diff options
author | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2017-10-07 13:01:52 +0200 |
---|---|---|
committer | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2017-10-07 13:01:52 +0200 |
commit | b7389bb3a98c077bcf39cafe2f9b66db15bd0bda (patch) | |
tree | 7758dcc461cf386ef30446d2f2b8eacf2f1e4183 /src | |
parent | f12a22a2a9b6d71f0fc9d24940e77d84d6568da0 (diff) | |
download | gnunet-b7389bb3a98c077bcf39cafe2f9b66db15bd0bda.tar.gz gnunet-b7389bb3a98c077bcf39cafe2f9b66db15bd0bda.zip |
-mem fixes, revocation finish
Diffstat (limited to 'src')
-rw-r--r-- | src/identity-provider/gnunet-idp.c | 46 | ||||
-rw-r--r-- | src/identity-provider/gnunet-service-identity-provider.c | 123 | ||||
-rw-r--r-- | src/identity-provider/identity_provider_api.c | 8 | ||||
-rw-r--r-- | src/identity-provider/plugin_identity_provider_sqlite.c | 1 | ||||
-rwxr-xr-x | src/identity-provider/test_idp_revoke.sh | 37 | ||||
-rw-r--r-- | src/util/crypto_abe.c | 3 |
6 files changed, 167 insertions, 51 deletions
diff --git a/src/identity-provider/gnunet-idp.c b/src/identity-provider/gnunet-idp.c index d6544eb3b..6940220d7 100644 --- a/src/identity-provider/gnunet-idp.c +++ b/src/identity-provider/gnunet-idp.c | |||
@@ -62,6 +62,11 @@ static char* issue_attrs; | |||
62 | static char* consume_ticket; | 62 | static char* consume_ticket; |
63 | 63 | ||
64 | /** | 64 | /** |
65 | * Ticket to revoke | ||
66 | */ | ||
67 | static char* revoke_ticket; | ||
68 | |||
69 | /** | ||
65 | * Ego name | 70 | * Ego name |
66 | */ | 71 | */ |
67 | static char* ego_name; | 72 | static char* ego_name; |
@@ -182,17 +187,31 @@ iter_error (void *cls) | |||
182 | } | 187 | } |
183 | 188 | ||
184 | static void | 189 | static void |
190 | process_rvk (void *cls, int success, const char* msg) | ||
191 | { | ||
192 | if (GNUNET_OK != success) | ||
193 | GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, | ||
194 | "Revocation failed.\n"); | ||
195 | else | ||
196 | GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, | ||
197 | "Revocation successful.\n"); | ||
198 | GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); | ||
199 | } | ||
200 | |||
201 | static void | ||
185 | iter_finished (void *cls) | 202 | iter_finished (void *cls) |
186 | { | 203 | { |
187 | struct GNUNET_IDENTITY_PROVIDER_Attribute *attr; | 204 | struct GNUNET_IDENTITY_PROVIDER_Attribute *attr; |
188 | 205 | ||
189 | attr_iterator = NULL; | 206 | attr_iterator = NULL; |
190 | if (list) { | 207 | if (list) |
208 | { | ||
191 | GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); | 209 | GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); |
192 | return; | 210 | return; |
193 | } | 211 | } |
194 | 212 | ||
195 | if (issue_attrs) { | 213 | if (issue_attrs) |
214 | { | ||
196 | idp_op = GNUNET_IDENTITY_PROVIDER_ticket_issue (idp_handle, | 215 | idp_op = GNUNET_IDENTITY_PROVIDER_ticket_issue (idp_handle, |
197 | pkey, | 216 | pkey, |
198 | &rp_key, | 217 | &rp_key, |
@@ -201,7 +220,8 @@ iter_finished (void *cls) | |||
201 | NULL); | 220 | NULL); |
202 | return; | 221 | return; |
203 | } | 222 | } |
204 | if (consume_ticket) { | 223 | if (consume_ticket) |
224 | { | ||
205 | idp_op = GNUNET_IDENTITY_PROVIDER_ticket_consume (idp_handle, | 225 | idp_op = GNUNET_IDENTITY_PROVIDER_ticket_consume (idp_handle, |
206 | pkey, | 226 | pkey, |
207 | &ticket, | 227 | &ticket, |
@@ -209,6 +229,15 @@ iter_finished (void *cls) | |||
209 | NULL); | 229 | NULL); |
210 | return; | 230 | return; |
211 | } | 231 | } |
232 | if (revoke_ticket) | ||
233 | { | ||
234 | idp_op = GNUNET_IDENTITY_PROVIDER_ticket_revoke (idp_handle, | ||
235 | pkey, | ||
236 | &ticket, | ||
237 | &process_rvk, | ||
238 | NULL); | ||
239 | return; | ||
240 | } | ||
212 | attr = GNUNET_IDENTITY_PROVIDER_attribute_new (attr_name, | 241 | attr = GNUNET_IDENTITY_PROVIDER_attribute_new (attr_name, |
213 | GNUNET_IDENTITY_PROVIDER_AT_STRING, | 242 | GNUNET_IDENTITY_PROVIDER_AT_STRING, |
214 | attr_value, | 243 | attr_value, |
@@ -279,6 +308,12 @@ ego_cb (void *cls, | |||
279 | strlen (consume_ticket), | 308 | strlen (consume_ticket), |
280 | &ticket, | 309 | &ticket, |
281 | sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket)); | 310 | sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket)); |
311 | if (NULL != revoke_ticket) | ||
312 | GNUNET_STRINGS_string_to_data (revoke_ticket, | ||
313 | strlen (revoke_ticket), | ||
314 | &ticket, | ||
315 | sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket)); | ||
316 | |||
282 | 317 | ||
283 | attr_list = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList); | 318 | attr_list = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList); |
284 | 319 | ||
@@ -358,6 +393,11 @@ main(int argc, char *const argv[]) | |||
358 | NULL, | 393 | NULL, |
359 | gettext_noop ("Consume a ticket"), | 394 | gettext_noop ("Consume a ticket"), |
360 | &consume_ticket), | 395 | &consume_ticket), |
396 | GNUNET_GETOPT_option_string ('R', | ||
397 | "revoke", | ||
398 | NULL, | ||
399 | gettext_noop ("Revoke a ticket"), | ||
400 | &revoke_ticket), | ||
361 | GNUNET_GETOPT_OPTION_END | 401 | GNUNET_GETOPT_OPTION_END |
362 | }; | 402 | }; |
363 | return GNUNET_PROGRAM_run (argc, argv, "ct", | 403 | return GNUNET_PROGRAM_run (argc, argv, "ct", |
diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index f9d3f3f92..2f477370e 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c | |||
@@ -473,11 +473,16 @@ struct TicketRevocationHandle | |||
473 | struct IdpClient *client; | 473 | struct IdpClient *client; |
474 | 474 | ||
475 | /** | 475 | /** |
476 | * Attributes to issue | 476 | * Attributes to reissue |
477 | */ | 477 | */ |
478 | struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs; | 478 | struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs; |
479 | 479 | ||
480 | /** | 480 | /** |
481 | * Attributes to revoke | ||
482 | */ | ||
483 | struct GNUNET_IDENTITY_PROVIDER_AttributeList *rvk_attrs; | ||
484 | |||
485 | /** | ||
481 | * Issuer Key | 486 | * Issuer Key |
482 | */ | 487 | */ |
483 | struct GNUNET_CRYPTO_EcdsaPrivateKey identity; | 488 | struct GNUNET_CRYPTO_EcdsaPrivateKey identity; |
@@ -679,6 +684,7 @@ bootstrap_store_task (void *cls) | |||
679 | rd, | 684 | rd, |
680 | &bootstrap_store_cont, | 685 | &bootstrap_store_cont, |
681 | abh); | 686 | abh); |
687 | GNUNET_free ((void*)rd[0].data); | ||
682 | } | 688 | } |
683 | 689 | ||
684 | /** | 690 | /** |
@@ -917,6 +923,7 @@ serialize_abe_keyinfo2 (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, | |||
917 | enc_keyinfo, | 923 | enc_keyinfo, |
918 | enc_size); | 924 | enc_size); |
919 | GNUNET_free (enc_keyinfo); | 925 | GNUNET_free (enc_keyinfo); |
926 | GNUNET_free (buf); | ||
920 | return sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)+enc_size; | 927 | return sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)+enc_size; |
921 | } | 928 | } |
922 | 929 | ||
@@ -978,6 +985,8 @@ issue_ticket_after_abe_bootstrap (void *cls, | |||
978 | GNUNET_free (label); | 985 | GNUNET_free (label); |
979 | GNUNET_free (attrs); | 986 | GNUNET_free (attrs); |
980 | GNUNET_free (code_record_data); | 987 | GNUNET_free (code_record_data); |
988 | GNUNET_CRYPTO_cpabe_delete_master_key (abe_key); | ||
989 | GNUNET_CRYPTO_cpabe_delete_key (rp_key); | ||
981 | } | 990 | } |
982 | 991 | ||
983 | 992 | ||
@@ -1049,8 +1058,10 @@ cleanup_revoke_ticket_handle (struct TicketRevocationHandle *handle) | |||
1049 | { | 1058 | { |
1050 | if (NULL != handle->attrs) | 1059 | if (NULL != handle->attrs) |
1051 | attribute_list_destroy (handle->attrs); | 1060 | attribute_list_destroy (handle->attrs); |
1061 | if (NULL != handle->rvk_attrs) | ||
1062 | attribute_list_destroy (handle->rvk_attrs); | ||
1052 | if (NULL != handle->abe_key) | 1063 | if (NULL != handle->abe_key) |
1053 | GNUNET_free (handle->abe_key); | 1064 | GNUNET_CRYPTO_cpabe_delete_master_key (handle->abe_key); |
1054 | if (NULL != handle->ns_qe) | 1065 | if (NULL != handle->ns_qe) |
1055 | GNUNET_NAMESTORE_cancel (handle->ns_qe); | 1066 | GNUNET_NAMESTORE_cancel (handle->ns_qe); |
1056 | if (NULL != handle->ns_it) | 1067 | if (NULL != handle->ns_it) |
@@ -1078,7 +1089,6 @@ send_revocation_finished (struct TicketRevocationHandle *rh, | |||
1078 | GNUNET_CONTAINER_DLL_remove (rh->client->revocation_list_head, | 1089 | GNUNET_CONTAINER_DLL_remove (rh->client->revocation_list_head, |
1079 | rh->client->revocation_list_tail, | 1090 | rh->client->revocation_list_tail, |
1080 | rh); | 1091 | rh); |
1081 | cleanup_revoke_ticket_handle (rh); | ||
1082 | } | 1092 | } |
1083 | 1093 | ||
1084 | 1094 | ||
@@ -1101,6 +1111,7 @@ reissue_ticket_cont (void *cls, | |||
1101 | const char *emsg) | 1111 | const char *emsg) |
1102 | { | 1112 | { |
1103 | struct TicketRevocationHandle *rh = cls; | 1113 | struct TicketRevocationHandle *rh = cls; |
1114 | int ret; | ||
1104 | 1115 | ||
1105 | rh->ns_qe = NULL; | 1116 | rh->ns_qe = NULL; |
1106 | if (GNUNET_SYSERR == success) | 1117 | if (GNUNET_SYSERR == success) |
@@ -1111,14 +1122,20 @@ reissue_ticket_cont (void *cls, | |||
1111 | cleanup_revoke_ticket_handle (rh); | 1122 | cleanup_revoke_ticket_handle (rh); |
1112 | return; | 1123 | return; |
1113 | } | 1124 | } |
1125 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Continue DB iteration\n"); | ||
1114 | rh->offset++; | 1126 | rh->offset++; |
1115 | GNUNET_assert (GNUNET_SYSERR != | 1127 | GNUNET_assert (GNUNET_SYSERR != (ret = |
1116 | TKT_database->iterate_tickets (TKT_database->cls, | 1128 | TKT_database->iterate_tickets (TKT_database->cls, |
1117 | &rh->ticket.identity, | 1129 | &rh->ticket.identity, |
1118 | GNUNET_NO, | 1130 | GNUNET_NO, |
1119 | rh->offset, | 1131 | rh->offset, |
1120 | &ticket_reissue_proc, | 1132 | &ticket_reissue_proc, |
1121 | rh)); | 1133 | rh))); |
1134 | if (GNUNET_NO == ret) | ||
1135 | { | ||
1136 | send_revocation_finished (rh, GNUNET_OK); | ||
1137 | cleanup_revoke_ticket_handle (rh); | ||
1138 | } | ||
1122 | } | 1139 | } |
1123 | 1140 | ||
1124 | 1141 | ||
@@ -1136,7 +1153,6 @@ ticket_reissue_proc (void *cls, | |||
1136 | const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs) | 1153 | const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs) |
1137 | { | 1154 | { |
1138 | struct TicketRevocationHandle *rh = cls; | 1155 | struct TicketRevocationHandle *rh = cls; |
1139 | const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs_to_reissue; | ||
1140 | struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; | 1156 | struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; |
1141 | struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; | 1157 | struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; |
1142 | struct GNUNET_GNSRECORD_Data code_record[1]; | 1158 | struct GNUNET_GNSRECORD_Data code_record[1]; |
@@ -1159,19 +1175,16 @@ ticket_reissue_proc (void *cls, | |||
1159 | } | 1175 | } |
1160 | //Create new ABE key for RP | 1176 | //Create new ABE key for RP |
1161 | attrs_len = 0; | 1177 | attrs_len = 0; |
1162 | attrs_to_reissue = attrs; | ||
1163 | 1178 | ||
1164 | /* If this is the RP we want to revoke attributes of, the do so */ | 1179 | /* If this is the RP we want to revoke attributes of, the do so */ |
1165 | if (0 == memcmp (&ticket->audience, | ||
1166 | &rh->ticket.audience, | ||
1167 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) | ||
1168 | attrs_to_reissue = rh->attrs; | ||
1169 | 1180 | ||
1170 | for (le = attrs_to_reissue->list_head; NULL != le; le = le->next) | 1181 | for (le = attrs->list_head; NULL != le; le = le->next) |
1171 | attrs_len++; | 1182 | attrs_len++; |
1172 | attr_arr = GNUNET_malloc ((attrs_len + 1)*sizeof (char*)); | 1183 | attr_arr = GNUNET_malloc ((attrs_len + 1)*sizeof (char*)); |
1173 | i = 0; | 1184 | i = 0; |
1174 | for (le = attrs_to_reissue->list_head; NULL != le; le = le->next) { | 1185 | for (le = attrs->list_head; NULL != le; le = le->next) { |
1186 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1187 | "Recreating key with %s\n", (char*) le->attribute->name); | ||
1175 | attr_arr[i] = (char*) le->attribute->name; | 1188 | attr_arr[i] = (char*) le->attribute->name; |
1176 | i++; | 1189 | i++; |
1177 | } | 1190 | } |
@@ -1181,7 +1194,7 @@ ticket_reissue_proc (void *cls, | |||
1181 | 1194 | ||
1182 | //TODO review this wireformat | 1195 | //TODO review this wireformat |
1183 | code_record_len = serialize_abe_keyinfo2 (&rh->ticket, | 1196 | code_record_len = serialize_abe_keyinfo2 (&rh->ticket, |
1184 | rh->attrs, | 1197 | attrs, |
1185 | rp_key, | 1198 | rp_key, |
1186 | &ecdhe_privkey, | 1199 | &ecdhe_privkey, |
1187 | &code_record_data); | 1200 | &code_record_data); |
@@ -1205,18 +1218,40 @@ ticket_reissue_proc (void *cls, | |||
1205 | GNUNET_free (label); | 1218 | GNUNET_free (label); |
1206 | GNUNET_free (attr_arr); | 1219 | GNUNET_free (attr_arr); |
1207 | GNUNET_free (code_record_data); | 1220 | GNUNET_free (code_record_data); |
1208 | 1221 | GNUNET_CRYPTO_cpabe_delete_key (rp_key); | |
1209 | } | 1222 | } |
1210 | 1223 | ||
1211 | 1224 | ||
1212 | |||
1213 | |||
1214 | /* Prototype for below function */ | 1225 | /* Prototype for below function */ |
1215 | static void | 1226 | static void |
1216 | attr_reenc_cont (void *cls, | 1227 | attr_reenc_cont (void *cls, |
1217 | int32_t success, | 1228 | int32_t success, |
1218 | const char *emsg); | 1229 | const char *emsg); |
1219 | 1230 | ||
1231 | static void | ||
1232 | revocation_reissue_tickets (struct TicketRevocationHandle *rh) | ||
1233 | { | ||
1234 | int ret; | ||
1235 | /* Done, issue new keys */ | ||
1236 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1237 | "Revocation Phase IV: Reissuing Tickets\n"); | ||
1238 | if (GNUNET_SYSERR == (ret = TKT_database->iterate_tickets (TKT_database->cls, | ||
1239 | &rh->ticket.identity, | ||
1240 | GNUNET_NO, | ||
1241 | rh->offset, | ||
1242 | &ticket_reissue_proc, | ||
1243 | rh))) | ||
1244 | { | ||
1245 | GNUNET_break (0); | ||
1246 | } | ||
1247 | if (GNUNET_NO == ret) | ||
1248 | { | ||
1249 | send_revocation_finished (rh, GNUNET_OK); | ||
1250 | cleanup_revoke_ticket_handle (rh); | ||
1251 | } | ||
1252 | |||
1253 | } | ||
1254 | |||
1220 | /** | 1255 | /** |
1221 | * Revoke next attribte by reencryption with | 1256 | * Revoke next attribte by reencryption with |
1222 | * new ABE master | 1257 | * new ABE master |
@@ -1226,8 +1261,15 @@ reenc_next_attribute (struct TicketRevocationHandle *rh) | |||
1226 | { | 1261 | { |
1227 | struct GNUNET_GNSRECORD_Data rd[1]; | 1262 | struct GNUNET_GNSRECORD_Data rd[1]; |
1228 | char* buf; | 1263 | char* buf; |
1264 | char* enc_buf; | ||
1229 | size_t buf_size; | 1265 | size_t buf_size; |
1230 | 1266 | ||
1267 | if (NULL == rh->attrs->list_head) | ||
1268 | { | ||
1269 | revocation_reissue_tickets (rh); | ||
1270 | return; | ||
1271 | } | ||
1272 | |||
1231 | buf_size = attribute_serialize_get_size (rh->attrs->list_head->attribute); | 1273 | buf_size = attribute_serialize_get_size (rh->attrs->list_head->attribute); |
1232 | buf = GNUNET_malloc (buf_size); | 1274 | buf = GNUNET_malloc (buf_size); |
1233 | 1275 | ||
@@ -1241,8 +1283,9 @@ reenc_next_attribute (struct TicketRevocationHandle *rh) | |||
1241 | buf_size, | 1283 | buf_size, |
1242 | rh->attrs->list_head->attribute->name, //Policy | 1284 | rh->attrs->list_head->attribute->name, //Policy |
1243 | rh->abe_key, | 1285 | rh->abe_key, |
1244 | (void**)&rd[0].data); | 1286 | (void**)&enc_buf); |
1245 | GNUNET_free (buf); | 1287 | GNUNET_free (buf); |
1288 | rd[0].data = enc_buf; | ||
1246 | rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR; | 1289 | rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR; |
1247 | rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; | 1290 | rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; |
1248 | rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane? | 1291 | rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane? |
@@ -1253,7 +1296,7 @@ reenc_next_attribute (struct TicketRevocationHandle *rh) | |||
1253 | rd, | 1296 | rd, |
1254 | &attr_reenc_cont, | 1297 | &attr_reenc_cont, |
1255 | rh); | 1298 | rh); |
1256 | GNUNET_free ((void*)rd[0].data); | 1299 | GNUNET_free (enc_buf); |
1257 | 1300 | ||
1258 | } | 1301 | } |
1259 | 1302 | ||
@@ -1268,7 +1311,6 @@ attr_reenc_cont (void *cls, | |||
1268 | { | 1311 | { |
1269 | struct TicketRevocationHandle *rh = cls; | 1312 | struct TicketRevocationHandle *rh = cls; |
1270 | struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; | 1313 | struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; |
1271 | int ret; | ||
1272 | 1314 | ||
1273 | if (GNUNET_SYSERR == success) | 1315 | if (GNUNET_SYSERR == success) |
1274 | { | 1316 | { |
@@ -1278,30 +1320,19 @@ attr_reenc_cont (void *cls, | |||
1278 | GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); | 1320 | GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); |
1279 | return; | 1321 | return; |
1280 | } | 1322 | } |
1323 | if (NULL == rh->attrs->list_head) | ||
1324 | { | ||
1325 | revocation_reissue_tickets (rh); | ||
1326 | return; | ||
1327 | } | ||
1281 | le = rh->attrs->list_head; | 1328 | le = rh->attrs->list_head; |
1282 | GNUNET_CONTAINER_DLL_remove (rh->attrs->list_head, | 1329 | GNUNET_CONTAINER_DLL_remove (rh->attrs->list_head, |
1283 | rh->attrs->list_tail, | 1330 | rh->attrs->list_tail, |
1284 | rh->attrs->list_head); | 1331 | le); |
1285 | GNUNET_free (le->attribute); | 1332 | GNUNET_free (le->attribute); |
1286 | GNUNET_free (le); | 1333 | GNUNET_free (le); |
1287 | 1334 | ||
1288 | if (NULL == rh->attrs->list_head) | 1335 | |
1289 | { | ||
1290 | /* Done, issue new keys */ | ||
1291 | GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, | ||
1292 | "Revocation Phase IV: Reissuing Tickets\n"); | ||
1293 | if (GNUNET_SYSERR == | ||
1294 | (ret = TKT_database->iterate_tickets (TKT_database->cls, | ||
1295 | &rh->ticket.identity, | ||
1296 | GNUNET_NO, | ||
1297 | rh->offset, | ||
1298 | &ticket_reissue_proc, | ||
1299 | rh))) | ||
1300 | { | ||
1301 | GNUNET_break (0); | ||
1302 | } | ||
1303 | return; | ||
1304 | } | ||
1305 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 1336 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1306 | "Re-encrypting next attribute\n"); | 1337 | "Re-encrypting next attribute\n"); |
1307 | reenc_next_attribute (rh); | 1338 | reenc_next_attribute (rh); |
@@ -1327,7 +1358,7 @@ reenc_after_abe_bootstrap (void *cls, | |||
1327 | cleanup_revoke_ticket_handle (rh); | 1358 | cleanup_revoke_ticket_handle (rh); |
1328 | return; | 1359 | return; |
1329 | } else { | 1360 | } else { |
1330 | GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, | 1361 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1331 | "Revocation Phase III: Re-encrypting attributes\n"); | 1362 | "Revocation Phase III: Re-encrypting attributes\n"); |
1332 | reenc_next_attribute (rh); | 1363 | reenc_next_attribute (rh); |
1333 | } | 1364 | } |
@@ -1357,7 +1388,7 @@ revoke_collect_iter_finished (void *cls) | |||
1357 | { | 1388 | { |
1358 | struct TicketRevocationHandle *rh = cls; | 1389 | struct TicketRevocationHandle *rh = cls; |
1359 | rh->ns_it = NULL; | 1390 | rh->ns_it = NULL; |
1360 | GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, | 1391 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1361 | "Revocation Phase II: Invalidating old ABE Master\n"); | 1392 | "Revocation Phase II: Invalidating old ABE Master\n"); |
1362 | /* Bootstrap new abe key */ | 1393 | /* Bootstrap new abe key */ |
1363 | bootstrap_abe (&rh->identity, &reenc_after_abe_bootstrap, rh, GNUNET_YES); | 1394 | bootstrap_abe (&rh->identity, &reenc_after_abe_bootstrap, rh, GNUNET_YES); |
@@ -1404,6 +1435,7 @@ revoke_collect_iter_cb (void *cls, | |||
1404 | "Attribute to reencrypt: %s\n", label); | 1435 | "Attribute to reencrypt: %s\n", label); |
1405 | le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry); | 1436 | le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry); |
1406 | le->attribute = attribute_deserialize (attr_ser, attr_len); | 1437 | le->attribute = attribute_deserialize (attr_ser, attr_len); |
1438 | GNUNET_free (attr_ser); | ||
1407 | GNUNET_CONTAINER_DLL_insert_tail (rh->attrs->list_head, | 1439 | GNUNET_CONTAINER_DLL_insert_tail (rh->attrs->list_head, |
1408 | rh->attrs->list_tail, | 1440 | rh->attrs->list_tail, |
1409 | le); | 1441 | le); |
@@ -1419,9 +1451,9 @@ collect_after_abe_bootstrap (void *cls, | |||
1419 | { | 1451 | { |
1420 | struct TicketRevocationHandle *rh = cls; | 1452 | struct TicketRevocationHandle *rh = cls; |
1421 | 1453 | ||
1422 | rh->abe_key = cls; | 1454 | rh->abe_key = abe_key; |
1423 | GNUNET_assert (NULL != abe_key); | 1455 | GNUNET_assert (NULL != abe_key); |
1424 | GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, | 1456 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1425 | "Revocation Phase I: Collecting attributes\n"); | 1457 | "Revocation Phase I: Collecting attributes\n"); |
1426 | /* Reencrypt all attributes with new key */ | 1458 | /* Reencrypt all attributes with new key */ |
1427 | rh->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, | 1459 | rh->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, |
@@ -1480,7 +1512,8 @@ handle_revoke_ticket_message (void *cls, | |||
1480 | attrs_len = ntohs (rm->attrs_len); | 1512 | attrs_len = ntohs (rm->attrs_len); |
1481 | ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket*)&rm[1]; | 1513 | ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket*)&rm[1]; |
1482 | if (0 < attrs_len) | 1514 | if (0 < attrs_len) |
1483 | rh->attrs = attribute_list_deserialize ((char*)&ticket[1], attrs_len); | 1515 | rh->rvk_attrs = attribute_list_deserialize ((char*)&ticket[1], attrs_len); |
1516 | rh->attrs = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList); | ||
1484 | rh->ticket = *ticket; | 1517 | rh->ticket = *ticket; |
1485 | rh->r_id = ntohl (rm->id); | 1518 | rh->r_id = ntohl (rm->id); |
1486 | rh->client = idp; | 1519 | rh->client = idp; |
@@ -1502,7 +1535,7 @@ cleanup_as_handle (struct AttributeStoreHandle *handle) | |||
1502 | if (NULL != handle->attribute) | 1535 | if (NULL != handle->attribute) |
1503 | GNUNET_free (handle->attribute); | 1536 | GNUNET_free (handle->attribute); |
1504 | if (NULL != handle->abe_key) | 1537 | if (NULL != handle->abe_key) |
1505 | GNUNET_free (handle->abe_key); | 1538 | GNUNET_CRYPTO_cpabe_delete_master_key (handle->abe_key); |
1506 | GNUNET_free (handle); | 1539 | GNUNET_free (handle); |
1507 | } | 1540 | } |
1508 | 1541 | ||
@@ -1625,7 +1658,7 @@ static void | |||
1625 | cleanup_consume_ticket_handle (struct ConsumeTicketHandle *handle) | 1658 | cleanup_consume_ticket_handle (struct ConsumeTicketHandle *handle) |
1626 | { | 1659 | { |
1627 | if (NULL != handle->key) | 1660 | if (NULL != handle->key) |
1628 | GNUNET_free (handle->key); | 1661 | GNUNET_CRYPTO_cpabe_delete_key (handle->key); |
1629 | GNUNET_free (handle); | 1662 | GNUNET_free (handle); |
1630 | } | 1663 | } |
1631 | 1664 | ||
diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c index fb9926a2c..1dec43b16 100644 --- a/src/identity-provider/identity_provider_api.c +++ b/src/identity-provider/identity_provider_api.c | |||
@@ -1363,10 +1363,14 @@ GNUNET_IDENTITY_PROVIDER_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle * | |||
1363 | GNUNET_CONTAINER_DLL_insert_tail (h->op_head, | 1363 | GNUNET_CONTAINER_DLL_insert_tail (h->op_head, |
1364 | h->op_tail, | 1364 | h->op_tail, |
1365 | op); | 1365 | op); |
1366 | env = GNUNET_MQ_msg (msg, | 1366 | env = GNUNET_MQ_msg_extra (msg, |
1367 | GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET); | 1367 | sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket), |
1368 | GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET); | ||
1368 | msg->id = htonl (rid); | 1369 | msg->id = htonl (rid); |
1369 | msg->identity = *identity; | 1370 | msg->identity = *identity; |
1371 | memcpy (&msg[1], | ||
1372 | ticket, | ||
1373 | sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket)); | ||
1370 | if (NULL == h->mq) | 1374 | if (NULL == h->mq) |
1371 | op->env = env; | 1375 | op->env = env; |
1372 | else | 1376 | else |
diff --git a/src/identity-provider/plugin_identity_provider_sqlite.c b/src/identity-provider/plugin_identity_provider_sqlite.c index ac4e3c686..c55366214 100644 --- a/src/identity-provider/plugin_identity_provider_sqlite.c +++ b/src/identity-provider/plugin_identity_provider_sqlite.c | |||
@@ -547,6 +547,7 @@ get_ticket_and_call_iterator (struct Plugin *plugin, | |||
547 | iter (iter_cls, | 547 | iter (iter_cls, |
548 | &ticket, | 548 | &ticket, |
549 | attrs); | 549 | attrs); |
550 | attribute_list_destroy (attrs); | ||
550 | ret = GNUNET_YES; | 551 | ret = GNUNET_YES; |
551 | } | 552 | } |
552 | GNUNET_SQ_cleanup_result (rs); | 553 | GNUNET_SQ_cleanup_result (rs); |
diff --git a/src/identity-provider/test_idp_revoke.sh b/src/identity-provider/test_idp_revoke.sh new file mode 100755 index 000000000..57872c5b9 --- /dev/null +++ b/src/identity-provider/test_idp_revoke.sh | |||
@@ -0,0 +1,37 @@ | |||
1 | #!/bin/bash | ||
2 | trap "gnunet-arm -e -c test_idp.conf" SIGINT | ||
3 | |||
4 | LOCATION=$(which gnunet-config) | ||
5 | if [ -z $LOCATION ] | ||
6 | then | ||
7 | LOCATION="gnunet-config" | ||
8 | fi | ||
9 | $LOCATION --version 1> /dev/null | ||
10 | if test $? != 0 | ||
11 | then | ||
12 | echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" | ||
13 | exit 77 | ||
14 | fi | ||
15 | |||
16 | rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f` | ||
17 | |||
18 | # (1) PKEY1.user -> PKEY2.resu.user | ||
19 | # (2) PKEY2.resu -> PKEY3 | ||
20 | # (3) PKEY3.user -> PKEY4 | ||
21 | |||
22 | |||
23 | which timeout &> /dev/null && DO_TIMEOUT="timeout 30" | ||
24 | |||
25 | TEST_ATTR="test" | ||
26 | gnunet-arm -s -c test_idp.conf | ||
27 | gnunet-identity -C testego -c test_idp.conf | ||
28 | gnunet-identity -C rpego -c test_idp.conf | ||
29 | SUBJECT_KEY=$(gnunet-identity -d -c test_idp.conf | grep rpego | awk '{print $3}') | ||
30 | TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}') | ||
31 | gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf | ||
32 | gnunet-idp -e testego -a name -V John -c test_idp.conf | ||
33 | #gnunet-idp -e testego -D -c test_idp.conf | ||
34 | TICKET=$(gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf | awk '{print $1}') | ||
35 | #echo "Consuming $TICKET" | ||
36 | gnunet-idp -e testego -R $TICKET -c test_idp.conf | ||
37 | gnunet-arm -e -c test_idp.conf | ||
diff --git a/src/util/crypto_abe.c b/src/util/crypto_abe.c index 899965159..f52cd5213 100644 --- a/src/util/crypto_abe.c +++ b/src/util/crypto_abe.c | |||
@@ -108,7 +108,7 @@ aes_128_cbc_encrypt( char* pt, | |||
108 | GNUNET_assert (0 == gcry_cipher_encrypt (handle, *ct, buf_size, buf, buf_size)); | 108 | GNUNET_assert (0 == gcry_cipher_encrypt (handle, *ct, buf_size, buf, buf_size)); |
109 | gcry_cipher_close (handle); | 109 | gcry_cipher_close (handle); |
110 | //AES_cbc_encrypt(pt->data, ct->data, pt->len, &key, iv, AES_ENCRYPT); | 110 | //AES_cbc_encrypt(pt->data, ct->data, pt->len, &key, iv, AES_ENCRYPT); |
111 | 111 | GNUNET_free (buf); | |
112 | return buf_size; | 112 | return buf_size; |
113 | } | 113 | } |
114 | 114 | ||
@@ -300,6 +300,7 @@ GNUNET_CRYPTO_cpabe_decrypt (const void *block, | |||
300 | } | 300 | } |
301 | gabe_cph_free(cph); | 301 | gabe_cph_free(cph); |
302 | plt_len = aes_128_cbc_decrypt(aes_buf, aes_buf_size, m, (char**)result); | 302 | plt_len = aes_128_cbc_decrypt(aes_buf, aes_buf_size, m, (char**)result); |
303 | GNUNET_free (aes_buf); | ||
303 | //freeing is buggy in gabe | 304 | //freeing is buggy in gabe |
304 | //gabe_prv_free (prv); | 305 | //gabe_prv_free (prv); |
305 | //gabe_pub_free (pub); | 306 | //gabe_pub_free (pub); |