diff options
Diffstat (limited to 'src/credential/credential_api.c')
-rw-r--r-- | src/credential/credential_api.c | 511 |
1 files changed, 511 insertions, 0 deletions
diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c new file mode 100644 index 000000000..677cb9ad4 --- /dev/null +++ b/src/credential/credential_api.c | |||
@@ -0,0 +1,511 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2009-2013, 2016 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software; you can redistribute it and/or modify | ||
6 | it under the terms of the GNU General Public License as published | ||
7 | by the Free Software Foundation; either version 3, or (at your | ||
8 | option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU General Public License | ||
16 | along with GNUnet; see the file COPYING. If not, write to the | ||
17 | Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, | ||
18 | Boston, MA 02110-1301, USA. | ||
19 | */ | ||
20 | /** | ||
21 | * @file credential/credential_api.c | ||
22 | * @brief library to access the CREDENTIAL service | ||
23 | * @author Martin Schanzenbach | ||
24 | */ | ||
25 | #include "platform.h" | ||
26 | #include "gnunet_util_lib.h" | ||
27 | #include "gnunet_constants.h" | ||
28 | #include "gnunet_arm_service.h" | ||
29 | #include "gnunet_hello_lib.h" | ||
30 | #include "gnunet_protocols.h" | ||
31 | #include "gnunet_signatures.h" | ||
32 | #include "credential.h" | ||
33 | #include "credential_serialization.h" | ||
34 | #include "gnunet_credential_service.h" | ||
35 | #include "gnunet_identity_service.h" | ||
36 | |||
37 | |||
38 | #define LOG(kind,...) GNUNET_log_from (kind, "credential-api",__VA_ARGS__) | ||
39 | |||
40 | /** | ||
41 | * Handle to a verify request | ||
42 | */ | ||
43 | struct GNUNET_CREDENTIAL_Request | ||
44 | { | ||
45 | |||
46 | /** | ||
47 | * DLL | ||
48 | */ | ||
49 | struct GNUNET_CREDENTIAL_Request *next; | ||
50 | |||
51 | /** | ||
52 | * DLL | ||
53 | */ | ||
54 | struct GNUNET_CREDENTIAL_Request *prev; | ||
55 | |||
56 | /** | ||
57 | * handle to credential service | ||
58 | */ | ||
59 | struct GNUNET_CREDENTIAL_Handle *credential_handle; | ||
60 | |||
61 | /** | ||
62 | * processor to call on verify result | ||
63 | */ | ||
64 | GNUNET_CREDENTIAL_CredentialResultProcessor verify_proc; | ||
65 | |||
66 | /** | ||
67 | * @e verify_proc closure | ||
68 | */ | ||
69 | void *proc_cls; | ||
70 | |||
71 | /** | ||
72 | * Envelope with the message for this queue entry. | ||
73 | */ | ||
74 | struct GNUNET_MQ_Envelope *env; | ||
75 | |||
76 | /** | ||
77 | * request id | ||
78 | */ | ||
79 | uint32_t r_id; | ||
80 | |||
81 | }; | ||
82 | |||
83 | |||
84 | /** | ||
85 | * Connection to the CREDENTIAL service. | ||
86 | */ | ||
87 | struct GNUNET_CREDENTIAL_Handle | ||
88 | { | ||
89 | |||
90 | /** | ||
91 | * Configuration to use. | ||
92 | */ | ||
93 | const struct GNUNET_CONFIGURATION_Handle *cfg; | ||
94 | |||
95 | /** | ||
96 | * Connection to service (if available). | ||
97 | */ | ||
98 | struct GNUNET_MQ_Handle *mq; | ||
99 | |||
100 | /** | ||
101 | * Head of linked list of active verify requests. | ||
102 | */ | ||
103 | struct GNUNET_CREDENTIAL_Request *request_head; | ||
104 | |||
105 | /** | ||
106 | * Tail of linked list of active verify requests. | ||
107 | */ | ||
108 | struct GNUNET_CREDENTIAL_Request *request_tail; | ||
109 | |||
110 | /** | ||
111 | * Reconnect task | ||
112 | */ | ||
113 | struct GNUNET_SCHEDULER_Task *reconnect_task; | ||
114 | |||
115 | /** | ||
116 | * How long do we wait until we try to reconnect? | ||
117 | */ | ||
118 | struct GNUNET_TIME_Relative reconnect_backoff; | ||
119 | |||
120 | /** | ||
121 | * Request Id generator. Incremented by one for each request. | ||
122 | */ | ||
123 | uint32_t r_id_gen; | ||
124 | |||
125 | }; | ||
126 | |||
127 | |||
128 | /** | ||
129 | * Reconnect to CREDENTIAL service. | ||
130 | * | ||
131 | * @param handle the handle to the CREDENTIAL service | ||
132 | */ | ||
133 | static void | ||
134 | reconnect (struct GNUNET_CREDENTIAL_Handle *handle); | ||
135 | |||
136 | |||
137 | /** | ||
138 | * Reconnect to CREDENTIAL | ||
139 | * | ||
140 | * @param cls the handle | ||
141 | */ | ||
142 | static void | ||
143 | reconnect_task (void *cls) | ||
144 | { | ||
145 | struct GNUNET_CREDENTIAL_Handle *handle = cls; | ||
146 | |||
147 | handle->reconnect_task = NULL; | ||
148 | reconnect (handle); | ||
149 | } | ||
150 | |||
151 | |||
152 | /** | ||
153 | * Disconnect from service and then reconnect. | ||
154 | * | ||
155 | * @param handle our handle | ||
156 | */ | ||
157 | static void | ||
158 | force_reconnect (struct GNUNET_CREDENTIAL_Handle *handle) | ||
159 | { | ||
160 | GNUNET_MQ_destroy (handle->mq); | ||
161 | handle->mq = NULL; | ||
162 | handle->reconnect_backoff | ||
163 | = GNUNET_TIME_STD_BACKOFF (handle->reconnect_backoff); | ||
164 | handle->reconnect_task | ||
165 | = GNUNET_SCHEDULER_add_delayed (handle->reconnect_backoff, | ||
166 | &reconnect_task, | ||
167 | handle); | ||
168 | } | ||
169 | |||
170 | |||
171 | /** | ||
172 | * Generic error handler, called with the appropriate error code and | ||
173 | * the same closure specified at the creation of the message queue. | ||
174 | * Not every message queue implementation supports an error handler. | ||
175 | * | ||
176 | * @param cls closure with the `struct GNUNET_CREDENTIAL_Handle *` | ||
177 | * @param error error code | ||
178 | */ | ||
179 | static void | ||
180 | mq_error_handler (void *cls, | ||
181 | enum GNUNET_MQ_Error error) | ||
182 | { | ||
183 | struct GNUNET_CREDENTIAL_Handle *handle = cls; | ||
184 | |||
185 | force_reconnect (handle); | ||
186 | } | ||
187 | |||
188 | /** | ||
189 | * Check validity of message received from the CREDENTIAL service | ||
190 | * | ||
191 | * @param cls the `struct GNUNET_CREDENTIAL_Handle *` | ||
192 | * @param vr_msg the incoming message | ||
193 | */ | ||
194 | static int | ||
195 | check_result (void *cls, | ||
196 | const struct DelegationChainResultMessage *vr_msg) | ||
197 | { | ||
198 | //TODO | ||
199 | return GNUNET_OK; | ||
200 | } | ||
201 | |||
202 | |||
203 | /** | ||
204 | * Handler for messages received from the CREDENTIAL service | ||
205 | * | ||
206 | * @param cls the `struct GNUNET_CREDENTIAL_Handle *` | ||
207 | * @param vr_msg the incoming message | ||
208 | */ | ||
209 | static void | ||
210 | handle_result (void *cls, | ||
211 | const struct DelegationChainResultMessage *vr_msg) | ||
212 | { | ||
213 | struct GNUNET_CREDENTIAL_Handle *handle = cls; | ||
214 | uint32_t r_id = ntohl (vr_msg->id); | ||
215 | struct GNUNET_CREDENTIAL_Request *vr; | ||
216 | size_t mlen = ntohs (vr_msg->header.size) - sizeof (*vr_msg); | ||
217 | uint32_t d_count = ntohl (vr_msg->d_count); | ||
218 | uint32_t c_count = ntohl (vr_msg->c_count); | ||
219 | struct GNUNET_CREDENTIAL_Delegation d_chain[d_count]; | ||
220 | struct GNUNET_CREDENTIAL_Credential creds[c_count]; | ||
221 | GNUNET_CREDENTIAL_CredentialResultProcessor proc; | ||
222 | void *proc_cls; | ||
223 | |||
224 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
225 | "Received verify reply from CREDENTIAL service\n"); | ||
226 | for (vr = handle->request_head; NULL != vr; vr = vr->next) | ||
227 | if (vr->r_id == r_id) | ||
228 | break; | ||
229 | if (NULL == vr) | ||
230 | return; | ||
231 | proc = vr->verify_proc; | ||
232 | proc_cls = vr->proc_cls; | ||
233 | GNUNET_CONTAINER_DLL_remove (handle->request_head, | ||
234 | handle->request_tail, | ||
235 | vr); | ||
236 | GNUNET_MQ_discard (vr->env); | ||
237 | GNUNET_free (vr); | ||
238 | GNUNET_assert (GNUNET_OK == | ||
239 | GNUNET_CREDENTIAL_delegation_chain_deserialize (mlen, | ||
240 | (const char*) &vr_msg[1], | ||
241 | d_count, | ||
242 | d_chain, | ||
243 | c_count, | ||
244 | creds)); | ||
245 | if (GNUNET_NO == ntohl (vr_msg->cred_found)) | ||
246 | { | ||
247 | proc (proc_cls, | ||
248 | 0, | ||
249 | NULL, | ||
250 | 0, | ||
251 | NULL); // TODO | ||
252 | } else { | ||
253 | proc (proc_cls, | ||
254 | d_count, | ||
255 | d_chain, | ||
256 | c_count, | ||
257 | creds); | ||
258 | } | ||
259 | } | ||
260 | |||
261 | |||
262 | /** | ||
263 | * Reconnect to CREDENTIAL service. | ||
264 | * | ||
265 | * @param handle the handle to the CREDENTIAL service | ||
266 | */ | ||
267 | static void | ||
268 | reconnect (struct GNUNET_CREDENTIAL_Handle *handle) | ||
269 | { | ||
270 | struct GNUNET_MQ_MessageHandler handlers[] = { | ||
271 | GNUNET_MQ_hd_var_size (result, | ||
272 | GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT, | ||
273 | struct DelegationChainResultMessage, | ||
274 | handle), | ||
275 | GNUNET_MQ_hd_var_size (result, | ||
276 | GNUNET_MESSAGE_TYPE_CREDENTIAL_COLLECT_RESULT, | ||
277 | struct DelegationChainResultMessage, | ||
278 | handle), | ||
279 | GNUNET_MQ_handler_end () | ||
280 | }; | ||
281 | struct GNUNET_CREDENTIAL_Request *vr; | ||
282 | |||
283 | GNUNET_assert (NULL == handle->mq); | ||
284 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
285 | "Trying to connect to CREDENTIAL\n"); | ||
286 | handle->mq = GNUNET_CLIENT_connect (handle->cfg, | ||
287 | "credential", | ||
288 | handlers, | ||
289 | &mq_error_handler, | ||
290 | handle); | ||
291 | if (NULL == handle->mq) | ||
292 | return; | ||
293 | for (vr = handle->request_head; NULL != vr; vr = vr->next) | ||
294 | GNUNET_MQ_send_copy (handle->mq, | ||
295 | vr->env); | ||
296 | } | ||
297 | |||
298 | |||
299 | /** | ||
300 | * Initialize the connection with the CREDENTIAL service. | ||
301 | * | ||
302 | * @param cfg configuration to use | ||
303 | * @return handle to the CREDENTIAL service, or NULL on error | ||
304 | */ | ||
305 | struct GNUNET_CREDENTIAL_Handle * | ||
306 | GNUNET_CREDENTIAL_connect (const struct GNUNET_CONFIGURATION_Handle *cfg) | ||
307 | { | ||
308 | struct GNUNET_CREDENTIAL_Handle *handle; | ||
309 | |||
310 | handle = GNUNET_new (struct GNUNET_CREDENTIAL_Handle); | ||
311 | handle->cfg = cfg; | ||
312 | reconnect (handle); | ||
313 | if (NULL == handle->mq) | ||
314 | { | ||
315 | GNUNET_free (handle); | ||
316 | return NULL; | ||
317 | } | ||
318 | return handle; | ||
319 | } | ||
320 | |||
321 | |||
322 | /** | ||
323 | * Shutdown connection with the CREDENTIAL service. | ||
324 | * | ||
325 | * @param handle handle of the CREDENTIAL connection to stop | ||
326 | */ | ||
327 | void | ||
328 | GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle) | ||
329 | { | ||
330 | if (NULL != handle->mq) | ||
331 | { | ||
332 | GNUNET_MQ_destroy (handle->mq); | ||
333 | handle->mq = NULL; | ||
334 | } | ||
335 | if (NULL != handle->reconnect_task) | ||
336 | { | ||
337 | GNUNET_SCHEDULER_cancel (handle->reconnect_task); | ||
338 | handle->reconnect_task = NULL; | ||
339 | } | ||
340 | GNUNET_assert (NULL == handle->request_head); | ||
341 | GNUNET_free (handle); | ||
342 | } | ||
343 | |||
344 | |||
345 | /** | ||
346 | * Cancel pending verify request | ||
347 | * | ||
348 | * @param lr the verify request to cancel | ||
349 | */ | ||
350 | void | ||
351 | GNUNET_CREDENTIAL_request_cancel (struct GNUNET_CREDENTIAL_Request *lr) | ||
352 | { | ||
353 | struct GNUNET_CREDENTIAL_Handle *handle = lr->credential_handle; | ||
354 | |||
355 | GNUNET_CONTAINER_DLL_remove (handle->request_head, | ||
356 | handle->request_tail, | ||
357 | lr); | ||
358 | GNUNET_MQ_discard (lr->env); | ||
359 | GNUNET_free (lr); | ||
360 | } | ||
361 | |||
362 | |||
363 | /** | ||
364 | * Performs attribute collection. | ||
365 | * Collects all credentials of subject to fulfill the | ||
366 | * attribute, if possible | ||
367 | * | ||
368 | * @param handle handle to the Credential service | ||
369 | * @param issuer_key the issuer public key | ||
370 | * @param issuer_attribute the issuer attribute | ||
371 | * @param subject_key the subject public key | ||
372 | * @param proc function to call on result | ||
373 | * @param proc_cls closure for processor | ||
374 | * @return handle to the queued request | ||
375 | */ | ||
376 | struct GNUNET_CREDENTIAL_Request* | ||
377 | GNUNET_CREDENTIAL_collect (struct GNUNET_CREDENTIAL_Handle *handle, | ||
378 | const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, | ||
379 | const char *issuer_attribute, | ||
380 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *subject_key, | ||
381 | GNUNET_CREDENTIAL_CredentialResultProcessor proc, | ||
382 | void *proc_cls) | ||
383 | { | ||
384 | /* IPC to shorten credential names, return shorten_handle */ | ||
385 | struct CollectMessage *c_msg; | ||
386 | struct GNUNET_CREDENTIAL_Request *vr; | ||
387 | size_t nlen; | ||
388 | |||
389 | if (NULL == issuer_attribute) | ||
390 | { | ||
391 | GNUNET_break (0); | ||
392 | return NULL; | ||
393 | } | ||
394 | |||
395 | //DEBUG LOG | ||
396 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
397 | "Trying to collect `%s' in CREDENTIAL\n", | ||
398 | issuer_attribute); | ||
399 | nlen = strlen (issuer_attribute) + 1; | ||
400 | if (nlen >= GNUNET_MAX_MESSAGE_SIZE - sizeof (*vr)) | ||
401 | { | ||
402 | GNUNET_break (0); | ||
403 | return NULL; | ||
404 | } | ||
405 | vr = GNUNET_new (struct GNUNET_CREDENTIAL_Request); | ||
406 | vr->credential_handle = handle; | ||
407 | vr->verify_proc = proc; | ||
408 | vr->proc_cls = proc_cls; | ||
409 | vr->r_id = handle->r_id_gen++; | ||
410 | vr->env = GNUNET_MQ_msg_extra (c_msg, | ||
411 | nlen, | ||
412 | GNUNET_MESSAGE_TYPE_CREDENTIAL_COLLECT); | ||
413 | c_msg->id = htonl (vr->r_id); | ||
414 | c_msg->subject_key = *subject_key; | ||
415 | c_msg->issuer_key = *issuer_key; | ||
416 | c_msg->issuer_attribute_len = htons(strlen(issuer_attribute)); | ||
417 | GNUNET_memcpy (&c_msg[1], | ||
418 | issuer_attribute, | ||
419 | strlen (issuer_attribute)); | ||
420 | GNUNET_CONTAINER_DLL_insert (handle->request_head, | ||
421 | handle->request_tail, | ||
422 | vr); | ||
423 | if (NULL != handle->mq) | ||
424 | GNUNET_MQ_send_copy (handle->mq, | ||
425 | vr->env); | ||
426 | return vr; | ||
427 | } | ||
428 | /** | ||
429 | * Performs attribute verification. | ||
430 | * Checks if there is a delegation chain from | ||
431 | * attribute ``issuer_attribute'' issued by the issuer | ||
432 | * with public key ``issuer_key'' maps to the attribute | ||
433 | * ``subject_attribute'' claimed by the subject with key | ||
434 | * ``subject_key'' | ||
435 | * | ||
436 | * @param handle handle to the Credential service | ||
437 | * @param issuer_key the issuer public key | ||
438 | * @param issuer_attribute the issuer attribute | ||
439 | * @param subject_key the subject public key | ||
440 | * @param credential_count number of credentials provided | ||
441 | * @param credentials subject credentials | ||
442 | * @param proc function to call on result | ||
443 | * @param proc_cls closure for processor | ||
444 | * @return handle to the queued request | ||
445 | */ | ||
446 | struct GNUNET_CREDENTIAL_Request* | ||
447 | GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, | ||
448 | const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, | ||
449 | const char *issuer_attribute, | ||
450 | const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key, | ||
451 | uint32_t credential_count, | ||
452 | const struct GNUNET_CREDENTIAL_Credential *credentials, | ||
453 | GNUNET_CREDENTIAL_CredentialResultProcessor proc, | ||
454 | void *proc_cls) | ||
455 | { | ||
456 | /* IPC to shorten credential names, return shorten_handle */ | ||
457 | struct VerifyMessage *v_msg; | ||
458 | struct GNUNET_CREDENTIAL_Request *vr; | ||
459 | size_t nlen; | ||
460 | size_t clen; | ||
461 | |||
462 | if (NULL == issuer_attribute || NULL == credentials) | ||
463 | { | ||
464 | GNUNET_break (0); | ||
465 | return NULL; | ||
466 | } | ||
467 | |||
468 | clen = GNUNET_CREDENTIAL_credentials_get_size (credential_count, | ||
469 | credentials); | ||
470 | |||
471 | //DEBUG LOG | ||
472 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
473 | "Trying to verify `%s' in CREDENTIAL\n", | ||
474 | issuer_attribute); | ||
475 | nlen = strlen (issuer_attribute) + 1 + clen; | ||
476 | if (nlen >= GNUNET_MAX_MESSAGE_SIZE - sizeof (*vr)) | ||
477 | { | ||
478 | GNUNET_break (0); | ||
479 | return NULL; | ||
480 | } | ||
481 | vr = GNUNET_new (struct GNUNET_CREDENTIAL_Request); | ||
482 | vr->credential_handle = handle; | ||
483 | vr->verify_proc = proc; | ||
484 | vr->proc_cls = proc_cls; | ||
485 | vr->r_id = handle->r_id_gen++; | ||
486 | vr->env = GNUNET_MQ_msg_extra (v_msg, | ||
487 | nlen, | ||
488 | GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY); | ||
489 | v_msg->id = htonl (vr->r_id); | ||
490 | v_msg->subject_key = *subject_key; | ||
491 | v_msg->c_count = htonl(credential_count); | ||
492 | v_msg->issuer_key = *issuer_key; | ||
493 | v_msg->issuer_attribute_len = htons(strlen(issuer_attribute)); | ||
494 | GNUNET_memcpy (&v_msg[1], | ||
495 | issuer_attribute, | ||
496 | strlen (issuer_attribute)); | ||
497 | GNUNET_CREDENTIAL_credentials_serialize (credential_count, | ||
498 | credentials, | ||
499 | clen, | ||
500 | ((char*)&v_msg[1]) | ||
501 | + strlen (issuer_attribute) + 1); | ||
502 | GNUNET_CONTAINER_DLL_insert (handle->request_head, | ||
503 | handle->request_tail, | ||
504 | vr); | ||
505 | if (NULL != handle->mq) | ||
506 | GNUNET_MQ_send_copy (handle->mq, | ||
507 | vr->env); | ||
508 | return vr; | ||
509 | } | ||
510 | |||
511 | /* end of credential_api.c */ | ||