diff options
Diffstat (limited to 'src/credential')
-rw-r--r-- | src/credential/gnunet-service-credential.c | 102 | ||||
-rw-r--r-- | src/credential/plugin_gnsrecord_credential.c | 53 | ||||
-rwxr-xr-x | src/credential/test_credential_verify.sh | 11 |
3 files changed, 131 insertions, 35 deletions
diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index 662c26a5e..bf85b1583 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c | |||
@@ -100,6 +100,11 @@ struct AttributeQueueEntry | |||
100 | * Parent attribute delegation | 100 | * Parent attribute delegation |
101 | */ | 101 | */ |
102 | struct AttributeQueueEntry *parent; | 102 | struct AttributeQueueEntry *parent; |
103 | |||
104 | /** | ||
105 | * Trailing attribute context | ||
106 | */ | ||
107 | char *attr_trailer; | ||
103 | }; | 108 | }; |
104 | 109 | ||
105 | 110 | ||
@@ -364,40 +369,74 @@ start_backward_resolution (void* cls, | |||
364 | const struct GNUNET_CREDENTIAL_AttributeRecordData *attr; | 369 | const struct GNUNET_CREDENTIAL_AttributeRecordData *attr; |
365 | struct CredentialRecordEntry *cred_pointer; | 370 | struct CredentialRecordEntry *cred_pointer; |
366 | struct AttributeQueueEntry *attr_entry; | 371 | struct AttributeQueueEntry *attr_entry; |
372 | char *expanded_attr; | ||
373 | char *check_attr; | ||
367 | int i; | 374 | int i; |
375 | |||
376 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
377 | "Got %d attrs\n", rd_count); | ||
368 | 378 | ||
369 | for (i=0; i < rd_count; i++) | 379 | for (i=0; i < rd_count; i++) |
370 | { | 380 | { |
371 | if (GNUNET_GNSRECORD_TYPE_ATTRIBUTE != rd[i].record_type) | 381 | if (GNUNET_GNSRECORD_TYPE_ATTRIBUTE != rd[i].record_type) |
372 | continue; | 382 | continue; |
383 | |||
373 | attr = rd[i].data; | 384 | attr = rd[i].data; |
385 | attr_entry = GNUNET_new (struct AttributeQueueEntry); | ||
386 | attr_entry->data_size = rd[i].data_size; | ||
387 | if (NULL != vrh->current_attribute && | ||
388 | NULL != vrh->current_attribute->attr_trailer) | ||
389 | { | ||
390 | if (rd[i].data_size == sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData)) | ||
391 | { | ||
392 | GNUNET_asprintf (&expanded_attr, | ||
393 | "%s", | ||
394 | vrh->current_attribute->attr_trailer); | ||
395 | |||
396 | } else { | ||
397 | GNUNET_asprintf (&expanded_attr, | ||
398 | "%s.%s", | ||
399 | (char*)&attr[1], | ||
400 | vrh->current_attribute->attr_trailer); | ||
401 | } | ||
402 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
403 | "Expanded to %s\n", expanded_attr); | ||
404 | attr_entry->data_size += strlen (vrh->current_attribute->attr_trailer) + 1; | ||
405 | } else { | ||
406 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
407 | "Not Expanding %s\n", (char*)&attr[1]); | ||
408 | } | ||
409 | attr_entry->data = GNUNET_malloc (attr_entry->data_size); | ||
410 | memcpy (attr_entry->data, | ||
411 | rd[i].data, | ||
412 | rd[i].data_size); | ||
413 | if (NULL != vrh->current_attribute && NULL != vrh->current_attribute->attr_trailer) | ||
414 | { | ||
415 | memcpy ((char*)&attr_entry->data[1], | ||
416 | expanded_attr, | ||
417 | strlen (expanded_attr)); | ||
418 | } | ||
419 | check_attr = (char*)&attr_entry->data[1]; | ||
420 | check_attr[attr_entry->data_size] = '\0'; | ||
421 | attr_entry->parent = vrh->current_attribute; | ||
422 | |||
423 | GNUNET_CONTAINER_DLL_insert (vrh->attr_queue_head, | ||
424 | vrh->attr_queue_tail, | ||
425 | attr_entry); | ||
374 | for(cred_pointer = vrh->cred_chain_head; cred_pointer != NULL; | 426 | for(cred_pointer = vrh->cred_chain_head; cred_pointer != NULL; |
375 | cred_pointer = cred_pointer->next){ | 427 | cred_pointer = cred_pointer->next){ |
376 | cred = cred_pointer->data; | 428 | cred = cred_pointer->data; |
377 | |||
378 | attr_entry = GNUNET_new (struct AttributeQueueEntry); | ||
379 | |||
380 | attr_entry->data = GNUNET_malloc (rd[i].data_size); | ||
381 | memcpy (attr_entry->data, | ||
382 | rd[i].data, | ||
383 | rd[i].data_size); | ||
384 | attr_entry->data_size = rd[i].data_size; | ||
385 | |||
386 | attr_entry->parent = vrh->current_attribute; | ||
387 | |||
388 | GNUNET_CONTAINER_DLL_insert (vrh->attr_queue_head, | ||
389 | vrh->attr_queue_tail, | ||
390 | attr_entry); | ||
391 | |||
392 | if(0 != memcmp (&attr->subject_key, | 429 | if(0 != memcmp (&attr->subject_key, |
393 | &cred_pointer->data->issuer_key, | 430 | &cred_pointer->data->issuer_key, |
394 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))) | 431 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))) |
395 | continue; | 432 | continue; |
433 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
434 | "Checking if %s matches %s\n", | ||
435 | (char*)&attr_entry->data[1], (char*)&cred[1]); | ||
396 | 436 | ||
397 | if (0 != strcmp ((char*)&attr[1], (char*)&cred[1])) | 437 | if (0 != strcmp ((char*)&attr_entry->data[1], (char*)&cred[1])) |
398 | continue; | 438 | continue; |
399 | 439 | ||
400 | |||
401 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 440 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
402 | "Found issuer\n"); | 441 | "Found issuer\n"); |
403 | vrh->credential = GNUNET_malloc (rd[i].data_size); | 442 | vrh->credential = GNUNET_malloc (rd[i].data_size); |
@@ -417,9 +456,9 @@ start_backward_resolution (void* cls, | |||
417 | //Start from next to head | 456 | //Start from next to head |
418 | vrh->current_attribute = vrh->attr_queue_head; | 457 | vrh->current_attribute = vrh->attr_queue_head; |
419 | 458 | ||
420 | if(vrh->current_attribute != NULL) | 459 | if(NULL == vrh->current_attribute) |
421 | { | 460 | { |
422 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 461 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
423 | "We are all out of attributes...\n"); | 462 | "We are all out of attributes...\n"); |
424 | send_lookup_response (vrh); | 463 | send_lookup_response (vrh); |
425 | return; | 464 | return; |
@@ -432,14 +471,32 @@ start_backward_resolution (void* cls, | |||
432 | 471 | ||
433 | 472 | ||
434 | //Start with backward resolution | 473 | //Start with backward resolution |
474 | char issuer_attribute_name[strlen ((char*)&vrh->current_attribute->data[1])]; | ||
475 | char *lookup_attr; | ||
476 | strcpy (issuer_attribute_name, | ||
477 | (char*)&vrh->current_attribute->data[1]); | ||
478 | char *next_attr = strtok (issuer_attribute_name, "."); | ||
479 | GNUNET_asprintf (&lookup_attr, | ||
480 | "%s.gnu", | ||
481 | next_attr); | ||
482 | next_attr += strlen (next_attr) + 1; | ||
483 | vrh->current_attribute->attr_trailer = GNUNET_strdup (next_attr); | ||
484 | |||
485 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
486 | "Looking up %s\n", lookup_attr); | ||
487 | if (NULL != vrh->current_attribute->attr_trailer) | ||
488 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
489 | "%s still to go...\n", vrh->current_attribute->attr_trailer); | ||
490 | |||
435 | vrh->lookup_request = GNUNET_GNS_lookup (gns, | 491 | vrh->lookup_request = GNUNET_GNS_lookup (gns, |
436 | (char*)&vrh->current_attribute->data[1], | 492 | lookup_attr, |
437 | &vrh->current_attribute->data->subject_key, //issuer_key, | 493 | &vrh->current_attribute->data->subject_key, //issuer_key, |
438 | GNUNET_GNSRECORD_TYPE_ATTRIBUTE, | 494 | GNUNET_GNSRECORD_TYPE_ATTRIBUTE, |
439 | GNUNET_GNS_LO_DEFAULT, | 495 | GNUNET_GNS_LO_DEFAULT, |
440 | NULL, //shorten_key, always NULL | 496 | NULL, //shorten_key, always NULL |
441 | &start_backward_resolution, | 497 | &start_backward_resolution, |
442 | vrh); | 498 | vrh); |
499 | GNUNET_free (lookup_attr); | ||
443 | } | 500 | } |
444 | 501 | ||
445 | 502 | ||
@@ -513,8 +570,6 @@ handle_credential_query (void* cls, | |||
513 | 570 | ||
514 | } | 571 | } |
515 | 572 | ||
516 | GNUNET_break (0); //TODO remove when implemented | ||
517 | |||
518 | /** | 573 | /** |
519 | * Check for attributes from the issuer and follow the chain | 574 | * Check for attributes from the issuer and follow the chain |
520 | * till you get the required subject's attributes | 575 | * till you get the required subject's attributes |
@@ -524,6 +579,9 @@ handle_credential_query (void* cls, | |||
524 | vrh->issuer_attribute); | 579 | vrh->issuer_attribute); |
525 | strcpy (issuer_attribute_name + strlen (vrh->issuer_attribute), | 580 | strcpy (issuer_attribute_name + strlen (vrh->issuer_attribute), |
526 | ".gnu"); | 581 | ".gnu"); |
582 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
583 | "Looking up %s\n", issuer_attribute_name); | ||
584 | |||
527 | //Start with backward resolution | 585 | //Start with backward resolution |
528 | GNUNET_GNS_lookup (gns, | 586 | GNUNET_GNS_lookup (gns, |
529 | issuer_attribute_name, | 587 | issuer_attribute_name, |
diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index 90ac393d0..ece4be1e3 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c | |||
@@ -65,10 +65,15 @@ credential_value_to_string (void *cls, | |||
65 | sizeof (attr)); | 65 | sizeof (attr)); |
66 | cdata = data; | 66 | cdata = data; |
67 | subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&attr.subject_key); | 67 | subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&attr.subject_key); |
68 | GNUNET_asprintf (&attr_str, | 68 | if (data_size == sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData)) |
69 | "%s.%s", | 69 | { |
70 | subject_pkey, | 70 | return subject_pkey; |
71 | &cdata[sizeof (attr)]); | 71 | } else { |
72 | GNUNET_asprintf (&attr_str, | ||
73 | "%s %s", | ||
74 | subject_pkey, | ||
75 | &cdata[sizeof (attr)]); | ||
76 | } | ||
72 | GNUNET_free (subject_pkey); | 77 | GNUNET_free (subject_pkey); |
73 | return attr_str; | 78 | return attr_str; |
74 | } | 79 | } |
@@ -82,7 +87,7 @@ credential_value_to_string (void *cls, | |||
82 | char *signature; | 87 | char *signature; |
83 | const char *expiration; | 88 | const char *expiration; |
84 | 89 | ||
85 | 90 | ||
86 | if (data_size < sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData)) | 91 | if (data_size < sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData)) |
87 | return NULL; /* malformed */ | 92 | return NULL; /* malformed */ |
88 | memcpy (&cred, | 93 | memcpy (&cred, |
@@ -136,6 +141,41 @@ credential_string_to_value (void *cls, | |||
136 | return GNUNET_SYSERR; | 141 | return GNUNET_SYSERR; |
137 | switch (type) | 142 | switch (type) |
138 | { | 143 | { |
144 | case GNUNET_GNSRECORD_TYPE_ATTRIBUTE: | ||
145 | { | ||
146 | struct GNUNET_CREDENTIAL_AttributeRecordData *attr; | ||
147 | char attr_str[253 + 1]; | ||
148 | char subject_pkey[52 + 1]; | ||
149 | int matches = 0; | ||
150 | matches = SSCANF (s, | ||
151 | "%s %s", | ||
152 | subject_pkey, | ||
153 | attr_str); | ||
154 | if (0 == matches) | ||
155 | { | ||
156 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
157 | _("Unable to parse ATTR record string `%s'\n"), | ||
158 | s); | ||
159 | return GNUNET_SYSERR; | ||
160 | |||
161 | } | ||
162 | if (1 == matches) { | ||
163 | *data_size = sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData); | ||
164 | } else if (2 == matches) { | ||
165 | *data_size = sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData) + strlen (attr_str) + 1; | ||
166 | } | ||
167 | *data = attr = GNUNET_malloc (*data_size); | ||
168 | GNUNET_CRYPTO_ecdsa_public_key_from_string (subject_pkey, | ||
169 | strlen (subject_pkey), | ||
170 | &attr->subject_key); | ||
171 | if (NULL != attr_str) | ||
172 | GNUNET_memcpy (&attr[1], | ||
173 | attr_str, | ||
174 | strlen (attr_str)); | ||
175 | |||
176 | |||
177 | return GNUNET_OK; | ||
178 | } | ||
139 | case GNUNET_GNSRECORD_TYPE_CREDENTIAL: | 179 | case GNUNET_GNSRECORD_TYPE_CREDENTIAL: |
140 | { | 180 | { |
141 | struct GNUNET_CREDENTIAL_CredentialRecordData *cred; | 181 | struct GNUNET_CREDENTIAL_CredentialRecordData *cred; |
@@ -183,7 +223,7 @@ credential_string_to_value (void *cls, | |||
183 | cred->expiration = GNUNET_htonll (etime_abs.abs_value_us); | 223 | cred->expiration = GNUNET_htonll (etime_abs.abs_value_us); |
184 | cred->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); | 224 | cred->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); |
185 | cred->purpose.size = htonl (strlen (name) + 1 + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | 225 | cred->purpose.size = htonl (strlen (name) + 1 + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + |
186 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + sizeof (uint64_t)); | 226 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + sizeof (uint64_t)); |
187 | GNUNET_free (sig); | 227 | GNUNET_free (sig); |
188 | GNUNET_memcpy (&cred[1], | 228 | GNUNET_memcpy (&cred[1], |
189 | name, | 229 | name, |
@@ -207,6 +247,7 @@ static struct { | |||
207 | uint32_t number; | 247 | uint32_t number; |
208 | } name_map[] = { | 248 | } name_map[] = { |
209 | { "CRED", GNUNET_GNSRECORD_TYPE_CREDENTIAL }, | 249 | { "CRED", GNUNET_GNSRECORD_TYPE_CREDENTIAL }, |
250 | { "ATTR", GNUNET_GNSRECORD_TYPE_ATTRIBUTE }, | ||
210 | { NULL, UINT32_MAX } | 251 | { NULL, UINT32_MAX } |
211 | }; | 252 | }; |
212 | 253 | ||
diff --git a/src/credential/test_credential_verify.sh b/src/credential/test_credential_verify.sh index 6e5ba4647..ab3c78f41 100755 --- a/src/credential/test_credential_verify.sh +++ b/src/credential/test_credential_verify.sh | |||
@@ -31,7 +31,8 @@ TEST_ATTR="user" | |||
31 | INTERMEDIATE_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testintermediate | awk '{print $3}') | 31 | INTERMEDIATE_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testintermediate | awk '{print $3}') |
32 | SUBJECT_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testsubject | awk '{print $3}') | 32 | SUBJECT_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testsubject | awk '{print $3}') |
33 | ISSUER_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testissuer | awk '{print $3}') | 33 | ISSUER_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testissuer | awk '{print $3}') |
34 | CRED=`$DO_TIMEOUT gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR -c test_credential_lookup.conf` | 34 | AUTHORITY_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testauthority | awk '{print $3}') |
35 | CRED=`$DO_TIMEOUT gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR --ttl=5m -c test_credential_lookup.conf` | ||
35 | 36 | ||
36 | TEST_CREDENTIAL="t1" | 37 | TEST_CREDENTIAL="t1" |
37 | gnunet-namestore -p -z testsubject -a -n $TEST_CREDENTIAL -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf | 38 | gnunet-namestore -p -z testsubject -a -n $TEST_CREDENTIAL -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf |
@@ -43,17 +44,13 @@ AUTHORITY_ATTR="test" | |||
43 | gnunet-namestore -p -z testauthority -a -n $AUTHORITY_ATTR -t ATTR -V "$INTERMEDIATE_KEY $INTERMEDIATE_ATTR.$TEST_ATTR" -e 5m -c test_credential_lookup.conf | 44 | gnunet-namestore -p -z testauthority -a -n $AUTHORITY_ATTR -t ATTR -V "$INTERMEDIATE_KEY $INTERMEDIATE_ATTR.$TEST_ATTR" -e 5m -c test_credential_lookup.conf |
44 | 45 | ||
45 | #TODO2 Add -z swich like in gnunet-gns | 46 | #TODO2 Add -z swich like in gnunet-gns |
46 | #RES_CRED=`$DO_TIMEOUT gnunet-credential --verify --issuer=$ISSUER_KEY --attribute="$TEST_ATTR" --subject=$SUBJECT_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf` | 47 | RES_CRED=`gnunet-credential --verify --issuer=$AUTHORITY_KEY --attribute=$AUTHORITY_ATTR --subject=$SUBJECT_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf` |
47 | valgrind gnunet-credential --verify --issuer=$AUTHORITY_KEY --attribute=$AUTHORITY_ATTR --subject=$SUBJECT_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf | ||
48 | 48 | ||
49 | #TODO cleanup properly | 49 | #TODO cleanup properly |
50 | gnunet-namestore -z testsubject -d -n $TEST_CREDENTIAL -t CRED -e never -c test_credential_lookup.conf | 50 | gnunet-namestore -z testsubject -d -n $TEST_CREDENTIAL -t CRED -e never -c test_credential_lookup.conf |
51 | gnunet-arm -e -c test_credential_lookup.conf | 51 | gnunet-arm -e -c test_credential_lookup.conf |
52 | 52 | ||
53 | #TODO3 proper test | 53 | if [ "$RES_CRED" == "Successful." ] |
54 | exit 0 | ||
55 | |||
56 | if [ "$RES_CRED" == "Ok!" ] | ||
57 | then | 54 | then |
58 | exit 0 | 55 | exit 0 |
59 | else | 56 | else |