1 files changed, 639 insertions, 0 deletions

diff --git a/src/reclaim/plugin_reclaim_credential_pabc.c b/src/reclaim/plugin_reclaim_credential_pabc.c
new file mode 100644
index 000000000..2f6b7b8c4
--- /dev/null
+++ b/src/reclaim/plugin_reclaim_credential_pabc.c
@@ -0,0 +1,639 @@
+/*
+     This file is part of GNUnet
+     Copyright (C) 2013, 2014, 2016 GNUnet e.V.
+
+     GNUnet is free software: you can redistribute it and/or modify it
+     under the terms of the GNU Affero General Public License as published
+     by the Free Software Foundation, either version 3 of the License,
+     or (at your option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Affero General Public License for more details.
+
+     You should have received a copy of the GNU Affero General Public License
+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+
+/**
+ * @file reclaim/plugin_reclaim_credential_pabc.c
+ * @brief reclaim-credential-plugin-pabc attribute plugin to provide the API for
+ *                                      pabc credentials.
+ *
+ * @author Martin Schanzenbach
+ */
+#include "platform.h"
+#include "gnunet_util_lib.h"
+#include "gnunet_reclaim_plugin.h"
+#include <inttypes.h>
+#include <jansson.h>
+#include <pabc/pabc.h>
+#include "pabc_helper.h"
+
+/**
+   * Convert the 'value' of an credential to a string.
+   *
+   * @param cls closure, unused
+   * @param type type of the credential
+   * @param data value in binary encoding
+   * @param data_size number of bytes in @a data
+   * @return NULL on error, otherwise human-readable representation of the value
+   */
+static char *
+pabc_value_to_string (void *cls,
+                      uint32_t type,
+                      const void *data,
+                      size_t data_size)
+{
+  switch (type)
+  {
+  case GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC:
+    return GNUNET_strndup (data, data_size);
+
+  default:
+    return NULL;
+  }
+}
+
+
+/**
+ * Convert human-readable version of a 'value' of an credential to the binary
+ * representation.
+ *
+ * @param cls closure, unused
+ * @param type type of the credential
+ * @param s human-readable string
+ * @param data set to value in binary encoding (will be allocated)
+ * @param data_size set to number of bytes in @a data
+ * @return #GNUNET_OK on success
+ */
+static int
+pabc_string_to_value (void *cls,
+                      uint32_t type,
+                      const char *s,
+                      void **data,
+                      size_t *data_size)
+{
+  if (NULL == s)
+    return GNUNET_SYSERR;
+  switch (type)
+  {
+  case GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC:
+    *data = GNUNET_strdup (s);
+    *data_size = strlen (s) + 1;
+    return GNUNET_OK;
+
+  default:
+    return GNUNET_SYSERR;
+  }
+}
+
+
+/**
+ * Mapping of credential type numbers to human-readable
+ * credential type names.
+ */
+static struct
+{
+  const char *name;
+  uint32_t number;
+} pabc_cred_name_map[] = { { "PABC", GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC },
+                           { NULL, UINT32_MAX } };
+
+/**
+   * Convert a type name to the corresponding number.
+   *
+   * @param cls closure, unused
+   * @param pabc_typename name to convert
+   * @return corresponding number, UINT32_MAX on error
+   */
+static uint32_t
+pabc_typename_to_number (void *cls, const char *pabc_typename)
+{
+  unsigned int i;
+
+  i = 0;
+  while ((NULL != pabc_cred_name_map[i].name) &&
+         (0 != strcasecmp (pabc_typename, pabc_cred_name_map[i].name)))
+    i++;
+  return pabc_cred_name_map[i].number;
+}
+
+
+/**
+ * Convert a type number (i.e. 1) to the corresponding type string
+ *
+ * @param cls closure, unused
+ * @param type number of a type to convert
+ * @return corresponding typestring, NULL on error
+ */
+static const char *
+pabc_number_to_typename (void *cls, uint32_t type)
+{
+  unsigned int i;
+
+  i = 0;
+  while ((NULL != pabc_cred_name_map[i].name) && (type !=
+                                                  pabc_cred_name_map[i].
+                                                  number))
+    i++;
+  return pabc_cred_name_map[i].name;
+}
+
+
+static void
+inspect_attrs (char const *const key,
+               char const *const value,
+               void *ctx)
+{
+  struct GNUNET_RECLAIM_AttributeList *attrs = ctx;
+
+  if (NULL == value)
+    return;
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Found attribue in PABC credential: `%s': `%s'\n",
+              key, value);
+  if (0 == strcmp (key, "expiration"))
+    return;
+  if (0 == strcmp (key, "issuer"))
+    return;
+  if (0 == strcmp (key, "subject"))
+    return;
+  GNUNET_RECLAIM_attribute_list_add (attrs,
+                                     key,
+                                     NULL,
+                                     GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,
+                                     value,
+                                     strlen (value));
+}
+
+
+/**
+ * Parse a pabc and return the respective claim value as Attribute
+ *
+ * @param cls the plugin
+ * @param cred the pabc credential
+ * @return a GNUNET_RECLAIM_Attribute, containing the new value
+ */
+struct GNUNET_RECLAIM_AttributeList *
+pabc_parse_attributes (void *cls,
+                       const char *data,
+                       size_t data_size)
+{
+  struct GNUNET_RECLAIM_AttributeList *attrs;
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Collecting PABC attributes...\n");
+  attrs = GNUNET_new (struct GNUNET_RECLAIM_AttributeList);
+  GNUNET_assert (PABC_OK ==
+                 pabc_cred_inspect_credential (data,
+                                               &inspect_attrs, attrs));
+  return attrs;
+}
+
+
+/**
+ * Parse a pabc and return the respective claim value as Attribute
+ *
+ * @param cls the plugin
+ * @param cred the pabc credential
+ * @return a GNUNET_RECLAIM_Attribute, containing the new value
+ */
+struct GNUNET_RECLAIM_AttributeList *
+pabc_parse_attributes_c (void *cls,
+                         const struct GNUNET_RECLAIM_Credential *cred)
+{
+  if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC)
+    return NULL;
+  return pabc_parse_attributes (cls, cred->data, cred->data_size);
+}
+
+
+/**
+ * Parse a pabc and return the respective claim value as Attribute
+ *
+ * @param cls the plugin
+ * @param cred the pabc credential
+ * @return a GNUNET_RECLAIM_Attribute, containing the new value
+ */
+struct GNUNET_RECLAIM_AttributeList *
+pabc_parse_attributes_p (void *cls,
+                         const struct GNUNET_RECLAIM_Presentation *cred)
+{
+  if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC)
+    return NULL;
+  return pabc_parse_attributes (cls, cred->data, cred->data_size);
+}
+
+struct Finder
+{
+  const char* target;
+  char *result;
+};
+
+static void
+find_attr (char const *const key,
+                char const *const value,
+                void *ctx)
+{
+  struct Finder *fdr = ctx;
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Found `%s', looking for `%s'\n",
+              key, fdr->target);
+  if (0 == strcmp (key, fdr->target))
+    fdr->result = GNUNET_strdup (value);
+}
+
+
+
+/**
+ * Parse a pabc and return an attribute value.
+ *
+ * @param cls the plugin
+ * @param data the pabc credential data
+ * @param data_size the pabc credential size
+ * @param skey the attribute key to look for.
+ * @return a string, containing the isser
+ */
+char *
+pabc_get_attribute (void *cls,
+                    const char *data,
+                    size_t data_size,
+                    const char *skey)
+{
+
+  struct Finder fdr;
+  memset (&fdr, 0, sizeof (fdr));
+  fdr.target = skey;
+  pabc_cred_inspect_credential (data, &find_attr, &fdr);
+  return fdr.result;
+}
+
+
+/**
+ * Parse a pabc and return the issuer
+ *
+ * @param cls the plugin
+ * @param cred the pabc credential
+ * @return a string, containing the isser
+ */
+char*
+pabc_get_issuer (void *cls,
+                 const char *data,
+                 size_t data_size)
+{
+  char *res;
+  if (PABC_OK != pabc_cred_get_attr_by_name_from_cred (data,
+                                                       "issuer",
+                                                       &res))
+    return NULL;
+  return res;
+}
+
+
+/**
+ * Parse a pabc and return the issuer
+ *
+ * @param cls the plugin
+ * @param cred the pabc credential
+ * @return a string, containing the isser
+ */
+char*
+pabc_get_issuer (void *cls,
+                 const char *data,
+                 size_t data_size)
+{
+  return pabc_get_attribute (cls, data, data_size, "issuer");
+}
+
+
+/**
+ * Parse a pabc and return the issuer
+ *
+ * @param cls the plugin
+ * @param cred the pabc credential
+ * @return a string, containing the isser
+ */
+char *
+pabc_get_issuer_c (void *cls,
+                   const struct GNUNET_RECLAIM_Credential *cred)
+{
+  if (GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC != cred->type)
+    return NULL;
+  return pabc_get_issuer (cls, cred->data, cred->data_size);
+}
+
+
+/**
+ * Parse a pabc and return the issuer
+ *
+ * @param cls the plugin
+ * @param cred the pabc credential
+ * @return a string, containing the isser
+ */
+char *
+pabc_get_issuer_p (void *cls,
+                   const struct GNUNET_RECLAIM_Presentation *cred)
+{
+  if (GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC != cred->type)
+    return NULL;
+  return pabc_get_issuer (cls, cred->data, cred->data_size);
+}
+
+
+/**
+ * Parse a pabc and return the expiration
+ *
+ * @param cls the plugin
+ * @param cred the pabc credential
+ * @return a string, containing the isser
+ */
+int
+pabc_get_expiration (void *cls,
+                     const char *data,
+                     size_t data_size,
+                     struct GNUNET_TIME_Absolute *exp)
+{
+  json_t *json_root;
+  json_t *json_attrs;
+  json_t *value;
+  json_t *exp_j;
+  json_error_t *json_err = NULL;
+  const char*key;
+
+  json_root = json_loads (data, JSON_DECODE_ANY, json_err);
+  if ((NULL == json_root) ||
+      (! json_is_object (json_root)))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Unable to retrive expiration from credential\n");
+    return GNUNET_SYSERR;
+  }
+
+  if (1 != sscanf (exp_str, "%llu", &exp_i))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Invalid expiration `%s'\n", exp_str);
+    GNUNET_free (exp_str);
+    return GNUNET_SYSERR;
+  }
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Converted expiration string `%s' to %llu",
+              exp_str, exp_i);
+
+  GNUNET_free (exp_str);
+  exp->abs_value_us = exp_i * 1000 * 1000;
+  return GNUNET_OK;
+}
+
+
+/**
+ * Parse a pabc and return the expiration
+ *
+ * @param cls the plugin
+ * @param cred the pabc credential
+ * @return a string, containing the isser
+ */
+enum GNUNET_GenericReturnValue
+pabc_get_expiration_c (void *cls,
+                       const struct GNUNET_RECLAIM_Credential *cred,
+                       struct GNUNET_TIME_Absolute *exp)
+{
+  if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC)
+    return GNUNET_NO;
+  return pabc_get_expiration (cls, cred->data, cred->data_size, exp);
+}
+
+
+/**
+ * Parse a pabc and return the expiration
+ *
+ * @param cls the plugin
+ * @param cred the pabc credential
+ * @return a string, containing the isser
+ */
+enum GNUNET_GenericReturnValue
+pabc_get_expiration_p (void *cls,
+                       const struct GNUNET_RECLAIM_Presentation *cred,
+                       struct GNUNET_TIME_Absolute *exp)
+{
+  if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC)
+    return GNUNET_NO;
+  return pabc_get_expiration (cls, cred->data, cred->data_size, exp);
+}
+
+
+int
+pabc_create_presentation (void *cls,
+                          const struct GNUNET_RECLAIM_Credential *credential,
+                          const struct GNUNET_RECLAIM_AttributeList *attrs,
+                          struct GNUNET_RECLAIM_Presentation **pres)
+{
+  struct pabc_context *ctx = NULL;
+  struct pabc_user_context *usr_ctx = NULL;
+  struct pabc_public_parameters *pp = NULL;
+  struct pabc_credential *cred = NULL;
+  struct pabc_blinded_proof *proof = NULL;
+  struct GNUNET_RECLAIM_AttributeListEntry *ale;
+  char *issuer;
+  char *subject;
+  enum pabc_status status;
+
+  if (GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC != credential->type)
+    return GNUNET_NO;
+
+
+  PABC_ASSERT (pabc_new_ctx (&ctx));
+  issuer = pabc_get_issuer_c (cls, credential);
+  if (NULL == issuer)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "No issuer found in credential\n");
+    pabc_free_ctx (&ctx);
+    return GNUNET_SYSERR;
+  }
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Got issuer for credential: %s\n", issuer);
+  status = PABC_load_public_parameters (ctx, issuer, &pp);
+  if (status != PABC_OK)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Failed to read public parameters.\n");
+    pabc_free_ctx (&ctx);
+    GNUNET_free (issuer);
+    return GNUNET_SYSERR;
+  }
+  if (PABC_OK != pabc_cred_get_attr_by_name_from_cred (credential->data,
+                                                       "subject",
+                                                       &subject))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Failed to get subject.\n");
+    pabc_free_ctx (&ctx);
+    GNUNET_free (issuer);
+    return GNUNET_SYSERR;
+  }
+  status = PABC_read_usr_ctx (subject, issuer, ctx, pp, &usr_ctx);
+  GNUNET_free (issuer);
+  GNUNET_free (subject);
+  if (PABC_OK != status)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Failed to read user context.\n");
+    pabc_free_public_parameters (ctx, &pp);
+    return GNUNET_SYSERR;
+  }
+
+  status = pabc_new_credential (ctx, pp, &cred);
+  if (status != PABC_OK)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Failed to allocate credential.\n");
+    pabc_free_user_context (ctx, pp, &usr_ctx);
+    pabc_free_public_parameters (ctx, &pp);
+    return GNUNET_SYSERR;
+  }
+
+  status = pabc_decode_credential (ctx, pp, cred, credential->data);
+  if (status != PABC_OK)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Failed to decode credential.\n");
+    pabc_free_credential (ctx, pp, &cred);
+    pabc_free_user_context (ctx, pp, &usr_ctx);
+    pabc_free_public_parameters (ctx, &pp);
+    return GNUNET_SYSERR;
+  }
+
+  status = pabc_new_proof (ctx, pp, &proof);
+  if (status != PABC_OK)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Failed to allocate proof.\n");
+    pabc_free_credential (ctx, pp, &cred);
+    pabc_free_user_context (ctx, pp, &usr_ctx);
+    pabc_free_public_parameters (ctx, &pp);
+    return GNUNET_SYSERR;
+  }
+
+  // now we can parse the attributes to disclose and configure the proof
+  for (ale = attrs->list_head; NULL != ale; ale = ale->next)
+  {
+    status = pabc_set_disclosure_by_attribute_name (ctx, pp, proof,
+                                                    ale->attribute->name,
+                                                    PABC_DISCLOSED, cred);
+    if (status != PABC_OK)
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                  "Failed to configure proof.\n");
+      pabc_free_credential (ctx, pp, &cred);
+      pabc_free_user_context (ctx, pp, &usr_ctx);
+      pabc_free_public_parameters (ctx, &pp);
+      return GNUNET_SYSERR;
+    }
+  }
+
+  // and finally -> sign the proof
+  status = pabc_gen_proof (ctx, usr_ctx, pp, proof, cred);
+  if (status != PABC_OK)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Failed to sign proof.\n");
+    pabc_free_proof (ctx, pp, &proof);
+    pabc_free_credential (ctx, pp, &cred);
+    pabc_free_user_context (ctx, pp, &usr_ctx);
+    pabc_free_public_parameters (ctx, &pp);
+    return GNUNET_SYSERR;
+  }
+  // print the result
+  char *json = NULL;
+  char *ppid = NULL;
+  char *userid = NULL;
+  GNUNET_assert (PABC_OK == pabc_cred_get_userid_from_cred (credential->data,
+                                                            &userid));
+  GNUNET_assert (PABC_OK == pabc_cred_get_ppid_from_cred (credential->data,
+                                                          &ppid));
+  pabc_cred_encode_proof (ctx, pp, proof, userid, ppid,  &json);
+  GNUNET_free (ppid);
+  GNUNET_free (userid);
+  if (PABC_OK != status)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Failed to serialize proof.\n");
+    pabc_free_proof (ctx, pp, &proof);
+    pabc_free_credential (ctx, pp, &cred);
+    pabc_free_user_context (ctx, pp, &usr_ctx);
+    pabc_free_public_parameters (ctx, &pp);
+    return GNUNET_SYSERR;
+  }
+  char *json_enc;
+  GNUNET_STRINGS_base64_encode (json,
+                                strlen (json) + 1,
+                                &json_enc);
+  GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+              "Presentation: %s\n", json_enc);
+  // clean up
+  *pres = GNUNET_RECLAIM_presentation_new (GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC,
+                                           json_enc,
+                                           strlen (json_enc) + 1);
+  GNUNET_free (json_enc);
+  PABC_FREE_NULL (json);
+  pabc_free_proof (ctx, pp, &proof);
+  pabc_free_credential (ctx, pp, &cred);
+  pabc_free_user_context (ctx, pp, &usr_ctx);
+  pabc_free_public_parameters (ctx, &pp);
+  return GNUNET_OK;
+}
+
+
+/**
+ * Entry point for the plugin.
+ *
+ * @param cls NULL
+ * @return the exported block API
+ */
+void *
+libgnunet_plugin_reclaim_credential_pabc_init (void *cls)
+{
+  struct GNUNET_RECLAIM_CredentialPluginFunctions *api;
+
+  api = GNUNET_new (struct GNUNET_RECLAIM_CredentialPluginFunctions);
+  api->value_to_string = &pabc_value_to_string;
+  api->string_to_value = &pabc_string_to_value;
+  api->typename_to_number = &pabc_typename_to_number;
+  api->number_to_typename = &pabc_number_to_typename;
+  api->get_attributes = &pabc_parse_attributes_c;
+  api->get_issuer = &pabc_get_issuer_c;
+  api->get_expiration = &pabc_get_expiration_c;
+  api->value_to_string_p = &pabc_value_to_string;
+  api->string_to_value_p = &pabc_string_to_value;
+  api->typename_to_number_p = &pabc_typename_to_number;
+  api->number_to_typename_p = &pabc_number_to_typename;
+  api->get_attributes_p = &pabc_parse_attributes_p;
+  api->get_issuer_p = &pabc_get_issuer_p;
+  api->get_expiration_p = &pabc_get_expiration_p;
+  api->create_presentation = &pabc_create_presentation;
+  return api;
+}
+
+
+/**
+ * Exit point from the plugin.
+ *
+ * @param cls the return value from #libgnunet_plugin_block_test_init()
+ * @return NULL
+ */
+void *
+libgnunet_plugin_reclaim_credential_pabc_done (void *cls)
+{
+  struct GNUNET_RECLAIM_CredentialPluginFunctions *api = cls;
+
+  GNUNET_free (api);
+  return NULL;
+}
+
+
+/* end of plugin_reclaim_credential_type_pabc.c */