diff options
Diffstat (limited to 'src/credential')
-rw-r--r-- | src/credential/Makefile.am | 6 | ||||
-rw-r--r-- | src/credential/credential.h | 2 | ||||
-rw-r--r-- | src/credential/credential_api.c | 24 | ||||
-rw-r--r-- | src/credential/credential_serialization.c | 215 | ||||
-rw-r--r-- | src/credential/credential_serialization.h | 81 | ||||
-rw-r--r-- | src/credential/gnunet-credential.c | 38 | ||||
-rw-r--r-- | src/credential/gnunet-service-credential.c | 114 | ||||
-rw-r--r-- | src/credential/plugin_rest_credential.c | 63 | ||||
-rwxr-xr-x | src/credential/test_credential_verify.sh | 5 |
9 files changed, 464 insertions, 84 deletions
diff --git a/src/credential/Makefile.am b/src/credential/Makefile.am index 13da9dc0f..51dbb34d7 100644 --- a/src/credential/Makefile.am +++ b/src/credential/Makefile.am | |||
@@ -63,8 +63,9 @@ libgnunet_plugin_gnsrecord_credential_la_LDFLAGS = \ | |||
63 | 63 | ||
64 | 64 | ||
65 | gnunet_service_credential_SOURCES = \ | 65 | gnunet_service_credential_SOURCES = \ |
66 | gnunet-service-credential.c | 66 | gnunet-service-credential.c |
67 | gnunet_service_credential_LDADD = \ | 67 | gnunet_service_credential_LDADD = \ |
68 | libgnunetcredential.la \ | ||
68 | $(top_builddir)/src/util/libgnunetutil.la \ | 69 | $(top_builddir)/src/util/libgnunetutil.la \ |
69 | $(top_builddir)/src/gns/libgnunetgns.la \ | 70 | $(top_builddir)/src/gns/libgnunetgns.la \ |
70 | $(top_builddir)/src/statistics/libgnunetstatistics.la \ | 71 | $(top_builddir)/src/statistics/libgnunetstatistics.la \ |
@@ -72,7 +73,8 @@ gnunet_service_credential_LDADD = \ | |||
72 | 73 | ||
73 | 74 | ||
74 | libgnunetcredential_la_SOURCES = \ | 75 | libgnunetcredential_la_SOURCES = \ |
75 | credential_api.c credential.h | 76 | credential_api.c credential.h \ |
77 | credential_serialization.c | ||
76 | libgnunetcredential_la_LIBADD = \ | 78 | libgnunetcredential_la_LIBADD = \ |
77 | $(top_builddir)/src/util/libgnunetutil.la $(XLIB) | 79 | $(top_builddir)/src/util/libgnunetutil.la $(XLIB) |
78 | libgnunetcredential_la_LDFLAGS = \ | 80 | libgnunetcredential_la_LDFLAGS = \ |
diff --git a/src/credential/credential.h b/src/credential/credential.h index d52776cfa..209fcdcaa 100644 --- a/src/credential/credential.h +++ b/src/credential/credential.h | |||
@@ -92,7 +92,7 @@ struct VerifyResultMessage | |||
92 | /** | 92 | /** |
93 | * The number of credentials in the response | 93 | * The number of credentials in the response |
94 | */ | 94 | */ |
95 | uint32_t cd_count GNUNET_PACKED; | 95 | uint32_t d_count GNUNET_PACKED; |
96 | 96 | ||
97 | /* followed by ad_count GNUNET_CREDENTIAL_RecordData structs*/ | 97 | /* followed by ad_count GNUNET_CREDENTIAL_RecordData structs*/ |
98 | 98 | ||
diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index 54a02484d..cae670206 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c | |||
@@ -30,6 +30,7 @@ | |||
30 | #include "gnunet_protocols.h" | 30 | #include "gnunet_protocols.h" |
31 | #include "gnunet_signatures.h" | 31 | #include "gnunet_signatures.h" |
32 | #include "credential.h" | 32 | #include "credential.h" |
33 | #include "credential_serialization.h" | ||
33 | #include "gnunet_credential_service.h" | 34 | #include "gnunet_credential_service.h" |
34 | #include "gnunet_identity_service.h" | 35 | #include "gnunet_identity_service.h" |
35 | 36 | ||
@@ -213,6 +214,10 @@ handle_result (void *cls, | |||
213 | struct GNUNET_CREDENTIAL_Handle *handle = cls; | 214 | struct GNUNET_CREDENTIAL_Handle *handle = cls; |
214 | uint32_t r_id = ntohl (vr_msg->id); | 215 | uint32_t r_id = ntohl (vr_msg->id); |
215 | struct GNUNET_CREDENTIAL_Request *vr; | 216 | struct GNUNET_CREDENTIAL_Request *vr; |
217 | size_t mlen = ntohs (vr_msg->header.size) - sizeof (*vr_msg); | ||
218 | uint32_t d_count = ntohl (vr_msg->d_count); | ||
219 | struct GNUNET_CREDENTIAL_Delegation d_chain[d_count]; | ||
220 | struct GNUNET_CREDENTIAL_Credential cred; | ||
216 | GNUNET_CREDENTIAL_VerifyResultProcessor proc; | 221 | GNUNET_CREDENTIAL_VerifyResultProcessor proc; |
217 | void *proc_cls; | 222 | void *proc_cls; |
218 | 223 | ||
@@ -229,24 +234,23 @@ handle_result (void *cls, | |||
229 | handle->verify_tail, | 234 | handle->verify_tail, |
230 | vr); | 235 | vr); |
231 | GNUNET_free (vr); | 236 | GNUNET_free (vr); |
232 | /** | ||
233 | GNUNET_assert (GNUNET_OK == | 237 | GNUNET_assert (GNUNET_OK == |
234 | GNUNET_CREDENTIAL_records_deserialize (mlen, | 238 | GNUNET_CREDENTIAL_delegation_chain_deserialize (mlen, |
235 | (const char*) &lookup_msg[1], | 239 | (const char*) &vr_msg[1], |
236 | rd_count, | 240 | d_count, |
237 | rd)); | 241 | d_chain, |
238 | */ | 242 | &cred)); |
239 | if (GNUNET_NO == ntohl (vr_msg->cred_found)) | 243 | if (GNUNET_NO == ntohl (vr_msg->cred_found)) |
240 | { | 244 | { |
241 | proc (proc_cls, | 245 | proc (proc_cls, |
242 | NULL, | ||
243 | 0, | 246 | 0, |
247 | NULL, | ||
244 | NULL); // TODO | 248 | NULL); // TODO |
245 | } else { | 249 | } else { |
246 | proc (proc_cls, | 250 | proc (proc_cls, |
247 | (struct GNUNET_CREDENTIAL_CredentialRecordData*) &vr_msg[1], | 251 | d_count, |
248 | 0, | 252 | d_chain, |
249 | NULL); | 253 | &cred); |
250 | } | 254 | } |
251 | } | 255 | } |
252 | 256 | ||
diff --git a/src/credential/credential_serialization.c b/src/credential/credential_serialization.c new file mode 100644 index 000000000..2fbcebd9f --- /dev/null +++ b/src/credential/credential_serialization.c | |||
@@ -0,0 +1,215 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2009-2013, 2016 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software; you can redistribute it and/or modify | ||
6 | it under the terms of the GNU General Public License as published | ||
7 | by the Free Software Foundation; either version 3, or (at your | ||
8 | option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU General Public License | ||
16 | along with GNUnet; see the file COPYING. If not, write to the | ||
17 | Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, | ||
18 | Boston, MA 02110-1301, USA. | ||
19 | */ | ||
20 | |||
21 | |||
22 | /** | ||
23 | * @file credential/credential_serialization.c | ||
24 | * @brief API to serialize and deserialize delegation chains | ||
25 | * and credentials | ||
26 | * @author Martin Schanzenbach | ||
27 | */ | ||
28 | #include "platform.h" | ||
29 | #include "gnunet_util_lib.h" | ||
30 | #include "gnunet_constants.h" | ||
31 | #include "gnunet_credential_service.h" | ||
32 | |||
33 | GNUNET_NETWORK_STRUCT_BEGIN | ||
34 | |||
35 | struct NetworkRecord | ||
36 | { | ||
37 | /** | ||
38 | * Issuer key | ||
39 | */ | ||
40 | struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; | ||
41 | |||
42 | /** | ||
43 | * Subject key | ||
44 | */ | ||
45 | struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; | ||
46 | |||
47 | /** | ||
48 | * Issuer attributes | ||
49 | */ | ||
50 | uint32_t issuer_attribute_len GNUNET_PACKED; | ||
51 | |||
52 | /** | ||
53 | * Subject attributes | ||
54 | */ | ||
55 | uint32_t subject_attribute_len GNUNET_PACKED; | ||
56 | }; | ||
57 | |||
58 | GNUNET_NETWORK_STRUCT_END | ||
59 | |||
60 | /** | ||
61 | * Calculate how many bytes we will need to serialize | ||
62 | * the given delegation chain and credential | ||
63 | * | ||
64 | * @param d_count number of delegation chain entries | ||
65 | * @param dd array of #GNUNET_CREDENTIAL_Delegation | ||
66 | * @param cd a #GNUNET_CREDENTIAL_Credential | ||
67 | * @return the required size to serialize | ||
68 | */ | ||
69 | size_t | ||
70 | GNUNET_CREDENTIAL_delegation_chain_get_size (unsigned int d_count, | ||
71 | const struct GNUNET_CREDENTIAL_Delegation *dd, | ||
72 | const struct GNUNET_CREDENTIAL_Credential *cd) | ||
73 | { | ||
74 | unsigned int i; | ||
75 | size_t ret; | ||
76 | |||
77 | ret = sizeof (struct NetworkRecord) * (d_count + 1); | ||
78 | |||
79 | for (i=0; i<d_count;i++) | ||
80 | { | ||
81 | GNUNET_assert ((ret + | ||
82 | dd[i].issuer_attribute_len + | ||
83 | dd[i].subject_attribute_len) >= ret); | ||
84 | ret += dd[i].issuer_attribute_len + dd[i].subject_attribute_len; | ||
85 | } | ||
86 | GNUNET_assert ((ret + cd->issuer_attribute_len) >= ret); | ||
87 | ret += cd->issuer_attribute_len; | ||
88 | return ret; | ||
89 | } | ||
90 | |||
91 | /** | ||
92 | * Serizalize the given delegation chain entries and credential | ||
93 | * | ||
94 | * @param d_count number of delegation chain entries | ||
95 | * @param dd array of #GNUNET_CREDENTIAL_Delegation | ||
96 | * @param cd a #GNUNET_CREDENTIAL_Credential | ||
97 | * @param dest_size size of the destination | ||
98 | * @param dest where to store the result | ||
99 | * @return the size of the data, -1 on failure | ||
100 | */ | ||
101 | ssize_t | ||
102 | GNUNET_CREDENTIAL_delegation_chain_serialize (unsigned int d_count, | ||
103 | const struct GNUNET_CREDENTIAL_Delegation *dd, | ||
104 | const struct GNUNET_CREDENTIAL_Credential *cd, | ||
105 | size_t dest_size, | ||
106 | char *dest) | ||
107 | { | ||
108 | struct NetworkRecord rec; | ||
109 | unsigned int i; | ||
110 | size_t off; | ||
111 | |||
112 | off = 0; | ||
113 | for (i=0;i<d_count;i++) | ||
114 | { | ||
115 | rec.issuer_attribute_len = htonl ((uint32_t) dd[i].issuer_attribute_len); | ||
116 | rec.subject_attribute_len = htonl ((uint32_t) dd[i].subject_attribute_len); | ||
117 | rec.issuer_key = dd[i].issuer_key; | ||
118 | rec.subject_key = dd[i].subject_key; | ||
119 | if (off + sizeof (rec) > dest_size) | ||
120 | return -1; | ||
121 | GNUNET_memcpy (&dest[off], | ||
122 | &rec, | ||
123 | sizeof (rec)); | ||
124 | off += sizeof (rec); | ||
125 | if (off + dd[i].issuer_attribute_len > dest_size) | ||
126 | return -1; | ||
127 | GNUNET_memcpy (&dest[off], | ||
128 | dd[i].issuer_attribute, | ||
129 | dd[i].issuer_attribute_len); | ||
130 | off += dd[i].issuer_attribute_len; | ||
131 | if (0 == dd[i].subject_attribute_len) | ||
132 | continue; | ||
133 | if (off + dd[i].subject_attribute_len > dest_size) | ||
134 | return -1; | ||
135 | GNUNET_memcpy (&dest[off], | ||
136 | dd[i].subject_attribute, | ||
137 | dd[i].subject_attribute_len); | ||
138 | off += dd[i].subject_attribute_len; | ||
139 | } | ||
140 | rec.issuer_attribute_len = htonl ((uint32_t) cd->issuer_attribute_len); | ||
141 | rec.subject_attribute_len = htonl (0); | ||
142 | rec.issuer_key = cd->issuer_key; | ||
143 | if (off + sizeof (rec) > dest_size) | ||
144 | return -1; | ||
145 | GNUNET_memcpy (&dest[off], | ||
146 | &rec, | ||
147 | sizeof (rec)); | ||
148 | off += sizeof (rec); | ||
149 | if (off + cd->issuer_attribute_len > dest_size) | ||
150 | return -1; | ||
151 | GNUNET_memcpy (&dest[off], | ||
152 | cd->issuer_attribute, | ||
153 | cd->issuer_attribute_len); | ||
154 | off += cd->issuer_attribute_len; | ||
155 | |||
156 | return off; | ||
157 | } | ||
158 | |||
159 | |||
160 | /** | ||
161 | * Deserialize the given destination | ||
162 | * | ||
163 | * @param len size of the serialized delegation chain and cred | ||
164 | * @param src the serialized data | ||
165 | * @param d_count the number of delegation chain entries | ||
166 | * @param dd where to put the delegation chain entries | ||
167 | * @param cd where to put the credential data | ||
168 | * @return #GNUNET_OK on success, #GNUNET_SYSERR on error | ||
169 | */ | ||
170 | int | ||
171 | GNUNET_CREDENTIAL_delegation_chain_deserialize (size_t len, | ||
172 | const char *src, | ||
173 | unsigned int d_count, | ||
174 | struct GNUNET_CREDENTIAL_Delegation *dd, | ||
175 | struct GNUNET_CREDENTIAL_Credential *cd) | ||
176 | { | ||
177 | struct NetworkRecord rec; | ||
178 | unsigned int i; | ||
179 | size_t off; | ||
180 | |||
181 | off = 0; | ||
182 | for (i=0;i<d_count;i++) | ||
183 | { | ||
184 | if (off + sizeof (rec) > len) | ||
185 | return GNUNET_SYSERR; | ||
186 | GNUNET_memcpy (&rec, &src[off], sizeof (rec)); | ||
187 | dd[i].issuer_attribute_len = ntohl ((uint32_t) rec.issuer_attribute_len); | ||
188 | dd[i].issuer_key = rec.issuer_key; | ||
189 | dd[i].subject_key = rec.subject_key; | ||
190 | off += sizeof (rec); | ||
191 | if (off + dd[i].issuer_attribute_len > len) | ||
192 | return GNUNET_SYSERR; | ||
193 | dd[i].issuer_attribute = &src[off]; | ||
194 | off += dd[i].issuer_attribute_len; | ||
195 | dd[i].subject_attribute_len = ntohl ((uint32_t) rec.subject_attribute_len); | ||
196 | if (off + dd[i].subject_attribute_len > len) | ||
197 | return GNUNET_SYSERR; | ||
198 | dd[i].subject_attribute = &src[off]; | ||
199 | off += dd[i].subject_attribute_len; | ||
200 | } | ||
201 | if (off + sizeof (rec) > len) | ||
202 | return GNUNET_SYSERR; | ||
203 | GNUNET_memcpy (&rec, &src[off], sizeof (rec)); | ||
204 | cd->issuer_attribute_len = ntohl ((uint32_t) rec.issuer_attribute_len); | ||
205 | cd->issuer_key = rec.issuer_key; | ||
206 | cd->subject_key = rec.subject_key; | ||
207 | off += sizeof (rec); | ||
208 | if (off + cd->issuer_attribute_len > len) | ||
209 | return GNUNET_SYSERR; | ||
210 | cd->issuer_attribute = &src[off]; | ||
211 | off += cd->issuer_attribute_len; | ||
212 | return GNUNET_OK; | ||
213 | } | ||
214 | |||
215 | /* end of credential_serialization.c */ | ||
diff --git a/src/credential/credential_serialization.h b/src/credential/credential_serialization.h new file mode 100644 index 000000000..7e984ce0a --- /dev/null +++ b/src/credential/credential_serialization.h | |||
@@ -0,0 +1,81 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2009-2013, 2016 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software; you can redistribute it and/or modify | ||
6 | it under the terms of the GNU General Public License as published | ||
7 | by the Free Software Foundation; either version 3, or (at your | ||
8 | option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU General Public License | ||
16 | along with GNUnet; see the file COPYING. If not, write to the | ||
17 | Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, | ||
18 | Boston, MA 02110-1301, USA. | ||
19 | */ | ||
20 | |||
21 | |||
22 | /** | ||
23 | * @file credential/credential_serialization.h | ||
24 | * @brief API to serialize and deserialize delegation chains | ||
25 | * and credentials | ||
26 | * @author Martin Schanzenbach | ||
27 | */ | ||
28 | #include "platform.h" | ||
29 | #include "gnunet_util_lib.h" | ||
30 | #include "gnunet_constants.h" | ||
31 | #include "gnunet_credential_service.h" | ||
32 | |||
33 | /** | ||
34 | * Calculate how many bytes we will need to serialize | ||
35 | * the given delegation chain and credential | ||
36 | * | ||
37 | * @param d_count number of delegation chain entries | ||
38 | * @param dd array of #GNUNET_CREDENTIAL_Delegation | ||
39 | * @param cd a #GNUNET_CREDENTIAL_Credential | ||
40 | * @return the required size to serialize | ||
41 | */ | ||
42 | size_t | ||
43 | GNUNET_CREDENTIAL_delegation_chain_get_size (unsigned int d_count, | ||
44 | const struct GNUNET_CREDENTIAL_Delegation *dd, | ||
45 | const struct GNUNET_CREDENTIAL_Credential *cd); | ||
46 | |||
47 | /** | ||
48 | * Serizalize the given delegation chain entries and credential | ||
49 | * | ||
50 | * @param d_count number of delegation chain entries | ||
51 | * @param dd array of #GNUNET_CREDENTIAL_Delegation | ||
52 | * @param cd a #GNUNET_CREDENTIAL_Credential | ||
53 | * @param dest_size size of the destination | ||
54 | * @param dest where to store the result | ||
55 | * @return the size of the data, -1 on failure | ||
56 | */ | ||
57 | ssize_t | ||
58 | GNUNET_CREDENTIAL_delegation_chain_serialize (unsigned int d_count, | ||
59 | const struct GNUNET_CREDENTIAL_Delegation *dd, | ||
60 | const struct GNUNET_CREDENTIAL_Credential *cd, | ||
61 | size_t dest_size, | ||
62 | char *dest); | ||
63 | |||
64 | |||
65 | /** | ||
66 | * Deserialize the given destination | ||
67 | * | ||
68 | * @param len size of the serialized delegation chain and cred | ||
69 | * @param src the serialized data | ||
70 | * @param d_count the number of delegation chain entries | ||
71 | * @param dd where to put the delegation chain entries | ||
72 | * @param cd where to put the credential data | ||
73 | * @return #GNUNET_OK on success, #GNUNET_SYSERR on error | ||
74 | */ | ||
75 | int | ||
76 | GNUNET_CREDENTIAL_delegation_chain_deserialize (size_t len, | ||
77 | const char *src, | ||
78 | unsigned int d_count, | ||
79 | struct GNUNET_CREDENTIAL_Delegation *dd, | ||
80 | struct GNUNET_CREDENTIAL_Credential *cd); | ||
81 | /* end of credential_serialization.h */ | ||
diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index d728f533d..82f0e349c 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c | |||
@@ -157,17 +157,43 @@ do_timeout (void *cls) | |||
157 | */ | 157 | */ |
158 | static void | 158 | static void |
159 | handle_verify_result (void *cls, | 159 | handle_verify_result (void *cls, |
160 | struct GNUNET_CREDENTIAL_CredentialRecordData *cred, | 160 | unsigned int d_count, |
161 | uint32_t delegation_count, | 161 | struct GNUNET_CREDENTIAL_Delegation *dc, |
162 | struct GNUNET_CREDENTIAL_AttributeRecordData *deleg) | 162 | struct GNUNET_CREDENTIAL_Credential *cred) |
163 | { | 163 | { |
164 | 164 | int i; | |
165 | 165 | ||
166 | verify_request = NULL; | 166 | verify_request = NULL; |
167 | if (NULL == cred) | 167 | if (NULL == cred) |
168 | printf ("Verify failed.\n"); | 168 | printf ("Failed.\n"); |
169 | else | 169 | else |
170 | { | ||
171 | for (i=0;i<d_count;i++) | ||
172 | { | ||
173 | char iss_attr[dc[i].issuer_attribute_len]; | ||
174 | char* iss_key = GNUNET_CRYPTO_ecdsa_public_key_to_string (&dc[i].issuer_key); | ||
175 | char* sub_key = GNUNET_CRYPTO_ecdsa_public_key_to_string (&dc[i].subject_key); | ||
176 | |||
177 | char sub_attr[dc[i].subject_attribute_len]; | ||
178 | memcpy (iss_attr, | ||
179 | dc[i].issuer_attribute, | ||
180 | dc[i].issuer_attribute_len); | ||
181 | iss_attr[dc[i].issuer_attribute_len] = '\0'; | ||
182 | printf ("%s.%s <- ",iss_key, iss_attr); | ||
183 | printf ("%s",sub_key); | ||
184 | if (0 != dc[i].subject_attribute_len) | ||
185 | { | ||
186 | memcpy (sub_attr, | ||
187 | dc[i].subject_attribute, | ||
188 | dc[i].subject_attribute_len); | ||
189 | sub_attr[dc[i].subject_attribute_len] = '\0'; | ||
190 | |||
191 | printf (".%s",sub_attr); | ||
192 | } | ||
193 | printf ("\n"); | ||
194 | } | ||
170 | printf ("Successful.\n"); | 195 | printf ("Successful.\n"); |
196 | } | ||
171 | 197 | ||
172 | 198 | ||
173 | GNUNET_SCHEDULER_shutdown (); | 199 | GNUNET_SCHEDULER_shutdown (); |
@@ -209,7 +235,7 @@ identity_cb (void *cls, | |||
209 | GNUNET_SCHEDULER_shutdown (); | 235 | GNUNET_SCHEDULER_shutdown (); |
210 | return; | 236 | return; |
211 | } else if (GNUNET_OK == GNUNET_STRINGS_fancy_time_to_relative (expiration, | 237 | } else if (GNUNET_OK == GNUNET_STRINGS_fancy_time_to_relative (expiration, |
212 | &etime_rel)) | 238 | &etime_rel)) |
213 | { | 239 | { |
214 | etime_abs = GNUNET_TIME_relative_to_absolute (etime_rel); | 240 | etime_abs = GNUNET_TIME_relative_to_absolute (etime_rel); |
215 | } else if (GNUNET_OK != GNUNET_STRINGS_fancy_time_to_absolute (expiration, | 241 | } else if (GNUNET_OK != GNUNET_STRINGS_fancy_time_to_absolute (expiration, |
diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index 38d74e2ab..74e1e1cd2 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c | |||
@@ -27,6 +27,7 @@ | |||
27 | #include "gnunet_credential_service.h" | 27 | #include "gnunet_credential_service.h" |
28 | #include "gnunet_statistics_service.h" | 28 | #include "gnunet_statistics_service.h" |
29 | #include "credential.h" | 29 | #include "credential.h" |
30 | #include "credential_serialization.h" | ||
30 | #include "gnunet_protocols.h" | 31 | #include "gnunet_protocols.h" |
31 | #include "gnunet_signatures.h" | 32 | #include "gnunet_signatures.h" |
32 | 33 | ||
@@ -165,6 +166,11 @@ struct DelegationQueueEntry | |||
165 | * The delegation chain entry | 166 | * The delegation chain entry |
166 | */ | 167 | */ |
167 | struct GNUNET_CREDENTIAL_DelegationChainEntry *delegation_chain_entry; | 168 | struct GNUNET_CREDENTIAL_DelegationChainEntry *delegation_chain_entry; |
169 | |||
170 | /** | ||
171 | * Delegation chain length until now | ||
172 | */ | ||
173 | uint32_t d_count; | ||
168 | }; | 174 | }; |
169 | 175 | ||
170 | 176 | ||
@@ -221,11 +227,6 @@ struct VerifyRequestHandle | |||
221 | struct CredentialRecordEntry *cred_chain_tail; | 227 | struct CredentialRecordEntry *cred_chain_tail; |
222 | 228 | ||
223 | /** | 229 | /** |
224 | * Number of chain entries | ||
225 | */ | ||
226 | uint32_t cred_chain_entries; | ||
227 | |||
228 | /** | ||
229 | * Delegation Queue | 230 | * Delegation Queue |
230 | */ | 231 | */ |
231 | struct DelegationQueueEntry *chain_start; | 232 | struct DelegationQueueEntry *chain_start; |
@@ -251,6 +252,11 @@ struct VerifyRequestHandle | |||
251 | uint32_t credential_size; | 252 | uint32_t credential_size; |
252 | 253 | ||
253 | /** | 254 | /** |
255 | * Length of found delegation chain | ||
256 | */ | ||
257 | uint32_t d_count; | ||
258 | |||
259 | /** | ||
254 | * request id | 260 | * request id |
255 | */ | 261 | */ |
256 | uint32_t request_id; | 262 | uint32_t request_id; |
@@ -439,65 +445,92 @@ send_lookup_response (struct VerifyRequestHandle *vrh) | |||
439 | struct GNUNET_MQ_Envelope *env; | 445 | struct GNUNET_MQ_Envelope *env; |
440 | struct VerifyResultMessage *rmsg; | 446 | struct VerifyResultMessage *rmsg; |
441 | struct DelegationQueueEntry *dq_entry; | 447 | struct DelegationQueueEntry *dq_entry; |
442 | char *write_ptr; | ||
443 | size_t size = vrh->credential_size; | 448 | size_t size = vrh->credential_size; |
449 | struct GNUNET_CREDENTIAL_Delegation dd[vrh->d_count]; | ||
450 | struct GNUNET_CREDENTIAL_Credential cred; | ||
444 | 451 | ||
445 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 452 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
446 | "Sending response\n"); | 453 | "Sending response\n"); |
447 | 454 | dq_entry = vrh->chain_end; | |
448 | for (dq_entry = vrh->chain_end; NULL != dq_entry; dq_entry = dq_entry->parent) | 455 | for (int i=0; i<vrh->d_count; i++) |
449 | { | 456 | { |
450 | if (NULL == dq_entry->delegation_chain_entry) | 457 | dd[i].issuer_key = dq_entry->delegation_chain_entry->issuer_key; |
451 | break; | 458 | dd[i].subject_key = dq_entry->delegation_chain_entry->subject_key; |
452 | size += sizeof (struct GNUNET_CREDENTIAL_DelegationChainEntry); | 459 | dd[i].issuer_attribute = dq_entry->delegation_chain_entry->issuer_attribute; |
460 | dd[i].issuer_attribute_len = strlen (dq_entry->delegation_chain_entry->issuer_attribute); | ||
461 | dd[i].subject_attribute_len = 0; | ||
453 | if (NULL != dq_entry->delegation_chain_entry->subject_attribute) | 462 | if (NULL != dq_entry->delegation_chain_entry->subject_attribute) |
454 | size += strlen (dq_entry->delegation_chain_entry->subject_attribute) + 1; | 463 | { |
455 | size += strlen(dq_entry->delegation_chain_entry->issuer_attribute) + 1; | 464 | dd[i].subject_attribute = dq_entry->delegation_chain_entry->subject_attribute; |
465 | dd[i].subject_attribute_len = strlen(dq_entry->delegation_chain_entry->subject_attribute); | ||
466 | } | ||
467 | dq_entry = dq_entry->parent; | ||
456 | } | 468 | } |
457 | 469 | ||
470 | /** | ||
471 | * Get serialized record data | ||
472 | * Append at the end of rmsg | ||
473 | */ | ||
474 | cred.issuer_key = vrh->credential->issuer_key; | ||
475 | cred.subject_key = vrh->credential->issuer_key; | ||
476 | cred.issuer_attribute_len = strlen((char*)&vrh->credential[1]); | ||
477 | cred.issuer_attribute = (char*)&vrh->credential[1]; | ||
478 | size = GNUNET_CREDENTIAL_delegation_chain_get_size (vrh->d_count, | ||
479 | dd, | ||
480 | &cred); | ||
458 | env = GNUNET_MQ_msg_extra (rmsg, | 481 | env = GNUNET_MQ_msg_extra (rmsg, |
459 | size, | 482 | size, |
460 | GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT); | 483 | GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT); |
461 | //Assign id so that client can find associated request | 484 | //Assign id so that client can find associated request |
462 | rmsg->id = vrh->request_id; | 485 | rmsg->id = vrh->request_id; |
463 | rmsg->cd_count = htonl (vrh->cred_chain_entries); | 486 | rmsg->d_count = htonl (vrh->d_count); |
464 | |||
465 | /** | ||
466 | * Get serialized record data | ||
467 | * Append at the end of rmsg | ||
468 | */ | ||
469 | rmsg->cred_found = htonl (GNUNET_NO); | ||
470 | 487 | ||
471 | if (NULL != vrh->credential) | 488 | if (NULL != vrh->credential) |
472 | { | ||
473 | memcpy (&rmsg[1], | ||
474 | vrh->credential, | ||
475 | vrh->credential_size); | ||
476 | rmsg->cred_found = htonl (GNUNET_YES); | 489 | rmsg->cred_found = htonl (GNUNET_YES); |
477 | } | 490 | else |
491 | rmsg->cred_found = htonl (GNUNET_NO); | ||
492 | |||
493 | GNUNET_assert (-1 != GNUNET_CREDENTIAL_delegation_chain_serialize (vrh->d_count, | ||
494 | dd, | ||
495 | &cred, | ||
496 | size, | ||
497 | (char*)&rmsg[1])); | ||
498 | |||
499 | |||
500 | /*for (dq_entry = vrh->chain_end; NULL != dq_entry; dq_entry = dq_entry->parent) | ||
501 | { | ||
502 | if (NULL == dq_entry->delegation_chain_entry) | ||
503 | break; | ||
504 | size += sizeof (struct GNUNET_CREDENTIAL_DelegationChainEntry); | ||
505 | if (NULL != dq_entry->delegation_chain_entry->subject_attribute) | ||
506 | size += strlen (dq_entry->delegation_chain_entry->subject_attribute) + 1; | ||
507 | size += strlen(dq_entry->delegation_chain_entry->issuer_attribute) + 1; | ||
508 | d_count++; | ||
509 | }*/ | ||
510 | |||
478 | //TODO refactor into serializer module | 511 | //TODO refactor into serializer module |
479 | write_ptr = (char*)&rmsg[1] + vrh->credential_size; | 512 | /*write_ptr = (char*)&rmsg[1] + vrh->credential_size; |
480 | for (dq_entry = vrh->chain_end; NULL != dq_entry; dq_entry = dq_entry->parent) | 513 | for (dq_entry = vrh->chain_end; NULL != dq_entry; dq_entry = dq_entry->parent) |
481 | { | 514 | { |
482 | if (NULL == dq_entry->delegation_chain_entry) | 515 | if (NULL == dq_entry->delegation_chain_entry) |
483 | break; | 516 | break; |
484 | memcpy (write_ptr, | 517 | memcpy (write_ptr, |
485 | dq_entry->delegation_chain_entry, | 518 | dq_entry->delegation_chain_entry, |
486 | sizeof (struct GNUNET_CREDENTIAL_DelegationChainEntry)); | 519 | sizeof (struct GNUNET_CREDENTIAL_DelegationChainEntry)); |
487 | write_ptr += sizeof (struct GNUNET_CREDENTIAL_DelegationChainEntry); | 520 | write_ptr += sizeof (struct GNUNET_CREDENTIAL_DelegationChainEntry); |
488 | if (NULL != dq_entry->delegation_chain_entry->subject_attribute) | 521 | if (NULL != dq_entry->delegation_chain_entry->subject_attribute) |
489 | { | 522 | { |
490 | GNUNET_snprintf (write_ptr, | 523 | GNUNET_snprintf (write_ptr, |
491 | strlen (dq_entry->delegation_chain_entry->subject_attribute) + 2, | 524 | strlen (dq_entry->delegation_chain_entry->subject_attribute) + 2, |
492 | "%s;", | 525 | "%s;", |
493 | dq_entry->delegation_chain_entry->subject_attribute); | 526 | dq_entry->delegation_chain_entry->subject_attribute); |
494 | write_ptr += strlen (dq_entry->delegation_chain_entry->subject_attribute) + 1; | 527 | write_ptr += strlen (dq_entry->delegation_chain_entry->subject_attribute) + 1; |
495 | } | 528 | } |
496 | memcpy (write_ptr, | 529 | memcpy (write_ptr, |
497 | dq_entry->delegation_chain_entry->issuer_attribute, | 530 | dq_entry->delegation_chain_entry->issuer_attribute, |
498 | strlen(dq_entry->delegation_chain_entry->issuer_attribute)); | 531 | strlen(dq_entry->delegation_chain_entry->issuer_attribute)); |
499 | write_ptr += strlen(dq_entry->delegation_chain_entry->issuer_attribute) + 1; | 532 | write_ptr += strlen(dq_entry->delegation_chain_entry->issuer_attribute) + 1; |
500 | } | 533 | }*/ |
501 | GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(vrh->client), | 534 | GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(vrh->client), |
502 | env); | 535 | env); |
503 | GNUNET_CONTAINER_DLL_remove (vrh_head, vrh_tail, vrh); | 536 | GNUNET_CONTAINER_DLL_remove (vrh_head, vrh_tail, vrh); |
@@ -580,6 +613,7 @@ backward_resolution (void* cls, | |||
580 | dq_entry->delegation_chain_entry->issuer_attribute = GNUNET_strdup (current_delegation->lookup_attribute); | 613 | dq_entry->delegation_chain_entry->issuer_attribute = GNUNET_strdup (current_delegation->lookup_attribute); |
581 | 614 | ||
582 | dq_entry->parent = current_delegation; | 615 | dq_entry->parent = current_delegation; |
616 | dq_entry->d_count = current_delegation->d_count + 1; | ||
583 | GNUNET_CONTAINER_DLL_insert (current_delegation->children_head, | 617 | GNUNET_CONTAINER_DLL_insert (current_delegation->children_head, |
584 | current_delegation->children_tail, | 618 | current_delegation->children_tail, |
585 | dq_entry); | 619 | dq_entry); |
@@ -608,6 +642,7 @@ backward_resolution (void* cls, | |||
608 | vrh->credential = GNUNET_malloc (cred_pointer->data_size); | 642 | vrh->credential = GNUNET_malloc (cred_pointer->data_size); |
609 | vrh->credential_size = cred_pointer->data_size; | 643 | vrh->credential_size = cred_pointer->data_size; |
610 | vrh->chain_end = dq_entry; | 644 | vrh->chain_end = dq_entry; |
645 | vrh->d_count = dq_entry->d_count; | ||
611 | //Found match | 646 | //Found match |
612 | send_lookup_response (vrh); | 647 | send_lookup_response (vrh); |
613 | return; | 648 | return; |
@@ -743,6 +778,7 @@ handle_credential_query (void* cls, | |||
743 | dq_entry->issuer_attribute = GNUNET_strdup (vrh->issuer_attribute); | 778 | dq_entry->issuer_attribute = GNUNET_strdup (vrh->issuer_attribute); |
744 | dq_entry->handle = vrh; | 779 | dq_entry->handle = vrh; |
745 | dq_entry->lookup_attribute = GNUNET_strdup (vrh->issuer_attribute); | 780 | dq_entry->lookup_attribute = GNUNET_strdup (vrh->issuer_attribute); |
781 | dq_entry->d_count = 0; | ||
746 | vrh->chain_start = dq_entry; | 782 | vrh->chain_start = dq_entry; |
747 | vrh->pending_lookups = 1; | 783 | vrh->pending_lookups = 1; |
748 | //Start with backward resolution | 784 | //Start with backward resolution |
diff --git a/src/credential/plugin_rest_credential.c b/src/credential/plugin_rest_credential.c index 137f55c47..798f76049 100644 --- a/src/credential/plugin_rest_credential.c +++ b/src/credential/plugin_rest_credential.c | |||
@@ -186,22 +186,45 @@ do_error (void *cls) | |||
186 | * @return JSON, NULL if failed | 186 | * @return JSON, NULL if failed |
187 | */ | 187 | */ |
188 | static json_t* | 188 | static json_t* |
189 | attribute_delegation_to_json (struct GNUNET_CREDENTIAL_AttributeRecordData *attr) | 189 | attribute_delegation_to_json (struct GNUNET_CREDENTIAL_Delegation *delegation_chain_entry) |
190 | { | 190 | { |
191 | char *subject; | 191 | char *subject; |
192 | char *attribute; | 192 | char *issuer; |
193 | char iss_attribute[delegation_chain_entry->issuer_attribute_len]; | ||
194 | char sub_attribute[delegation_chain_entry->subject_attribute_len]; | ||
193 | json_t *attr_obj; | 195 | json_t *attr_obj; |
194 | 196 | ||
195 | subject = GNUNET_CRYPTO_ecdsa_public_key_to_string (&attr->subject_key); | 197 | issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string (&delegation_chain_entry->issuer_key); |
198 | { | ||
199 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
200 | "Issuer in delegation malformed\n"); | ||
201 | return NULL; | ||
202 | } | ||
203 | subject = GNUNET_CRYPTO_ecdsa_public_key_to_string (&delegation_chain_entry->subject_key); | ||
196 | { | 204 | { |
197 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 205 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
198 | "Subject in credential malformed\n"); | 206 | "Subject in credential malformed\n"); |
207 | GNUNET_free (issuer); | ||
199 | return NULL; | 208 | return NULL; |
200 | } | 209 | } |
201 | attribute = (char*)&attr[1]; | ||
202 | attr_obj = json_object (); | 210 | attr_obj = json_object (); |
211 | memcpy (iss_attribute, | ||
212 | delegation_chain_entry->issuer_attribute, | ||
213 | delegation_chain_entry->issuer_attribute_len); | ||
214 | iss_attribute[delegation_chain_entry->issuer_attribute_len] = '\0'; | ||
215 | |||
203 | json_object_set_new (attr_obj, "subject", json_string (subject)); | 216 | json_object_set_new (attr_obj, "subject", json_string (subject)); |
204 | json_object_set_new (attr_obj, "attribute", json_string (attribute)); | 217 | json_object_set_new (attr_obj, "issuer", json_string (issuer)); |
218 | json_object_set_new (attr_obj, "issuer_attribute", json_string (iss_attribute)); | ||
219 | |||
220 | if (0 < delegation_chain_entry->subject_attribute_len) | ||
221 | { | ||
222 | memcpy (sub_attribute, | ||
223 | delegation_chain_entry->subject_attribute, | ||
224 | delegation_chain_entry->subject_attribute_len); | ||
225 | sub_attribute[delegation_chain_entry->subject_attribute_len] = '\0'; | ||
226 | json_object_set_new (attr_obj, "subject_attribute", json_string (sub_attribute)); | ||
227 | } | ||
205 | GNUNET_free (subject); | 228 | GNUNET_free (subject); |
206 | return attr_obj; | 229 | return attr_obj; |
207 | } | 230 | } |
@@ -212,14 +235,11 @@ attribute_delegation_to_json (struct GNUNET_CREDENTIAL_AttributeRecordData *attr | |||
212 | * @return the resulting json, NULL if failed | 235 | * @return the resulting json, NULL if failed |
213 | */ | 236 | */ |
214 | static json_t* | 237 | static json_t* |
215 | credential_to_json (struct GNUNET_CREDENTIAL_CredentialRecordData *cred) | 238 | credential_to_json (struct GNUNET_CREDENTIAL_Credential *cred) |
216 | { | 239 | { |
217 | struct GNUNET_TIME_Absolute exp; | ||
218 | const char* exp_str; | ||
219 | char *issuer; | 240 | char *issuer; |
220 | char *subject; | 241 | char *subject; |
221 | char *attribute; | 242 | char attribute[cred->issuer_attribute_len + 1]; |
222 | char *signature; | ||
223 | json_t *cred_obj; | 243 | json_t *cred_obj; |
224 | 244 | ||
225 | issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->issuer_key); | 245 | issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->issuer_key); |
@@ -237,21 +257,16 @@ credential_to_json (struct GNUNET_CREDENTIAL_CredentialRecordData *cred) | |||
237 | GNUNET_free (issuer); | 257 | GNUNET_free (issuer); |
238 | return NULL; | 258 | return NULL; |
239 | } | 259 | } |
240 | GNUNET_STRINGS_base64_encode ((char*)&cred->signature, | 260 | memcpy (attribute, |
241 | sizeof (struct GNUNET_CRYPTO_EcdsaSignature), | 261 | cred->issuer_attribute, |
242 | &signature); | 262 | cred->issuer_attribute_len); |
243 | attribute = (char*)&cred[1]; | 263 | attribute[cred->issuer_attribute_len] = '\0'; |
244 | exp.abs_value_us = ntohs (cred->expiration); | ||
245 | exp_str = GNUNET_STRINGS_absolute_time_to_string (exp); | ||
246 | cred_obj = json_object (); | 264 | cred_obj = json_object (); |
247 | json_object_set_new (cred_obj, "issuer", json_string (issuer)); | 265 | json_object_set_new (cred_obj, "issuer", json_string (issuer)); |
248 | json_object_set_new (cred_obj, "subject", json_string (subject)); | 266 | json_object_set_new (cred_obj, "subject", json_string (subject)); |
249 | json_object_set_new (cred_obj, "attribute", json_string (attribute)); | 267 | json_object_set_new (cred_obj, "attribute", json_string (attribute)); |
250 | json_object_set_new (cred_obj, "signature", json_string (signature)); | ||
251 | json_object_set_new (cred_obj, "expiration", json_string (exp_str)); | ||
252 | GNUNET_free (issuer); | 268 | GNUNET_free (issuer); |
253 | GNUNET_free (subject); | 269 | GNUNET_free (subject); |
254 | GNUNET_free (signature); | ||
255 | return cred_obj; | 270 | return cred_obj; |
256 | } | 271 | } |
257 | 272 | ||
@@ -264,9 +279,9 @@ credential_to_json (struct GNUNET_CREDENTIAL_CredentialRecordData *cred) | |||
264 | */ | 279 | */ |
265 | static void | 280 | static void |
266 | handle_verify_response (void *cls, | 281 | handle_verify_response (void *cls, |
267 | struct GNUNET_CREDENTIAL_CredentialRecordData *cred, | 282 | unsigned int d_count, |
268 | uint32_t delegation_count, | 283 | struct GNUNET_CREDENTIAL_Delegation *delegation_chain, |
269 | struct GNUNET_CREDENTIAL_AttributeRecordData *deleg) | 284 | struct GNUNET_CREDENTIAL_Credential *cred) |
270 | { | 285 | { |
271 | 286 | ||
272 | struct VerifyHandle *handle = cls; | 287 | struct VerifyHandle *handle = cls; |
@@ -292,9 +307,9 @@ handle_verify_response (void *cls, | |||
292 | handle->issuer_attr); | 307 | handle->issuer_attr); |
293 | cred_obj = credential_to_json (cred); | 308 | cred_obj = credential_to_json (cred); |
294 | result_array = json_array (); | 309 | result_array = json_array (); |
295 | for (i = 0; i < delegation_count; i++) | 310 | for (i = 0; i < d_count; i++) |
296 | { | 311 | { |
297 | attr_obj = attribute_delegation_to_json (&(deleg[i])); | 312 | attr_obj = attribute_delegation_to_json (&delegation_chain[i]); |
298 | json_array_append (result_array, attr_obj); | 313 | json_array_append (result_array, attr_obj); |
299 | json_decref (attr_obj); | 314 | json_decref (attr_obj); |
300 | } | 315 | } |
diff --git a/src/credential/test_credential_verify.sh b/src/credential/test_credential_verify.sh index 3b76d20e5..012341f5f 100755 --- a/src/credential/test_credential_verify.sh +++ b/src/credential/test_credential_verify.sh | |||
@@ -67,10 +67,11 @@ gnunet-namestore -z gnunet -d -n $MEMBER_ATTR -t ATTR -c test_credential_lookup. | |||
67 | gnunet-namestore -z service -d -n $USER_ATTR -t ATTR -c test_credential_lookup.conf | 67 | gnunet-namestore -z service -d -n $USER_ATTR -t ATTR -c test_credential_lookup.conf |
68 | gnunet-arm -e -c test_credential_lookup.conf | 68 | gnunet-arm -e -c test_credential_lookup.conf |
69 | 69 | ||
70 | if [ "$RES_CRED" == "Successful." ] | 70 | if [ "$RES_CRED" != "Failed." ] |
71 | then | 71 | then |
72 | echo $RES_CRED | ||
72 | exit 0 | 73 | exit 0 |
73 | else | 74 | else |
74 | echo "FAIL: Failed to verify credential $RES_IP." | 75 | echo "FAIL: Failed to verify credential $RES_CRED." |
75 | exit 1 | 76 | exit 1 |
76 | fi | 77 | fi |