1 files changed, 116 insertions, 67 deletions
diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c
index 6d99e8467..85291d69a 100644
--- a/src/identity-provider/gnunet-service-identity-provider.c
+++ b/src/identity-provider/gnunet-service-identity-provider.c
@@ -903,6 +903,7 @@ serialize_abe_keyinfo2 (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
  GNUNET_memcpy (write_ptr,
                 serialized_key,
                 size);
+  GNUNET_free (serialized_key);
  // ECDH keypair E = eG
  *ecdh_privkey = GNUNET_CRYPTO_ecdhe_key_create();
  GNUNET_CRYPTO_ecdhe_key_get_public (*ecdh_privkey,
@@ -944,6 +945,7 @@ issue_ticket_after_abe_bootstrap (void *cls,
  char *code_record_data;
  char **attrs;
  char *label;
+  char *policy;
  int attrs_len;
  int i;
  size_t code_record_len;
@@ -955,7 +957,13 @@ issue_ticket_after_abe_bootstrap (void *cls,
  attrs = GNUNET_malloc ((attrs_len + 1)*sizeof (char*));
  i = 0;
  for (le = ih->attrs->list_head; NULL != le; le = le->next) {
-    attrs[i] = (char*) le->attribute->name;
+    GNUNET_asprintf (&policy, "%s_%lu",
+                     le->attribute->name,
+                     le->attribute->attribute_version);
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Adding attribute to key: %s\n",
+                policy);
+    attrs[i] = policy;
    i++;
  }
  attrs[i] = NULL;
@@ -984,12 +992,15 @@ issue_ticket_after_abe_bootstrap (void *cls,
                                              code_record,
                                              &store_ticket_issue_cont,
                                              ih);
+  //for (; i > 0; i--)
+  //  GNUNET_free (attrs[i-1]);
  GNUNET_free (ecdhe_privkey);
  GNUNET_free (label);
  GNUNET_free (attrs);
  GNUNET_free (code_record_data);
+  GNUNET_CRYPTO_cpabe_delete_key (rp_key,
+                                  GNUNET_YES);
  GNUNET_CRYPTO_cpabe_delete_master_key (abe_key);
-  GNUNET_CRYPTO_cpabe_delete_key (rp_key);
 }
@@ -1107,6 +1118,16 @@ ticket_reissue_proc (void *cls,
                     const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
                     const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs);
+static void
+revocation_reissue_tickets (struct TicketRevocationHandle *rh);
+static void reissue_next (void *cls)
+{
+  struct TicketRevocationHandle *rh = cls;
+  revocation_reissue_tickets (rh);
+}
 static void
 reissue_ticket_cont (void *cls,
@@ -1114,7 +1135,6 @@ reissue_ticket_cont (void *cls,
                     const char *emsg)
 {
  struct TicketRevocationHandle *rh = cls;
-  int ret;
  rh->ns_qe = NULL;
  if (GNUNET_SYSERR == success)
@@ -1125,25 +1145,10 @@ reissue_ticket_cont (void *cls,
    cleanup_revoke_ticket_handle (rh);
    return;
  }
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Continue DB iteration\n");
  rh->offset++;
-  GNUNET_assert (GNUNET_SYSERR != (ret =
+  GNUNET_SCHEDULER_add_now (&reissue_next, rh);
-                                   TKT_database->iterate_tickets (TKT_database->cls,
-                                                                  &rh->ticket.identity,
-                                                                  GNUNET_NO,
-                                                                  rh->offset,
-                                                                  &ticket_reissue_proc,
-                                                                  rh)));
-  if (GNUNET_NO == ret)
-  {
-    send_revocation_finished (rh, GNUNET_OK);
-    cleanup_revoke_ticket_handle (rh);
-  }
 }
-static void
-revocation_reissue_tickets (struct TicketRevocationHandle *rh);
 /**
 * Process ticket from database
@@ -1177,8 +1182,18 @@ ticket_reissue_proc (void *cls,
  {
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "Iteration done\n");
-    send_revocation_finished (rh, GNUNET_OK);
+    return;
-    cleanup_revoke_ticket_handle (rh);
+  }
+  if (0 == memcmp (&ticket->audience,
+                   &rh->ticket.audience,
+                   sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Do not reissue for this identity.!\n");
+    rh->offset++;
+    GNUNET_SCHEDULER_add_now (&reissue_next, rh);
    return;
  }
@@ -1196,19 +1211,20 @@ ticket_reissue_proc (void *cls,
                       le->attribute->name))
      {
        reissue_ticket = GNUNET_YES;
-        break;
+        le->attribute->attribute_version = le_rollover->attribute->attribute_version;
      }
    }
-    if (GNUNET_YES == reissue_ticket)
-      break;
  }
  if (GNUNET_NO == reissue_ticket)
  {
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "Skipping ticket.\n");
    rh->offset++;
-    revocation_reissue_tickets (rh);
+    GNUNET_SCHEDULER_add_now (&reissue_next, rh);
    return;
  }
@@ -1222,7 +1238,7 @@ ticket_reissue_proc (void *cls,
  attr_arr = GNUNET_malloc ((attrs_len + 1)*sizeof (char*));
  i = 0;
  for (le = attrs->list_head; NULL != le; le = le->next) {
-    GNUNET_asprintf (&policy, "%s:%lu",
+    GNUNET_asprintf (&policy, "%s_%lu",
                     le->attribute->name,
                     le->attribute->attribute_version);
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -1235,7 +1251,7 @@ ticket_reissue_proc (void *cls,
                                           attr_arr);
  //TODO review this wireformat
-  code_record_len = serialize_abe_keyinfo2 (&rh->ticket,
+  code_record_len = serialize_abe_keyinfo2 (ticket,
                                            attrs,
                                            rp_key,
                                            &ecdhe_privkey,
@@ -1256,13 +1272,13 @@ ticket_reissue_proc (void *cls,
                                              code_record,
                                              &reissue_ticket_cont,
                                              rh);
-  for (; i > 0; i--)
+  //for (; i > 0; i--)
-    GNUNET_free (attr_arr[i-1]);
+  //  GNUNET_free (attr_arr[i-1]);
  GNUNET_free (ecdhe_privkey);
  GNUNET_free (label);
  GNUNET_free (attr_arr);
  GNUNET_free (code_record_data);
-  GNUNET_CRYPTO_cpabe_delete_key (rp_key);
+  GNUNET_CRYPTO_cpabe_delete_key (rp_key, GNUNET_YES);
 }
@@ -1278,7 +1294,7 @@ revocation_reissue_tickets (struct TicketRevocationHandle *rh)
  int ret;
  /* Done, issue new keys */
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "Revocation Phase IV: Reissuing Tickets\n");
+              "Revocation Phase III: Reissuing Tickets\n");
  if (GNUNET_SYSERR == (ret = TKT_database->iterate_tickets (TKT_database->cls,
                                                             &rh->ticket.identity,
                                                             GNUNET_NO,
@@ -1292,8 +1308,8 @@ revocation_reissue_tickets (struct TicketRevocationHandle *rh)
  {
    send_revocation_finished (rh, GNUNET_OK);
    cleanup_revoke_ticket_handle (rh);
+    return;
  }
 }
 /**
@@ -1322,9 +1338,11 @@ reenc_next_attribute (struct TicketRevocationHandle *rh)
  attribute_serialize (rh->attrs->list_head->attribute,
                       buf);
  rh->attrs->list_head->attribute->attribute_version++;
-  GNUNET_asprintf (&policy, "%s:%lu",
+  GNUNET_asprintf (&policy, "%s_%lu",
                   rh->attrs->list_head->attribute->name,
                   rh->attrs->list_head->attribute->attribute_version);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Encrypting with policy %s\n", policy);
  /**
   * Encrypt the attribute value and store in namestore
   */
@@ -1388,6 +1406,7 @@ attr_reenc_cont (void *cls,
  GNUNET_CONTAINER_DLL_remove (rh->attrs->list_head,
                               rh->attrs->list_tail,
                               le);
+  GNUNET_assert (NULL != rh->rvk_attrs);
  GNUNET_CONTAINER_DLL_insert (rh->rvk_attrs->list_head,
                               rh->rvk_attrs->list_tail,
                               le);
@@ -1476,13 +1495,9 @@ handle_revoke_ticket_message (void *cls,
  struct TicketRevocationHandle *rh;
  struct IdpClient *idp = cls;
  struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket;
-  size_t attrs_len;
  rh = GNUNET_new (struct TicketRevocationHandle);
-  attrs_len = ntohs (rm->attrs_len);
  ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket*)&rm[1];
-  if (0 < attrs_len)
-    rh->rvk_attrs = attribute_list_deserialize ((char*)&ticket[1], attrs_len);
  rh->rvk_attrs = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList);
  rh->ticket = *ticket;
  rh->r_id = ntohl (rm->id);
@@ -1500,15 +1515,18 @@ handle_revoke_ticket_message (void *cls,
 static void
-cleanup_as_handle (struct AttributeStoreHandle *handle)
+cleanup_consume_ticket_handle (struct ConsumeTicketHandle *handle)
 {
-  if (NULL != handle->attribute)
+  if (NULL != handle->key)
-    GNUNET_free (handle->attribute);
+    GNUNET_CRYPTO_cpabe_delete_key (handle->key,
-  if (NULL != handle->abe_key)
+                                    GNUNET_YES);
-    GNUNET_CRYPTO_cpabe_delete_master_key (handle->abe_key);
+  if (NULL != handle->attrs)
+    attribute_list_destroy (handle->attrs);
  GNUNET_free (handle);
 }
 /**
 * Checks a ticket consume message
 *
@@ -1544,7 +1562,7 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count,
  struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *attr_le;
  char *data;
  char *data_tmp;
-  size_t attr_len;
+  ssize_t attr_len;
  size_t attrs_len;
  GNUNET_CONTAINER_DLL_remove (handle->parallel_lookups_head,
@@ -1560,14 +1578,17 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count,
                                            rd->data_size - sizeof (uint32_t),
                                            handle->key,
                                            (void**)&data);
-    attr_le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry);
+    if (GNUNET_SYSERR != attr_len) 
-    attr_le->attribute = attribute_deserialize (data,
+    {
-                                                attr_len);
+      attr_le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry);
-    attr_le->attribute->attribute_version = ntohl(*(uint32_t*)rd->data);
+      attr_le->attribute = attribute_deserialize (data,
-    GNUNET_CONTAINER_DLL_insert (handle->attrs->list_head,
+                                                  attr_len);
-                                 handle->attrs->list_tail,
+      attr_le->attribute->attribute_version = ntohl(*(uint32_t*)rd->data);
-                                 attr_le);
+      GNUNET_CONTAINER_DLL_insert (handle->attrs->list_head,
-    GNUNET_free (data);
+                                   handle->attrs->list_tail,
+                                   attr_le);
+      GNUNET_free (data);
+    }
  }
  if (NULL != handle->parallel_lookups_head)
    return; //Wait for more
@@ -1595,6 +1616,7 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count,
  attribute_list_serialize (handle->attrs,
                            data_tmp);
  GNUNET_MQ_send (handle->client->mq, env);
+  cleanup_consume_ticket_handle (handle);
 }
 void
@@ -1625,14 +1647,6 @@ abort_parallel_lookups2 (void *cls)
 }
-static void
-cleanup_consume_ticket_handle (struct ConsumeTicketHandle *handle)
-{
-  if (NULL != handle->key)
-    GNUNET_CRYPTO_cpabe_delete_key (handle->key);
-  GNUNET_free (handle);
-}
 static void
 process_consume_abe_key (void *cls, uint32_t rd_count,
@@ -1713,6 +1727,8 @@ process_consume_abe_key (void *cls, uint32_t rd_count,
                                 parallel_lookup);
    GNUNET_free (lookup_query);
  }
+  GNUNET_free (scopes);
+  GNUNET_free (buf);
  handle->kill_task = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_MINUTES,3),
                                                    &abort_parallel_lookups2,
                                                    handle);
@@ -1766,6 +1782,16 @@ handle_consume_ticket_message (void *cls,
 }
 static void
+cleanup_as_handle (struct AttributeStoreHandle *handle)
+{
+  if (NULL != handle->attribute)
+    GNUNET_free (handle->attribute);
+  if (NULL != handle->abe_key)
+    GNUNET_CRYPTO_cpabe_delete_master_key (handle->abe_key);
+  GNUNET_free (handle);
+}
+static void
 attr_store_cont (void *cls,
                 int32_t success,
                 const char *emsg)
@@ -1779,6 +1805,7 @@ attr_store_cont (void *cls,
    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                "Failed to store attribute %s\n",
                emsg);
+    cleanup_as_handle (as_handle);
    GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);
    return;
  }
@@ -1816,9 +1843,11 @@ attr_store_task (void *cls)
                       buf);
  GNUNET_asprintf (&policy,
-                   "%s:%lu",
+                   "%s_%lu",
                   as_handle->attribute->name,
                   as_handle->attribute->attribute_version);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Encrypting with policy %s\n", policy);
  /**
   * Encrypt the attribute value and store in namestore
   */
@@ -1926,7 +1955,7 @@ static void
 cleanup_iter_handle (struct AttributeIterator *ai)
 {
  if (NULL != ai->abe_key)
-    GNUNET_free (ai->abe_key);
+    GNUNET_CRYPTO_cpabe_delete_master_key (ai->abe_key);
  GNUNET_CONTAINER_DLL_remove (ai->client->op_head,
                               ai->client->op_tail,
                               ai);
@@ -1936,10 +1965,11 @@ cleanup_iter_handle (struct AttributeIterator *ai)
 static void
 attr_iter_error (void *cls)
 {
-  //struct AttributeIterator *ai = cls;
+  struct AttributeIterator *ai = cls;
  //TODO
  GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
              "Failed to iterate over attributes\n");
+  cleanup_iter_handle (ai);
  GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);
 }
@@ -1974,6 +2004,7 @@ attr_iter_cb (void *cls,
  char* attrs[2];
  char* data_tmp;
  char* policy;
+  uint32_t attr_ver;
  if (rd_count != 1)
  {
@@ -1985,8 +2016,9 @@ attr_iter_cb (void *cls,
    GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it);
    return;
  }
-  GNUNET_asprintf (&policy, "%s:%lu",
+  attr_ver = ntohl(*((uint32_t*)rd->data));
-                   label, *(uint32_t*)rd->data);
+  GNUNET_asprintf (&policy, "%s_%lu",
+                   label, attr_ver);
  attrs[0] = policy;
  attrs[1] = 0;
  key = GNUNET_CRYPTO_cpabe_create_key (ai->abe_key,
@@ -1995,8 +2027,10 @@ attr_iter_cb (void *cls,
                                               rd->data_size-sizeof (uint32_t),
                                               key,
                                               (void**)&attr_ser);
-  GNUNET_CRYPTO_cpabe_delete_key (key);
-  GNUNET_free (policy);
+  GNUNET_CRYPTO_cpabe_delete_key (key,
+                                  GNUNET_YES);
+  //GNUNET_free (policy);
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Found attribute: %s\n", label);
  env = GNUNET_MQ_msg_extra (arm,
@@ -2012,6 +2046,8 @@ attr_iter_cb (void *cls,
                 msg_extra_len);
  GNUNET_MQ_send (ai->client->mq, env);
  GNUNET_free (attr_ser);
+  GNUNET_CRYPTO_cpabe_delete_master_key (ai->abe_key);
+  ai->abe_key = NULL;
 }
@@ -2031,6 +2067,16 @@ iterate_after_abe_bootstrap (void *cls,
                                                     ai);
 }
+void
+iterate_next_after_abe_bootstrap (void *cls,
+                             struct GNUNET_CRYPTO_AbeMasterKey *abe_key)
+{
+  struct AttributeIterator *ai = cls;
+  ai->abe_key = abe_key;
+  GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it);
+}
 /**
 * Handles a #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ITERATION_START message
@@ -2121,7 +2167,10 @@ handle_iteration_next (void *cls,
    GNUNET_SERVICE_client_drop (idp->client);
    return;
  }
-  GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it);
+  bootstrap_abe (&ai->identity,
+                 &iterate_next_after_abe_bootstrap,
+                 ai,
+                 GNUNET_NO);
  GNUNET_SERVICE_client_continue (idp->client);
 }

diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 6d99e8467..85291d69a 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c
@@ -903,6 +903,7 @@ serialize_abe_keyinfo2 (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
903	GNUNET_memcpy (write_ptr,	903	GNUNET_memcpy (write_ptr,
904	serialized_key,	904	serialized_key,
905	size);	905	size);
		906	GNUNET_free (serialized_key);
906	// ECDH keypair E = eG	907	// ECDH keypair E = eG
907	*ecdh_privkey = GNUNET_CRYPTO_ecdhe_key_create();	908	*ecdh_privkey = GNUNET_CRYPTO_ecdhe_key_create();
908	GNUNET_CRYPTO_ecdhe_key_get_public (*ecdh_privkey,	909	GNUNET_CRYPTO_ecdhe_key_get_public (*ecdh_privkey,
@@ -944,6 +945,7 @@ issue_ticket_after_abe_bootstrap (void *cls,
944	char *code_record_data;	945	char *code_record_data;
945	char **attrs;	946	char **attrs;
946	char *label;	947	char *label;
		948	char *policy;
947	int attrs_len;	949	int attrs_len;
948	int i;	950	int i;
949	size_t code_record_len;	951	size_t code_record_len;
@@ -955,7 +957,13 @@ issue_ticket_after_abe_bootstrap (void *cls,
955	attrs = GNUNET_malloc ((attrs_len + 1)sizeof (char));	957	attrs = GNUNET_malloc ((attrs_len + 1)sizeof (char));
956	i = 0;	958	i = 0;
957	for (le = ih->attrs->list_head; NULL != le; le = le->next) {	959	for (le = ih->attrs->list_head; NULL != le; le = le->next) {
958	attrs[i] = (char*) le->attribute->name;	960	GNUNET_asprintf (&policy, "%s_%lu",
		961	le->attribute->name,
		962	le->attribute->attribute_version);
		963	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
		964	"Adding attribute to key: %s\n",
		965	policy);
		966	attrs[i] = policy;
959	i++;	967	i++;
960	}	968	}
961	attrs[i] = NULL;	969	attrs[i] = NULL;
@@ -984,12 +992,15 @@ issue_ticket_after_abe_bootstrap (void *cls,
984	code_record,	992	code_record,
985	&store_ticket_issue_cont,	993	&store_ticket_issue_cont,
986	ih);	994	ih);
		995	//for (; i > 0; i--)
		996	// GNUNET_free (attrs[i-1]);
987	GNUNET_free (ecdhe_privkey);	997	GNUNET_free (ecdhe_privkey);
988	GNUNET_free (label);	998	GNUNET_free (label);
989	GNUNET_free (attrs);	999	GNUNET_free (attrs);
990	GNUNET_free (code_record_data);	1000	GNUNET_free (code_record_data);
		1001	GNUNET_CRYPTO_cpabe_delete_key (rp_key,
		1002	GNUNET_YES);
991	GNUNET_CRYPTO_cpabe_delete_master_key (abe_key);	1003	GNUNET_CRYPTO_cpabe_delete_master_key (abe_key);
992	GNUNET_CRYPTO_cpabe_delete_key (rp_key);
993	}	1004	}
994		1005
995		1006
@@ -1107,6 +1118,16 @@ ticket_reissue_proc (void *cls,
1107	const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,	1118	const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
1108	const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs);	1119	const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs);
1109		1120
		1121	static void
		1122	revocation_reissue_tickets (struct TicketRevocationHandle *rh);
		1123
		1124
		1125	static void reissue_next (void *cls)
		1126	{
		1127	struct TicketRevocationHandle *rh = cls;
		1128	revocation_reissue_tickets (rh);
		1129	}
		1130
1110		1131
1111	static void	1132	static void
1112	reissue_ticket_cont (void *cls,	1133	reissue_ticket_cont (void *cls,
@@ -1114,7 +1135,6 @@ reissue_ticket_cont (void *cls,
1114	const char *emsg)	1135	const char *emsg)
1115	{	1136	{
1116	struct TicketRevocationHandle *rh = cls;	1137	struct TicketRevocationHandle *rh = cls;
1117	int ret;
1118		1138
1119	rh->ns_qe = NULL;	1139	rh->ns_qe = NULL;
1120	if (GNUNET_SYSERR == success)	1140	if (GNUNET_SYSERR == success)
@@ -1125,25 +1145,10 @@ reissue_ticket_cont (void *cls,
1125	cleanup_revoke_ticket_handle (rh);	1145	cleanup_revoke_ticket_handle (rh);
1126	return;	1146	return;
1127	}	1147	}
1128	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Continue DB iteration\n");
1129	rh->offset++;	1148	rh->offset++;
1130	GNUNET_assert (GNUNET_SYSERR != (ret =	1149	GNUNET_SCHEDULER_add_now (&reissue_next, rh);
1131	TKT_database->iterate_tickets (TKT_database->cls,
1132	&rh->ticket.identity,
1133	GNUNET_NO,
1134	rh->offset,
1135	&ticket_reissue_proc,
1136	rh)));
1137	if (GNUNET_NO == ret)
1138	{
1139	send_revocation_finished (rh, GNUNET_OK);
1140	cleanup_revoke_ticket_handle (rh);
1141	}
1142	}	1150	}
1143		1151
1144	static void
1145	revocation_reissue_tickets (struct TicketRevocationHandle *rh);
1146
1147		1152
1148	/**	1153	/**
1149	* Process ticket from database	1154	* Process ticket from database
@@ -1177,8 +1182,18 @@ ticket_reissue_proc (void *cls,
1177	{	1182	{
1178	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	1183	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1179	"Iteration done\n");	1184	"Iteration done\n");
1180	send_revocation_finished (rh, GNUNET_OK);	1185	return;
1181	cleanup_revoke_ticket_handle (rh);	1186	}
		1187
		1188	if (0 == memcmp (&ticket->audience,
		1189	&rh->ticket.audience,
		1190	sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
		1191	{
		1192	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
		1193	"Do not reissue for this identity.!\n");
		1194
		1195	rh->offset++;
		1196	GNUNET_SCHEDULER_add_now (&reissue_next, rh);
1182	return;	1197	return;
1183	}	1198	}
1184		1199
@@ -1196,19 +1211,20 @@ ticket_reissue_proc (void *cls,
1196	le->attribute->name))	1211	le->attribute->name))
1197	{	1212	{
1198	reissue_ticket = GNUNET_YES;	1213	reissue_ticket = GNUNET_YES;
1199	break;	1214	le->attribute->attribute_version = le_rollover->attribute->attribute_version;
1200	}	1215	}
1201	}	1216	}
1202	if (GNUNET_YES == reissue_ticket)
1203	break;
1204	}	1217	}
1205		1218
1206	if (GNUNET_NO == reissue_ticket)	1219	if (GNUNET_NO == reissue_ticket)
1207	{	1220	{
1208	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	1221	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1209	"Skipping ticket.\n");	1222	"Skipping ticket.\n");
		1223
1210	rh->offset++;	1224	rh->offset++;
1211	revocation_reissue_tickets (rh);	1225	GNUNET_SCHEDULER_add_now (&reissue_next, rh);
		1226
		1227
1212	return;	1228	return;
1213	}	1229	}
1214		1230
@@ -1222,7 +1238,7 @@ ticket_reissue_proc (void *cls,
1222	attr_arr = GNUNET_malloc ((attrs_len + 1)sizeof (char));	1238	attr_arr = GNUNET_malloc ((attrs_len + 1)sizeof (char));
1223	i = 0;	1239	i = 0;
1224	for (le = attrs->list_head; NULL != le; le = le->next) {	1240	for (le = attrs->list_head; NULL != le; le = le->next) {
1225	GNUNET_asprintf (&policy, "%s:%lu",	1241	GNUNET_asprintf (&policy, "%s_%lu",
1226	le->attribute->name,	1242	le->attribute->name,
1227	le->attribute->attribute_version);	1243	le->attribute->attribute_version);
1228	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	1244	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -1235,7 +1251,7 @@ ticket_reissue_proc (void *cls,
1235	attr_arr);	1251	attr_arr);
1236		1252
1237	//TODO review this wireformat	1253	//TODO review this wireformat
1238	code_record_len = serialize_abe_keyinfo2 (&rh->ticket,	1254	code_record_len = serialize_abe_keyinfo2 (ticket,
1239	attrs,	1255	attrs,
1240	rp_key,	1256	rp_key,
1241	&ecdhe_privkey,	1257	&ecdhe_privkey,
@@ -1256,13 +1272,13 @@ ticket_reissue_proc (void *cls,
1256	code_record,	1272	code_record,
1257	&reissue_ticket_cont,	1273	&reissue_ticket_cont,
1258	rh);	1274	rh);
1259	for (; i > 0; i--)	1275	//for (; i > 0; i--)
1260	GNUNET_free (attr_arr[i-1]);	1276	// GNUNET_free (attr_arr[i-1]);
1261	GNUNET_free (ecdhe_privkey);	1277	GNUNET_free (ecdhe_privkey);
1262	GNUNET_free (label);	1278	GNUNET_free (label);
1263	GNUNET_free (attr_arr);	1279	GNUNET_free (attr_arr);
1264	GNUNET_free (code_record_data);	1280	GNUNET_free (code_record_data);
1265	GNUNET_CRYPTO_cpabe_delete_key (rp_key);	1281	GNUNET_CRYPTO_cpabe_delete_key (rp_key, GNUNET_YES);
1266	}	1282	}
1267		1283
1268		1284
@@ -1278,7 +1294,7 @@ revocation_reissue_tickets (struct TicketRevocationHandle *rh)
1278	int ret;	1294	int ret;
1279	/* Done, issue new keys */	1295	/* Done, issue new keys */
1280	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	1296	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1281	"Revocation Phase IV: Reissuing Tickets\n");	1297	"Revocation Phase III: Reissuing Tickets\n");
1282	if (GNUNET_SYSERR == (ret = TKT_database->iterate_tickets (TKT_database->cls,	1298	if (GNUNET_SYSERR == (ret = TKT_database->iterate_tickets (TKT_database->cls,
1283	&rh->ticket.identity,	1299	&rh->ticket.identity,
1284	GNUNET_NO,	1300	GNUNET_NO,
@@ -1292,8 +1308,8 @@ revocation_reissue_tickets (struct TicketRevocationHandle *rh)
1292	{	1308	{
1293	send_revocation_finished (rh, GNUNET_OK);	1309	send_revocation_finished (rh, GNUNET_OK);
1294	cleanup_revoke_ticket_handle (rh);	1310	cleanup_revoke_ticket_handle (rh);
		1311	return;
1295	}	1312	}
1296
1297	}	1313	}
1298		1314
1299	/**	1315	/**
@@ -1322,9 +1338,11 @@ reenc_next_attribute (struct TicketRevocationHandle *rh)
1322	attribute_serialize (rh->attrs->list_head->attribute,	1338	attribute_serialize (rh->attrs->list_head->attribute,
1323	buf);	1339	buf);
1324	rh->attrs->list_head->attribute->attribute_version++;	1340	rh->attrs->list_head->attribute->attribute_version++;
1325	GNUNET_asprintf (&policy, "%s:%lu",	1341	GNUNET_asprintf (&policy, "%s_%lu",
1326	rh->attrs->list_head->attribute->name,	1342	rh->attrs->list_head->attribute->name,
1327	rh->attrs->list_head->attribute->attribute_version);	1343	rh->attrs->list_head->attribute->attribute_version);
		1344	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
		1345	"Encrypting with policy %s\n", policy);
1328	/**	1346	/**
1329	* Encrypt the attribute value and store in namestore	1347	* Encrypt the attribute value and store in namestore
1330	*/	1348	*/
@@ -1388,6 +1406,7 @@ attr_reenc_cont (void *cls,
1388	GNUNET_CONTAINER_DLL_remove (rh->attrs->list_head,	1406	GNUNET_CONTAINER_DLL_remove (rh->attrs->list_head,
1389	rh->attrs->list_tail,	1407	rh->attrs->list_tail,
1390	le);	1408	le);
		1409	GNUNET_assert (NULL != rh->rvk_attrs);
1391	GNUNET_CONTAINER_DLL_insert (rh->rvk_attrs->list_head,	1410	GNUNET_CONTAINER_DLL_insert (rh->rvk_attrs->list_head,
1392	rh->rvk_attrs->list_tail,	1411	rh->rvk_attrs->list_tail,
1393	le);	1412	le);
@@ -1476,13 +1495,9 @@ handle_revoke_ticket_message (void *cls,
1476	struct TicketRevocationHandle *rh;	1495	struct TicketRevocationHandle *rh;
1477	struct IdpClient *idp = cls;	1496	struct IdpClient *idp = cls;
1478	struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket;	1497	struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket;
1479	size_t attrs_len;
1480		1498
1481	rh = GNUNET_new (struct TicketRevocationHandle);	1499	rh = GNUNET_new (struct TicketRevocationHandle);
1482	attrs_len = ntohs (rm->attrs_len);
1483	ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket*)&rm[1];	1500	ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket*)&rm[1];
1484	if (0 < attrs_len)
1485	rh->rvk_attrs = attribute_list_deserialize ((char*)&ticket[1], attrs_len);
1486	rh->rvk_attrs = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList);	1501	rh->rvk_attrs = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList);
1487	rh->ticket = *ticket;	1502	rh->ticket = *ticket;
1488	rh->r_id = ntohl (rm->id);	1503	rh->r_id = ntohl (rm->id);
@@ -1500,15 +1515,18 @@ handle_revoke_ticket_message (void *cls,
1500		1515
1501		1516
1502	static void	1517	static void
1503	cleanup_as_handle (struct AttributeStoreHandle *handle)	1518	cleanup_consume_ticket_handle (struct ConsumeTicketHandle *handle)
1504	{	1519	{
1505	if (NULL != handle->attribute)	1520	if (NULL != handle->key)
1506	GNUNET_free (handle->attribute);	1521	GNUNET_CRYPTO_cpabe_delete_key (handle->key,
1507	if (NULL != handle->abe_key)	1522	GNUNET_YES);
1508	GNUNET_CRYPTO_cpabe_delete_master_key (handle->abe_key);	1523	if (NULL != handle->attrs)
		1524	attribute_list_destroy (handle->attrs);
1509	GNUNET_free (handle);	1525	GNUNET_free (handle);
1510	}	1526	}
1511		1527
		1528
		1529
1512	/**	1530	/**
1513	* Checks a ticket consume message	1531	* Checks a ticket consume message
1514	*	1532	*
@@ -1544,7 +1562,7 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count,
1544	struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *attr_le;	1562	struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *attr_le;
1545	char *data;	1563	char *data;
1546	char *data_tmp;	1564	char *data_tmp;
1547	size_t attr_len;	1565	ssize_t attr_len;
1548	size_t attrs_len;	1566	size_t attrs_len;
1549		1567
1550	GNUNET_CONTAINER_DLL_remove (handle->parallel_lookups_head,	1568	GNUNET_CONTAINER_DLL_remove (handle->parallel_lookups_head,
@@ -1560,14 +1578,17 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count,
1560	rd->data_size - sizeof (uint32_t),	1578	rd->data_size - sizeof (uint32_t),
1561	handle->key,	1579	handle->key,
1562	(void**)&data);	1580	(void**)&data);
1563	attr_le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry);	1581	if (GNUNET_SYSERR != attr_len)
1564	attr_le->attribute = attribute_deserialize (data,	1582	{
1565	attr_len);	1583	attr_le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry);
1566	attr_le->attribute->attribute_version = ntohl((uint32_t)rd->data);	1584	attr_le->attribute = attribute_deserialize (data,
1567	GNUNET_CONTAINER_DLL_insert (handle->attrs->list_head,	1585	attr_len);
1568	handle->attrs->list_tail,	1586	attr_le->attribute->attribute_version = ntohl((uint32_t)rd->data);
1569	attr_le);	1587	GNUNET_CONTAINER_DLL_insert (handle->attrs->list_head,
1570	GNUNET_free (data);	1588	handle->attrs->list_tail,
		1589	attr_le);
		1590	GNUNET_free (data);
		1591	}
1571	}	1592	}
1572	if (NULL != handle->parallel_lookups_head)	1593	if (NULL != handle->parallel_lookups_head)
1573	return; //Wait for more	1594	return; //Wait for more
@@ -1595,6 +1616,7 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count,
1595	attribute_list_serialize (handle->attrs,	1616	attribute_list_serialize (handle->attrs,
1596	data_tmp);	1617	data_tmp);
1597	GNUNET_MQ_send (handle->client->mq, env);	1618	GNUNET_MQ_send (handle->client->mq, env);
		1619	cleanup_consume_ticket_handle (handle);
1598	}	1620	}
1599		1621
1600	void	1622	void
@@ -1625,14 +1647,6 @@ abort_parallel_lookups2 (void *cls)
1625		1647
1626	}	1648	}
1627		1649
1628	static void
1629	cleanup_consume_ticket_handle (struct ConsumeTicketHandle *handle)
1630	{
1631	if (NULL != handle->key)
1632	GNUNET_CRYPTO_cpabe_delete_key (handle->key);
1633	GNUNET_free (handle);
1634	}
1635
1636		1650
1637	static void	1651	static void
1638	process_consume_abe_key (void *cls, uint32_t rd_count,	1652	process_consume_abe_key (void *cls, uint32_t rd_count,
@@ -1713,6 +1727,8 @@ process_consume_abe_key (void *cls, uint32_t rd_count,
1713	parallel_lookup);	1727	parallel_lookup);
1714	GNUNET_free (lookup_query);	1728	GNUNET_free (lookup_query);
1715	}	1729	}
		1730	GNUNET_free (scopes);
		1731	GNUNET_free (buf);
1716	handle->kill_task = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_MINUTES,3),	1732	handle->kill_task = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_MINUTES,3),
1717	&abort_parallel_lookups2,	1733	&abort_parallel_lookups2,
1718	handle);	1734	handle);
@@ -1766,6 +1782,16 @@ handle_consume_ticket_message (void *cls,
1766	}	1782	}
1767		1783
1768	static void	1784	static void
		1785	cleanup_as_handle (struct AttributeStoreHandle *handle)
		1786	{
		1787	if (NULL != handle->attribute)
		1788	GNUNET_free (handle->attribute);
		1789	if (NULL != handle->abe_key)
		1790	GNUNET_CRYPTO_cpabe_delete_master_key (handle->abe_key);
		1791	GNUNET_free (handle);
		1792	}
		1793
		1794	static void
1769	attr_store_cont (void *cls,	1795	attr_store_cont (void *cls,
1770	int32_t success,	1796	int32_t success,
1771	const char *emsg)	1797	const char *emsg)
@@ -1779,6 +1805,7 @@ attr_store_cont (void *cls,
1779	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,	1805	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1780	"Failed to store attribute %s\n",	1806	"Failed to store attribute %s\n",
1781	emsg);	1807	emsg);
		1808	cleanup_as_handle (as_handle);
1782	GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);	1809	GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);
1783	return;	1810	return;
1784	}	1811	}
@@ -1816,9 +1843,11 @@ attr_store_task (void *cls)
1816	buf);	1843	buf);
1817		1844
1818	GNUNET_asprintf (&policy,	1845	GNUNET_asprintf (&policy,
1819	"%s:%lu",	1846	"%s_%lu",
1820	as_handle->attribute->name,	1847	as_handle->attribute->name,
1821	as_handle->attribute->attribute_version);	1848	as_handle->attribute->attribute_version);
		1849	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
		1850	"Encrypting with policy %s\n", policy);
1822	/**	1851	/**
1823	* Encrypt the attribute value and store in namestore	1852	* Encrypt the attribute value and store in namestore
1824	*/	1853	*/
@@ -1926,7 +1955,7 @@ static void
1926	cleanup_iter_handle (struct AttributeIterator *ai)	1955	cleanup_iter_handle (struct AttributeIterator *ai)
1927	{	1956	{
1928	if (NULL != ai->abe_key)	1957	if (NULL != ai->abe_key)
1929	GNUNET_free (ai->abe_key);	1958	GNUNET_CRYPTO_cpabe_delete_master_key (ai->abe_key);
1930	GNUNET_CONTAINER_DLL_remove (ai->client->op_head,	1959	GNUNET_CONTAINER_DLL_remove (ai->client->op_head,
1931	ai->client->op_tail,	1960	ai->client->op_tail,
1932	ai);	1961	ai);
@@ -1936,10 +1965,11 @@ cleanup_iter_handle (struct AttributeIterator *ai)
1936	static void	1965	static void
1937	attr_iter_error (void *cls)	1966	attr_iter_error (void *cls)
1938	{	1967	{
1939	//struct AttributeIterator *ai = cls;	1968	struct AttributeIterator *ai = cls;
1940	//TODO	1969	//TODO
1941	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,	1970	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1942	"Failed to iterate over attributes\n");	1971	"Failed to iterate over attributes\n");
		1972	cleanup_iter_handle (ai);
1943	GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);	1973	GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);
1944	}	1974	}
1945		1975
@@ -1974,6 +2004,7 @@ attr_iter_cb (void *cls,
1974	char* attrs[2];	2004	char* attrs[2];
1975	char* data_tmp;	2005	char* data_tmp;
1976	char* policy;	2006	char* policy;
		2007	uint32_t attr_ver;
1977		2008
1978	if (rd_count != 1)	2009	if (rd_count != 1)
1979	{	2010	{
@@ -1985,8 +2016,9 @@ attr_iter_cb (void *cls,
1985	GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it);	2016	GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it);
1986	return;	2017	return;
1987	}	2018	}
1988	GNUNET_asprintf (&policy, "%s:%lu",	2019	attr_ver = ntohl(((uint32_t)rd->data));
1989	label, (uint32_t)rd->data);	2020	GNUNET_asprintf (&policy, "%s_%lu",
		2021	label, attr_ver);
1990	attrs[0] = policy;	2022	attrs[0] = policy;
1991	attrs[1] = 0;	2023	attrs[1] = 0;
1992	key = GNUNET_CRYPTO_cpabe_create_key (ai->abe_key,	2024	key = GNUNET_CRYPTO_cpabe_create_key (ai->abe_key,
@@ -1995,8 +2027,10 @@ attr_iter_cb (void *cls,
1995	rd->data_size-sizeof (uint32_t),	2027	rd->data_size-sizeof (uint32_t),
1996	key,	2028	key,
1997	(void**)&attr_ser);	2029	(void**)&attr_ser);
1998	GNUNET_CRYPTO_cpabe_delete_key (key);	2030
1999	GNUNET_free (policy);	2031	GNUNET_CRYPTO_cpabe_delete_key (key,
		2032	GNUNET_YES);
		2033	//GNUNET_free (policy);
2000	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	2034	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2001	"Found attribute: %s\n", label);	2035	"Found attribute: %s\n", label);
2002	env = GNUNET_MQ_msg_extra (arm,	2036	env = GNUNET_MQ_msg_extra (arm,
@@ -2012,6 +2046,8 @@ attr_iter_cb (void *cls,
2012	msg_extra_len);	2046	msg_extra_len);
2013	GNUNET_MQ_send (ai->client->mq, env);	2047	GNUNET_MQ_send (ai->client->mq, env);
2014	GNUNET_free (attr_ser);	2048	GNUNET_free (attr_ser);
		2049	GNUNET_CRYPTO_cpabe_delete_master_key (ai->abe_key);
		2050	ai->abe_key = NULL;
2015	}	2051	}
2016		2052
2017		2053
@@ -2031,6 +2067,16 @@ iterate_after_abe_bootstrap (void *cls,
2031	ai);	2067	ai);
2032	}	2068	}
2033		2069
		2070	void
		2071	iterate_next_after_abe_bootstrap (void *cls,
		2072	struct GNUNET_CRYPTO_AbeMasterKey *abe_key)
		2073	{
		2074	struct AttributeIterator *ai = cls;
		2075	ai->abe_key = abe_key;
		2076	GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it);
		2077	}
		2078
		2079
2034		2080
2035	/**	2081	/**
2036	* Handles a #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ITERATION_START message	2082	* Handles a #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ITERATION_START message
@@ -2121,7 +2167,10 @@ handle_iteration_next (void *cls,
2121	GNUNET_SERVICE_client_drop (idp->client);	2167	GNUNET_SERVICE_client_drop (idp->client);
2122	return;	2168	return;
2123	}	2169	}
2124	GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it);	2170	bootstrap_abe (&ai->identity,
		2171	&iterate_next_after_abe_bootstrap,
		2172	ai,
		2173	GNUNET_NO);
2125	GNUNET_SERVICE_client_continue (idp->client);	2174	GNUNET_SERVICE_client_continue (idp->client);
2126	}	2175	}
2127		2176