attrs_str_len);
874	// Derived key K = H(eB)	882	// Derived key K = H(eB)
875	GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdh_ecdsa (*ecdh_privkey,	883	GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdh_ecdsa (*ecdh_privkey,
876	&handle->ticket.audience,	884	&ticket->audience,
877	&new_key_hash));	885	&new_key_hash));
878	create_sym_key_from_ecdh(&new_key_hash, &skey, &iv);	886	create_sym_key_from_ecdh(&new_key_hash, &skey, &iv);
879	enc_size = GNUNET_CRYPTO_symmetric_encrypt (buf,	887	enc_size = GNUNET_CRYPTO_symmetric_encrypt (buf,
@@ -925,7 +933,8 @@ issue_ticket_after_abe_bootstrap (void *cls,
925	attrs);	933	attrs);
926		934
927	//TODO review this wireformat	935	//TODO review this wireformat
928	code_record_len = serialize_abe_keyinfo2 (ih,	936	code_record_len = serialize_abe_keyinfo2 (&ih->ticket,
		937	ih->attrs,
929	rp_key,	938	rp_key,
930	&ecdhe_privkey,	939	&ecdhe_privkey,
931	&code_record_data);	940	&code_record_data);
@@ -1008,6 +1017,124 @@ handle_issue_ticket_message (void *cls,
1008		1017
1009	}	1018	}
1010		1019
		1020	/**
		1021	* Process ticket from database
		1022	*
		1023	* @param cls struct TicketIterationProcResult
		1024	* @param ticket the ticket
		1025	* @param attrs the attributes
		1026	*/
		1027	static void
		1028	ticket_reissue_proc (void *cls,
		1029	const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
		1030	const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs);
		1031
		1032
		1033	static void
		1034	reissue_ticket_cont (void *cls,
		1035	int32_t success,
		1036	const char *emsg)
		1037	{
		1038	struct TicketRevocationHandle *rh = cls;
		1039
		1040	rh->ns_qe = NULL;
		1041	if (GNUNET_SYSERR == success)
		1042	{
		1043	//TODO cleanup_ticket_revocation_handle (handle);
		1044	GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n",
		1045	"Unknown Error\n");
		1046	GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);
		1047	return;
		1048	}
		1049	rh->offset++;
		1050	GNUNET_assert (GNUNET_SYSERR !=
		1051	TKT_database->iterate_tickets (TKT_database->cls,
		1052	&rh->ticket.identity,
		1053	GNUNET_NO,
		1054	rh->offset,
		1055	&ticket_reissue_proc,
		1056	rh));
		1057	}
		1058
		1059
		1060
		1061	/**
		1062	* Process ticket from database
		1063	*
		1064	* @param cls struct TicketIterationProcResult
		1065	* @param ticket the ticket
		1066	* @param attrs the attributes
		1067	*/
		1068	static void
		1069	ticket_reissue_proc (void *cls,
		1070	const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
		1071	const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs)
		1072	{
		1073	struct TicketRevocationHandle *rh = cls;
		1074	struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le;
		1075	struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey;
		1076	struct GNUNET_GNSRECORD_Data code_record[1];
		1077	struct GNUNET_CRYPTO_AbeKey *rp_key;
		1078	char *code_record_data;
		1079	char **attr_arr;
		1080	char *label;
		1081	int attrs_len;
		1082	int i;
		1083	size_t code_record_len;
		1084
		1085
		1086	if (NULL == ticket)
		1087	{
		1088	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
		1089	"Iteration done\n");
		1090	/* Send reply ? */
		1091	GNUNET_break (0);
		1092	return;
		1093	}
		1094	//Create new ABE key for RP
		1095	attrs_len = 0;
		1096	for (le = attrs->list_head; NULL != le; le = le->next)
		1097	attrs_len++;
		1098	attr_arr = GNUNET_malloc ((attrs_len + 1)sizeof (char));
		1099	i = 0;
		1100	for (le = attrs->list_head; NULL != le; le = le->next) {
		1101	attr_arr[i] = (char*) le->attribute->name;
		1102	i++;
		1103	}
		1104	attr_arr[i] = NULL;
		1105	rp_key = GNUNET_CRYPTO_cpabe_create_key (rh->abe_key,
		1106	attr_arr);
		1107
		1108	//TODO review this wireformat
		1109	code_record_len = serialize_abe_keyinfo2 (&rh->ticket,
		1110	rh->attrs,
		1111	rp_key,
		1112	&ecdhe_privkey,
		1113	&code_record_data);
		1114	code_record[0].data = code_record_data;
		1115	code_record[0].data_size = code_record_len;
		1116	code_record[0].expiration_time = GNUNET_TIME_UNIT_DAYS.rel_value_us;
		1117	code_record[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_KEY;
		1118	code_record[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
		1119
		1120	label = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd,
		1121	sizeof (uint64_t));
		1122	//Publish record
		1123	rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
		1124	&rh->identity,
		1125	label,
		1126	1,
		1127	code_record,
		1128	&reissue_ticket_cont,
		1129	rh);
		1130	GNUNET_free (ecdhe_privkey);
		1131	GNUNET_free (label);
		1132	GNUNET_free (attr_arr);
		1133	GNUNET_free (code_record_data);
		1134
		1135	}
		1136
		1137
1011	static void	1138	static void
1012	attr_reenc_cont (void *cls,	1139	attr_reenc_cont (void *cls,
1013	int32_t success,	1140	int32_t success,
@@ -1017,6 +1144,7 @@ attr_reenc_cont (void *cls,
1017	struct GNUNET_GNSRECORD_Data rd[1];	1144	struct GNUNET_GNSRECORD_Data rd[1];
1018	size_t buf_size;	1145	size_t buf_size;
1019	char *buf;	1146	char *buf;
		1147	int ret;
1020		1148
1021	if (GNUNET_SYSERR == success)	1149	if (GNUNET_SYSERR == success)
1022	{	1150	{
@@ -1032,7 +1160,18 @@ attr_reenc_cont (void *cls,
1032	if (NULL == rh->attrs->list_head)	1160	if (NULL == rh->attrs->list_head)
1033	{	1161	{
1034	/* Done, issue new keys */	1162	/* Done, issue new keys */
1035	GNUNET_break (0); //TODO	1163	GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
		1164	"Revocation Phase IV: Reissuing Tickets\n");
		1165	if (GNUNET_SYSERR ==
		1166	(ret = TKT_database->iterate_tickets (TKT_database->cls,
		1167	&rh->ticket.identity,
		1168	GNUNET_NO,
		1169	rh->offset,
		1170	&ticket_reissue_proc,
		1171	rh)))
		1172	{
		1173	GNUNET_break (0);
		1174	}
1036	return;	1175	return;
1037	}	1176	}
1038	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	1177	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -1083,9 +1222,10 @@ reenc_after_abe_bootstrap (void *cls,
1083	if (NULL == rh->attrs->list_head)	1222	if (NULL == rh->attrs->list_head)
1084	{	1223	{
1085	/* No attributes to reencrypt, this is odd... */	1224	/* No attributes to reencrypt, this is odd... */
		1225	GNUNET_break (0);
1086	} else {	1226	} else {
1087	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	1227	GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
1088	"Re-encrypting attribute\n");	1228	"Revocation Phase III: Re-encrypting attributes\n");
1089	buf_size = attribute_serialize_get_size (rh->attrs->list_head->attribute);	1229	buf_size = attribute_serialize_get_size (rh->attrs->list_head->attribute);
1090	buf = GNUNET_malloc (buf_size);	1230	buf = GNUNET_malloc (buf_size);
1091		1231
@@ -1131,7 +1271,8 @@ static void
1131	revoke_collect_iter_finished (void *cls)	1271	revoke_collect_iter_finished (void *cls)
1132	{	1272	{
1133	struct TicketRevocationHandle *rh = cls;	1273	struct TicketRevocationHandle *rh = cls;
1134		1274	GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
		1275	"Revocation Phase II: Invalidating old ABE Master\n");
1135	/* Bootstrap new abe key */	1276	/* Bootstrap new abe key */
1136	bootstrap_abe (&rh->identity, &reenc_after_abe_bootstrap, rh, GNUNET_YES);	1277	bootstrap_abe (&rh->identity, &reenc_after_abe_bootstrap, rh, GNUNET_YES);
1137	}	1278	}
@@ -1188,7 +1329,8 @@ collect_after_abe_bootstrap (void *cls,
1188		1329
1189	rh->abe_key = cls;	1330	rh->abe_key = cls;
1190	GNUNET_assert (NULL != abe_key);	1331	GNUNET_assert (NULL != abe_key);
1191		1332	GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
		1333	"Revocation Phase I: Collecting attributes\n");
1192	/* Reencrypt all attributes with new key */	1334	/* Reencrypt all attributes with new key */
1193	rh->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle,	1335	rh->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle,
1194	&rh->identity,	1336	&rh->identity,
@@ -1334,7 +1476,8 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count,
1334		1476
1335	/* Store ticket in DB */	1477	/* Store ticket in DB */
1336	if (GNUNET_OK != TKT_database->store_ticket (TKT_database->cls,	1478	if (GNUNET_OK != TKT_database->store_ticket (TKT_database->cls,
1337	&handle->ticket))	1479	&handle->ticket,
		1480	handle->attrs))
1338	{	1481	{
1339	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,	1482	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1340	"Unable to store ticket after consume\n");	1483	"Unable to store ticket after consume\n");
@@ -1914,7 +2057,8 @@ struct TicketIterationProcResult
1914	*/	2057	*/
1915	static void	2058	static void
1916	ticket_iterate_proc (void *cls,	2059	ticket_iterate_proc (void *cls,
1917	const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)	2060	const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
		2061	const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs)
1918	{	2062	{
1919	struct TicketIterationProcResult *proc = cls;	2063	struct TicketIterationProcResult *proc = cls;
1920		2064
@@ -1928,7 +2072,8 @@ ticket_iterate_proc (void *cls,
1928	proc->res_iteration_finished = IT_SUCCESS_MORE_AVAILABLE;	2072	proc->res_iteration_finished = IT_SUCCESS_MORE_AVAILABLE;
1929	send_ticket_result (proc->ti->client,	2073	send_ticket_result (proc->ti->client,
1930	proc->ti->r_id,	2074	proc->ti->r_id,
1931	ticket);	2075	ticket,
		2076	attrs);
1932		2077
1933	}	2078	}
1934		2079


diff --git a/src/identity-provider/plugin_identity_provider_sqlite.c b/src/identity-provider/plugin_identity_provider_sqlite.c index ff2d3a22e..ac4e3c686 100644 --- a/src/identity-provider/plugin_identity_provider_sqlite.c +++ b/src/identity-provider/plugin_identity_provider_sqlite.c
@@ -27,6 +27,7 @@
27	#include "platform.h"	27	#include "platform.h"
28	#include "gnunet_identity_provider_service.h"	28	#include "gnunet_identity_provider_service.h"
29	#include "gnunet_identity_provider_plugin.h"	29	#include "gnunet_identity_provider_plugin.h"
		30	#include "identity_attribute.h"
30	#include "gnunet_sq_lib.h"	31	#include "gnunet_sq_lib.h"
31	#include <sqlite3.h>	32	#include <sqlite3.h>
32		33
@@ -252,7 +253,8 @@ database_setup (struct Plugin *plugin)
252	"CREATE TABLE identity001tickets ("	253	"CREATE TABLE identity001tickets ("
253	" identity BLOB NOT NULL DEFAULT '',"	254	" identity BLOB NOT NULL DEFAULT '',"
254	" audience BLOB NOT NULL DEFAULT '',"	255	" audience BLOB NOT NULL DEFAULT '',"
255	" rnd INT8 NOT NULL DEFAULT ''"	256	" rnd INT8 NOT NULL DEFAULT '',"
		257	" attributes BLOB NOT NULL DEFAULT ''"
256	")",	258	")",
257	NULL, NULL, NULL) != SQLITE_OK))	259	NULL, NULL, NULL) != SQLITE_OK))
258	{	260	{
@@ -267,8 +269,8 @@ database_setup (struct Plugin *plugin)
267		269
268	if ( (SQLITE_OK !=	270	if ( (SQLITE_OK !=
269	sq_prepare (plugin->dbh,	271	sq_prepare (plugin->dbh,
270	"INSERT INTO identity001tickets (identity, audience, rnd)"	272	"INSERT INTO identity001tickets (identity, audience, rnd, attributes)"
271	" VALUES (?, ?, ?)",	273	" VALUES (?, ?, ?, ?)",
272	&plugin->store_ticket)) \|\|	274	&plugin->store_ticket)) \|\|
273	(SQLITE_OK !=	275	(SQLITE_OK !=
274	sq_prepare (plugin->dbh,	276	sq_prepare (plugin->dbh,
@@ -276,13 +278,13 @@ database_setup (struct Plugin *plugin)
276	&plugin->delete_ticket)) \|\|	278	&plugin->delete_ticket)) \|\|
277	(SQLITE_OK !=	279	(SQLITE_OK !=
278	sq_prepare (plugin->dbh,	280	sq_prepare (plugin->dbh,
279	"SELECT identity,audience,rnd"	281	"SELECT identity,audience,rnd,attributes"
280	" FROM identity001tickets WHERE identity=?"	282	" FROM identity001tickets WHERE identity=?"
281	" ORDER BY rnd LIMIT 1 OFFSET ?",	283	" ORDER BY rnd LIMIT 1 OFFSET ?",
282	&plugin->iterate_tickets)) \|\|	284	&plugin->iterate_tickets)) \|\|
283	(SQLITE_OK !=	285	(SQLITE_OK !=
284	sq_prepare (plugin->dbh,	286	sq_prepare (plugin->dbh,
285	"SELECT identity,audience,rnd"	287	"SELECT identity,audience,rnd,attributes"
286	" FROM identity001tickets WHERE audience=?"	288	" FROM identity001tickets WHERE audience=?"
287	" ORDER BY rnd LIMIT 1 OFFSET ?",	289	" ORDER BY rnd LIMIT 1 OFFSET ?",
288	&plugin->iterate_tickets_by_audience)) )	290	&plugin->iterate_tickets_by_audience)) )
@@ -358,9 +360,12 @@ database_shutdown (struct Plugin *plugin)
358	*/	360	*/
359	static int	361	static int
360	identity_provider_sqlite_store_ticket (void *cls,	362	identity_provider_sqlite_store_ticket (void *cls,
361	const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)	363	const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
		364	const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs)
362	{	365	{
363	struct Plugin *plugin = cls;	366	struct Plugin *plugin = cls;
		367	size_t attrs_len;
		368	char *attrs_ser;
364	int n;	369	int n;
365		370
366	{	371	{
@@ -384,11 +389,16 @@ identity_provider_sqlite_store_ticket (void *cls,
384	n = sqlite3_step (plugin->delete_ticket);	389	n = sqlite3_step (plugin->delete_ticket);
385	GNUNET_SQ_reset (plugin->dbh,	390	GNUNET_SQ_reset (plugin->dbh,
386	plugin->delete_ticket);	391	plugin->delete_ticket);
387		392
		393	attrs_len = attribute_list_serialize_get_size (attrs);
		394	attrs_ser = GNUNET_malloc (attrs_len);
		395	attribute_list_serialize (attrs,
		396	attrs_ser);
388	struct GNUNET_SQ_QueryParam sparams[] = {	397	struct GNUNET_SQ_QueryParam sparams[] = {
389	GNUNET_SQ_query_param_auto_from_type (&ticket->identity),	398	GNUNET_SQ_query_param_auto_from_type (&ticket->identity),
390	GNUNET_SQ_query_param_auto_from_type (&ticket->audience),	399	GNUNET_SQ_query_param_auto_from_type (&ticket->audience),
391	GNUNET_SQ_query_param_uint64 (&ticket->rnd),	400	GNUNET_SQ_query_param_uint64 (&ticket->rnd),
		401	GNUNET_SQ_query_param_fixed_size (attrs_ser, attrs_len),
392	GNUNET_SQ_query_param_end	402	GNUNET_SQ_query_param_end
393	};	403	};
394		404
@@ -406,6 +416,7 @@ identity_provider_sqlite_store_ticket (void *cls,
406	n = sqlite3_step (plugin->store_ticket);	416	n = sqlite3_step (plugin->store_ticket);
407	GNUNET_SQ_reset (plugin->dbh,	417	GNUNET_SQ_reset (plugin->dbh,
408	plugin->store_ticket);	418	plugin->store_ticket);
		419	GNUNET_free (attrs_ser);
409	}	420	}
410	switch (n)	421	switch (n)
411	{	422	{
@@ -503,8 +514,11 @@ get_ticket_and_call_iterator (struct Plugin *plugin,
503	void *iter_cls)	514	void *iter_cls)
504	{	515	{
505	struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;	516	struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
		517	struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs;
506	int ret;	518	int ret;
507	int sret;	519	int sret;
		520	size_t attrs_len;
		521	char *attrs_ser;
508		522
509	ret = GNUNET_NO;	523	ret = GNUNET_NO;
510	if (SQLITE_ROW == (sret = sqlite3_step (stmt)))	524	if (SQLITE_ROW == (sret = sqlite3_step (stmt)))
@@ -513,6 +527,8 @@ get_ticket_and_call_iterator (struct Plugin *plugin,
513	GNUNET_SQ_result_spec_auto_from_type (&ticket.identity),	527	GNUNET_SQ_result_spec_auto_from_type (&ticket.identity),
514	GNUNET_SQ_result_spec_auto_from_type (&ticket.audience),	528	GNUNET_SQ_result_spec_auto_from_type (&ticket.audience),
515	GNUNET_SQ_result_spec_uint64 (&ticket.rnd),	529	GNUNET_SQ_result_spec_uint64 (&ticket.rnd),
		530	GNUNET_SQ_result_spec_variable_size ((void**)&attrs_ser,
		531	&attrs_len),
516	GNUNET_SQ_result_spec_end	532	GNUNET_SQ_result_spec_end
517		533
518	};	534	};
@@ -525,10 +541,13 @@ get_ticket_and_call_iterator (struct Plugin *plugin,
525	}	541	}
526	else	542	else
527	{	543	{
528	if (NULL != iter)	544	attrs = attribute_list_deserialize (attrs_ser,
529	iter (iter_cls,	545	attrs_len);
530	&ticket);	546	if (NULL != iter)
531	ret = GNUNET_YES;	547	iter (iter_cls,
		548	&ticket,
		549	attrs);
		550	ret = GNUNET_YES;
532	}	551	}
533	GNUNET_SQ_cleanup_result (rs);	552	GNUNET_SQ_cleanup_result (rs);
534	}	553	}


diff --git a/src/include/gnunet_identity_provider_plugin.h b/src/include/gnunet_identity_provider_plugin.h index 27d7eb44f..e34ed3f1a 100644 --- a/src/include/gnunet_identity_provider_plugin.h +++ b/src/include/gnunet_identity_provider_plugin.h
@@ -50,7 +50,8 @@ extern "C"
50	* @param ticket the ticket	50	* @param ticket the ticket
51	*/	51	*/
52	typedef void (GNUNET_IDENTITY_PROVIDER_TicketIterator) (void cls,	52	typedef void (GNUNET_IDENTITY_PROVIDER_TicketIterator) (void cls,
53	const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket);	53	const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
		54	const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs);
54		55
55		56
56	/**	57	/**
@@ -72,7 +73,8 @@ struct GNUNET_IDENTITY_PROVIDER_PluginFunctions
72	* @return #GNUNET_OK on success, else #GNUNET_SYSERR	73	* @return #GNUNET_OK on success, else #GNUNET_SYSERR
73	*/	74	*/
74	int (store_ticket) (void cls,	75	int (store_ticket) (void cls,
75	const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket);	76	const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
		77	const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs);
76		78
77	/**	79	/**
78	* Delete a ticket from the database.	80	* Delete a ticket from the database.