diff options
author | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2016-12-28 18:40:17 +0100 |
---|---|---|
committer | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2016-12-28 18:40:17 +0100 |
commit | a84624407eedd5418d36de590571da47d2f47015 (patch) | |
tree | 2f8d9fd84df5f1dba55a4e85c7d98722cc42cada /src | |
parent | 43b34377e10d329075327104e4a295ee9d3c53b4 (diff) | |
download | gnunet-a84624407eedd5418d36de590571da47d2f47015.tar.gz gnunet-a84624407eedd5418d36de590571da47d2f47015.zip |
-change api
Diffstat (limited to 'src')
-rw-r--r-- | src/credential/Makefile.am | 1 | ||||
-rw-r--r-- | src/credential/credential.h | 47 | ||||
-rw-r--r-- | src/credential/credential_api.c | 142 | ||||
-rw-r--r-- | src/credential/credential_misc.c | 1 | ||||
-rw-r--r-- | src/credential/credential_serialization.c | 175 | ||||
-rw-r--r-- | src/credential/credential_serialization.h | 17 | ||||
-rw-r--r-- | src/credential/gnunet-credential.c | 171 | ||||
-rw-r--r-- | src/credential/gnunet-service-credential.c | 367 | ||||
-rw-r--r-- | src/credential/plugin_rest_credential.c | 3 | ||||
-rwxr-xr-x | src/credential/test_credential_collect.sh | 47 | ||||
-rw-r--r-- | src/credential/test_credential_lookup.conf | 2 | ||||
-rwxr-xr-x | src/credential/test_credential_verify.sh | 5 | ||||
-rw-r--r-- | src/include/gnunet_credential_service.h | 15 | ||||
-rw-r--r-- | src/include/gnunet_protocols.h | 4 |
14 files changed, 797 insertions, 200 deletions
diff --git a/src/credential/Makefile.am b/src/credential/Makefile.am index db3bc8027..ca11c5e4f 100644 --- a/src/credential/Makefile.am +++ b/src/credential/Makefile.am | |||
@@ -69,6 +69,7 @@ gnunet_service_credential_LDADD = \ | |||
69 | libgnunetcredential.la \ | 69 | libgnunetcredential.la \ |
70 | $(top_builddir)/src/util/libgnunetutil.la \ | 70 | $(top_builddir)/src/util/libgnunetutil.la \ |
71 | $(top_builddir)/src/gns/libgnunetgns.la \ | 71 | $(top_builddir)/src/gns/libgnunetgns.la \ |
72 | $(top_builddir)/src/namestore/libgnunetnamestore.la \ | ||
72 | $(top_builddir)/src/statistics/libgnunetstatistics.la \ | 73 | $(top_builddir)/src/statistics/libgnunetstatistics.la \ |
73 | $(GN_LIBINTL) | 74 | $(GN_LIBINTL) |
74 | 75 | ||
diff --git a/src/credential/credential.h b/src/credential/credential.h index c5c0183cc..f16249c1b 100644 --- a/src/credential/credential.h +++ b/src/credential/credential.h | |||
@@ -30,6 +30,41 @@ | |||
30 | GNUNET_NETWORK_STRUCT_BEGIN | 30 | GNUNET_NETWORK_STRUCT_BEGIN |
31 | 31 | ||
32 | /** | 32 | /** |
33 | * Message from client to Credential service to collect credentials. | ||
34 | */ | ||
35 | struct CollectMessage | ||
36 | { | ||
37 | /** | ||
38 | * Header of type #GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY | ||
39 | */ | ||
40 | struct GNUNET_MessageHeader header; | ||
41 | |||
42 | /** | ||
43 | * Subject public key | ||
44 | */ | ||
45 | struct GNUNET_CRYPTO_EcdsaPrivateKey subject_key; | ||
46 | |||
47 | /** | ||
48 | * Trust anchor | ||
49 | */ | ||
50 | struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; | ||
51 | |||
52 | /** | ||
53 | * Length of the issuer attribute | ||
54 | */ | ||
55 | uint16_t issuer_attribute_len; | ||
56 | |||
57 | /** | ||
58 | * Unique identifier for this request (for key collisions). | ||
59 | */ | ||
60 | uint32_t id GNUNET_PACKED; | ||
61 | |||
62 | /* Followed by the zero-terminated attribute */ | ||
63 | |||
64 | }; | ||
65 | |||
66 | |||
67 | /** | ||
33 | * Message from client to Credential service to verify attributes. | 68 | * Message from client to Credential service to verify attributes. |
34 | */ | 69 | */ |
35 | struct VerifyMessage | 70 | struct VerifyMessage |
@@ -50,21 +85,21 @@ struct VerifyMessage | |||
50 | struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; | 85 | struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; |
51 | 86 | ||
52 | /** | 87 | /** |
53 | * Length of the issuer attribute | 88 | * Number of credentials |
54 | */ | 89 | */ |
55 | uint16_t issuer_attribute_len; | 90 | uint32_t c_count; |
56 | 91 | ||
57 | /** | 92 | /** |
58 | * Length of the subject attribute | 93 | * Length of the issuer attribute |
59 | */ | 94 | */ |
60 | uint16_t subject_attribute_len; | 95 | uint16_t issuer_attribute_len; |
61 | 96 | ||
62 | /** | 97 | /** |
63 | * Unique identifier for this request (for key collisions). | 98 | * Unique identifier for this request (for key collisions). |
64 | */ | 99 | */ |
65 | uint32_t id GNUNET_PACKED; | 100 | uint32_t id GNUNET_PACKED; |
66 | 101 | ||
67 | /* Followed by the zero-terminated attributes to look up */ | 102 | /* Followed by the zero-terminated attribute and credentials to look up */ |
68 | 103 | ||
69 | }; | 104 | }; |
70 | 105 | ||
@@ -72,7 +107,7 @@ struct VerifyMessage | |||
72 | /** | 107 | /** |
73 | * Message from CREDENTIAL service to client: new results. | 108 | * Message from CREDENTIAL service to client: new results. |
74 | */ | 109 | */ |
75 | struct VerifyResultMessage | 110 | struct DelegationChainResultMessage |
76 | { | 111 | { |
77 | /** | 112 | /** |
78 | * Header of type #GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT | 113 | * Header of type #GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT |
diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index e991b4153..b201d4d9c 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c | |||
@@ -61,7 +61,7 @@ struct GNUNET_CREDENTIAL_Request | |||
61 | /** | 61 | /** |
62 | * processor to call on verify result | 62 | * processor to call on verify result |
63 | */ | 63 | */ |
64 | GNUNET_CREDENTIAL_VerifyResultProcessor verify_proc; | 64 | GNUNET_CREDENTIAL_CredentialResultProcessor verify_proc; |
65 | 65 | ||
66 | /** | 66 | /** |
67 | * @e verify_proc closure | 67 | * @e verify_proc closure |
@@ -100,12 +100,12 @@ struct GNUNET_CREDENTIAL_Handle | |||
100 | /** | 100 | /** |
101 | * Head of linked list of active verify requests. | 101 | * Head of linked list of active verify requests. |
102 | */ | 102 | */ |
103 | struct GNUNET_CREDENTIAL_Request *verify_head; | 103 | struct GNUNET_CREDENTIAL_Request *request_head; |
104 | 104 | ||
105 | /** | 105 | /** |
106 | * Tail of linked list of active verify requests. | 106 | * Tail of linked list of active verify requests. |
107 | */ | 107 | */ |
108 | struct GNUNET_CREDENTIAL_Request *verify_tail; | 108 | struct GNUNET_CREDENTIAL_Request *request_tail; |
109 | 109 | ||
110 | /** | 110 | /** |
111 | * Reconnect task | 111 | * Reconnect task |
@@ -185,7 +185,6 @@ mq_error_handler (void *cls, | |||
185 | force_reconnect (handle); | 185 | force_reconnect (handle); |
186 | } | 186 | } |
187 | 187 | ||
188 | |||
189 | /** | 188 | /** |
190 | * Check validity of message received from the CREDENTIAL service | 189 | * Check validity of message received from the CREDENTIAL service |
191 | * | 190 | * |
@@ -194,7 +193,7 @@ mq_error_handler (void *cls, | |||
194 | */ | 193 | */ |
195 | static int | 194 | static int |
196 | check_result (void *cls, | 195 | check_result (void *cls, |
197 | const struct VerifyResultMessage *vr_msg) | 196 | const struct DelegationChainResultMessage *vr_msg) |
198 | { | 197 | { |
199 | //TODO | 198 | //TODO |
200 | return GNUNET_OK; | 199 | return GNUNET_OK; |
@@ -209,7 +208,7 @@ check_result (void *cls, | |||
209 | */ | 208 | */ |
210 | static void | 209 | static void |
211 | handle_result (void *cls, | 210 | handle_result (void *cls, |
212 | const struct VerifyResultMessage *vr_msg) | 211 | const struct DelegationChainResultMessage *vr_msg) |
213 | { | 212 | { |
214 | struct GNUNET_CREDENTIAL_Handle *handle = cls; | 213 | struct GNUNET_CREDENTIAL_Handle *handle = cls; |
215 | uint32_t r_id = ntohl (vr_msg->id); | 214 | uint32_t r_id = ntohl (vr_msg->id); |
@@ -219,30 +218,30 @@ handle_result (void *cls, | |||
219 | uint32_t c_count = ntohl (vr_msg->c_count); | 218 | uint32_t c_count = ntohl (vr_msg->c_count); |
220 | struct GNUNET_CREDENTIAL_Delegation d_chain[d_count]; | 219 | struct GNUNET_CREDENTIAL_Delegation d_chain[d_count]; |
221 | struct GNUNET_CREDENTIAL_Credential creds[c_count]; | 220 | struct GNUNET_CREDENTIAL_Credential creds[c_count]; |
222 | GNUNET_CREDENTIAL_VerifyResultProcessor proc; | 221 | GNUNET_CREDENTIAL_CredentialResultProcessor proc; |
223 | void *proc_cls; | 222 | void *proc_cls; |
224 | 223 | ||
225 | LOG (GNUNET_ERROR_TYPE_DEBUG, | 224 | LOG (GNUNET_ERROR_TYPE_DEBUG, |
226 | "Received verify reply from CREDENTIAL service\n"); | 225 | "Received verify reply from CREDENTIAL service\n"); |
227 | for (vr = handle->verify_head; NULL != vr; vr = vr->next) | 226 | for (vr = handle->request_head; NULL != vr; vr = vr->next) |
228 | if (vr->r_id == r_id) | 227 | if (vr->r_id == r_id) |
229 | break; | 228 | break; |
230 | if (NULL == vr) | 229 | if (NULL == vr) |
231 | return; | 230 | return; |
232 | proc = vr->verify_proc; | 231 | proc = vr->verify_proc; |
233 | proc_cls = vr->proc_cls; | 232 | proc_cls = vr->proc_cls; |
234 | GNUNET_CONTAINER_DLL_remove (handle->verify_head, | 233 | GNUNET_CONTAINER_DLL_remove (handle->request_head, |
235 | handle->verify_tail, | 234 | handle->request_tail, |
236 | vr); | 235 | vr); |
237 | GNUNET_MQ_discard (vr->env); | 236 | GNUNET_MQ_discard (vr->env); |
238 | GNUNET_free (vr); | 237 | GNUNET_free (vr); |
239 | GNUNET_assert (GNUNET_OK == | 238 | GNUNET_assert (GNUNET_OK == |
240 | GNUNET_CREDENTIAL_delegation_chain_deserialize (mlen, | 239 | GNUNET_CREDENTIAL_delegation_chain_deserialize (mlen, |
241 | (const char*) &vr_msg[1], | 240 | (const char*) &vr_msg[1], |
242 | d_count, | 241 | d_count, |
243 | d_chain, | 242 | d_chain, |
244 | c_count, | 243 | c_count, |
245 | creds)); | 244 | creds)); |
246 | if (GNUNET_NO == ntohl (vr_msg->cred_found)) | 245 | if (GNUNET_NO == ntohl (vr_msg->cred_found)) |
247 | { | 246 | { |
248 | proc (proc_cls, | 247 | proc (proc_cls, |
@@ -271,7 +270,11 @@ reconnect (struct GNUNET_CREDENTIAL_Handle *handle) | |||
271 | struct GNUNET_MQ_MessageHandler handlers[] = { | 270 | struct GNUNET_MQ_MessageHandler handlers[] = { |
272 | GNUNET_MQ_hd_var_size (result, | 271 | GNUNET_MQ_hd_var_size (result, |
273 | GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT, | 272 | GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT, |
274 | struct VerifyResultMessage, | 273 | struct DelegationChainResultMessage, |
274 | handle), | ||
275 | GNUNET_MQ_hd_var_size (result, | ||
276 | GNUNET_MESSAGE_TYPE_CREDENTIAL_COLLECT_RESULT, | ||
277 | struct DelegationChainResultMessage, | ||
275 | handle), | 278 | handle), |
276 | GNUNET_MQ_handler_end () | 279 | GNUNET_MQ_handler_end () |
277 | }; | 280 | }; |
@@ -287,7 +290,7 @@ reconnect (struct GNUNET_CREDENTIAL_Handle *handle) | |||
287 | handle); | 290 | handle); |
288 | if (NULL == handle->mq) | 291 | if (NULL == handle->mq) |
289 | return; | 292 | return; |
290 | for (vr = handle->verify_head; NULL != vr; vr = vr->next) | 293 | for (vr = handle->request_head; NULL != vr; vr = vr->next) |
291 | GNUNET_MQ_send_copy (handle->mq, | 294 | GNUNET_MQ_send_copy (handle->mq, |
292 | vr->env); | 295 | vr->env); |
293 | } | 296 | } |
@@ -334,7 +337,7 @@ GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle) | |||
334 | GNUNET_SCHEDULER_cancel (handle->reconnect_task); | 337 | GNUNET_SCHEDULER_cancel (handle->reconnect_task); |
335 | handle->reconnect_task = NULL; | 338 | handle->reconnect_task = NULL; |
336 | } | 339 | } |
337 | GNUNET_assert (NULL == handle->verify_head); | 340 | GNUNET_assert (NULL == handle->request_head); |
338 | GNUNET_free (handle); | 341 | GNUNET_free (handle); |
339 | } | 342 | } |
340 | 343 | ||
@@ -349,13 +352,81 @@ GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_Request *vr) | |||
349 | { | 352 | { |
350 | struct GNUNET_CREDENTIAL_Handle *handle = vr->credential_handle; | 353 | struct GNUNET_CREDENTIAL_Handle *handle = vr->credential_handle; |
351 | 354 | ||
352 | GNUNET_CONTAINER_DLL_remove (handle->verify_head, | 355 | GNUNET_CONTAINER_DLL_remove (handle->request_head, |
353 | handle->verify_tail, | 356 | handle->request_tail, |
354 | vr); | 357 | vr); |
355 | GNUNET_MQ_discard (vr->env); | 358 | GNUNET_MQ_discard (vr->env); |
356 | GNUNET_free (vr); | 359 | GNUNET_free (vr); |
357 | } | 360 | } |
358 | 361 | ||
362 | |||
363 | /** | ||
364 | * Performs attribute collection. | ||
365 | * Collects all credentials of subject to fulfill the | ||
366 | * attribute, if possible | ||
367 | * | ||
368 | * @param handle handle to the Credential service | ||
369 | * @param issuer_key the issuer public key | ||
370 | * @param issuer_attribute the issuer attribute | ||
371 | * @param subject_key the subject public key | ||
372 | * @param credential_count number of credentials provided | ||
373 | * @param credentials subject credentials | ||
374 | * @param proc function to call on result | ||
375 | * @param proc_cls closure for processor | ||
376 | * @return handle to the queued request | ||
377 | */ | ||
378 | struct GNUNET_CREDENTIAL_Request* | ||
379 | GNUNET_CREDENTIAL_collect (struct GNUNET_CREDENTIAL_Handle *handle, | ||
380 | const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, | ||
381 | const char *issuer_attribute, | ||
382 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *subject_key, | ||
383 | GNUNET_CREDENTIAL_CredentialResultProcessor proc, | ||
384 | void *proc_cls) | ||
385 | { | ||
386 | /* IPC to shorten credential names, return shorten_handle */ | ||
387 | struct CollectMessage *c_msg; | ||
388 | struct GNUNET_CREDENTIAL_Request *vr; | ||
389 | size_t nlen; | ||
390 | |||
391 | if (NULL == issuer_attribute) | ||
392 | { | ||
393 | GNUNET_break (0); | ||
394 | return NULL; | ||
395 | } | ||
396 | |||
397 | //DEBUG LOG | ||
398 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
399 | "Trying to collect `%s' in CREDENTIAL\n", | ||
400 | issuer_attribute); | ||
401 | nlen = strlen (issuer_attribute) + 1; | ||
402 | if (nlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (*vr)) | ||
403 | { | ||
404 | GNUNET_break (0); | ||
405 | return NULL; | ||
406 | } | ||
407 | vr = GNUNET_new (struct GNUNET_CREDENTIAL_Request); | ||
408 | vr->credential_handle = handle; | ||
409 | vr->verify_proc = proc; | ||
410 | vr->proc_cls = proc_cls; | ||
411 | vr->r_id = handle->r_id_gen++; | ||
412 | vr->env = GNUNET_MQ_msg_extra (c_msg, | ||
413 | nlen, | ||
414 | GNUNET_MESSAGE_TYPE_CREDENTIAL_COLLECT); | ||
415 | c_msg->id = htonl (vr->r_id); | ||
416 | c_msg->subject_key = *subject_key; | ||
417 | c_msg->issuer_key = *issuer_key; | ||
418 | c_msg->issuer_attribute_len = htons(strlen(issuer_attribute)); | ||
419 | GNUNET_memcpy (&c_msg[1], | ||
420 | issuer_attribute, | ||
421 | strlen (issuer_attribute)); | ||
422 | GNUNET_CONTAINER_DLL_insert (handle->request_head, | ||
423 | handle->request_tail, | ||
424 | vr); | ||
425 | if (NULL != handle->mq) | ||
426 | GNUNET_MQ_send_copy (handle->mq, | ||
427 | vr->env); | ||
428 | return vr; | ||
429 | } | ||
359 | /** | 430 | /** |
360 | * Performs attribute verification. | 431 | * Performs attribute verification. |
361 | * Checks if there is a delegation chain from | 432 | * Checks if there is a delegation chain from |
@@ -368,7 +439,8 @@ GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_Request *vr) | |||
368 | * @param issuer_key the issuer public key | 439 | * @param issuer_key the issuer public key |
369 | * @param issuer_attribute the issuer attribute | 440 | * @param issuer_attribute the issuer attribute |
370 | * @param subject_key the subject public key | 441 | * @param subject_key the subject public key |
371 | * @param subject_attribute the attribute claimed by the subject | 442 | * @param credential_count number of credentials provided |
443 | * @param credentials subject credentials | ||
372 | * @param proc function to call on result | 444 | * @param proc function to call on result |
373 | * @param proc_cls closure for processor | 445 | * @param proc_cls closure for processor |
374 | * @return handle to the queued request | 446 | * @return handle to the queued request |
@@ -378,25 +450,31 @@ GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, | |||
378 | const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, | 450 | const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, |
379 | const char *issuer_attribute, | 451 | const char *issuer_attribute, |
380 | const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key, | 452 | const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key, |
381 | const char *subject_attribute, | 453 | uint32_t credential_count, |
382 | GNUNET_CREDENTIAL_VerifyResultProcessor proc, | 454 | const struct GNUNET_CREDENTIAL_Credential *credentials, |
455 | GNUNET_CREDENTIAL_CredentialResultProcessor proc, | ||
383 | void *proc_cls) | 456 | void *proc_cls) |
384 | { | 457 | { |
385 | /* IPC to shorten credential names, return shorten_handle */ | 458 | /* IPC to shorten credential names, return shorten_handle */ |
386 | struct VerifyMessage *v_msg; | 459 | struct VerifyMessage *v_msg; |
387 | struct GNUNET_CREDENTIAL_Request *vr; | 460 | struct GNUNET_CREDENTIAL_Request *vr; |
388 | size_t nlen; | 461 | size_t nlen; |
462 | size_t clen; | ||
389 | 463 | ||
390 | if (NULL == issuer_attribute || NULL == subject_attribute) | 464 | if (NULL == issuer_attribute || NULL == credentials) |
391 | { | 465 | { |
392 | GNUNET_break (0); | 466 | GNUNET_break (0); |
393 | return NULL; | 467 | return NULL; |
394 | } | 468 | } |
469 | |||
470 | clen = GNUNET_CREDENTIAL_credentials_get_size (credential_count, | ||
471 | credentials); | ||
472 | |||
395 | //DEBUG LOG | 473 | //DEBUG LOG |
396 | LOG (GNUNET_ERROR_TYPE_DEBUG, | 474 | LOG (GNUNET_ERROR_TYPE_DEBUG, |
397 | "Trying to verify `%s' in CREDENTIAL\n", | 475 | "Trying to verify `%s' in CREDENTIAL\n", |
398 | issuer_attribute); | 476 | issuer_attribute); |
399 | nlen = strlen (issuer_attribute) + strlen (subject_attribute) + 1; | 477 | nlen = strlen (issuer_attribute) + 1 + clen; |
400 | if (nlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (*vr)) | 478 | if (nlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (*vr)) |
401 | { | 479 | { |
402 | GNUNET_break (0); | 480 | GNUNET_break (0); |
@@ -412,17 +490,19 @@ GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, | |||
412 | GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY); | 490 | GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY); |
413 | v_msg->id = htonl (vr->r_id); | 491 | v_msg->id = htonl (vr->r_id); |
414 | v_msg->subject_key = *subject_key; | 492 | v_msg->subject_key = *subject_key; |
493 | v_msg->c_count = htonl(credential_count); | ||
415 | v_msg->issuer_key = *issuer_key; | 494 | v_msg->issuer_key = *issuer_key; |
416 | v_msg->issuer_attribute_len = htons(strlen(issuer_attribute)); | 495 | v_msg->issuer_attribute_len = htons(strlen(issuer_attribute)); |
417 | v_msg->subject_attribute_len = htons(strlen(subject_attribute)); | ||
418 | GNUNET_memcpy (&v_msg[1], | 496 | GNUNET_memcpy (&v_msg[1], |
419 | issuer_attribute, | 497 | issuer_attribute, |
420 | strlen (issuer_attribute)); | 498 | strlen (issuer_attribute)); |
421 | GNUNET_memcpy (((char*)&v_msg[1]) + strlen (issuer_attribute), | 499 | GNUNET_CREDENTIAL_credentials_serialize (credential_count, |
422 | subject_attribute, | 500 | credentials, |
423 | strlen (subject_attribute)); | 501 | clen, |
424 | GNUNET_CONTAINER_DLL_insert (handle->verify_head, | 502 | ((char*)&v_msg[1]) |
425 | handle->verify_tail, | 503 | + strlen (issuer_attribute) + 1); |
504 | GNUNET_CONTAINER_DLL_insert (handle->request_head, | ||
505 | handle->request_tail, | ||
426 | vr); | 506 | vr); |
427 | if (NULL != handle->mq) | 507 | if (NULL != handle->mq) |
428 | GNUNET_MQ_send_copy (handle->mq, | 508 | GNUNET_MQ_send_copy (handle->mq, |
diff --git a/src/credential/credential_misc.c b/src/credential/credential_misc.c index f1be433e0..7849e81e6 100644 --- a/src/credential/credential_misc.c +++ b/src/credential/credential_misc.c | |||
@@ -105,6 +105,7 @@ GNUNET_CREDENTIAL_credential_from_string (const char* s) | |||
105 | GNUNET_memcpy (&cred[1], | 105 | GNUNET_memcpy (&cred[1], |
106 | name, | 106 | name, |
107 | strlen (name)+1); | 107 | strlen (name)+1); |
108 | cred->issuer_attribute_len = strlen ((char*)&cred[1]); | ||
108 | cred->issuer_attribute = (char*)&cred[1]; | 109 | cred->issuer_attribute = (char*)&cred[1]; |
109 | return cred; | 110 | return cred; |
110 | } | 111 | } |
diff --git a/src/credential/credential_serialization.c b/src/credential/credential_serialization.c index 0586e6baa..76bf491c9 100644 --- a/src/credential/credential_serialization.c +++ b/src/credential/credential_serialization.c | |||
@@ -138,6 +138,121 @@ GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len, | |||
138 | } | 138 | } |
139 | return GNUNET_OK; | 139 | return GNUNET_OK; |
140 | } | 140 | } |
141 | |||
142 | |||
143 | /** | ||
144 | * Calculate how many bytes we will need to serialize | ||
145 | * the credentials | ||
146 | * | ||
147 | * @param c_count number of credential entries | ||
148 | * @param cd a #GNUNET_CREDENTIAL_Credential | ||
149 | * @return the required size to serialize | ||
150 | */ | ||
151 | size_t | ||
152 | GNUNET_CREDENTIAL_credentials_get_size (unsigned int c_count, | ||
153 | const struct GNUNET_CREDENTIAL_Credential *cd) | ||
154 | { | ||
155 | unsigned int i; | ||
156 | size_t ret; | ||
157 | |||
158 | ret = sizeof (struct CredentialEntry) * (c_count); | ||
159 | |||
160 | for (i=0; i<c_count;i++) | ||
161 | { | ||
162 | GNUNET_assert ((ret + cd[i].issuer_attribute_len) >= ret); | ||
163 | ret += cd[i].issuer_attribute_len; | ||
164 | } | ||
165 | return ret; | ||
166 | } | ||
167 | /** | ||
168 | * Serizalize the given credentials | ||
169 | * | ||
170 | * @param c_count number of credential entries | ||
171 | * @param cd a #GNUNET_CREDENTIAL_Credential | ||
172 | * @param dest_size size of the destination | ||
173 | * @param dest where to store the result | ||
174 | * @return the size of the data, -1 on failure | ||
175 | */ | ||
176 | ssize_t | ||
177 | GNUNET_CREDENTIAL_credentials_serialize (unsigned int c_count, | ||
178 | const struct GNUNET_CREDENTIAL_Credential *cd, | ||
179 | size_t dest_size, | ||
180 | char *dest) | ||
181 | { | ||
182 | struct CredentialEntry c_rec; | ||
183 | unsigned int i; | ||
184 | size_t off; | ||
185 | |||
186 | off = 0; | ||
187 | for (i=0;i<c_count;i++) | ||
188 | { | ||
189 | c_rec.issuer_attribute_len = htonl ((uint32_t) cd[i].issuer_attribute_len); | ||
190 | c_rec.issuer_key = cd[i].issuer_key; | ||
191 | c_rec.subject_key = cd[i].subject_key; | ||
192 | c_rec.signature = cd[i].signature; | ||
193 | c_rec.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); | ||
194 | c_rec.purpose.size = htonl ((sizeof (struct CredentialEntry) + cd[i].issuer_attribute_len) - sizeof (struct GNUNET_CRYPTO_EcdsaSignature)); | ||
195 | c_rec.expiration = htonl ((uint32_t) cd[i].expiration.abs_value_us); | ||
196 | if (off + sizeof (c_rec) > dest_size) | ||
197 | return -1; | ||
198 | GNUNET_memcpy (&dest[off], | ||
199 | &c_rec, | ||
200 | sizeof (c_rec)); | ||
201 | off += sizeof (c_rec); | ||
202 | if (off + cd[i].issuer_attribute_len > dest_size) | ||
203 | return -1; | ||
204 | GNUNET_memcpy (&dest[off], | ||
205 | cd[i].issuer_attribute, | ||
206 | cd[i].issuer_attribute_len); | ||
207 | off += cd[i].issuer_attribute_len; | ||
208 | } | ||
209 | |||
210 | return off; | ||
211 | } | ||
212 | |||
213 | |||
214 | |||
215 | /** | ||
216 | * Deserialize the given destination | ||
217 | * | ||
218 | * @param len size of the serialized creds | ||
219 | * @param src the serialized data | ||
220 | * @param c_count the number of credential entries | ||
221 | * @param cd where to put the credential data | ||
222 | * @return #GNUNET_OK on success, #GNUNET_SYSERR on error | ||
223 | */ | ||
224 | int | ||
225 | GNUNET_CREDENTIAL_credentials_deserialize (size_t len, | ||
226 | const char *src, | ||
227 | unsigned int c_count, | ||
228 | struct GNUNET_CREDENTIAL_Credential *cd) | ||
229 | { | ||
230 | struct CredentialEntry c_rec; | ||
231 | unsigned int i; | ||
232 | size_t off; | ||
233 | |||
234 | off = 0; | ||
235 | for (i=0;i<c_count;i++) | ||
236 | { | ||
237 | if (off + sizeof (c_rec) > len) | ||
238 | return GNUNET_SYSERR; | ||
239 | GNUNET_memcpy (&c_rec, &src[off], sizeof (c_rec)); | ||
240 | cd[i].issuer_attribute_len = ntohl ((uint32_t) c_rec.issuer_attribute_len); | ||
241 | cd[i].issuer_key = c_rec.issuer_key; | ||
242 | cd[i].subject_key = c_rec.subject_key; | ||
243 | cd[i].signature = c_rec.signature; | ||
244 | cd[i].expiration.abs_value_us = ntohl((uint32_t) c_rec.expiration); | ||
245 | off += sizeof (c_rec); | ||
246 | if (off + cd[i].issuer_attribute_len > len) | ||
247 | return GNUNET_SYSERR; | ||
248 | cd[i].issuer_attribute = &src[off]; | ||
249 | off += cd[i].issuer_attribute_len; | ||
250 | } | ||
251 | return GNUNET_OK; | ||
252 | } | ||
253 | |||
254 | |||
255 | |||
141 | /** | 256 | /** |
142 | * Calculate how many bytes we will need to serialize | 257 | * Calculate how many bytes we will need to serialize |
143 | * the given delegation chain and credential | 258 | * the given delegation chain and credential |
@@ -158,7 +273,6 @@ GNUNET_CREDENTIAL_delegation_chain_get_size (unsigned int d_count, | |||
158 | size_t ret; | 273 | size_t ret; |
159 | 274 | ||
160 | ret = sizeof (struct ChainEntry) * (d_count); | 275 | ret = sizeof (struct ChainEntry) * (d_count); |
161 | ret += sizeof (struct CredentialEntry) * (c_count); | ||
162 | 276 | ||
163 | for (i=0; i<d_count;i++) | 277 | for (i=0; i<d_count;i++) |
164 | { | 278 | { |
@@ -167,11 +281,7 @@ GNUNET_CREDENTIAL_delegation_chain_get_size (unsigned int d_count, | |||
167 | dd[i].subject_attribute_len) >= ret); | 281 | dd[i].subject_attribute_len) >= ret); |
168 | ret += dd[i].issuer_attribute_len + dd[i].subject_attribute_len; | 282 | ret += dd[i].issuer_attribute_len + dd[i].subject_attribute_len; |
169 | } | 283 | } |
170 | for (i=0; i<c_count;i++) | 284 | return ret+GNUNET_CREDENTIAL_credentials_get_size(c_count, cd); |
171 | { | ||
172 | GNUNET_assert ((ret + cd[i].issuer_attribute_len) >= ret); | ||
173 | ret += cd[i].issuer_attribute_len; | ||
174 | } | ||
175 | return ret; | 285 | return ret; |
176 | } | 286 | } |
177 | 287 | ||
@@ -195,7 +305,6 @@ GNUNET_CREDENTIAL_delegation_chain_serialize (unsigned int d_count, | |||
195 | char *dest) | 305 | char *dest) |
196 | { | 306 | { |
197 | struct ChainEntry rec; | 307 | struct ChainEntry rec; |
198 | struct CredentialEntry c_rec; | ||
199 | unsigned int i; | 308 | unsigned int i; |
200 | size_t off; | 309 | size_t off; |
201 | 310 | ||
@@ -227,30 +336,10 @@ GNUNET_CREDENTIAL_delegation_chain_serialize (unsigned int d_count, | |||
227 | dd[i].subject_attribute_len); | 336 | dd[i].subject_attribute_len); |
228 | off += dd[i].subject_attribute_len; | 337 | off += dd[i].subject_attribute_len; |
229 | } | 338 | } |
230 | for (i=0;i<c_count;i++) | 339 | return off+GNUNET_CREDENTIAL_credentials_serialize (c_count, |
231 | { | 340 | cd, |
232 | c_rec.issuer_attribute_len = htonl ((uint32_t) cd[i].issuer_attribute_len); | 341 | dest_size-off, |
233 | c_rec.issuer_key = cd[i].issuer_key; | 342 | &dest[off]); |
234 | c_rec.subject_key = cd[i].subject_key; | ||
235 | c_rec.signature = cd[i].signature; | ||
236 | c_rec.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); | ||
237 | c_rec.purpose.size = htonl ((sizeof (struct CredentialEntry) + cd[i].issuer_attribute_len) - sizeof (struct GNUNET_CRYPTO_EcdsaSignature)); | ||
238 | c_rec.expiration = htonl ((uint32_t) cd[i].expiration.abs_value_us); | ||
239 | if (off + sizeof (c_rec) > dest_size) | ||
240 | return -1; | ||
241 | GNUNET_memcpy (&dest[off], | ||
242 | &c_rec, | ||
243 | sizeof (c_rec)); | ||
244 | off += sizeof (c_rec); | ||
245 | if (off + cd[i].issuer_attribute_len > dest_size) | ||
246 | return -1; | ||
247 | GNUNET_memcpy (&dest[off], | ||
248 | cd[i].issuer_attribute, | ||
249 | cd[i].issuer_attribute_len); | ||
250 | off += cd[i].issuer_attribute_len; | ||
251 | } | ||
252 | |||
253 | return off; | ||
254 | } | 343 | } |
255 | 344 | ||
256 | 345 | ||
@@ -274,7 +363,6 @@ GNUNET_CREDENTIAL_delegation_chain_deserialize (size_t len, | |||
274 | struct GNUNET_CREDENTIAL_Credential *cd) | 363 | struct GNUNET_CREDENTIAL_Credential *cd) |
275 | { | 364 | { |
276 | struct ChainEntry rec; | 365 | struct ChainEntry rec; |
277 | struct CredentialEntry c_rec; | ||
278 | unsigned int i; | 366 | unsigned int i; |
279 | size_t off; | 367 | size_t off; |
280 | 368 | ||
@@ -298,26 +386,11 @@ GNUNET_CREDENTIAL_delegation_chain_deserialize (size_t len, | |||
298 | dd[i].subject_attribute = &src[off]; | 386 | dd[i].subject_attribute = &src[off]; |
299 | off += dd[i].subject_attribute_len; | 387 | off += dd[i].subject_attribute_len; |
300 | } | 388 | } |
301 | for (i=0;i<c_count;i++) | 389 | return GNUNET_CREDENTIAL_credentials_deserialize (len-off, |
302 | { | 390 | &src[off], |
303 | if (off + sizeof (c_rec) > len) | 391 | c_count, |
304 | return GNUNET_SYSERR; | 392 | cd); |
305 | GNUNET_memcpy (&c_rec, &src[off], sizeof (c_rec)); | ||
306 | cd[i].issuer_attribute_len = ntohl ((uint32_t) c_rec.issuer_attribute_len); | ||
307 | cd[i].issuer_key = c_rec.issuer_key; | ||
308 | cd[i].subject_key = c_rec.subject_key; | ||
309 | cd[i].signature = c_rec.signature; | ||
310 | cd[i].expiration.abs_value_us = ntohl((uint32_t) c_rec.expiration); | ||
311 | off += sizeof (c_rec); | ||
312 | if (off + cd[i].issuer_attribute_len > len) | ||
313 | return GNUNET_SYSERR; | ||
314 | cd[i].issuer_attribute = &src[off]; | ||
315 | off += cd[i].issuer_attribute_len; | ||
316 | } | ||
317 | return GNUNET_OK; | ||
318 | } | 393 | } |
319 | |||
320 | |||
321 | int | 394 | int |
322 | GNUNET_CREDENTIAL_credential_serialize (struct GNUNET_CREDENTIAL_Credential *cred, | 395 | GNUNET_CREDENTIAL_credential_serialize (struct GNUNET_CREDENTIAL_Credential *cred, |
323 | char **data) | 396 | char **data) |
diff --git a/src/credential/credential_serialization.h b/src/credential/credential_serialization.h index eb1327f34..b870d47dc 100644 --- a/src/credential/credential_serialization.h +++ b/src/credential/credential_serialization.h | |||
@@ -130,6 +130,23 @@ GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len, | |||
130 | struct GNUNET_CREDENTIAL_Delegation *dd, | 130 | struct GNUNET_CREDENTIAL_Delegation *dd, |
131 | unsigned int c_count, | 131 | unsigned int c_count, |
132 | struct GNUNET_CREDENTIAL_Credential *cd); | 132 | struct GNUNET_CREDENTIAL_Credential *cd); |
133 | size_t | ||
134 | GNUNET_CREDENTIAL_credentials_get_size (unsigned int c_count, | ||
135 | const struct GNUNET_CREDENTIAL_Credential *cd); | ||
136 | |||
137 | ssize_t | ||
138 | GNUNET_CREDENTIAL_credentials_serialize (unsigned int c_count, | ||
139 | const struct GNUNET_CREDENTIAL_Credential *cd, | ||
140 | size_t dest_size, | ||
141 | char *dest); | ||
142 | |||
143 | |||
144 | int | ||
145 | GNUNET_CREDENTIAL_credentials_deserialize (size_t len, | ||
146 | const char *src, | ||
147 | unsigned int c_count, | ||
148 | struct GNUNET_CREDENTIAL_Credential *cd); | ||
149 | |||
133 | 150 | ||
134 | int | 151 | int |
135 | GNUNET_CREDENTIAL_credential_serialize (struct GNUNET_CREDENTIAL_Credential *cred, | 152 | GNUNET_CREDENTIAL_credential_serialize (struct GNUNET_CREDENTIAL_Credential *cred, |
diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index b31c2f66e..fb7bdb7f8 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c | |||
@@ -55,6 +55,11 @@ static struct GNUNET_TIME_Relative timeout; | |||
55 | static struct GNUNET_CREDENTIAL_Request *verify_request; | 55 | static struct GNUNET_CREDENTIAL_Request *verify_request; |
56 | 56 | ||
57 | /** | 57 | /** |
58 | * Handle to collect request | ||
59 | */ | ||
60 | static struct GNUNET_CREDENTIAL_Request *collect_request; | ||
61 | |||
62 | /** | ||
58 | * Task scheduled to handle timeout. | 63 | * Task scheduled to handle timeout. |
59 | */ | 64 | */ |
60 | static struct GNUNET_SCHEDULER_Task *tt; | 65 | static struct GNUNET_SCHEDULER_Task *tt; |
@@ -91,9 +96,9 @@ struct GNUNET_CRYPTO_EcdsaPublicKey issuer_pkey; | |||
91 | static char *issuer_key; | 96 | static char *issuer_key; |
92 | 97 | ||
93 | /** | 98 | /** |
94 | * Issuer ego | 99 | * ego |
95 | */ | 100 | */ |
96 | static char *issuer_ego_name; | 101 | static char *ego_name; |
97 | 102 | ||
98 | /** | 103 | /** |
99 | * Issuer attribute | 104 | * Issuer attribute |
@@ -110,6 +115,10 @@ static uint32_t verify; | |||
110 | */ | 115 | */ |
111 | static uint32_t create_cred; | 116 | static uint32_t create_cred; |
112 | 117 | ||
118 | /** | ||
119 | * Collect mode | ||
120 | */ | ||
121 | static uint32_t collect; | ||
113 | 122 | ||
114 | /** | 123 | /** |
115 | * Task run on shutdown. Cleans up everything. | 124 | * Task run on shutdown. Cleans up everything. |
@@ -149,6 +158,39 @@ do_timeout (void *cls) | |||
149 | GNUNET_SCHEDULER_shutdown (); | 158 | GNUNET_SCHEDULER_shutdown (); |
150 | } | 159 | } |
151 | 160 | ||
161 | /** | ||
162 | * Function called with the result of a Credential lookup. | ||
163 | * | ||
164 | * @param cls the 'const char *' name that was resolved | ||
165 | * @param cd_count number of records returned | ||
166 | * @param cd array of @a cd_count records with the results | ||
167 | */ | ||
168 | static void | ||
169 | handle_collect_result (void *cls, | ||
170 | unsigned int d_count, | ||
171 | struct GNUNET_CREDENTIAL_Delegation *dc, | ||
172 | unsigned int c_count, | ||
173 | struct GNUNET_CREDENTIAL_Credential *cred) | ||
174 | { | ||
175 | int i; | ||
176 | char* line; | ||
177 | |||
178 | verify_request = NULL; | ||
179 | if (NULL != cred) | ||
180 | { | ||
181 | for (i=0;i<c_count;i++) | ||
182 | { | ||
183 | line = GNUNET_CREDENTIAL_credential_to_string (&cred[i]); | ||
184 | printf ("%s\n", | ||
185 | line); | ||
186 | GNUNET_free (line); | ||
187 | } | ||
188 | } | ||
189 | |||
190 | |||
191 | GNUNET_SCHEDULER_shutdown (); | ||
192 | } | ||
193 | |||
152 | 194 | ||
153 | /** | 195 | /** |
154 | * Function called with the result of a Credential lookup. | 196 | * Function called with the result of a Credential lookup. |
@@ -230,15 +272,42 @@ identity_cb (void *cls, | |||
230 | el = NULL; | 272 | el = NULL; |
231 | if (NULL == ego) | 273 | if (NULL == ego) |
232 | { | 274 | { |
233 | if (NULL != issuer_ego_name) | 275 | if (NULL != ego_name) |
234 | { | 276 | { |
235 | fprintf (stderr, | 277 | fprintf (stderr, |
236 | _("Ego `%s' not known to identity service\n"), | 278 | _("Ego `%s' not known to identity service\n"), |
237 | issuer_ego_name); | 279 | ego_name); |
238 | } | 280 | } |
239 | GNUNET_SCHEDULER_shutdown (); | 281 | GNUNET_SCHEDULER_shutdown (); |
240 | return; | 282 | return; |
241 | } | 283 | } |
284 | |||
285 | if (GNUNET_YES == collect) | ||
286 | { | ||
287 | |||
288 | if (GNUNET_OK != | ||
289 | GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_key, | ||
290 | strlen (issuer_key), | ||
291 | &issuer_pkey)) | ||
292 | { | ||
293 | fprintf (stderr, | ||
294 | _("Issuer public key `%s' is not well-formed\n"), | ||
295 | issuer_key); | ||
296 | GNUNET_SCHEDULER_shutdown (); | ||
297 | } | ||
298 | privkey = GNUNET_IDENTITY_ego_get_private_key (ego); | ||
299 | |||
300 | collect_request = GNUNET_CREDENTIAL_collect(credential, | ||
301 | &issuer_pkey, | ||
302 | issuer_attr, //TODO argument | ||
303 | privkey, | ||
304 | &handle_collect_result, | ||
305 | NULL); | ||
306 | return; | ||
307 | } | ||
308 | |||
309 | //Else issue | ||
310 | |||
242 | if (NULL == expiration) | 311 | if (NULL == expiration) |
243 | { | 312 | { |
244 | fprintf (stderr, | 313 | fprintf (stderr, |
@@ -261,8 +330,8 @@ identity_cb (void *cls, | |||
261 | 330 | ||
262 | 331 | ||
263 | privkey = GNUNET_IDENTITY_ego_get_private_key (ego); | 332 | privkey = GNUNET_IDENTITY_ego_get_private_key (ego); |
264 | GNUNET_free_non_null (issuer_ego_name); | 333 | GNUNET_free_non_null (ego_name); |
265 | issuer_ego_name = NULL; | 334 | ego_name = NULL; |
266 | crd = GNUNET_CREDENTIAL_credential_issue (privkey, | 335 | crd = GNUNET_CREDENTIAL_credential_issue (privkey, |
267 | &subject_pkey, | 336 | &subject_pkey, |
268 | issuer_attr, | 337 | issuer_attr, |
@@ -299,7 +368,46 @@ run (void *cls, | |||
299 | &do_timeout, NULL); | 368 | &do_timeout, NULL); |
300 | GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); | 369 | GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); |
301 | 370 | ||
371 | if (GNUNET_YES == collect) { | ||
372 | if (NULL == issuer_key) | ||
373 | { | ||
374 | fprintf (stderr, | ||
375 | _("Issuer public key not well-formed\n")); | ||
376 | GNUNET_SCHEDULER_shutdown (); | ||
377 | return; | ||
378 | |||
379 | } | ||
380 | |||
381 | credential = GNUNET_CREDENTIAL_connect (cfg); | ||
382 | |||
383 | if (NULL == credential) | ||
384 | { | ||
385 | fprintf (stderr, | ||
386 | _("Failed to connect to CREDENTIAL\n")); | ||
387 | GNUNET_SCHEDULER_shutdown (); | ||
388 | } | ||
389 | if (NULL == issuer_attr) | ||
390 | { | ||
391 | fprintf (stderr, | ||
392 | _("You must provide issuer the attribute\n")); | ||
393 | GNUNET_SCHEDULER_shutdown (); | ||
394 | } | ||
395 | |||
396 | if (NULL == ego_name) | ||
397 | { | ||
398 | fprintf (stderr, | ||
399 | _("ego required\n")); | ||
400 | GNUNET_SCHEDULER_shutdown (); | ||
401 | return; | ||
402 | |||
403 | } | ||
404 | el = GNUNET_IDENTITY_ego_lookup (cfg, | ||
405 | ego_name, | ||
406 | &identity_cb, | ||
407 | (void *) cfg); | ||
408 | return; | ||
302 | 409 | ||
410 | } | ||
303 | 411 | ||
304 | if (NULL == subject_key) | 412 | if (NULL == subject_key) |
305 | { | 413 | { |
@@ -320,7 +428,6 @@ run (void *cls, | |||
320 | GNUNET_SCHEDULER_shutdown (); | 428 | GNUNET_SCHEDULER_shutdown (); |
321 | return; | 429 | return; |
322 | } | 430 | } |
323 | |||
324 | if (GNUNET_YES == verify) { | 431 | if (GNUNET_YES == verify) { |
325 | if (NULL == issuer_key) | 432 | if (NULL == issuer_key) |
326 | { | 433 | { |
@@ -348,7 +455,6 @@ run (void *cls, | |||
348 | _("Failed to connect to CREDENTIAL\n")); | 455 | _("Failed to connect to CREDENTIAL\n")); |
349 | GNUNET_SCHEDULER_shutdown (); | 456 | GNUNET_SCHEDULER_shutdown (); |
350 | } | 457 | } |
351 | |||
352 | if (NULL == issuer_attr || NULL == subject_credential) | 458 | if (NULL == issuer_attr || NULL == subject_credential) |
353 | { | 459 | { |
354 | fprintf (stderr, | 460 | fprintf (stderr, |
@@ -356,18 +462,50 @@ run (void *cls, | |||
356 | GNUNET_SCHEDULER_shutdown (); | 462 | GNUNET_SCHEDULER_shutdown (); |
357 | } | 463 | } |
358 | 464 | ||
359 | printf ("Trying to find a chain from a credential under %s of %s to the attribute %s issued by %s\n", | 465 | //Subject credentials are comma separated |
360 | subject_credential, subject_key, issuer_attr, issuer_key); | 466 | char *tmp = GNUNET_strdup (subject_credential); |
467 | char *tok = strtok (tmp, ","); | ||
468 | if (NULL == tok) | ||
469 | { | ||
470 | fprintf (stderr, | ||
471 | "Invalid subject credentials\n"); | ||
472 | GNUNET_free (tmp); | ||
473 | GNUNET_SCHEDULER_shutdown (); | ||
474 | } | ||
475 | int count = 1; | ||
476 | int i; | ||
477 | while (NULL != (tok = strtok(NULL, ","))) | ||
478 | count++; | ||
479 | struct GNUNET_CREDENTIAL_Credential credentials[count]; | ||
480 | struct GNUNET_CREDENTIAL_Credential *cred; | ||
481 | GNUNET_free (tmp); | ||
482 | tmp = GNUNET_strdup (subject_credential); | ||
483 | tok = strtok (tmp, ","); | ||
484 | for (i=0;i<count;i++) | ||
485 | { | ||
486 | cred = GNUNET_CREDENTIAL_credential_from_string (tok); | ||
487 | GNUNET_memcpy (&credentials[i], | ||
488 | cred, | ||
489 | sizeof (struct GNUNET_CREDENTIAL_Credential)); | ||
490 | credentials[i].issuer_attribute = GNUNET_strdup (cred->issuer_attribute); | ||
491 | tok = strtok(NULL, ","); | ||
492 | GNUNET_free (cred); | ||
493 | } | ||
361 | 494 | ||
362 | verify_request = GNUNET_CREDENTIAL_verify(credential, | 495 | verify_request = GNUNET_CREDENTIAL_verify(credential, |
363 | &issuer_pkey, | 496 | &issuer_pkey, |
364 | issuer_attr, //TODO argument | 497 | issuer_attr, //TODO argument |
365 | &subject_pkey, | 498 | &subject_pkey, |
366 | subject_credential, | 499 | count, |
500 | credentials, | ||
367 | &handle_verify_result, | 501 | &handle_verify_result, |
368 | NULL); | 502 | NULL); |
503 | for (i=0;i<count;i++) | ||
504 | { | ||
505 | GNUNET_free ((char*)credentials[i].issuer_attribute); | ||
506 | } | ||
369 | } else if (GNUNET_YES == create_cred) { | 507 | } else if (GNUNET_YES == create_cred) { |
370 | if (NULL == issuer_ego_name) | 508 | if (NULL == ego_name) |
371 | { | 509 | { |
372 | fprintf (stderr, | 510 | fprintf (stderr, |
373 | _("Issuer ego required\n")); | 511 | _("Issuer ego required\n")); |
@@ -376,7 +514,7 @@ run (void *cls, | |||
376 | 514 | ||
377 | } | 515 | } |
378 | el = GNUNET_IDENTITY_ego_lookup (cfg, | 516 | el = GNUNET_IDENTITY_ego_lookup (cfg, |
379 | issuer_ego_name, | 517 | ego_name, |
380 | &identity_cb, | 518 | &identity_cb, |
381 | (void *) cfg); | 519 | (void *) cfg); |
382 | return; | 520 | return; |
@@ -416,14 +554,17 @@ main (int argc, char *const *argv) | |||
416 | gettext_noop ("The public key of the authority to verify the credential against"), 1, | 554 | gettext_noop ("The public key of the authority to verify the credential against"), 1, |
417 | &GNUNET_GETOPT_set_string, &issuer_key}, | 555 | &GNUNET_GETOPT_set_string, &issuer_key}, |
418 | {'e', "ego", "EGO", | 556 | {'e', "ego", "EGO", |
419 | gettext_noop ("The ego to use to issue"), 1, | 557 | gettext_noop ("The ego to use"), 1, |
420 | &GNUNET_GETOPT_set_string, &issuer_ego_name}, | 558 | &GNUNET_GETOPT_set_string, &ego_name}, |
421 | {'a', "attribute", "ATTR", | 559 | {'a', "attribute", "ATTR", |
422 | gettext_noop ("The issuer attribute to verify against or to issue"), 1, | 560 | gettext_noop ("The issuer attribute to verify against or to issue"), 1, |
423 | &GNUNET_GETOPT_set_string, &issuer_attr}, | 561 | &GNUNET_GETOPT_set_string, &issuer_attr}, |
424 | {'T', "ttl", "EXP", | 562 | {'T', "ttl", "EXP", |
425 | gettext_noop ("The time to live for the credential"), 1, | 563 | gettext_noop ("The time to live for the credential"), 1, |
426 | &GNUNET_GETOPT_set_string, &expiration}, | 564 | &GNUNET_GETOPT_set_string, &expiration}, |
565 | {'g', "collect", NULL, | ||
566 | gettext_noop ("collect credentials"), 0, | ||
567 | &GNUNET_GETOPT_set_one, &collect}, | ||
427 | GNUNET_GETOPT_OPTION_END | 568 | GNUNET_GETOPT_OPTION_END |
428 | }; | 569 | }; |
429 | int ret; | 570 | int ret; |
diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index 942b38652..4841370b3 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c | |||
@@ -31,15 +31,11 @@ | |||
31 | #include "gnunet_protocols.h" | 31 | #include "gnunet_protocols.h" |
32 | #include "gnunet_signatures.h" | 32 | #include "gnunet_signatures.h" |
33 | 33 | ||
34 | // For Looking up GNS request | ||
35 | #include <gnunet_dnsparser_lib.h> | 34 | #include <gnunet_dnsparser_lib.h> |
36 | #include <gnunet_identity_service.h> | 35 | #include <gnunet_identity_service.h> |
37 | #include <gnunet_gnsrecord_lib.h> | 36 | #include <gnunet_gnsrecord_lib.h> |
38 | #include <gnunet_namestore_service.h> | 37 | #include <gnunet_namestore_service.h> |
39 | #include <gnunet_gns_service.h> | 38 | #include <gnunet_gns_service.h> |
40 | #include "gnunet_gns_service.h" | ||
41 | |||
42 | |||
43 | 39 | ||
44 | 40 | ||
45 | #define GNUNET_CREDENTIAL_MAX_LENGTH 255 | 41 | #define GNUNET_CREDENTIAL_MAX_LENGTH 255 |
@@ -311,6 +307,16 @@ struct VerifyRequestHandle | |||
311 | */ | 307 | */ |
312 | uint64_t pending_lookups; | 308 | uint64_t pending_lookups; |
313 | 309 | ||
310 | /** | ||
311 | * Credential iterator | ||
312 | */ | ||
313 | struct GNUNET_NAMESTORE_ZoneIterator *cred_collection_iter; | ||
314 | |||
315 | /** | ||
316 | * Collect task | ||
317 | */ | ||
318 | struct GNUNET_SCHEDULER_Task *collect_next_task; | ||
319 | |||
314 | }; | 320 | }; |
315 | 321 | ||
316 | 322 | ||
@@ -335,6 +341,11 @@ static struct GNUNET_STATISTICS_Handle *statistics; | |||
335 | static struct GNUNET_GNS_Handle *gns; | 341 | static struct GNUNET_GNS_Handle *gns; |
336 | 342 | ||
337 | 343 | ||
344 | /** | ||
345 | * Handle to namestore service | ||
346 | */ | ||
347 | static struct GNUNET_NAMESTORE_Handle *namestore; | ||
348 | |||
338 | static void | 349 | static void |
339 | cleanup_delegation_set (struct DelegationSetQueueEntry *ds_entry) | 350 | cleanup_delegation_set (struct DelegationSetQueueEntry *ds_entry) |
340 | { | 351 | { |
@@ -444,6 +455,11 @@ shutdown_task (void *cls) | |||
444 | GNUNET_GNS_disconnect (gns); | 455 | GNUNET_GNS_disconnect (gns); |
445 | gns = NULL; | 456 | gns = NULL; |
446 | } | 457 | } |
458 | if (NULL != namestore) | ||
459 | { | ||
460 | GNUNET_NAMESTORE_disconnect (namestore); | ||
461 | namestore = NULL; | ||
462 | } | ||
447 | if (NULL != statistics) | 463 | if (NULL != statistics) |
448 | { | 464 | { |
449 | GNUNET_STATISTICS_destroy (statistics, | 465 | GNUNET_STATISTICS_destroy (statistics, |
@@ -453,42 +469,7 @@ shutdown_task (void *cls) | |||
453 | 469 | ||
454 | } | 470 | } |
455 | 471 | ||
456 | /** | ||
457 | * Checks a #GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY message | ||
458 | * | ||
459 | * @param cls client sending the message | ||
460 | * @param v_msg message of type `struct VerifyMessage` | ||
461 | * @return #GNUNET_OK if @a v_msg is well-formed | ||
462 | */ | ||
463 | static int | ||
464 | check_verify (void *cls, | ||
465 | const struct VerifyMessage *v_msg) | ||
466 | { | ||
467 | size_t msg_size; | ||
468 | const char* attrs; | ||
469 | 472 | ||
470 | msg_size = ntohs (v_msg->header.size); | ||
471 | if (msg_size < sizeof (struct VerifyMessage)) | ||
472 | { | ||
473 | GNUNET_break (0); | ||
474 | return GNUNET_SYSERR; | ||
475 | } | ||
476 | if ((ntohs (v_msg->issuer_attribute_len) > GNUNET_CREDENTIAL_MAX_LENGTH) || | ||
477 | (ntohs (v_msg->subject_attribute_len) > GNUNET_CREDENTIAL_MAX_LENGTH)) | ||
478 | { | ||
479 | GNUNET_break (0); | ||
480 | return GNUNET_SYSERR; | ||
481 | } | ||
482 | attrs = (const char *) &v_msg[1]; | ||
483 | |||
484 | if ( ('\0' != attrs[ntohs(v_msg->header.size) - sizeof (struct VerifyMessage) - 1]) || | ||
485 | (strlen (attrs) > GNUNET_CREDENTIAL_MAX_LENGTH * 2) ) | ||
486 | { | ||
487 | GNUNET_break (0); | ||
488 | return GNUNET_SYSERR; | ||
489 | } | ||
490 | return GNUNET_OK; | ||
491 | } | ||
492 | 473 | ||
493 | /** | 474 | /** |
494 | * Send. | 475 | * Send. |
@@ -499,7 +480,7 @@ static void | |||
499 | send_lookup_response (struct VerifyRequestHandle *vrh) | 480 | send_lookup_response (struct VerifyRequestHandle *vrh) |
500 | { | 481 | { |
501 | struct GNUNET_MQ_Envelope *env; | 482 | struct GNUNET_MQ_Envelope *env; |
502 | struct VerifyResultMessage *rmsg; | 483 | struct DelegationChainResultMessage *rmsg; |
503 | struct DelegationChainEntry *dce; | 484 | struct DelegationChainEntry *dce; |
504 | struct GNUNET_CREDENTIAL_Delegation dd[vrh->delegation_chain_size]; | 485 | struct GNUNET_CREDENTIAL_Delegation dd[vrh->delegation_chain_size]; |
505 | struct GNUNET_CREDENTIAL_Credential cred[vrh->cred_chain_size]; | 486 | struct GNUNET_CREDENTIAL_Credential cred[vrh->cred_chain_size]; |
@@ -792,21 +773,14 @@ backward_resolution (void* cls, | |||
792 | * @param rd the record data | 773 | * @param rd the record data |
793 | */ | 774 | */ |
794 | static void | 775 | static void |
795 | handle_credential_query (void* cls, | 776 | delegation_chain_resolution_start (void* cls) |
796 | uint32_t rd_count, | ||
797 | const struct GNUNET_GNSRECORD_Data *rd) | ||
798 | { | 777 | { |
799 | struct VerifyRequestHandle *vrh = cls; | 778 | struct VerifyRequestHandle *vrh = cls; |
800 | struct DelegationSetQueueEntry *ds_entry; | 779 | struct DelegationSetQueueEntry *ds_entry; |
801 | struct GNUNET_CREDENTIAL_Credential *crd; | ||
802 | struct CredentialRecordEntry *cr_entry; | 780 | struct CredentialRecordEntry *cr_entry; |
803 | int cred_record_count; | ||
804 | int i; | ||
805 | |||
806 | vrh->lookup_request = NULL; | 781 | vrh->lookup_request = NULL; |
807 | cred_record_count = 0; | ||
808 | 782 | ||
809 | if (0 == rd_count) | 783 | if (0 == vrh->cred_chain_size) |
810 | { | 784 | { |
811 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 785 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
812 | "No credentials found\n"); | 786 | "No credentials found\n"); |
@@ -814,31 +788,13 @@ handle_credential_query (void* cls, | |||
814 | return; | 788 | return; |
815 | } | 789 | } |
816 | 790 | ||
817 | for (i=0; i < rd_count; i++) | 791 | for (cr_entry = vrh->cred_chain_head; cr_entry != NULL; cr_entry = cr_entry->next) |
818 | { | 792 | { |
819 | if (GNUNET_GNSRECORD_TYPE_CREDENTIAL != rd[i].record_type) | 793 | if (0 != memcmp (&cr_entry->credential->issuer_key, |
820 | continue; | ||
821 | cred_record_count++; | ||
822 | crd = GNUNET_CREDENTIAL_credential_deserialize (rd[i].data, | ||
823 | rd[i].data_size); | ||
824 | if (NULL == crd) | ||
825 | { | ||
826 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
827 | "Invalid credential found\n"); | ||
828 | continue; | ||
829 | } | ||
830 | cr_entry = GNUNET_new (struct CredentialRecordEntry); | ||
831 | cr_entry->credential = crd; | ||
832 | GNUNET_CONTAINER_DLL_insert_tail (vrh->cred_chain_head, | ||
833 | vrh->cred_chain_tail, | ||
834 | cr_entry); | ||
835 | vrh->cred_chain_size++; | ||
836 | |||
837 | if (0 != memcmp (&crd->issuer_key, | ||
838 | &vrh->issuer_key, | 794 | &vrh->issuer_key, |
839 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) | 795 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) |
840 | continue; | 796 | continue; |
841 | if (0 != strcmp (crd->issuer_attribute, vrh->issuer_attribute)) | 797 | if (0 != strcmp (cr_entry->credential->issuer_attribute, vrh->issuer_attribute)) |
842 | continue; | 798 | continue; |
843 | //Found match prematurely | 799 | //Found match prematurely |
844 | send_lookup_response (vrh); | 800 | send_lookup_response (vrh); |
@@ -878,6 +834,40 @@ handle_credential_query (void* cls, | |||
878 | ds_entry); | 834 | ds_entry); |
879 | } | 835 | } |
880 | 836 | ||
837 | /** | ||
838 | * Checks a #GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY message | ||
839 | * | ||
840 | * @param cls client sending the message | ||
841 | * @param v_msg message of type `struct VerifyMessage` | ||
842 | * @return #GNUNET_OK if @a v_msg is well-formed | ||
843 | */ | ||
844 | static int | ||
845 | check_verify (void *cls, | ||
846 | const struct VerifyMessage *v_msg) | ||
847 | { | ||
848 | size_t msg_size; | ||
849 | const char* attr; | ||
850 | |||
851 | msg_size = ntohs (v_msg->header.size); | ||
852 | if (msg_size < sizeof (struct VerifyMessage)) | ||
853 | { | ||
854 | GNUNET_break (0); | ||
855 | return GNUNET_SYSERR; | ||
856 | } | ||
857 | if (ntohs (v_msg->issuer_attribute_len) > GNUNET_CREDENTIAL_MAX_LENGTH) | ||
858 | { | ||
859 | GNUNET_break (0); | ||
860 | return GNUNET_SYSERR; | ||
861 | } | ||
862 | attr = (const char *) &v_msg[1]; | ||
863 | |||
864 | if ( strlen (attr) > GNUNET_CREDENTIAL_MAX_LENGTH) | ||
865 | { | ||
866 | GNUNET_break (0); | ||
867 | return GNUNET_SYSERR; | ||
868 | } | ||
869 | return GNUNET_OK; | ||
870 | } | ||
881 | 871 | ||
882 | /** | 872 | /** |
883 | * Handle Credential verification requests from client | 873 | * Handle Credential verification requests from client |
@@ -890,12 +880,11 @@ static void | |||
890 | handle_verify (void *cls, | 880 | handle_verify (void *cls, |
891 | const struct VerifyMessage *v_msg) | 881 | const struct VerifyMessage *v_msg) |
892 | { | 882 | { |
893 | char attrs[GNUNET_CREDENTIAL_MAX_LENGTH*2 + 1]; | 883 | char attr[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; |
894 | char issuer_attribute[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; | 884 | char issuer_attribute[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; |
895 | char subject_attribute[GNUNET_CREDENTIAL_MAX_LENGTH + 1 + 4]; | ||
896 | struct VerifyRequestHandle *vrh; | 885 | struct VerifyRequestHandle *vrh; |
897 | struct GNUNET_SERVICE_Client *client = cls; | 886 | struct GNUNET_SERVICE_Client *client = cls; |
898 | char *attrptr = attrs; | 887 | char *attrptr = attr; |
899 | const char *utf_in; | 888 | const char *utf_in; |
900 | 889 | ||
901 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 890 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
@@ -904,12 +893,8 @@ handle_verify (void *cls, | |||
904 | utf_in = (const char *) &v_msg[1]; | 893 | utf_in = (const char *) &v_msg[1]; |
905 | GNUNET_STRINGS_utf8_tolower (utf_in, attrptr); | 894 | GNUNET_STRINGS_utf8_tolower (utf_in, attrptr); |
906 | 895 | ||
907 | GNUNET_memcpy (issuer_attribute, attrs, ntohs (v_msg->issuer_attribute_len)); | 896 | GNUNET_memcpy (issuer_attribute, attr, ntohs (v_msg->issuer_attribute_len)); |
908 | issuer_attribute[ntohs (v_msg->issuer_attribute_len)] = '\0'; | 897 | issuer_attribute[ntohs (v_msg->issuer_attribute_len)] = '\0'; |
909 | GNUNET_memcpy (subject_attribute, attrs+strlen(issuer_attribute), ntohs (v_msg->subject_attribute_len)); | ||
910 | strcpy (subject_attribute+ntohs (v_msg->subject_attribute_len), | ||
911 | ".gnu"); | ||
912 | subject_attribute[ntohs (v_msg->subject_attribute_len)+4] = '\0'; | ||
913 | vrh = GNUNET_new (struct VerifyRequestHandle); | 898 | vrh = GNUNET_new (struct VerifyRequestHandle); |
914 | GNUNET_CONTAINER_DLL_insert (vrh_head, vrh_tail, vrh); | 899 | GNUNET_CONTAINER_DLL_insert (vrh_head, vrh_tail, vrh); |
915 | vrh->client = client; | 900 | vrh->client = client; |
@@ -917,14 +902,169 @@ handle_verify (void *cls, | |||
917 | vrh->issuer_key = v_msg->issuer_key; | 902 | vrh->issuer_key = v_msg->issuer_key; |
918 | vrh->subject_key = v_msg->subject_key; | 903 | vrh->subject_key = v_msg->subject_key; |
919 | vrh->issuer_attribute = GNUNET_strdup (issuer_attribute); | 904 | vrh->issuer_attribute = GNUNET_strdup (issuer_attribute); |
920 | 905 | if (NULL == issuer_attribute) | |
921 | if (NULL == subject_attribute) | ||
922 | { | 906 | { |
923 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 907 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
924 | "No subject attribute provided!\n"); | 908 | "No issuer attribute provided!\n"); |
909 | send_lookup_response (vrh); | ||
910 | return; | ||
911 | } | ||
912 | /** | ||
913 | * First, collect credentials | ||
914 | * TODO: cleanup! | ||
915 | */ | ||
916 | uint32_t credentials_count = ntohl(v_msg->c_count); | ||
917 | int i; | ||
918 | uint32_t credential_data_size = ntohs (v_msg->header.size) | ||
919 | - sizeof (struct VerifyMessage) | ||
920 | - ntohs (v_msg->issuer_attribute_len) | ||
921 | - 1; | ||
922 | struct GNUNET_CREDENTIAL_Credential credentials[credentials_count]; | ||
923 | char *credential_data = (char*)&v_msg[1] + ntohs (v_msg->issuer_attribute_len) + 1; | ||
924 | struct CredentialRecordEntry *cr_entry; | ||
925 | if (GNUNET_OK != GNUNET_CREDENTIAL_credentials_deserialize (credential_data_size, | ||
926 | credential_data, | ||
927 | credentials_count, | ||
928 | credentials)) | ||
929 | { | ||
930 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
931 | "Cannot deserialize credentials!\n"); | ||
925 | send_lookup_response (vrh); | 932 | send_lookup_response (vrh); |
926 | return; | 933 | return; |
927 | } | 934 | } |
935 | |||
936 | for (i=0;i<credentials_count;i++) { | ||
937 | cr_entry = GNUNET_new (struct CredentialRecordEntry); | ||
938 | cr_entry->credential = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_Credential) + | ||
939 | strlen (credentials[i].issuer_attribute) + 1); | ||
940 | GNUNET_memcpy (cr_entry->credential, | ||
941 | &credentials[i], | ||
942 | sizeof (struct GNUNET_CREDENTIAL_Credential)); | ||
943 | GNUNET_memcpy (&cr_entry->credential[1], | ||
944 | credentials[i].issuer_attribute, | ||
945 | strlen (credentials[i].issuer_attribute)); | ||
946 | cr_entry->credential->issuer_attribute = (char*)&cr_entry->credential[1]; | ||
947 | GNUNET_CONTAINER_DLL_insert_tail (vrh->cred_chain_head, | ||
948 | vrh->cred_chain_tail, | ||
949 | cr_entry); | ||
950 | vrh->cred_chain_size++; | ||
951 | } | ||
952 | |||
953 | delegation_chain_resolution_start (vrh); | ||
954 | |||
955 | } | ||
956 | |||
957 | /** | ||
958 | * We encountered an error while collecting | ||
959 | */ | ||
960 | static void | ||
961 | handle_cred_collection_error_cb (void *cls) | ||
962 | { | ||
963 | struct VerifyRequestHandle *vrh = cls; | ||
964 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
965 | "Got disconnected from namestore database.\n"); | ||
966 | vrh->cred_collection_iter = NULL; | ||
967 | send_lookup_response (vrh); | ||
968 | } | ||
969 | |||
970 | static void | ||
971 | collect_next (void *cls) | ||
972 | { | ||
973 | struct VerifyRequestHandle *vrh = cls; | ||
974 | vrh->collect_next_task = NULL; | ||
975 | GNUNET_assert (NULL != vrh->cred_collection_iter); | ||
976 | GNUNET_NAMESTORE_zone_iterator_next (vrh->cred_collection_iter); | ||
977 | } | ||
978 | |||
979 | /** | ||
980 | * Store credential | ||
981 | */ | ||
982 | static void | ||
983 | handle_cred_collection_cb (void *cls, | ||
984 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | ||
985 | const char *label, | ||
986 | unsigned int rd_count, | ||
987 | const struct GNUNET_GNSRECORD_Data *rd) | ||
988 | { | ||
989 | struct VerifyRequestHandle *vrh = cls; | ||
990 | struct GNUNET_CREDENTIAL_Credential *crd; | ||
991 | struct CredentialRecordEntry *cr_entry; | ||
992 | int cred_record_count; | ||
993 | int i; | ||
994 | |||
995 | cred_record_count = 0; | ||
996 | for (i=0; i < rd_count; i++) | ||
997 | { | ||
998 | if (GNUNET_GNSRECORD_TYPE_CREDENTIAL != rd[i].record_type) | ||
999 | continue; | ||
1000 | cred_record_count++; | ||
1001 | crd = GNUNET_CREDENTIAL_credential_deserialize (rd[i].data, | ||
1002 | rd[i].data_size); | ||
1003 | if (NULL == crd) | ||
1004 | { | ||
1005 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
1006 | "Invalid credential found\n"); | ||
1007 | continue; | ||
1008 | } | ||
1009 | cr_entry = GNUNET_new (struct CredentialRecordEntry); | ||
1010 | cr_entry->credential = crd; | ||
1011 | GNUNET_CONTAINER_DLL_insert_tail (vrh->cred_chain_head, | ||
1012 | vrh->cred_chain_tail, | ||
1013 | cr_entry); | ||
1014 | vrh->cred_chain_size++; | ||
1015 | } | ||
1016 | vrh->collect_next_task = GNUNET_SCHEDULER_add_now (&collect_next, | ||
1017 | vrh); | ||
1018 | } | ||
1019 | |||
1020 | /** | ||
1021 | * We encountered an error while collecting | ||
1022 | */ | ||
1023 | static void | ||
1024 | handle_cred_collection_finished_cb (void *cls) | ||
1025 | { | ||
1026 | struct VerifyRequestHandle *vrh = cls; | ||
1027 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1028 | "Done collecting credentials.\n"); | ||
1029 | vrh->cred_collection_iter = NULL; | ||
1030 | delegation_chain_resolution_start (vrh); | ||
1031 | } | ||
1032 | |||
1033 | /** | ||
1034 | * Handle Credential collection requests from client | ||
1035 | * | ||
1036 | * @param cls the closure | ||
1037 | * @param client the client | ||
1038 | * @param message the message | ||
1039 | */ | ||
1040 | static void | ||
1041 | handle_collect (void *cls, | ||
1042 | const struct CollectMessage *c_msg) | ||
1043 | { | ||
1044 | char attr[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; | ||
1045 | char issuer_attribute[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; | ||
1046 | struct VerifyRequestHandle *vrh; | ||
1047 | struct GNUNET_SERVICE_Client *client = cls; | ||
1048 | char *attrptr = attr; | ||
1049 | const char *utf_in; | ||
1050 | |||
1051 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1052 | "Received COLLECT message\n"); | ||
1053 | |||
1054 | utf_in = (const char *) &c_msg[1]; | ||
1055 | GNUNET_STRINGS_utf8_tolower (utf_in, attrptr); | ||
1056 | |||
1057 | GNUNET_memcpy (issuer_attribute, attr, ntohs (c_msg->issuer_attribute_len)); | ||
1058 | issuer_attribute[ntohs (c_msg->issuer_attribute_len)] = '\0'; | ||
1059 | vrh = GNUNET_new (struct VerifyRequestHandle); | ||
1060 | GNUNET_CONTAINER_DLL_insert (vrh_head, vrh_tail, vrh); | ||
1061 | vrh->client = client; | ||
1062 | vrh->request_id = c_msg->id; | ||
1063 | vrh->issuer_key = c_msg->issuer_key; | ||
1064 | GNUNET_CRYPTO_ecdsa_key_get_public (&c_msg->subject_key, | ||
1065 | &vrh->subject_key); | ||
1066 | vrh->issuer_attribute = GNUNET_strdup (issuer_attribute); | ||
1067 | |||
928 | if (NULL == issuer_attribute) | 1068 | if (NULL == issuer_attribute) |
929 | { | 1069 | { |
930 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 1070 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
@@ -933,23 +1073,58 @@ handle_verify (void *cls, | |||
933 | return; | 1073 | return; |
934 | } | 1074 | } |
935 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 1075 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
936 | "Looking up %s\n", | 1076 | "Getting credentials for subject\n"); |
937 | subject_attribute); | ||
938 | /** | 1077 | /** |
939 | * First, get attribute from subject | 1078 | * First, get attribute from subject |
940 | */ | 1079 | */ |
941 | vrh->lookup_request = GNUNET_GNS_lookup (gns, | 1080 | vrh->cred_collection_iter = GNUNET_NAMESTORE_zone_iteration_start (namestore, |
942 | subject_attribute, | 1081 | &c_msg->subject_key, |
943 | &v_msg->subject_key, //subject_pkey, | 1082 | &handle_cred_collection_error_cb, |
944 | GNUNET_GNSRECORD_TYPE_CREDENTIAL, | 1083 | vrh, |
945 | GNUNET_GNS_LO_DEFAULT, | 1084 | &handle_cred_collection_cb, |
946 | NULL, //shorten_key, always NULL | 1085 | vrh, |
947 | &handle_credential_query, | 1086 | &handle_cred_collection_finished_cb, |
948 | vrh); | 1087 | vrh); |
949 | } | 1088 | } |
950 | 1089 | ||
951 | 1090 | ||
952 | /** | 1091 | /** |
1092 | * Checks a #GNUNET_MESSAGE_TYPE_CREDENTIAL_COLLECT message | ||
1093 | * | ||
1094 | * @param cls client sending the message | ||
1095 | * @param v_msg message of type `struct CollectMessage` | ||
1096 | * @return #GNUNET_OK if @a v_msg is well-formed | ||
1097 | */ | ||
1098 | static int | ||
1099 | check_collect (void *cls, | ||
1100 | const struct CollectMessage *c_msg) | ||
1101 | { | ||
1102 | size_t msg_size; | ||
1103 | const char* attr; | ||
1104 | |||
1105 | msg_size = ntohs (c_msg->header.size); | ||
1106 | if (msg_size < sizeof (struct CollectMessage)) | ||
1107 | { | ||
1108 | GNUNET_break (0); | ||
1109 | return GNUNET_SYSERR; | ||
1110 | } | ||
1111 | if (ntohs (c_msg->issuer_attribute_len) > GNUNET_CREDENTIAL_MAX_LENGTH) | ||
1112 | { | ||
1113 | GNUNET_break (0); | ||
1114 | return GNUNET_SYSERR; | ||
1115 | } | ||
1116 | attr = (const char *) &c_msg[1]; | ||
1117 | |||
1118 | if ( ('\0' != attr[ntohs(c_msg->header.size) - sizeof (struct CollectMessage) - 1]) || | ||
1119 | (strlen (attr) > GNUNET_CREDENTIAL_MAX_LENGTH) ) | ||
1120 | { | ||
1121 | GNUNET_break (0); | ||
1122 | return GNUNET_SYSERR; | ||
1123 | } | ||
1124 | return GNUNET_OK; | ||
1125 | } | ||
1126 | |||
1127 | /** | ||
953 | * One of our clients disconnected, clean up after it. | 1128 | * One of our clients disconnected, clean up after it. |
954 | * | 1129 | * |
955 | * @param cls NULL | 1130 | * @param cls NULL |
@@ -1003,6 +1178,12 @@ run (void *cls, | |||
1003 | fprintf (stderr, | 1178 | fprintf (stderr, |
1004 | _("Failed to connect to GNS\n")); | 1179 | _("Failed to connect to GNS\n")); |
1005 | } | 1180 | } |
1181 | namestore = GNUNET_NAMESTORE_connect (c); | ||
1182 | if (NULL == namestore) | ||
1183 | { | ||
1184 | fprintf (stderr, | ||
1185 | _("Failed to connect to namestore\n")); | ||
1186 | } | ||
1006 | 1187 | ||
1007 | statistics = GNUNET_STATISTICS_create ("credential", c); | 1188 | statistics = GNUNET_STATISTICS_create ("credential", c); |
1008 | GNUNET_SCHEDULER_add_shutdown (&shutdown_task, NULL); | 1189 | GNUNET_SCHEDULER_add_shutdown (&shutdown_task, NULL); |
@@ -1023,6 +1204,10 @@ GNUNET_SERVICE_MAIN | |||
1023 | GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY, | 1204 | GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY, |
1024 | struct VerifyMessage, | 1205 | struct VerifyMessage, |
1025 | NULL), | 1206 | NULL), |
1207 | GNUNET_MQ_hd_var_size (collect, | ||
1208 | GNUNET_MESSAGE_TYPE_CREDENTIAL_COLLECT, | ||
1209 | struct CollectMessage, | ||
1210 | NULL), | ||
1026 | GNUNET_MQ_handler_end()); | 1211 | GNUNET_MQ_handler_end()); |
1027 | 1212 | ||
1028 | /* end of gnunet-service-credential.c */ | 1213 | /* end of gnunet-service-credential.c */ |
diff --git a/src/credential/plugin_rest_credential.c b/src/credential/plugin_rest_credential.c index 651de0075..f13e26cd4 100644 --- a/src/credential/plugin_rest_credential.c +++ b/src/credential/plugin_rest_credential.c | |||
@@ -492,7 +492,8 @@ verify_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle, | |||
492 | &handle->issuer_key, | 492 | &handle->issuer_key, |
493 | handle->issuer_attr, | 493 | handle->issuer_attr, |
494 | &handle->subject_key, | 494 | &handle->subject_key, |
495 | handle->subject_attr, | 495 | 0, |
496 | NULL,//TODOhandle->subject_attr, | ||
496 | &handle_verify_response, | 497 | &handle_verify_response, |
497 | handle); | 498 | handle); |
498 | 499 | ||
diff --git a/src/credential/test_credential_collect.sh b/src/credential/test_credential_collect.sh new file mode 100755 index 000000000..6c713063f --- /dev/null +++ b/src/credential/test_credential_collect.sh | |||
@@ -0,0 +1,47 @@ | |||
1 | #!/bin/bash | ||
2 | trap "gnunet-arm -e -c test_credential_lookup.conf" SIGINT | ||
3 | |||
4 | LOCATION=$(which gnunet-config) | ||
5 | if [ -z $LOCATION ] | ||
6 | then | ||
7 | LOCATION="gnunet-config" | ||
8 | fi | ||
9 | $LOCATION --version 1> /dev/null | ||
10 | if test $? != 0 | ||
11 | then | ||
12 | echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" | ||
13 | exit 77 | ||
14 | fi | ||
15 | |||
16 | rm -rf `gnunet-config -c test_credential_lookup.conf -s PATHS -o GNUNET_HOME -f` | ||
17 | |||
18 | # (1) PKEY1.user -> PKEY2.resu.user | ||
19 | # (2) PKEY2.resu -> PKEY3 | ||
20 | # (3) PKEY3.user -> PKEY4 | ||
21 | |||
22 | |||
23 | which timeout &> /dev/null && DO_TIMEOUT="timeout 30" | ||
24 | |||
25 | TEST_ATTR="test" | ||
26 | TEST_ATTR2="test2" | ||
27 | gnunet-arm -s -c test_credential_lookup.conf | ||
28 | gnunet-identity -C testissuer -c test_credential_lookup.conf | ||
29 | gnunet-identity -C testsubject -c test_credential_lookup.conf | ||
30 | SUBJECT_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testsubject | awk '{print $3}') | ||
31 | ISSUER_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testissuer | awk '{print $3}') | ||
32 | #TODO1 Get credential and store it with subject (3) | ||
33 | CRED=`$DO_TIMEOUT gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR --ttl=5m -c test_credential_lookup.conf` | ||
34 | $DO_TIMEOUT gnunet-namestore -a -z testsubject -n c1 -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf | ||
35 | CRED=`$DO_TIMEOUT gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR2 --ttl=5m -c test_credential_lookup.conf` | ||
36 | $DO_TIMEOUT gnunet-namestore -a -z testsubject -n c2 -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf | ||
37 | CREDS=`$DO_TIMEOUT gnunet-credential --collect --issuer=$ISSUER_KEY --attribute=$TEST_ATTR --ego=testsubject -c test_credential_lookup.conf | paste -d, -s` | ||
38 | echo $CREDS | ||
39 | RES=$? | ||
40 | gnunet-arm -e -c test_credential_lookup.conf | ||
41 | |||
42 | if test $? != 0 | ||
43 | then | ||
44 | echo "Error collecting..." | ||
45 | exit 1 | ||
46 | fi | ||
47 | |||
diff --git a/src/credential/test_credential_lookup.conf b/src/credential/test_credential_lookup.conf index 7aa193abd..93b4864d9 100644 --- a/src/credential/test_credential_lookup.conf +++ b/src/credential/test_credential_lookup.conf | |||
@@ -11,7 +11,7 @@ PLUGINS = | |||
11 | 11 | ||
12 | [credential] | 12 | [credential] |
13 | AUTOSTART = YES | 13 | AUTOSTART = YES |
14 | #PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/credlog | 14 | PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/credlog |
15 | 15 | ||
16 | [rest] | 16 | [rest] |
17 | #PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/restlog | 17 | #PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/restlog |
diff --git a/src/credential/test_credential_verify.sh b/src/credential/test_credential_verify.sh index 6d69e337b..d042bcfe6 100755 --- a/src/credential/test_credential_verify.sh +++ b/src/credential/test_credential_verify.sh | |||
@@ -57,8 +57,11 @@ CRED=`$DO_TIMEOUT gnunet-credential --issue --ego=gnunet --subject=$ALICE_KEY -- | |||
57 | # Alice stores the credential under "mygnunetcreds" | 57 | # Alice stores the credential under "mygnunetcreds" |
58 | gnunet-namestore -p -z alice -a -n $TEST_CREDENTIAL -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf | 58 | gnunet-namestore -p -z alice -a -n $TEST_CREDENTIAL -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf |
59 | 59 | ||
60 | CREDS=`$DO_TIMEOUT gnunet-credential --collect --issuer=$SERVICE_KEY --attribute=$USER_ATTR --ego=alice -c test_credential_lookup.conf | paste -d, -s` | ||
61 | |||
62 | echo gnunet-credential --verify --issuer=$SERVICE_KEY --attribute=$USER_ATTR --subject=$ALICE_KEY --credential=\'$CREDS\' -c test_credential_lookup.conf | ||
60 | #TODO2 Add -z swich like in gnunet-gns | 63 | #TODO2 Add -z swich like in gnunet-gns |
61 | RES_CRED=`gnunet-credential --verify --issuer=$SERVICE_KEY --attribute=$USER_ATTR --subject=$ALICE_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf` | 64 | gnunet-credential --verify --issuer=$SERVICE_KEY --attribute=$USER_ATTR --subject=$ALICE_KEY --credential="$CREDS" -c test_credential_lookup.conf |
62 | 65 | ||
63 | 66 | ||
64 | #TODO cleanup properly | 67 | #TODO cleanup properly |
diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h index 906163c14..d04c0a253 100644 --- a/src/include/gnunet_credential_service.h +++ b/src/include/gnunet_credential_service.h | |||
@@ -235,7 +235,7 @@ GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle); | |||
235 | * @param c_count the number of credentials found | 235 | * @param c_count the number of credentials found |
236 | * @param credential the credentials | 236 | * @param credential the credentials |
237 | */ | 237 | */ |
238 | typedef void (*GNUNET_CREDENTIAL_VerifyResultProcessor) (void *cls, | 238 | typedef void (*GNUNET_CREDENTIAL_CredentialResultProcessor) (void *cls, |
239 | unsigned int d_count, | 239 | unsigned int d_count, |
240 | struct GNUNET_CREDENTIAL_Delegation *delegation_chain, | 240 | struct GNUNET_CREDENTIAL_Delegation *delegation_chain, |
241 | unsigned int c_count, | 241 | unsigned int c_count, |
@@ -286,10 +286,19 @@ GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, | |||
286 | const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, | 286 | const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, |
287 | const char *issuer_attribute, | 287 | const char *issuer_attribute, |
288 | const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key, | 288 | const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key, |
289 | const char *subject_attribute, | 289 | uint32_t credential_count, |
290 | GNUNET_CREDENTIAL_VerifyResultProcessor proc, | 290 | const struct GNUNET_CREDENTIAL_Credential *credentials, |
291 | GNUNET_CREDENTIAL_CredentialResultProcessor proc, | ||
291 | void *proc_cls); | 292 | void *proc_cls); |
292 | 293 | ||
294 | struct GNUNET_CREDENTIAL_Request* | ||
295 | GNUNET_CREDENTIAL_collect (struct GNUNET_CREDENTIAL_Handle *handle, | ||
296 | const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, | ||
297 | const char *issuer_attribute, | ||
298 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *subject_key, | ||
299 | GNUNET_CREDENTIAL_CredentialResultProcessor proc, | ||
300 | void *proc_cls); | ||
301 | |||
293 | /** | 302 | /** |
294 | * Delegate an attribute | 303 | * Delegate an attribute |
295 | * | 304 | * |
diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h index 596196311..cf26f1727 100644 --- a/src/include/gnunet_protocols.h +++ b/src/include/gnunet_protocols.h | |||
@@ -2616,6 +2616,10 @@ extern "C" | |||
2616 | 2616 | ||
2617 | #define GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT 972 | 2617 | #define GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT 972 |
2618 | 2618 | ||
2619 | #define GNUNET_MESSAGE_TYPE_CREDENTIAL_COLLECT 973 | ||
2620 | |||
2621 | #define GNUNET_MESSAGE_TYPE_CREDENTIAL_COLLECT_RESULT 974 | ||
2622 | |||
2619 | /******************************************************************************/ | 2623 | /******************************************************************************/ |
2620 | 2624 | ||
2621 | 2625 | ||