From 39981eee3163a1795026e8670ac5b669426f268b Mon Sep 17 00:00:00 2001 From: Martin Schanzenbach Date: Thu, 10 Nov 2016 20:35:04 +0100 Subject: add credential --- configure.ac | 2 + src/Makefile.am | 1 + src/credential/Makefile.am | 113 +++++++ src/credential/credential.conf.in | 5 + src/credential/credential.h | 91 ++++++ src/credential/credential_api.c | 410 ++++++++++++++++++++++++++ src/credential/gnunet-credential.c | 382 ++++++++++++++++++++++++ src/credential/gnunet-service-credential.c | 425 +++++++++++++++++++++++++++ src/credential/plugin_gnsrecord_credential.c | 257 ++++++++++++++++ src/credential/test_credential_lookup.sh | 40 +++ src/include/gnunet_credential_service.h | 60 +++- src/include/gnunet_gnsrecord_lib.h | 7 + src/include/gnunet_protocols.h | 9 + 13 files changed, 1794 insertions(+), 8 deletions(-) create mode 100644 src/credential/Makefile.am create mode 100644 src/credential/credential.conf.in create mode 100644 src/credential/credential.h create mode 100644 src/credential/credential_api.c create mode 100644 src/credential/gnunet-credential.c create mode 100644 src/credential/gnunet-service-credential.c create mode 100644 src/credential/plugin_gnsrecord_credential.c create mode 100755 src/credential/test_credential_lookup.sh diff --git a/configure.ac b/configure.ac index d839f8b4e..1a2451392 100644 --- a/configure.ac +++ b/configure.ac @@ -1581,6 +1581,8 @@ src/gnsrecord/Makefile src/hello/Makefile src/identity/Makefile src/identity/identity.conf +src/credential/Makefile +src/credential/credential.conf src/include/Makefile src/integration-tests/Makefile src/json/Makefile diff --git a/src/Makefile.am b/src/Makefile.am index 98ca70ae3..2877cab0b 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -109,6 +109,7 @@ SUBDIRS = \ revocation \ vpn \ gns \ + credential \ $(CONVERSATION_DIR) \ fs \ exit \ diff --git a/src/credential/Makefile.am b/src/credential/Makefile.am new file mode 100644 index 000000000..6469895e3 --- /dev/null +++ b/src/credential/Makefile.am @@ -0,0 +1,113 @@ +# This Makefile.am is in the public domain +AM_CPPFLAGS = -I$(top_srcdir)/src/include + +EXTRA_DIST = \ + test_credential_defaults.conf \ + test_credential_lookup.conf +# test_gns_nick_shorten.conf \ +#### test_gns_proxy.conf \ +# test_gns_simple_lookup.conf \ +# gns-helper-service-w32.conf \ +# w32nsp.def \ +# gnunet-gns-proxy-setup-ca \ +# zonefiles/J7POEUT41A8PBFS7KVVDRF88GBOU4HK8PSU5QKVLVE3R9T91E99G.zkey \ +# zonefiles/OEFL7A4VEF1B40QLEMTG5D8G1CN6EN16QUSG5R2DT71GRJN34LSG.zkey \ +# zonefiles/test_zonekey \ +# $(check_SCRIPTS) + + +if USE_COVERAGE + AM_CFLAGS = --coverage -O0 +endif + +pkgcfgdir = $(pkgdatadir)/config.d/ + +libexecdir= $(pkglibdir)/libexec/ + +plugindir = $(libdir)/gnunet + +pkgcfg_DATA = \ + credential.conf + + +# /usr/lib - compiles a layer which can be used to be communicagte with the service +lib_LTLIBRARIES = \ + libgnunetcredential.la + +# /usr/lib/gnunet/libexec - Business logic . Separate process +libexec_PROGRAMS = \ + gnunet-service-credential + +bin_PROGRAMS = \ + gnunet-credential + +plugin_LTLIBRARIES = \ + libgnunet_plugin_gnsrecord_credential.la + + +#if HAVE_MHD +#if HAVE_JSON +#plugin_LTLIBRARIES += libgnunet_plugin_rest_gns.la +#endif +#endif + + +gnunet_credential_SOURCES = \ + gnunet-credential.c +gnunet_credential_LDADD = \ + libgnunetcredential.la \ + $(top_builddir)/src/util/libgnunetutil.la \ + $(top_builddir)/src/identity/libgnunetidentity.la \ + $(GN_LIBINTL) + + +libgnunet_plugin_gnsrecord_credential_la_SOURCES = \ + plugin_gnsrecord_credential.c +libgnunet_plugin_gnsrecord_credential_la_LIBADD = \ + $(top_builddir)/src/util/libgnunetutil.la \ + $(LTLIBINTL) +libgnunet_plugin_gnsrecord_credential_la_LDFLAGS = \ + $(GN_PLUGIN_LDFLAGS) + + + +gnunet_service_credential_SOURCES = \ + gnunet-service-credential.c +gnunet_service_credential_LDADD = \ + $(top_builddir)/src/util/libgnunetutil.la \ + $(top_builddir)/src/gns/libgnunetgns.la \ + $(top_builddir)/src/statistics/libgnunetstatistics.la \ + $(GN_LIBINTL) + + +libgnunetcredential_la_SOURCES = \ + credential_api.c credential.h +libgnunetcredential_la_LIBADD = \ + $(top_builddir)/src/util/libgnunetutil.la $(XLIB) +libgnunetcredential_la_LDFLAGS = \ + $(GN_LIB_LDFLAGS) + + +#libgnunet_plugin_rest_gns_la_SOURCES = \ +# plugin_rest_gns.c +#libgnunet_plugin_rest_gns_la_LIBADD = \ +# libgnunetgns.la \ +# $(top_builddir)/src/rest/libgnunetrest.la \ +# $(top_builddir)/src/identity/libgnunetidentity.la \ +# $(top_builddir)/src/jsonapi/libgnunetjsonapi.la \ +# $(top_builddir)/src/jsonapi/libgnunetjsonapiutils.la \ +# $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \ +# $(LTLIBINTL) -ljansson -lmicrohttpd +#libgnunet_plugin_rest_gns_la_LDFLAGS = \ +# $(GN_PLUGIN_LDFLAGS) + + +#check_SCRIPTS = \ + #test_gns_lookup.sh + +if ENABLE_TEST_RUN +if HAVE_SQLITE + AM_TESTS_ENVIRONMENT=export GNUNET_PREFIX=$${GNUNET_PREFIX:-@libdir@};export PATH=$${GNUNET_PREFIX:-@prefix@}/bin:$$PATH; + TESTS = $(check_SCRIPTS) +endif +endif diff --git a/src/credential/credential.conf.in b/src/credential/credential.conf.in new file mode 100644 index 000000000..71f3066ca --- /dev/null +++ b/src/credential/credential.conf.in @@ -0,0 +1,5 @@ +[credential] +BINARY = gnunet-service-credential +UNIXPATH = $GNUNET_USER_RUNTIME_DIR/gnunet-service-credential.sock +USER_SERVICE = YES +OPTIONS = -L DEBUG \ No newline at end of file diff --git a/src/credential/credential.h b/src/credential/credential.h new file mode 100644 index 000000000..597c34a3d --- /dev/null +++ b/src/credential/credential.h @@ -0,0 +1,91 @@ +/* + This file is part of GNUnet + Copyright (C) 2012-2013 GNUnet e.V. + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. + */ +/** + * @file credential/credential.h + * @brief IPC messages between CREDENTIAL API and CREDENTIAL service + * @author Adnan Husain + */ +#ifndef CREDENTIAL_H +#define CREDENTIAL_H + +#include "gnunet_credential_service.h" + +GNUNET_NETWORK_STRUCT_BEGIN + +/** + * Message from client to Credential service to lookup credentials. + */ +struct LookupMessage +{ + /** + * Header of type #GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP + */ + struct GNUNET_MessageHeader header; + + /** + * Subject public key + */ + struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; + + /** + * Trust anchor + */ + struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + + /* Followed by the zero-terminated credential to look up */ + +}; + + +/** + * Message from CREDENTIAL service to client: new results. + */ +struct LookupResultMessage +{ + /** + * Header of type #GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP_RESULT + */ + struct GNUNET_MessageHeader header; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + + + /** + * The number of credentials in the response + */ + uint32_t cd_count GNUNET_PACKED; + + /* followed by cd_count GNUNET_CREDENTIAL_RecordData structs*/ + +}; + + +GNUNET_NETWORK_STRUCT_END + +#endif + diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c new file mode 100644 index 000000000..1efe2d089 --- /dev/null +++ b/src/credential/credential_api.c @@ -0,0 +1,410 @@ +/* + This file is part of GNUnet. + Copyright (C) 2009-2013, 2016 GNUnet e.V. + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. +*/ +/** + * @file credential/credential_api.c + * @brief library to access the CREDENTIAL service + * @author Adnan Husain + */ +#include "platform.h" +#include "gnunet_util_lib.h" +#include "gnunet_constants.h" +#include "gnunet_arm_service.h" +#include "gnunet_hello_lib.h" +#include "gnunet_protocols.h" +#include "credential.h" +#include "gnunet_credential_service.h" +#include "gnunet_identity_service.h" + + +#define LOG(kind,...) GNUNET_log_from (kind, "credential-api",__VA_ARGS__) + +/** + * Handle to a lookup request + */ +struct GNUNET_CREDENTIAL_LookupRequest +{ + + /** + * DLL + */ + struct GNUNET_CREDENTIAL_LookupRequest *next; + + /** + * DLL + */ + struct GNUNET_CREDENTIAL_LookupRequest *prev; + + /** + * handle to credential service + */ + struct GNUNET_CREDENTIAL_Handle *credential_handle; + + /** + * processor to call on lookup result + */ + GNUNET_CREDENTIAL_LookupResultProcessor lookup_proc; + + /** + * @e lookup_proc closure + */ + void *proc_cls; + + /** + * Envelope with the message for this queue entry. + */ + struct GNUNET_MQ_Envelope *env; + + /** + * request id + */ + uint32_t r_id; + +}; + + +/** + * Connection to the CREDENTIAL service. + */ +struct GNUNET_CREDENTIAL_Handle +{ + + /** + * Configuration to use. + */ + const struct GNUNET_CONFIGURATION_Handle *cfg; + + /** + * Connection to service (if available). + */ + struct GNUNET_MQ_Handle *mq; + + /** + * Head of linked list of active lookup requests. + */ + struct GNUNET_CREDENTIAL_LookupRequest *lookup_head; + + /** + * Tail of linked list of active lookup requests. + */ + struct GNUNET_CREDENTIAL_LookupRequest *lookup_tail; + + /** + * Reconnect task + */ + struct GNUNET_SCHEDULER_Task *reconnect_task; + + /** + * How long do we wait until we try to reconnect? + */ + struct GNUNET_TIME_Relative reconnect_backoff; + + /** + * Request Id generator. Incremented by one for each request. + */ + uint32_t r_id_gen; + +}; + + +/** + * Reconnect to CREDENTIAL service. + * + * @param handle the handle to the CREDENTIAL service + */ +static void +reconnect (struct GNUNET_CREDENTIAL_Handle *handle); + + +/** + * Reconnect to CREDENTIAL + * + * @param cls the handle + */ +static void +reconnect_task (void *cls) +{ + struct GNUNET_CREDENTIAL_Handle *handle = cls; + + handle->reconnect_task = NULL; + reconnect (handle); +} + + +/** + * Disconnect from service and then reconnect. + * + * @param handle our handle + */ +static void +force_reconnect (struct GNUNET_CREDENTIAL_Handle *handle) +{ + GNUNET_MQ_destroy (handle->mq); + handle->mq = NULL; + handle->reconnect_backoff + = GNUNET_TIME_STD_BACKOFF (handle->reconnect_backoff); + handle->reconnect_task + = GNUNET_SCHEDULER_add_delayed (handle->reconnect_backoff, + &reconnect_task, + handle); +} + + +/** + * Generic error handler, called with the appropriate error code and + * the same closure specified at the creation of the message queue. + * Not every message queue implementation supports an error handler. + * + * @param cls closure with the `struct GNUNET_CREDENTIAL_Handle *` + * @param error error code + */ +static void +mq_error_handler (void *cls, + enum GNUNET_MQ_Error error) +{ + struct GNUNET_CREDENTIAL_Handle *handle = cls; + + force_reconnect (handle); +} + + +/** + * Check validity of message received from the CREDENTIAL service + * + * @param cls the `struct GNUNET_CREDENTIAL_Handle *` + * @param loookup_msg the incoming message + */ +static int +check_result (void *cls, + const struct LookupResultMessage *lookup_msg) +{ + //TODO + return GNUNET_OK; +} + + +/** + * Handler for messages received from the CREDENTIAL service + * + * @param cls the `struct GNUNET_CREDENTIAL_Handle *` + * @param loookup_msg the incoming message + */ +static void +handle_result (void *cls, + const struct LookupResultMessage *lookup_msg) +{ + struct GNUNET_CREDENTIAL_Handle *handle = cls; + uint32_t cd_count = ntohl (lookup_msg->cd_count); + struct GNUNET_CREDENTIAL_RecordData cd[cd_count]; + uint32_t r_id = ntohl (lookup_msg->id); + struct GNUNET_CREDENTIAL_LookupRequest *lr; + GNUNET_CREDENTIAL_LookupResultProcessor proc; + void *proc_cls; + + LOG (GNUNET_ERROR_TYPE_DEBUG, + "Received lookup reply from CREDENTIAL service (%u credentials)\n", + (unsigned int) cd_count); + for (lr = handle->lookup_head; NULL != lr; lr = lr->next) + if (lr->r_id == r_id) + break; + if (NULL == lr) + return; + proc = lr->lookup_proc; + proc_cls = lr->proc_cls; + GNUNET_CONTAINER_DLL_remove (handle->lookup_head, + handle->lookup_tail, + lr); + GNUNET_free (lr); + /** + GNUNET_assert (GNUNET_OK == + GNUNET_CREDENTIAL_records_deserialize (mlen, + (const char*) &lookup_msg[1], + rd_count, + rd)); + */ + proc (proc_cls, + NULL, + cd_count, + cd); // TODO +} + + +/** + * Reconnect to CREDENTIAL service. + * + * @param handle the handle to the CREDENTIAL service + */ +static void +reconnect (struct GNUNET_CREDENTIAL_Handle *handle) +{ + struct GNUNET_MQ_MessageHandler handlers[] = { + GNUNET_MQ_hd_var_size (result, + GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP_RESULT, + struct LookupResultMessage, + NULL), + GNUNET_MQ_handler_end () + }; + struct GNUNET_CREDENTIAL_LookupRequest *lh; + + GNUNET_assert (NULL == handle->mq); + LOG (GNUNET_ERROR_TYPE_DEBUG, + "Trying to connect to CREDENTIAL\n"); + handle->mq = GNUNET_CLIENT_connecT (handle->cfg, + "credential", + handlers, + &mq_error_handler, + handle); + if (NULL == handle->mq) + return; + for (lh = handle->lookup_head; NULL != lh; lh = lh->next) + GNUNET_MQ_send_copy (handle->mq, + lh->env); +} + + +/** + * Initialize the connection with the CREDENTIAL service. + * + * @param cfg configuration to use + * @return handle to the CREDENTIAL service, or NULL on error + */ +struct GNUNET_CREDENTIAL_Handle * +GNUNET_CREDENTIAL_connect (const struct GNUNET_CONFIGURATION_Handle *cfg) +{ + struct GNUNET_CREDENTIAL_Handle *handle; + + handle = GNUNET_new (struct GNUNET_CREDENTIAL_Handle); + handle->cfg = cfg; + reconnect (handle); + if (NULL == handle->mq) + { + GNUNET_free (handle); + return NULL; + } + return handle; +} + + +/** + * Shutdown connection with the CREDENTIAL service. + * + * @param handle handle of the CREDENTIAL connection to stop + */ +void +GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle) +{ + if (NULL != handle->mq) + { + GNUNET_MQ_destroy (handle->mq); + handle->mq = NULL; + } + if (NULL != handle->reconnect_task) + { + GNUNET_SCHEDULER_cancel (handle->reconnect_task); + handle->reconnect_task = NULL; + } + GNUNET_assert (NULL == handle->lookup_head); + GNUNET_free (handle); +} + + +/** + * Cancel pending lookup request + * + * @param lr the lookup request to cancel + */ +void +GNUNET_CREDENTIAL_lookup_cancel (struct GNUNET_CREDENTIAL_LookupRequest *lr) +{ + struct GNUNET_CREDENTIAL_Handle *handle = lr->credential_handle; + + GNUNET_CONTAINER_DLL_remove (handle->lookup_head, + handle->lookup_tail, + lr); + GNUNET_MQ_discard (lr->env); + GNUNET_free (lr); +} + + +/** + * Perform an asynchronous lookup operation for a credential. + * + * @param handle handle to the Credential service + * @param credential the credential to look up + * @param subject Ego to check the credential for + * @param proc function to call on result + * @param proc_cls closure for processor + * @return handle to the queued request + */ +struct GNUNET_CREDENTIAL_LookupRequest* +GNUNET_CREDENTIAL_lookup (struct GNUNET_CREDENTIAL_Handle *handle, + const char *credential, + const struct GNUNET_IDENTITY_Ego *subject, + const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key, + const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, + uint32_t credential_flags, + uint32_t max_delegation_depth, + GNUNET_CREDENTIAL_LookupResultProcessor proc, + void *proc_cls) +{ + /* IPC to shorten credential names, return shorten_handle */ + struct LookupMessage *lookup_msg; + struct GNUNET_CREDENTIAL_LookupRequest *lr; + size_t nlen; + + if (NULL == credential) + { + GNUNET_break (0); + return NULL; + } + //DEBUG LOG + LOG (GNUNET_ERROR_TYPE_DEBUG, + "Trying to lookup `%s' in CREDENTIAL\n", + credential); + nlen = strlen (credential) + 1; + if (nlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (*lr)) + { + GNUNET_break (0); + return NULL; + } + lr = GNUNET_new (struct GNUNET_CREDENTIAL_LookupRequest); + lr->credential_handle = handle; + lr->lookup_proc = proc; + lr->proc_cls = proc_cls; + lr->r_id = handle->r_id_gen++; + lr->env = GNUNET_MQ_msg_extra (lookup_msg, + nlen, + GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP); + lookup_msg->id = htonl (lr->r_id); + lookup_msg->subject_key = *subject_key; + lookup_msg->issuer_key = *issuer_key; + GNUNET_memcpy (&lookup_msg[1], + credential, + nlen); + GNUNET_CONTAINER_DLL_insert (handle->lookup_head, + handle->lookup_tail, + lr); + if (NULL != handle->mq) + GNUNET_MQ_send_copy (handle->mq, + lr->env); + return lr; +} + + +/* end of credential_api.c */ diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c new file mode 100644 index 000000000..363ed03fc --- /dev/null +++ b/src/credential/gnunet-credential.c @@ -0,0 +1,382 @@ +/* + This file is part of GNUnet. + Copyright (C) 2012-2013 GNUnet e.V. + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. +*/ +/** + * @file gnunet-credential.c + * @brief command line tool to access command line Credential service + * @author Adnan Husain + */ +#include "platform.h" +#include +#include +#include + +/** + * Configuration we are using. + */ +static const struct GNUNET_CONFIGURATION_Handle *cfg; + +/** + * Handle to Credential service. + */ +static struct GNUNET_CREDENTIAL_Handle *credential; + +/** + * Desired timeout for the lookup (default is no timeout). + */ +static struct GNUNET_TIME_Relative timeout; + +/** + * Credential to lookup. (-u option) + */ +static char *lookup_credential; + +/** + * Handle to lookup request + */ +static struct GNUNET_CREDENTIAL_LookupRequest *lookup_request; + +/** + * Lookup an ego with the identity service. + */ +static struct GNUNET_IDENTITY_EgoLookup *el; + +/** + * Handle for identity service. + */ +static struct GNUNET_IDENTITY_Handle *identity; + +/** + * Active operation on identity service. + */ +static struct GNUNET_IDENTITY_Operation *id_op; + +/** + * Task scheduled to handle timeout. + */ +static struct GNUNET_SCHEDULER_Task *tt; + +/** + * Subject pubkey string + */ +static char *subject_key; + +/** + * Subject pubkey string + */ +static char *issuer_key; + +/* + * Credential flags + */ +static int credential_flags; + +/* + * Maximum delegation depth + */ +static int max_delegation_depth; + + + +/** + * Identity of the zone to use for the lookup (-z option) + */ +static char *zone_ego_name; + + +/** + * Task run on shutdown. Cleans up everything. + * + * @param cls unused + */ +static void +do_shutdown (void *cls) +{ + if (NULL != el) + { + GNUNET_IDENTITY_ego_lookup_cancel (el); + el = NULL; + } + if (NULL != id_op) + { + GNUNET_IDENTITY_cancel (id_op); + id_op = NULL; + } + if (NULL != lookup_request) + { + GNUNET_CREDENTIAL_lookup_cancel (lookup_request); + lookup_request = NULL; + } + if (NULL != identity) + { + GNUNET_IDENTITY_disconnect (identity); + identity = NULL; + } + if (NULL != credential) + { + GNUNET_CREDENTIAL_disconnect (credential); + credential = NULL; + } + if (NULL != tt) + { + GNUNET_SCHEDULER_cancel (tt); + tt = NULL; + } +} + + +/** + * Task run on timeout. Triggers shutdown. + * + * @param cls unused + */ +static void +do_timeout (void *cls) +{ + tt = NULL; + GNUNET_SCHEDULER_shutdown (); +} + + +/** + * Function called with the result of a Credential lookup. + * + * @param cls the 'const char *' name that was resolved + * @param cd_count number of records returned + * @param cd array of @a cd_count records with the results + */ +static void +handle_lookup_result (void *cls, + struct GNUNET_IDENTITY_Ego *issuer, + uint16_t issuer_len, + const struct GNUNET_CREDENTIAL_RecordData *data) +{ + + + lookup_request = NULL; + if (0 == issuer_len) + printf ("No results.\n"); + else + printf ("%u\n", + issuer_len); + + + GNUNET_SCHEDULER_shutdown (); +} + + + + +/** + * Perform the actual resolution, with the subject pkey and + * the issuer public key + * + * @param pkey public key to use for the zone, can be NULL + * @param shorten_key private key used for shortening, can be NULL + */ +static void +lookup_credentials (struct GNUNET_IDENTITY_Ego *ego) +{ + + struct GNUNET_CRYPTO_EcdsaPublicKey subject_pkey; + struct GNUNET_CRYPTO_EcdsaPublicKey issuer_pkey; + + if (NULL != subject_key && NULL != issuer_key && NULL != lookup_credential) + { + if (GNUNET_OK != + GNUNET_CRYPTO_ecdsa_public_key_from_string (subject_key, + strlen (subject_key), + &subject_pkey)) + { + fprintf (stderr, + _("Subject public key `%s' is not well-formed\n"), + subject_key); + GNUNET_SCHEDULER_shutdown (); + return; + } + + if (GNUNET_OK != + GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_key, + strlen (issuer_key), + &issuer_pkey)) + { + fprintf (stderr, + _("Authority public key `%s' is not well-formed\n"), + issuer_key); + GNUNET_SCHEDULER_shutdown (); + return; + } + + lookup_request = GNUNET_CREDENTIAL_lookup(credential, + lookup_credential, + ego, + &subject_pkey, + &issuer_pkey, + credential_flags, + max_delegation_depth, + &handle_lookup_result, + NULL); + return; + } + else + { + fprintf (stderr, + _("Please specify name to lookup, subject key and issuer key!\n")); + GNUNET_SCHEDULER_shutdown (); + return; + } +} + + +/** + * Method called to with the ego we are to use for the lookup, + * when the ego is the one for the default master zone. + * + * @param cls closure (NULL, unused) + * @param ego ego handle, NULL if not found + * @param ctx context for application to store data for this ego + * (during the lifetime of this process, initially NULL) + * @param name name assigned by the user for this ego, + * NULL if the user just deleted the ego and it + * must thus no longer be used + */ +static void +identity_master_cb (void *cls, + struct GNUNET_IDENTITY_Ego *ego, + void **ctx, + const char *name) +{ + + id_op = NULL; + if (NULL == ego) + { + fprintf (stderr, + _("Ego for `gns-master' not found, cannot perform lookup. Did you run gnunet-gns-import.sh?\n")); + GNUNET_SCHEDULER_shutdown (); + return; + } + + lookup_credentials(ego); + + +} + + +/** + * Main function that will be run. + * + * @param cls closure + * @param args remaining command-line arguments + * @param cfgfile name of the configuration file used (for saving, can be NULL!) + * @param c configuration + */ +static void +run (void *cls, + char *const *args, + const char *cfgfile, + const struct GNUNET_CONFIGURATION_Handle *c) +{ + + cfg = c; + credential = GNUNET_CREDENTIAL_connect (cfg); + identity = GNUNET_IDENTITY_connect (cfg, NULL, NULL); + + + + + if (NULL == credential) + { + fprintf (stderr, + _("Failed to connect to CREDENTIAL\n")); + return; + } + if (NULL == identity) + { + fprintf (stderr, + _("Failed to connect to IDENTITY\n")); + return; + } + tt = GNUNET_SCHEDULER_add_delayed (timeout, + &do_timeout, NULL); + GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); + + + + GNUNET_break (NULL == id_op); + id_op = GNUNET_IDENTITY_get (identity, + "gns-master",//# TODO: Create credential-master + &identity_master_cb, + cls); + GNUNET_assert (NULL != id_op); + + + + +} + + +/** + * The main function for gnunet-gns. + * + * @param argc number of arguments from the command line + * @param argv command line arguments + * @return 0 ok, 1 on error + */ +int +main (int argc, char *const *argv) +{ + static const struct GNUNET_GETOPT_CommandLineOption options[] = { + {'u', "lookup", "CREDENTIAL", + gettext_noop ("Lookup a record for the given credential"), 1, + &GNUNET_GETOPT_set_string, &lookup_credential}, + /** { 'T', "timeout", "DELAY", + gettext_noop ("Specify timeout for the lookup"), 1, + &GNUNET_GETOPT_set_relative_time, &timeout }, + {'t', "type", "TYPE", + gettext_noop ("Specify the type of the record to lookup"), 1, + &GNUNET_GETOPT_set_string, &lookup_type},**/ + {'z', "zone", "NAME", + gettext_noop ("Specify the name of the ego of the zone to lookup the record in"), 1, + &GNUNET_GETOPT_set_string, &zone_ego_name}, + {'s', "subject", "PKEY", + gettext_noop ("Specify the public key of the subject to lookup the credential for"), 1, + &GNUNET_GETOPT_set_string, &subject_key}, + {'i', "issuer", "PKEY", + gettext_noop ("Specify the public key of the authority to verify the credential against"), 1, + &GNUNET_GETOPT_set_string, &issuer_key}, + GNUNET_GETOPT_OPTION_END + }; + int ret; + + timeout = GNUNET_TIME_UNIT_FOREVER_REL; + if (GNUNET_OK != GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, &argv)) + return 2; + + GNUNET_log_setup ("gnunet-credential", "WARNING", NULL); + ret = + (GNUNET_OK == + GNUNET_PROGRAM_run (argc, argv, "gnunet-credential", + _("GNUnet credential resolver tool"), + options, + &run, NULL)) ? 0 : 1; + GNUNET_free ((void*) argv); + return ret; +} + +/* end of gnunet-credential.c */ diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c new file mode 100644 index 000000000..de0592637 --- /dev/null +++ b/src/credential/gnunet-service-credential.c @@ -0,0 +1,425 @@ +/* + This file is part of GNUnet. + Copyright (C) 2011-2013 GNUnet e.V. + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. +*/ +/** + * @file gns/gnunet-service-credential.c + * @brief GNU Credential Service (main service) + * @author Adnan Husain + */ +#include "platform.h" +#include "gnunet_util_lib.h" +#include "gnunet_credential_service.h" +#include "gnunet_statistics_service.h" +#include "credential.h" +#include "gnunet_protocols.h" + +// For Looking up GNS request +#include +#include +#include +#include +#include +#include "gnunet_gns_service.h" + + + + +#define GNUNET_CREDENTIAL_MAX_LENGTH 255 + +/** + * DLL for record + */ +struct CredentialRecordEntry +{ + /** + * DLL + */ + struct CredentialRecordEntry *next; + + /** + * DLL + */ + struct CredentialRecordEntry *prev; + + + /** + * Payload + */ + struct GNUNET_CREDENTIAL_RecordData record_data; +}; + +/** + * Handle to a lookup operation from api + */ +struct ClientLookupHandle +{ + + /** + * We keep these in a DLL. + */ + struct ClientLookupHandle *next; + + /** + * We keep these in a DLL. + */ + struct ClientLookupHandle *prev; + + /** + * Handle to the requesting client + */ + struct GNUNET_SERVICE_Client *client; + + /** + * Handle to GNS lookup + */ + struct GNUNET_GNS_LookupRequest *lookup_request; + + /** + * Authority public key + */ + struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; + + /** + * Credential Chain + */ + struct CredentialRecordEntry *cred_chain_head; + + /** + * Credential Chain + */ + struct CredentialRecordEntry *cred_chain_tail; + + /** + * request id + */ + uint32_t request_id; + +}; + + +/** + * Head of the DLL. + */ +static struct ClientLookupHandle *clh_head; + +/** + * Tail of the DLL. + */ +static struct ClientLookupHandle *clh_tail; + +/** + * Handle to the statistics service + */ +static struct GNUNET_STATISTICS_Handle *statistics; + + + +/** + * Handle to GNS service. + */ +static struct GNUNET_GNS_Handle *gns; + +/** + * Task run during shutdown. + * + * @param cls unused + * @param tc unused + */ +static void +shutdown_task (void *cls) +{ + struct ClientLookupHandle *clh; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Shutting down!\n"); + while (NULL != (clh = clh_head)) + { + //CREDENTIAL_resolver_lookup_cancel (clh->lookup); + GNUNET_CONTAINER_DLL_remove (clh_head, + clh_tail, + clh); + GNUNET_free (clh); + } + + + if (NULL != statistics) + { + GNUNET_STATISTICS_destroy (statistics, + GNUNET_NO); + statistics = NULL; + } + +} + +/** + * Checks a #GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP message + * + * @param cls client sending the message + * @param l_msg message of type `struct LookupMessage` + * @return #GNUNET_OK if @a l_msg is well-formed + */ +static int +check_lookup (void *cls, + const struct LookupMessage *l_msg) +{ + size_t msg_size; + const char* cred; + + msg_size = ntohs (l_msg->header.size); + if (msg_size < sizeof (struct LookupMessage)) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + cred = (const char *) &l_msg[1]; + if ( ('\0' != cred[l_msg->header.size - sizeof (struct LookupMessage) - 1]) || + (strlen (cred) > GNUNET_CREDENTIAL_MAX_LENGTH) ) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + return GNUNET_OK; +} + + +/** + * Reply to client with the result from our lookup. + * + * @param cls the closure (our client lookup handle) + * @param rd_count the number of records in @a rd + * @param rd the record data + */ +static void +send_lookup_response (void* cls, + uint32_t rd_count, + const struct GNUNET_GNSRECORD_Data *rd) +{ + struct ClientLookupHandle *clh = cls; + size_t len; + int i; + int cred_record_count; + struct GNUNET_MQ_Envelope *env; + struct LookupResultMessage *rmsg; + const struct GNUNET_CREDENTIAL_RecordData *crd; + struct CredentialRecordEntry *cr_entry; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Sending LOOKUP_RESULT message with %u results\n", + (unsigned int) rd_count); + + cred_record_count = 0; + for (i=0; i < rd_count; i++) + { + if (GNUNET_GNSRECORD_TYPE_CREDENTIAL != rd[i].record_type) + continue; + cred_record_count++; + crd = rd[i].data; + /** + * TODO: Check for: + * - First time we come here subject must be subject prvided by client + * - After that is has to be the prev issuer + * - Terminate condition: issuer is clh->authority_key + * + * In any case: + * Append crd to result list of RecordData + */ + cr_entry = GNUNET_new (struct CredentialRecordEntry); + cr_entry->record_data = *crd; + GNUNET_CONTAINER_DLL_insert_tail (clh->cred_chain_head, + clh->cred_chain_tail, + cr_entry); + + } + + /** + * Get serialized record data size + */ + len = cred_record_count * sizeof (struct GNUNET_CREDENTIAL_RecordData); + + /** + * Prepare a lookup result response message for the client + */ + env = GNUNET_MQ_msg_extra (rmsg, + len, + GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP_RESULT); + //Assign id so that client can find associated request + rmsg->id = clh->request_id; + rmsg->cd_count = htonl (cred_record_count); + + /** + * Get serialized record data + * Append at the end of rmsg + */ + i = 0; + struct GNUNET_CREDENTIAL_RecordData *tmp_record = (struct GNUNET_CREDENTIAL_RecordData*) &rmsg[1]; + for (cr_entry = clh->cred_chain_head; NULL != cr_entry; cr_entry = cr_entry->next) + { + memcpy (tmp_record, + &cr_entry->record_data, + sizeof (struct GNUNET_CREDENTIAL_RecordData)); + tmp_record++; + } + GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(clh->client), + env); + + GNUNET_CONTAINER_DLL_remove (clh_head, clh_tail, clh); + + /** + * TODO: + * - Free DLL + * - Refactor into cleanup_handle() function for this + */ + GNUNET_free (clh); + + GNUNET_STATISTICS_update (statistics, + "Completed lookups", 1, + GNUNET_NO); + GNUNET_STATISTICS_update (statistics, + "Records resolved", + rd_count, + GNUNET_NO); +} + +/** + * Handle lookup requests from client + * + * @param cls the closure + * @param client the client + * @param message the message + */ +static void +handle_lookup (void *cls, + const struct LookupMessage *l_msg) +{ + char credential[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; + struct ClientLookupHandle *clh; + struct GNUNET_SERVICE_Client *client = cls; + char *credentialptr = credential; + const char *utf_in; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Received LOOKUP message\n"); + + utf_in = (const char *) &l_msg[1]; + GNUNET_STRINGS_utf8_tolower (utf_in, credentialptr); + clh = GNUNET_new (struct ClientLookupHandle); + GNUNET_CONTAINER_DLL_insert (clh_head, clh_tail, clh); + clh->client = client; + clh->request_id = l_msg->id; + clh->issuer_key = l_msg->issuer_key; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Sending LOOKUP_RESULT message with >%u results\n", + 0); + + if (NULL == credential) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "No credential provided\n"); + send_lookup_response (clh, 0, NULL); + return; + } + clh->lookup_request = GNUNET_GNS_lookup (gns, + credential, + &l_msg->subject_key, //subject_pkey, + GNUNET_GNSRECORD_TYPE_CREDENTIAL, + GNUNET_GNS_LO_DEFAULT, //TODO configurable? credential.conf + NULL, //shorten_key, always NULL + &send_lookup_response, + clh); +} + + +/** + * One of our clients disconnected, clean up after it. + * + * @param cls NULL + * @param client the client that disconnected + */ +static void +client_disconnect_cb (void *cls, + struct GNUNET_SERVICE_Client *client, + void *app_ctx) +{ + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Client %p disconnected\n", + client); +} + +/** + * Add a client to our list of active clients. + * + * @param cls NULL + * @param client client to add + * @param mq message queue for @a client + * @return this client + */ +static void * +client_connect_cb (void *cls, + struct GNUNET_SERVICE_Client *client, + struct GNUNET_MQ_Handle *mq) +{ + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Client %p connected\n", + client); + return client; +} + +/** + * Process Credential requests. + * + * @param cls closure + * @param server the initialized server + * @param c configuration to use + */ +static void +run (void *cls, + const struct GNUNET_CONFIGURATION_Handle *c, + struct GNUNET_SERVICE_Handle *handle) +{ + + gns = GNUNET_GNS_connect (c); + if (NULL == gns) + { + fprintf (stderr, + _("Failed to connect to GNS\n")); + } + + statistics = GNUNET_STATISTICS_create ("credential", c); + GNUNET_SCHEDULER_add_shutdown (&shutdown_task, NULL); +} + + +/** + * Define "main" method using service macro + */ +GNUNET_SERVICE_MAIN +("credential", + GNUNET_SERVICE_OPTION_NONE, + &run, + &client_connect_cb, + &client_disconnect_cb, + NULL, + GNUNET_MQ_hd_var_size (lookup, + GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP, + struct LookupMessage, + NULL), + GNUNET_MQ_handler_end()); + +/* end of gnunet-service-credential.c */ diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c new file mode 100644 index 000000000..6ae3b8980 --- /dev/null +++ b/src/credential/plugin_gnsrecord_credential.c @@ -0,0 +1,257 @@ +/* + This file is part of GNUnet + Copyright (C) 2013 GNUnet e.V. + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. +*/ + +/** + * @file credential/plugin_gnsrecord_credential.c + * @brief gnsrecord plugin to provide the API for CREDENTIAL records + * @author Adnan Husain + */ + +#include "platform.h" +#include "gnunet_util_lib.h" +#include "gnunet_gnsrecord_lib.h" +#include "gnunet_credential_service.h" +#include "gnunet_gnsrecord_plugin.h" + + +/** + * Convert the 'value' of a record to a string. + * + * @param cls closure, unused + * @param type type of the record + * @param data value in binary encoding + * @param data_size number of bytes in @a data + * @return NULL on error, otherwise human-readable representation of the value + */ +static char * +credential_value_to_string (void *cls, + uint32_t type, + const void *data, + size_t data_size) +{ + + const char *cdata; + + switch (type) + { + case GNUNET_GNSRECORD_TYPE_CREDENTIAL: + { + struct GNUNET_CREDENTIAL_RecordData cred; + char *cred_str; + char *subject_pkey; + char *issuer_pkey; + uint32_t cf; // Credential flags + uint32_t mdd; // Max delegation depth + if (data_size < sizeof (struct GNUNET_CREDENTIAL_RecordData)) + return NULL; /* malformed */ + memcpy (&cred, + data, + sizeof (cred)); + cdata = data; + subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.subject_key); + issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.issuer_key); + cf = ntohl (cred.credential_flags); + mdd = ntohl (cred.max_delegation_depth); + + GNUNET_asprintf (&cred_str, + "%s %s %u %u %s", + subject_pkey, + issuer_pkey, + (unsigned int) cf, + (unsigned int) mdd, + &cdata[sizeof (cred)]); + GNUNET_free (subject_pkey); + GNUNET_free (issuer_pkey); + + + + return cred_str; + } + default: + return NULL; + } +} + + +/** + * Convert human-readable version of a 'value' of a record to the binary + * representation. + * + * @param cls closure, unused + * @param type type of the record + * @param s human-readable string + * @param data set to value in binary encoding (will be allocated) + * @param data_size set to number of bytes in @a data + * @return #GNUNET_OK on success + */ +static int +credential_string_to_value (void *cls, + uint32_t type, + const char *s, + void **data, + size_t *data_size) +{ + if (NULL == s) + return GNUNET_SYSERR; + switch (type) + { + case GNUNET_GNSRECORD_TYPE_CREDENTIAL: + { + struct GNUNET_CREDENTIAL_RecordData *cred; + unsigned int cf; // credential flags + unsigned int mdd; // max delegation depth + + size_t enclen = (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8; + if (enclen % 5 > 0) + enclen += 5 - enclen % 5; + enclen /= 5; /* 260/5 = 52 */ + char subject_pkey[enclen + 1]; + char issuer_pkey[enclen + 1]; + char name[253 + 1]; + + if (5 != SSCANF (s, + "%52s %52s %u %u %253s", + subject_pkey, + issuer_pkey, + &cf, + &mdd, + name)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + _("Unable to parse CRED record string `%s'\n"), + s); + return GNUNET_SYSERR; + } + *data_size = sizeof (struct GNUNET_CREDENTIAL_RecordData) + strlen (name) + 1; + *data = cred = GNUNET_malloc (*data_size); + GNUNET_CRYPTO_ecdsa_public_key_from_string (subject_pkey, + strlen (subject_pkey), + &cred->subject_key); + GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_pkey, + strlen (issuer_pkey), + &cred->issuer_key); + cred->credential_flags = htonl (cf); + cred->max_delegation_depth = htonl (mdd); + GNUNET_memcpy (&cred[1], + name, + strlen (name)); + + + *data = GNUNET_strdup (s); + *data_size = strlen (s); + return GNUNET_OK; + } + default: + return GNUNET_SYSERR; + } +} + + +/** + * Mapping of record type numbers to human-readable + * record type names. + */ +static struct { + const char *name; + uint32_t number; +} name_map[] = { + { "CRED", GNUNET_GNSRECORD_TYPE_CREDENTIAL }, + { NULL, UINT32_MAX } +}; + + +/** + * Convert a type name (i.e. "AAAA") to the corresponding number. + * + * @param cls closure, unused + * @param gns_typename name to convert + * @return corresponding number, UINT32_MAX on error + */ +static uint32_t +credential_typename_to_number (void *cls, + const char *gns_typename) +{ + unsigned int i; + + i=0; + while ( (name_map[i].name != NULL) && + (0 != strcasecmp (gns_typename, name_map[i].name)) ) + i++; + return name_map[i].number; +} + + +/** + * Convert a type number (i.e. 1) to the corresponding type string (i.e. "A") + * + * @param cls closure, unused + * @param type number of a type to convert + * @return corresponding typestring, NULL on error + */ +static const char * +credential_number_to_typename (void *cls, + uint32_t type) +{ + unsigned int i; + + i=0; + while ( (name_map[i].name != NULL) && + (type != name_map[i].number) ) + i++; + return name_map[i].name; +} + + +/** + * Entry point for the plugin. + * + * @param cls NULL + * @return the exported block API + */ +void * +libgnunet_plugin_gnsrecord_credential_init (void *cls) +{ + struct GNUNET_GNSRECORD_PluginFunctions *api; + + api = GNUNET_new (struct GNUNET_GNSRECORD_PluginFunctions); + api->value_to_string = &credential_value_to_string; + api->string_to_value = &credential_string_to_value; + api->typename_to_number = &credential_typename_to_number; + api->number_to_typename = &credential_number_to_typename; + return api; +} + + +/** + * Exit point from the plugin. + * + * @param cls the return value from #libgnunet_plugin_block_test_init + * @return NULL + */ +void * +libgnunet_plugin_gnsrecord_credential_done (void *cls) +{ + struct GNUNET_GNSRECORD_PluginFunctions *api = cls; + + GNUNET_free (api); + return NULL; +} + +/* end of plugin_gnsrecord_credential.c */ diff --git a/src/credential/test_credential_lookup.sh b/src/credential/test_credential_lookup.sh new file mode 100755 index 000000000..216c281d7 --- /dev/null +++ b/src/credential/test_credential_lookup.sh @@ -0,0 +1,40 @@ +#!/bin/bash +trap "gnunet-arm -e -c test_credential_lookup.conf" SIGINT + +LOCATION=$(which gnunet-config) +if [ -z $LOCATION ] +then + LOCATION="gnunet-config" +fi +$LOCATION --version 1> /dev/null +if test $? != 0 +then + echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" + exit 77 +fi + +rm -rf `gnunet-config -c test_credential_lookup.conf -s PATHS -o GNUNET_HOME -f` +which timeout &> /dev/null && DO_TIMEOUT="timeout 30" +TEST_CREDENTIAL="keySub keyIss credName" +gnunet-arm -s -c test_credential_lookup.conf +gnunet-identity -C testsubject -c test_credential_lookup.conf + +#TODO1 Plugin serialization functions see REVERSE in gns/plugin_gnsrecord_gns.c +gnunet-namestore -p -z testsubject -a -n newcred -t CRED -V $TEST_CREDENTIAL -e never -c test_credential_lookup.conf + +#TODO2 Add -z swich like in gnunet-gns +RES_IP=`$DO_TIMEOUT gnunet-credential -z testsubject -s testsubject -u credName -c test_credential_lookup.conf` +gnunet-namestore -z testsubject -d -n newcred -t CRED -e never -c test_credential_lookup.conf +gnunet-identity -D testsubject -c test_credential_lookup.conf +gnunet-arm -e -c test_credential_lookup.conf + +#TODO3 proper test +exit 0 + +#if [ "$RES_IP" == "$TEST_CRED" ] +#then +# exit 0 +#else +# echo "FAIL: Failed to resolve to proper IP, got $RES_IP." +# exit 1 +#fi diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h index 99d416169..55deb786e 100644 --- a/src/include/gnunet_credential_service.h +++ b/src/include/gnunet_credential_service.h @@ -34,6 +34,7 @@ #include "gnunet_util_lib.h" #include "gnunet_gns_service.h" +#include "gnunet_identity_service.h" #ifdef __cplusplus extern "C" @@ -54,6 +55,44 @@ struct GNUNET_CREDENTIAL_Handle; */ struct GNUNET_CREDENTIAL_LookupRequest; +/* +* Enum used for checking whether the issuer has the authority to issue credentials or is just a subject +*/ +enum GNUNET_CREDENTIAL_CredentialFlags { + + //Subject had credentials before, but have been revoked now + GNUNET_CREDENTIAL_FLAG_REVOKED=0, + + //Subject flag indicates that the subject is a holder of this credential and may present it as such + GNUNET_CREDENTIAL_FLAG_SUBJECT=1, + + //Issuer flag is used to signify that the subject is allowed to issue this credential and delegate issuance + GNUNET_CREDENTIAL_FLAG_ISSUER=2 + +}; + +GNUNET_NETWORK_STRUCT_BEGIN +/* +* Data stored in the credential record +*/ +struct GNUNET_CREDENTIAL_RecordData { + + /* + * Key of the + */ + struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; + + struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; + + + uint32_t credential_flags GNUNET_PACKED; + + uint32_t max_delegation_depth GNUNET_PACKED; +}; + +GNUNET_NETWORK_STRUCT_END + + /** * Initialize the connection with the Credential service. @@ -61,7 +100,7 @@ struct GNUNET_CREDENTIAL_LookupRequest; * @param cfg configuration to use * @return handle to the Credential service, or NULL on error */ -struct GNUNET_Credential_Handle * +struct GNUNET_CREDENTIAL_Handle * GNUNET_CREDENTIAL_connect (const struct GNUNET_CONFIGURATION_Handle *cfg); @@ -85,7 +124,7 @@ GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle); typedef void (*GNUNET_CREDENTIAL_LookupResultProcessor) (void *cls, struct GNUNET_IDENTITY_Ego *issuer, uint16_t issuer_len, - const struct GNUNET_CREDENTIAL_Value *value); + const struct GNUNET_CREDENTIAL_RecordData *data); /** @@ -102,7 +141,11 @@ struct GNUNET_CREDENTIAL_LookupRequest * GNUNET_CREDENTIAL_lookup (struct GNUNET_CREDENTIAL_Handle *handle, const char *credential, const struct GNUNET_IDENTITY_Ego *subject, - GNUNET_CREDENTIAL_LookupResultProcessor proc, + const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key, + const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, + uint32_t credential_flags, + uint32_t max_delegation_depth, + GNUNET_CREDENTIAL_LookupResultProcessor proc, void *proc_cls); @@ -113,18 +156,18 @@ GNUNET_CREDENTIAL_lookup (struct GNUNET_CREDENTIAL_Handle *handle, * @param issuer the identity that issues the credential * @param subject the subject of the credential * @param credential the name of the credential - * @param value the value of the credential + * @param data the data of the credential * @return handle to the queued request */ -struct GNUNET_CREDENTIAL_IssueRequest * +/**struct GNUNET_CREDENTIAL_IssueRequest * GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle, struct GNUNET_IDENTITY_Ego *issuer, struct GNUNET_IDENTITY_Ego *subject, const char *credential, - struct GNUNET_CREDENTIAL_Value *value, + struct GNUNET_CREDENTIAL_Data *data, GNUNET_CREDENTIAL_IssueResultProcessor proc, void *proc_cls); - +*/ /** * Remove a credential * @@ -134,6 +177,7 @@ GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle, * @param credential the name of the credential * @return handle to the queued request */ + /** struct GNUNET_CREDENTIAL_IssueRequest * GNUNET_CREDENTIAL_remove (struct GNUNET_CREDENTIAL_Handle *handle, struct GNUNET_IDENTITY_Ego *issuer, @@ -141,7 +185,7 @@ GNUNET_CREDENTIAL_remove (struct GNUNET_CREDENTIAL_Handle *handle, const char *credential, GNUNET_CREDENTIAL_IssueResultProcessor proc, void *proc_cls); - +*/ /** diff --git a/src/include/gnunet_gnsrecord_lib.h b/src/include/gnunet_gnsrecord_lib.h index 985ae1f7a..7e0a1a9e9 100644 --- a/src/include/gnunet_gnsrecord_lib.h +++ b/src/include/gnunet_gnsrecord_lib.h @@ -108,11 +108,18 @@ extern "C" */ #define GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA 65546 +/** + * Record type for credential + */ +#define GNUNET_GNSRECORD_TYPE_CREDENTIAL 65547 + /** * Record type for reverse lookups */ #define GNUNET_GNSRECORD_TYPE_REVERSE 65548 + + /** * Flags that can be set for a record. */ diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h index db479d235..3e16350c1 100644 --- a/src/include/gnunet_protocols.h +++ b/src/include/gnunet_protocols.h @@ -2607,6 +2607,15 @@ extern "C" #define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_EXCHANGE_RESULT 964 + +/************************************************** + * + * CREDENTIAL MESSAGE TYPES + */ +#define GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP 971 + +#define GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP_RESULT 972 + /******************************************************************************/ -- cgit v1.2.3 From 18f106166cf64cc72206cd35301276aa21ca100a Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sun, 20 Nov 2016 00:23:49 +0100 Subject: - move towards verification --- src/credential/credential.h | 16 +- src/credential/credential_api.c | 153 +++++++++--------- src/credential/gnunet-credential.c | 26 ++- src/credential/gnunet-service-credential.c | 227 +++++++++++++++------------ src/credential/plugin_gnsrecord_credential.c | 48 +++--- src/include/gnunet_credential_service.h | 25 ++- src/include/gnunet_gnsrecord_lib.h | 4 + src/include/gnunet_protocols.h | 4 +- 8 files changed, 257 insertions(+), 246 deletions(-) diff --git a/src/credential/credential.h b/src/credential/credential.h index 597c34a3d..2acaf73a5 100644 --- a/src/credential/credential.h +++ b/src/credential/credential.h @@ -30,12 +30,12 @@ GNUNET_NETWORK_STRUCT_BEGIN /** - * Message from client to Credential service to lookup credentials. + * Message from client to Credential service to verify attributes. */ -struct LookupMessage +struct VerifyMessage { /** - * Header of type #GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP + * Header of type #GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY */ struct GNUNET_MessageHeader header; @@ -54,7 +54,7 @@ struct LookupMessage */ uint32_t id GNUNET_PACKED; - /* Followed by the zero-terminated credential to look up */ + /* Followed by the zero-terminated attributes to look up */ }; @@ -62,10 +62,10 @@ struct LookupMessage /** * Message from CREDENTIAL service to client: new results. */ -struct LookupResultMessage +struct VerifyResultMessage { /** - * Header of type #GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP_RESULT + * Header of type #GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT */ struct GNUNET_MessageHeader header; @@ -78,9 +78,9 @@ struct LookupResultMessage /** * The number of credentials in the response */ - uint32_t cd_count GNUNET_PACKED; + uint32_t ad_count GNUNET_PACKED; - /* followed by cd_count GNUNET_CREDENTIAL_RecordData structs*/ + /* followed by ad_count GNUNET_CREDENTIAL_RecordData structs*/ }; diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index 1efe2d089..4864d54d0 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c @@ -36,20 +36,20 @@ #define LOG(kind,...) GNUNET_log_from (kind, "credential-api",__VA_ARGS__) /** - * Handle to a lookup request + * Handle to a verify request */ -struct GNUNET_CREDENTIAL_LookupRequest +struct GNUNET_CREDENTIAL_VerifyRequest { /** * DLL */ - struct GNUNET_CREDENTIAL_LookupRequest *next; + struct GNUNET_CREDENTIAL_VerifyRequest *next; /** * DLL */ - struct GNUNET_CREDENTIAL_LookupRequest *prev; + struct GNUNET_CREDENTIAL_VerifyRequest *prev; /** * handle to credential service @@ -57,12 +57,12 @@ struct GNUNET_CREDENTIAL_LookupRequest struct GNUNET_CREDENTIAL_Handle *credential_handle; /** - * processor to call on lookup result + * processor to call on verify result */ - GNUNET_CREDENTIAL_LookupResultProcessor lookup_proc; + GNUNET_CREDENTIAL_VerifyResultProcessor verify_proc; /** - * @e lookup_proc closure + * @e verify_proc closure */ void *proc_cls; @@ -96,14 +96,14 @@ struct GNUNET_CREDENTIAL_Handle struct GNUNET_MQ_Handle *mq; /** - * Head of linked list of active lookup requests. + * Head of linked list of active verify requests. */ - struct GNUNET_CREDENTIAL_LookupRequest *lookup_head; + struct GNUNET_CREDENTIAL_VerifyRequest *verify_head; /** - * Tail of linked list of active lookup requests. + * Tail of linked list of active verify requests. */ - struct GNUNET_CREDENTIAL_LookupRequest *lookup_tail; + struct GNUNET_CREDENTIAL_VerifyRequest *verify_tail; /** * Reconnect task @@ -192,7 +192,7 @@ mq_error_handler (void *cls, */ static int check_result (void *cls, - const struct LookupResultMessage *lookup_msg) + const struct VerifyResultMessage *vr_msg) { //TODO return GNUNET_OK; @@ -207,30 +207,30 @@ check_result (void *cls, */ static void handle_result (void *cls, - const struct LookupResultMessage *lookup_msg) + const struct VerifyResultMessage *vr_msg) { struct GNUNET_CREDENTIAL_Handle *handle = cls; - uint32_t cd_count = ntohl (lookup_msg->cd_count); - struct GNUNET_CREDENTIAL_RecordData cd[cd_count]; - uint32_t r_id = ntohl (lookup_msg->id); - struct GNUNET_CREDENTIAL_LookupRequest *lr; - GNUNET_CREDENTIAL_LookupResultProcessor proc; + uint32_t ad_count = ntohl (vr_msg->ad_count); + struct GNUNET_CREDENTIAL_RecordData ad[ad_count]; + uint32_t r_id = ntohl (vr_msg->id); + struct GNUNET_CREDENTIAL_VerifyRequest *vr; + GNUNET_CREDENTIAL_VerifyResultProcessor proc; void *proc_cls; LOG (GNUNET_ERROR_TYPE_DEBUG, - "Received lookup reply from CREDENTIAL service (%u credentials)\n", - (unsigned int) cd_count); - for (lr = handle->lookup_head; NULL != lr; lr = lr->next) - if (lr->r_id == r_id) + "Received verify reply from CREDENTIAL service (%u credentials)\n", + (unsigned int) ad_count); + for (vr = handle->verify_head; NULL != vr; vr = vr->next) + if (vr->r_id == r_id) break; - if (NULL == lr) + if (NULL == vr) return; - proc = lr->lookup_proc; - proc_cls = lr->proc_cls; - GNUNET_CONTAINER_DLL_remove (handle->lookup_head, - handle->lookup_tail, - lr); - GNUNET_free (lr); + proc = vr->verify_proc; + proc_cls = vr->proc_cls; + GNUNET_CONTAINER_DLL_remove (handle->verify_head, + handle->verify_tail, + vr); + GNUNET_free (vr); /** GNUNET_assert (GNUNET_OK == GNUNET_CREDENTIAL_records_deserialize (mlen, @@ -240,8 +240,8 @@ handle_result (void *cls, */ proc (proc_cls, NULL, - cd_count, - cd); // TODO + ad_count, + ad); // TODO } @@ -255,12 +255,12 @@ reconnect (struct GNUNET_CREDENTIAL_Handle *handle) { struct GNUNET_MQ_MessageHandler handlers[] = { GNUNET_MQ_hd_var_size (result, - GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP_RESULT, - struct LookupResultMessage, + GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT, + struct VerifyResultMessage, NULL), GNUNET_MQ_handler_end () }; - struct GNUNET_CREDENTIAL_LookupRequest *lh; + struct GNUNET_CREDENTIAL_VerifyRequest *vr; GNUNET_assert (NULL == handle->mq); LOG (GNUNET_ERROR_TYPE_DEBUG, @@ -272,9 +272,9 @@ reconnect (struct GNUNET_CREDENTIAL_Handle *handle) handle); if (NULL == handle->mq) return; - for (lh = handle->lookup_head; NULL != lh; lh = lh->next) + for (vr = handle->verify_head; NULL != vr; vr = vr->next) GNUNET_MQ_send_copy (handle->mq, - lh->env); + vr->env); } @@ -319,31 +319,31 @@ GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle) GNUNET_SCHEDULER_cancel (handle->reconnect_task); handle->reconnect_task = NULL; } - GNUNET_assert (NULL == handle->lookup_head); + GNUNET_assert (NULL == handle->verify_head); GNUNET_free (handle); } /** - * Cancel pending lookup request + * Cancel pending verify request * - * @param lr the lookup request to cancel + * @param lr the verify request to cancel */ void -GNUNET_CREDENTIAL_lookup_cancel (struct GNUNET_CREDENTIAL_LookupRequest *lr) +GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_VerifyRequest *vr) { - struct GNUNET_CREDENTIAL_Handle *handle = lr->credential_handle; + struct GNUNET_CREDENTIAL_Handle *handle = vr->credential_handle; - GNUNET_CONTAINER_DLL_remove (handle->lookup_head, - handle->lookup_tail, - lr); - GNUNET_MQ_discard (lr->env); - GNUNET_free (lr); + GNUNET_CONTAINER_DLL_remove (handle->verify_head, + handle->verify_tail, + vr); + GNUNET_MQ_discard (vr->env); + GNUNET_free (vr); } /** - * Perform an asynchronous lookup operation for a credential. + * Perform an asynchronous verify operation for a credential. * * @param handle handle to the Credential service * @param credential the credential to look up @@ -352,58 +352,57 @@ GNUNET_CREDENTIAL_lookup_cancel (struct GNUNET_CREDENTIAL_LookupRequest *lr) * @param proc_cls closure for processor * @return handle to the queued request */ -struct GNUNET_CREDENTIAL_LookupRequest* -GNUNET_CREDENTIAL_lookup (struct GNUNET_CREDENTIAL_Handle *handle, - const char *credential, - const struct GNUNET_IDENTITY_Ego *subject, +struct GNUNET_CREDENTIAL_VerifyRequest* +GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, + const char *issuer_attribute, + const char *subject_attribute, const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key, const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, uint32_t credential_flags, - uint32_t max_delegation_depth, - GNUNET_CREDENTIAL_LookupResultProcessor proc, + GNUNET_CREDENTIAL_VerifyResultProcessor proc, void *proc_cls) { /* IPC to shorten credential names, return shorten_handle */ - struct LookupMessage *lookup_msg; - struct GNUNET_CREDENTIAL_LookupRequest *lr; + struct VerifyMessage *v_msg; + struct GNUNET_CREDENTIAL_VerifyRequest *vr; size_t nlen; - if (NULL == credential) + if (NULL == issuer_attribute) { GNUNET_break (0); return NULL; } //DEBUG LOG LOG (GNUNET_ERROR_TYPE_DEBUG, - "Trying to lookup `%s' in CREDENTIAL\n", - credential); - nlen = strlen (credential) + 1; - if (nlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (*lr)) + "Trying to verify `%s' in CREDENTIAL\n", + issuer_attribute); + nlen = strlen (issuer_attribute) + 1; + if (nlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (*vr)) { GNUNET_break (0); return NULL; } - lr = GNUNET_new (struct GNUNET_CREDENTIAL_LookupRequest); - lr->credential_handle = handle; - lr->lookup_proc = proc; - lr->proc_cls = proc_cls; - lr->r_id = handle->r_id_gen++; - lr->env = GNUNET_MQ_msg_extra (lookup_msg, + vr = GNUNET_new (struct GNUNET_CREDENTIAL_VerifyRequest); + vr->credential_handle = handle; + vr->verify_proc = proc; + vr->proc_cls = proc_cls; + vr->r_id = handle->r_id_gen++; + vr->env = GNUNET_MQ_msg_extra (v_msg, nlen, - GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP); - lookup_msg->id = htonl (lr->r_id); - lookup_msg->subject_key = *subject_key; - lookup_msg->issuer_key = *issuer_key; - GNUNET_memcpy (&lookup_msg[1], - credential, + GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY); + v_msg->id = htonl (vr->r_id); + v_msg->subject_key = *subject_key; + v_msg->issuer_key = *issuer_key; + GNUNET_memcpy (&v_msg[1], + subject_attribute, nlen); - GNUNET_CONTAINER_DLL_insert (handle->lookup_head, - handle->lookup_tail, - lr); + GNUNET_CONTAINER_DLL_insert (handle->verify_head, + handle->verify_tail, + vr); if (NULL != handle->mq) GNUNET_MQ_send_copy (handle->mq, - lr->env); - return lr; + vr->env); + return vr; } diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index 363ed03fc..94a4b3899 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c @@ -48,9 +48,9 @@ static struct GNUNET_TIME_Relative timeout; static char *lookup_credential; /** - * Handle to lookup request + * Handle to verify request */ -static struct GNUNET_CREDENTIAL_LookupRequest *lookup_request; +static struct GNUNET_CREDENTIAL_VerifyRequest *verify_request; /** * Lookup an ego with the identity service. @@ -87,11 +87,6 @@ static char *issuer_key; */ static int credential_flags; -/* - * Maximum delegation depth - */ -static int max_delegation_depth; - /** @@ -118,10 +113,10 @@ do_shutdown (void *cls) GNUNET_IDENTITY_cancel (id_op); id_op = NULL; } - if (NULL != lookup_request) + if (NULL != verify_request) { - GNUNET_CREDENTIAL_lookup_cancel (lookup_request); - lookup_request = NULL; + GNUNET_CREDENTIAL_verify_cancel (verify_request); + verify_request = NULL; } if (NULL != identity) { @@ -162,14 +157,14 @@ do_timeout (void *cls) * @param cd array of @a cd_count records with the results */ static void -handle_lookup_result (void *cls, +handle_verify_result (void *cls, struct GNUNET_IDENTITY_Ego *issuer, uint16_t issuer_len, const struct GNUNET_CREDENTIAL_RecordData *data) { - lookup_request = NULL; + verify_request = NULL; if (0 == issuer_len) printf ("No results.\n"); else @@ -223,14 +218,13 @@ lookup_credentials (struct GNUNET_IDENTITY_Ego *ego) return; } - lookup_request = GNUNET_CREDENTIAL_lookup(credential, + verify_request = GNUNET_CREDENTIAL_verify(credential, + "", lookup_credential, - ego, &subject_pkey, &issuer_pkey, credential_flags, - max_delegation_depth, - &handle_lookup_result, + &handle_verify_result, NULL); return; } diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index de0592637..114041be1 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -45,17 +45,17 @@ /** * DLL for record */ -struct CredentialRecordEntry +struct AttributeRecordEntry { /** * DLL */ - struct CredentialRecordEntry *next; + struct AttributeRecordEntry *next; /** * DLL */ - struct CredentialRecordEntry *prev; + struct AttributeRecordEntry *prev; /** @@ -67,18 +67,18 @@ struct CredentialRecordEntry /** * Handle to a lookup operation from api */ -struct ClientLookupHandle +struct VerifyRequestHandle { /** * We keep these in a DLL. */ - struct ClientLookupHandle *next; + struct VerifyRequestHandle *next; /** * We keep these in a DLL. */ - struct ClientLookupHandle *prev; + struct VerifyRequestHandle *prev; /** * Handle to the requesting client @@ -91,19 +91,24 @@ struct ClientLookupHandle struct GNUNET_GNS_LookupRequest *lookup_request; /** - * Authority public key + * Issuer public key */ struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; /** - * Credential Chain + * Subject public key */ - struct CredentialRecordEntry *cred_chain_head; + struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; /** - * Credential Chain + * Attribute Chain */ - struct CredentialRecordEntry *cred_chain_tail; + struct AttributeRecordEntry *attr_chain_head; + + /** + * Attribute Chain + */ + struct AttributeRecordEntry *attr_chain_tail; /** * request id @@ -116,12 +121,12 @@ struct ClientLookupHandle /** * Head of the DLL. */ -static struct ClientLookupHandle *clh_head; +static struct VerifyRequestHandle *vrh_head; /** * Tail of the DLL. */ -static struct ClientLookupHandle *clh_tail; +static struct VerifyRequestHandle *vrh_tail; /** * Handle to the statistics service @@ -144,17 +149,17 @@ static struct GNUNET_GNS_Handle *gns; static void shutdown_task (void *cls) { - struct ClientLookupHandle *clh; + struct VerifyRequestHandle *vrh; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Shutting down!\n"); - while (NULL != (clh = clh_head)) + while (NULL != (vrh = vrh_head)) { //CREDENTIAL_resolver_lookup_cancel (clh->lookup); - GNUNET_CONTAINER_DLL_remove (clh_head, - clh_tail, - clh); - GNUNET_free (clh); + GNUNET_CONTAINER_DLL_remove (vrh_head, + vrh_tail, + vrh); + GNUNET_free (vrh); } @@ -168,28 +173,38 @@ shutdown_task (void *cls) } /** - * Checks a #GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP message + * Checks a #GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY message * * @param cls client sending the message - * @param l_msg message of type `struct LookupMessage` - * @return #GNUNET_OK if @a l_msg is well-formed + * @param v_msg message of type `struct VerifyMessage` + * @return #GNUNET_OK if @a v_msg is well-formed */ static int -check_lookup (void *cls, - const struct LookupMessage *l_msg) +check_verify (void *cls, + const struct VerifyMessage *v_msg) { size_t msg_size; - const char* cred; + size_t attr_len; + const char* s_attr; + const char* i_attr; - msg_size = ntohs (l_msg->header.size); - if (msg_size < sizeof (struct LookupMessage)) + msg_size = ntohs (v_msg->header.size); + if (msg_size < sizeof (struct VerifyMessage)) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + i_attr = (const char *) &v_msg[1]; + if ( ('\0' != i_attr[v_msg->header.size - sizeof (struct VerifyMessage) - 1]) || + (strlen (i_attr) > GNUNET_CREDENTIAL_MAX_LENGTH) ) { GNUNET_break (0); return GNUNET_SYSERR; } - cred = (const char *) &l_msg[1]; - if ( ('\0' != cred[l_msg->header.size - sizeof (struct LookupMessage) - 1]) || - (strlen (cred) > GNUNET_CREDENTIAL_MAX_LENGTH) ) + attr_len = strlen (i_attr); + s_attr = ((const char *) &v_msg[1]) + attr_len + 1; + if ( ('\0' != s_attr[v_msg->header.size - sizeof (struct VerifyMessage) - 1]) || + (strlen (s_attr) > GNUNET_CREDENTIAL_MAX_LENGTH) ) { GNUNET_break (0); return GNUNET_SYSERR; @@ -199,7 +214,7 @@ check_lookup (void *cls, /** - * Reply to client with the result from our lookup. + * Result from GNS lookup. * * @param cls the closure (our client lookup handle) * @param rd_count the number of records in @a rd @@ -210,139 +225,147 @@ send_lookup_response (void* cls, uint32_t rd_count, const struct GNUNET_GNSRECORD_Data *rd) { - struct ClientLookupHandle *clh = cls; + struct VerifyRequestHandle *vrh = cls; size_t len; int i; - int cred_record_count; + int attr_record_count; struct GNUNET_MQ_Envelope *env; - struct LookupResultMessage *rmsg; - const struct GNUNET_CREDENTIAL_RecordData *crd; - struct CredentialRecordEntry *cr_entry; + struct VerifyResultMessage *rmsg; + const struct GNUNET_CREDENTIAL_RecordData *ard; + struct AttributeRecordEntry *ar_entry; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Sending LOOKUP_RESULT message with %u results\n", - (unsigned int) rd_count); - - cred_record_count = 0; + attr_record_count = 0; for (i=0; i < rd_count; i++) { - if (GNUNET_GNSRECORD_TYPE_CREDENTIAL != rd[i].record_type) + if (GNUNET_GNSRECORD_TYPE_ATTRIBUTE != rd[i].record_type) continue; - cred_record_count++; - crd = rd[i].data; + attr_record_count++; + ard = rd[i].data; /** - * TODO: Check for: - * - First time we come here subject must be subject prvided by client - * - After that is has to be the prev issuer - * - Terminate condition: issuer is clh->authority_key - * - * In any case: - * Append crd to result list of RecordData + * TODO: + * Check if we have already found our credential here + * If so return success + * Else + * Save all found attributes/issues and prepare forward + * resolution of issuer attribute */ - cr_entry = GNUNET_new (struct CredentialRecordEntry); - cr_entry->record_data = *crd; - GNUNET_CONTAINER_DLL_insert_tail (clh->cred_chain_head, - clh->cred_chain_tail, - cr_entry); + ar_entry = GNUNET_new (struct AttributeRecordEntry); + ar_entry->record_data = *ard; + GNUNET_CONTAINER_DLL_insert_tail (vrh->attr_chain_head, + vrh->attr_chain_tail, + ar_entry); } /** * Get serialized record data size */ - len = cred_record_count * sizeof (struct GNUNET_CREDENTIAL_RecordData); - + len = attr_record_count * sizeof (struct GNUNET_CREDENTIAL_RecordData); + /** * Prepare a lookup result response message for the client */ env = GNUNET_MQ_msg_extra (rmsg, len, - GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP_RESULT); + GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT); //Assign id so that client can find associated request - rmsg->id = clh->request_id; - rmsg->cd_count = htonl (cred_record_count); - + rmsg->id = vrh->request_id; + rmsg->ad_count = htonl (attr_record_count); + /** * Get serialized record data * Append at the end of rmsg */ i = 0; struct GNUNET_CREDENTIAL_RecordData *tmp_record = (struct GNUNET_CREDENTIAL_RecordData*) &rmsg[1]; - for (cr_entry = clh->cred_chain_head; NULL != cr_entry; cr_entry = cr_entry->next) + for (ar_entry = vrh->attr_chain_head; NULL != ar_entry; ar_entry = ar_entry->next) { memcpy (tmp_record, - &cr_entry->record_data, + &ar_entry->record_data, sizeof (struct GNUNET_CREDENTIAL_RecordData)); tmp_record++; } - GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(clh->client), + GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(vrh->client), env); - GNUNET_CONTAINER_DLL_remove (clh_head, clh_tail, clh); - + GNUNET_CONTAINER_DLL_remove (vrh_head, vrh_tail, vrh); + /** * TODO: * - Free DLL * - Refactor into cleanup_handle() function for this */ - GNUNET_free (clh); + GNUNET_free (vrh); GNUNET_STATISTICS_update (statistics, - "Completed lookups", 1, + "Completed verifications", 1, GNUNET_NO); GNUNET_STATISTICS_update (statistics, - "Records resolved", + "Attributes resolved", rd_count, GNUNET_NO); } /** - * Handle lookup requests from client + * Handle attribute verification requests from client * * @param cls the closure * @param client the client * @param message the message */ static void -handle_lookup (void *cls, - const struct LookupMessage *l_msg) +handle_verify (void *cls, + const struct VerifyMessage *v_msg) { - char credential[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; - struct ClientLookupHandle *clh; + char issuer_attribute[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; + char subject_attribute[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; + size_t issuer_attribute_len; + struct VerifyRequestHandle *vrh; struct GNUNET_SERVICE_Client *client = cls; - char *credentialptr = credential; + char *attrptr = issuer_attribute; const char *utf_in; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Received LOOKUP message\n"); - - utf_in = (const char *) &l_msg[1]; - GNUNET_STRINGS_utf8_tolower (utf_in, credentialptr); - clh = GNUNET_new (struct ClientLookupHandle); - GNUNET_CONTAINER_DLL_insert (clh_head, clh_tail, clh); - clh->client = client; - clh->request_id = l_msg->id; - clh->issuer_key = l_msg->issuer_key; - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Sending LOOKUP_RESULT message with >%u results\n", - 0); - - if (NULL == credential) + "Received VERIFY message\n"); + + utf_in = (const char *) &v_msg[1]; + GNUNET_STRINGS_utf8_tolower (utf_in, attrptr); + issuer_attribute_len = strlen (utf_in); + utf_in = (const char *) (&v_msg[1] + issuer_attribute_len + 1); + attrptr = subject_attribute; + GNUNET_STRINGS_utf8_tolower (utf_in, attrptr); + vrh = GNUNET_new (struct VerifyRequestHandle); + GNUNET_CONTAINER_DLL_insert (vrh_head, vrh_tail, vrh); + vrh->client = client; + vrh->request_id = v_msg->id; + vrh->issuer_key = v_msg->issuer_key; + vrh->subject_key = v_msg->subject_key; + + if (NULL == subject_attribute) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "No credential provided\n"); - send_lookup_response (clh, 0, NULL); + "No subject attribute provided!\n"); + send_lookup_response (vrh, 0, NULL); return; } - clh->lookup_request = GNUNET_GNS_lookup (gns, - credential, - &l_msg->subject_key, //subject_pkey, - GNUNET_GNSRECORD_TYPE_CREDENTIAL, - GNUNET_GNS_LO_DEFAULT, //TODO configurable? credential.conf + if (NULL == issuer_attribute) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "No issuer attribute provided!\n"); + send_lookup_response (vrh, 0, NULL); + return; + } + /** + * First, get attribute from subject + */ + vrh->lookup_request = GNUNET_GNS_lookup (gns, + subject_attribute, + &v_msg->subject_key, //subject_pkey, + GNUNET_GNSRECORD_TYPE_ATTRIBUTE, + GNUNET_GNS_LO_DEFAULT, NULL, //shorten_key, always NULL &send_lookup_response, - clh); + vrh); } @@ -416,9 +439,9 @@ GNUNET_SERVICE_MAIN &client_connect_cb, &client_disconnect_cb, NULL, - GNUNET_MQ_hd_var_size (lookup, - GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP, - struct LookupMessage, + GNUNET_MQ_hd_var_size (verify, + GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY, + struct VerifyMessage, NULL), GNUNET_MQ_handler_end()); diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index 6ae3b8980..3ff00737b 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c @@ -58,7 +58,6 @@ credential_value_to_string (void *cls, char *subject_pkey; char *issuer_pkey; uint32_t cf; // Credential flags - uint32_t mdd; // Max delegation depth if (data_size < sizeof (struct GNUNET_CREDENTIAL_RecordData)) return NULL; /* malformed */ memcpy (&cred, @@ -68,14 +67,12 @@ credential_value_to_string (void *cls, subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.subject_key); issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.issuer_key); cf = ntohl (cred.credential_flags); - mdd = ntohl (cred.max_delegation_depth); GNUNET_asprintf (&cred_str, - "%s %s %u %u %s", + "%s %s %u %s", subject_pkey, issuer_pkey, (unsigned int) cf, - (unsigned int) mdd, &cdata[sizeof (cred)]); GNUNET_free (subject_pkey); GNUNET_free (issuer_pkey); @@ -112,26 +109,24 @@ credential_string_to_value (void *cls, return GNUNET_SYSERR; switch (type) { - case GNUNET_GNSRECORD_TYPE_CREDENTIAL: - { - struct GNUNET_CREDENTIAL_RecordData *cred; - unsigned int cf; // credential flags - unsigned int mdd; // max delegation depth + case GNUNET_GNSRECORD_TYPE_CREDENTIAL: + { + struct GNUNET_CREDENTIAL_RecordData *cred; + unsigned int cf; // credential flags - size_t enclen = (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8; + size_t enclen = (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8; if (enclen % 5 > 0) enclen += 5 - enclen % 5; enclen /= 5; /* 260/5 = 52 */ - char subject_pkey[enclen + 1]; - char issuer_pkey[enclen + 1]; - char name[253 + 1]; + char subject_pkey[enclen + 1]; + char issuer_pkey[enclen + 1]; + char name[253 + 1]; - if (5 != SSCANF (s, - "%52s %52s %u %u %253s", + if (5 != SSCANF (s, + "%52s %52s %u %253s", subject_pkey, issuer_pkey, &cf, - &mdd, name)) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, @@ -148,18 +143,17 @@ credential_string_to_value (void *cls, strlen (issuer_pkey), &cred->issuer_key); cred->credential_flags = htonl (cf); - cred->max_delegation_depth = htonl (mdd); GNUNET_memcpy (&cred[1], name, strlen (name)); - *data = GNUNET_strdup (s); - *data_size = strlen (s); - return GNUNET_OK; - } - default: - return GNUNET_SYSERR; + *data = GNUNET_strdup (s); + *data_size = strlen (s); + return GNUNET_OK; + } + default: + return GNUNET_SYSERR; } } @@ -186,13 +180,13 @@ static struct { */ static uint32_t credential_typename_to_number (void *cls, - const char *gns_typename) + const char *gns_typename) { unsigned int i; i=0; while ( (name_map[i].name != NULL) && - (0 != strcasecmp (gns_typename, name_map[i].name)) ) + (0 != strcasecmp (gns_typename, name_map[i].name)) ) i++; return name_map[i].number; } @@ -207,13 +201,13 @@ credential_typename_to_number (void *cls, */ static const char * credential_number_to_typename (void *cls, - uint32_t type) + uint32_t type) { unsigned int i; i=0; while ( (name_map[i].name != NULL) && - (type != name_map[i].number) ) + (type != name_map[i].number) ) i++; return name_map[i].name; } diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h index 55deb786e..739e6fe95 100644 --- a/src/include/gnunet_credential_service.h +++ b/src/include/gnunet_credential_service.h @@ -87,7 +87,6 @@ struct GNUNET_CREDENTIAL_RecordData { uint32_t credential_flags GNUNET_PACKED; - uint32_t max_delegation_depth GNUNET_PACKED; }; GNUNET_NETWORK_STRUCT_END @@ -121,7 +120,7 @@ GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle); * @param issuer_len length of issuer chain * @param rd the records in reply */ -typedef void (*GNUNET_CREDENTIAL_LookupResultProcessor) (void *cls, +typedef void (*GNUNET_CREDENTIAL_VerifyResultProcessor) (void *cls, struct GNUNET_IDENTITY_Ego *issuer, uint16_t issuer_len, const struct GNUNET_CREDENTIAL_RecordData *data); @@ -137,17 +136,15 @@ typedef void (*GNUNET_CREDENTIAL_LookupResultProcessor) (void *cls, * @param proc_cls closure for processor * @return handle to the queued request */ -struct GNUNET_CREDENTIAL_LookupRequest * -GNUNET_CREDENTIAL_lookup (struct GNUNET_CREDENTIAL_Handle *handle, - const char *credential, - const struct GNUNET_IDENTITY_Ego *subject, - const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key, - const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, - uint32_t credential_flags, - uint32_t max_delegation_depth, - GNUNET_CREDENTIAL_LookupResultProcessor proc, - void *proc_cls); - +struct GNUNET_CREDENTIAL_VerifyRequest* +GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, + const char *issuer_attribute, + const char *subject_attribute, + const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key, + const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, + uint32_t credential_flags, + GNUNET_CREDENTIAL_VerifyResultProcessor proc, + void *proc_cls); /** * Issue a credential to an identity @@ -194,7 +191,7 @@ GNUNET_CREDENTIAL_remove (struct GNUNET_CREDENTIAL_Handle *handle, * @param lr the lookup request to cancel */ void -GNUNET_CREDENTIAL_lookup_cancel (struct GNUNET_CREDENTIAL_LookupRequest *lr); +GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_VerifyRequest *vr); #if 0 /* keep Emacsens' auto-indent happy */ diff --git a/src/include/gnunet_gnsrecord_lib.h b/src/include/gnunet_gnsrecord_lib.h index 7e0a1a9e9..4f96d50d5 100644 --- a/src/include/gnunet_gnsrecord_lib.h +++ b/src/include/gnunet_gnsrecord_lib.h @@ -118,6 +118,10 @@ extern "C" */ #define GNUNET_GNSRECORD_TYPE_REVERSE 65548 +/** + * Record type for reverse lookups + */ +#define GNUNET_GNSRECORD_TYPE_ATTRIBUTE 65549 /** diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h index 3e16350c1..c11792054 100644 --- a/src/include/gnunet_protocols.h +++ b/src/include/gnunet_protocols.h @@ -2612,9 +2612,9 @@ extern "C" * * CREDENTIAL MESSAGE TYPES */ -#define GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP 971 +#define GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY 971 -#define GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP_RESULT 972 +#define GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT 972 /******************************************************************************/ -- cgit v1.2.3 From fad73f2435336733ae585c7a018df860bec3bdf1 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sun, 20 Nov 2016 17:49:04 +0100 Subject: - add missing API; no impl --- src/credential/credential_api.c | 49 +++---- src/credential/gnunet-credential.c | 108 +++++++-------- src/credential/gnunet-service-credential.c | 10 +- src/credential/plugin_gnsrecord_credential.c | 8 +- src/include/gnunet_credential_service.h | 191 +++++++++++++++++++++------ 5 files changed, 233 insertions(+), 133 deletions(-) diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index 4864d54d0..8ff66c574 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c @@ -38,18 +38,18 @@ /** * Handle to a verify request */ -struct GNUNET_CREDENTIAL_VerifyRequest +struct GNUNET_CREDENTIAL_Request { /** * DLL */ - struct GNUNET_CREDENTIAL_VerifyRequest *next; + struct GNUNET_CREDENTIAL_Request *next; /** * DLL */ - struct GNUNET_CREDENTIAL_VerifyRequest *prev; + struct GNUNET_CREDENTIAL_Request *prev; /** * handle to credential service @@ -98,12 +98,12 @@ struct GNUNET_CREDENTIAL_Handle /** * Head of linked list of active verify requests. */ - struct GNUNET_CREDENTIAL_VerifyRequest *verify_head; + struct GNUNET_CREDENTIAL_Request *verify_head; /** * Tail of linked list of active verify requests. */ - struct GNUNET_CREDENTIAL_VerifyRequest *verify_tail; + struct GNUNET_CREDENTIAL_Request *verify_tail; /** * Reconnect task @@ -210,16 +210,13 @@ handle_result (void *cls, const struct VerifyResultMessage *vr_msg) { struct GNUNET_CREDENTIAL_Handle *handle = cls; - uint32_t ad_count = ntohl (vr_msg->ad_count); - struct GNUNET_CREDENTIAL_RecordData ad[ad_count]; uint32_t r_id = ntohl (vr_msg->id); - struct GNUNET_CREDENTIAL_VerifyRequest *vr; + struct GNUNET_CREDENTIAL_Request *vr; GNUNET_CREDENTIAL_VerifyResultProcessor proc; void *proc_cls; LOG (GNUNET_ERROR_TYPE_DEBUG, - "Received verify reply from CREDENTIAL service (%u credentials)\n", - (unsigned int) ad_count); + "Received verify reply from CREDENTIAL service\n"); for (vr = handle->verify_head; NULL != vr; vr = vr->next) if (vr->r_id == r_id) break; @@ -240,8 +237,7 @@ handle_result (void *cls, */ proc (proc_cls, NULL, - ad_count, - ad); // TODO + GNUNET_NO); // TODO } @@ -260,7 +256,7 @@ reconnect (struct GNUNET_CREDENTIAL_Handle *handle) NULL), GNUNET_MQ_handler_end () }; - struct GNUNET_CREDENTIAL_VerifyRequest *vr; + struct GNUNET_CREDENTIAL_Request *vr; GNUNET_assert (NULL == handle->mq); LOG (GNUNET_ERROR_TYPE_DEBUG, @@ -330,7 +326,7 @@ GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle) * @param lr the verify request to cancel */ void -GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_VerifyRequest *vr) +GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_Request *vr) { struct GNUNET_CREDENTIAL_Handle *handle = vr->credential_handle; @@ -341,30 +337,35 @@ GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_VerifyRequest *vr) GNUNET_free (vr); } - /** - * Perform an asynchronous verify operation for a credential. + * Performs attribute verification. + * Checks if there is a delegation chain from + * attribute ``issuer_attribute'' issued by the issuer + * with public key ``issuer_key'' maps to the attribute + * ``subject_attribute'' claimed by the subject with key + * ``subject_key'' * * @param handle handle to the Credential service - * @param credential the credential to look up - * @param subject Ego to check the credential for + * @param issuer_key the issuer public key + * @param issuer_attribute the issuer attribute + * @param subject_key the subject public key + * @param subject_attribute the attribute claimed by the subject * @param proc function to call on result * @param proc_cls closure for processor * @return handle to the queued request */ -struct GNUNET_CREDENTIAL_VerifyRequest* +struct GNUNET_CREDENTIAL_Request* GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, + const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, const char *issuer_attribute, - const char *subject_attribute, const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key, - const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, - uint32_t credential_flags, + const char *subject_attribute, GNUNET_CREDENTIAL_VerifyResultProcessor proc, void *proc_cls) { /* IPC to shorten credential names, return shorten_handle */ struct VerifyMessage *v_msg; - struct GNUNET_CREDENTIAL_VerifyRequest *vr; + struct GNUNET_CREDENTIAL_Request *vr; size_t nlen; if (NULL == issuer_attribute) @@ -382,7 +383,7 @@ GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, GNUNET_break (0); return NULL; } - vr = GNUNET_new (struct GNUNET_CREDENTIAL_VerifyRequest); + vr = GNUNET_new (struct GNUNET_CREDENTIAL_Request); vr->credential_handle = handle; vr->verify_proc = proc; vr->proc_cls = proc_cls; diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index 94a4b3899..31cd4fd8f 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c @@ -50,7 +50,7 @@ static char *lookup_credential; /** * Handle to verify request */ -static struct GNUNET_CREDENTIAL_VerifyRequest *verify_request; +static struct GNUNET_CREDENTIAL_Request *verify_request; /** * Lookup an ego with the identity service. @@ -82,11 +82,6 @@ static char *subject_key; */ static char *issuer_key; -/* - * Credential flags - */ -static int credential_flags; - /** @@ -158,20 +153,18 @@ do_timeout (void *cls) */ static void handle_verify_result (void *cls, - struct GNUNET_IDENTITY_Ego *issuer, - uint16_t issuer_len, - const struct GNUNET_CREDENTIAL_RecordData *data) + struct GNUNET_CRYPTO_EcdsaPublicKey *issuer, + uint32_t status) { - + verify_request = NULL; - if (0 == issuer_len) - printf ("No results.\n"); + if (GNUNET_NO == status) + printf ("Verify failed.\n"); else - printf ("%u\n", - issuer_len); + printf ("Successful.\n"); + - GNUNET_SCHEDULER_shutdown (); } @@ -188,7 +181,7 @@ handle_verify_result (void *cls, static void lookup_credentials (struct GNUNET_IDENTITY_Ego *ego) { - + struct GNUNET_CRYPTO_EcdsaPublicKey subject_pkey; struct GNUNET_CRYPTO_EcdsaPublicKey issuer_pkey; @@ -217,21 +210,20 @@ lookup_credentials (struct GNUNET_IDENTITY_Ego *ego) GNUNET_SCHEDULER_shutdown (); return; } - - verify_request = GNUNET_CREDENTIAL_verify(credential, - "", - lookup_credential, - &subject_pkey, - &issuer_pkey, - credential_flags, - &handle_verify_result, - NULL); - return; + + verify_request = GNUNET_CREDENTIAL_verify(credential, + &issuer_pkey, + "test", //TODO argument + &subject_pkey, + lookup_credential, + &handle_verify_result, + NULL); + return; } else { fprintf (stderr, - _("Please specify name to lookup, subject key and issuer key!\n")); + _("Please specify name to lookup, subject key and issuer key!\n")); GNUNET_SCHEDULER_shutdown (); return; } @@ -252,23 +244,23 @@ lookup_credentials (struct GNUNET_IDENTITY_Ego *ego) */ static void identity_master_cb (void *cls, - struct GNUNET_IDENTITY_Ego *ego, - void **ctx, - const char *name) + struct GNUNET_IDENTITY_Ego *ego, + void **ctx, + const char *name) { - + id_op = NULL; if (NULL == ego) { fprintf (stderr, - _("Ego for `gns-master' not found, cannot perform lookup. Did you run gnunet-gns-import.sh?\n")); + _("Ego for `gns-master' not found, cannot perform lookup. Did you run gnunet-gns-import.sh?\n")); GNUNET_SCHEDULER_shutdown (); return; } lookup_credentials(ego); - + } @@ -286,41 +278,41 @@ run (void *cls, const char *cfgfile, const struct GNUNET_CONFIGURATION_Handle *c) { - + cfg = c; credential = GNUNET_CREDENTIAL_connect (cfg); identity = GNUNET_IDENTITY_connect (cfg, NULL, NULL); - - + + if (NULL == credential) { fprintf (stderr, - _("Failed to connect to CREDENTIAL\n")); + _("Failed to connect to CREDENTIAL\n")); return; } if (NULL == identity) { fprintf (stderr, - _("Failed to connect to IDENTITY\n")); + _("Failed to connect to IDENTITY\n")); return; } tt = GNUNET_SCHEDULER_add_delayed (timeout, - &do_timeout, NULL); + &do_timeout, NULL); GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); - - - GNUNET_break (NULL == id_op); - id_op = GNUNET_IDENTITY_get (identity, - "gns-master",//# TODO: Create credential-master - &identity_master_cb, - cls); - GNUNET_assert (NULL != id_op); - + GNUNET_break (NULL == id_op); + id_op = GNUNET_IDENTITY_get (identity, + "gns-master",//# TODO: Create credential-master + &identity_master_cb, + cls); + GNUNET_assert (NULL != id_op); + + + } @@ -339,15 +331,15 @@ main (int argc, char *const *argv) {'u', "lookup", "CREDENTIAL", gettext_noop ("Lookup a record for the given credential"), 1, &GNUNET_GETOPT_set_string, &lookup_credential}, - /** { 'T', "timeout", "DELAY", + /** { 'T', "timeout", "DELAY", gettext_noop ("Specify timeout for the lookup"), 1, &GNUNET_GETOPT_set_relative_time, &timeout }, - {'t', "type", "TYPE", + {'t', "type", "TYPE", gettext_noop ("Specify the type of the record to lookup"), 1, - &GNUNET_GETOPT_set_string, &lookup_type},**/ + &GNUNET_GETOPT_set_string, &lookup_type},**/ {'z', "zone", "NAME", - gettext_noop ("Specify the name of the ego of the zone to lookup the record in"), 1, - &GNUNET_GETOPT_set_string, &zone_ego_name}, + gettext_noop ("Specify the name of the ego of the zone to lookup the record in"), 1, + &GNUNET_GETOPT_set_string, &zone_ego_name}, {'s', "subject", "PKEY", gettext_noop ("Specify the public key of the subject to lookup the credential for"), 1, &GNUNET_GETOPT_set_string, &subject_key}, @@ -364,11 +356,11 @@ main (int argc, char *const *argv) GNUNET_log_setup ("gnunet-credential", "WARNING", NULL); ret = - (GNUNET_OK == - GNUNET_PROGRAM_run (argc, argv, "gnunet-credential", - _("GNUnet credential resolver tool"), - options, - &run, NULL)) ? 0 : 1; + (GNUNET_OK == + GNUNET_PROGRAM_run (argc, argv, "gnunet-credential", + _("GNUnet credential resolver tool"), + options, + &run, NULL)) ? 0 : 1; GNUNET_free ((void*) argv); return ret; } diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index 114041be1..58be7853b 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -61,7 +61,7 @@ struct AttributeRecordEntry /** * Payload */ - struct GNUNET_CREDENTIAL_RecordData record_data; + struct GNUNET_CREDENTIAL_AttributeRecordData record_data; }; /** @@ -231,7 +231,7 @@ send_lookup_response (void* cls, int attr_record_count; struct GNUNET_MQ_Envelope *env; struct VerifyResultMessage *rmsg; - const struct GNUNET_CREDENTIAL_RecordData *ard; + const struct GNUNET_CREDENTIAL_AttributeRecordData *ard; struct AttributeRecordEntry *ar_entry; attr_record_count = 0; @@ -260,7 +260,7 @@ send_lookup_response (void* cls, /** * Get serialized record data size */ - len = attr_record_count * sizeof (struct GNUNET_CREDENTIAL_RecordData); + len = attr_record_count * sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData); /** * Prepare a lookup result response message for the client @@ -277,12 +277,12 @@ send_lookup_response (void* cls, * Append at the end of rmsg */ i = 0; - struct GNUNET_CREDENTIAL_RecordData *tmp_record = (struct GNUNET_CREDENTIAL_RecordData*) &rmsg[1]; + struct GNUNET_CREDENTIAL_AttributeRecordData *tmp_record = (struct GNUNET_CREDENTIAL_AttributeRecordData*) &rmsg[1]; for (ar_entry = vrh->attr_chain_head; NULL != ar_entry; ar_entry = ar_entry->next) { memcpy (tmp_record, &ar_entry->record_data, - sizeof (struct GNUNET_CREDENTIAL_RecordData)); + sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData)); tmp_record++; } GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(vrh->client), diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index 3ff00737b..cc645468d 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c @@ -53,12 +53,12 @@ credential_value_to_string (void *cls, { case GNUNET_GNSRECORD_TYPE_CREDENTIAL: { - struct GNUNET_CREDENTIAL_RecordData cred; + struct GNUNET_CREDENTIAL_AttributeRecordData cred; char *cred_str; char *subject_pkey; char *issuer_pkey; uint32_t cf; // Credential flags - if (data_size < sizeof (struct GNUNET_CREDENTIAL_RecordData)) + if (data_size < sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData)) return NULL; /* malformed */ memcpy (&cred, data, @@ -111,7 +111,7 @@ credential_string_to_value (void *cls, { case GNUNET_GNSRECORD_TYPE_CREDENTIAL: { - struct GNUNET_CREDENTIAL_RecordData *cred; + struct GNUNET_CREDENTIAL_AttributeRecordData *cred; unsigned int cf; // credential flags size_t enclen = (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8; @@ -134,7 +134,7 @@ credential_string_to_value (void *cls, s); return GNUNET_SYSERR; } - *data_size = sizeof (struct GNUNET_CREDENTIAL_RecordData) + strlen (name) + 1; + *data_size = sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData) + strlen (name) + 1; *data = cred = GNUNET_malloc (*data_size); GNUNET_CRYPTO_ecdsa_public_key_from_string (subject_pkey, strlen (subject_pkey), diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h index 739e6fe95..84cc68146 100644 --- a/src/include/gnunet_credential_service.h +++ b/src/include/gnunet_credential_service.h @@ -53,7 +53,7 @@ struct GNUNET_CREDENTIAL_Handle; /** * Handle to control a lookup operation. */ -struct GNUNET_CREDENTIAL_LookupRequest; +struct GNUNET_CREDENTIAL_Request; /* * Enum used for checking whether the issuer has the authority to issue credentials or is just a subject @@ -72,23 +72,59 @@ enum GNUNET_CREDENTIAL_CredentialFlags { }; GNUNET_NETWORK_STRUCT_BEGIN -/* -* Data stored in the credential record -*/ -struct GNUNET_CREDENTIAL_RecordData { +/** + * The attribute record + */ +struct GNUNET_CREDENTIAL_AttributeRecordData { - /* - * Key of the - */ + /** + * Public key of the subject this credential was issued to + */ struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; + /** + * Public key of the issuer + */ struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; - + /** + * Flags for this credential + */ uint32_t credential_flags GNUNET_PACKED; + /** + * Expiration time of this credential + */ + uint64_t expiration GNUNET_PACKED; + + /** + * The signature for this credential by the issuer + */ + struct GNUNET_CRYPTO_EcdsaSignature sig; + + /** + * Followed by the attribute string + */ +}; + + +/** + * The attribute delegation record +*/ +struct GNUNET_CREDENTIAL_AttributeDelegationRecordData { + + /** + * Public key of the subject this attribute was delegated to + */ + struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; + + /** + * Followed by the attribute that was delegated to as string + */ }; + + GNUNET_NETWORK_STRUCT_END @@ -113,58 +149,129 @@ GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle); /** - * Iterator called on obtained result for a Credential lookup. + * Iterator called on obtained result for an attribute verification. * * @param cls closure - * @param issuer the issuer chain - * @param issuer_len length of issuer chain + * @param issuer the issuer of the attribute NULL if verification failed + * @param result the result of the verification * @param rd the records in reply */ typedef void (*GNUNET_CREDENTIAL_VerifyResultProcessor) (void *cls, - struct GNUNET_IDENTITY_Ego *issuer, - uint16_t issuer_len, - const struct GNUNET_CREDENTIAL_RecordData *data); + struct GNUNET_CRYPTO_EcdsaPublicKey *issuer, + uint32_t result); + +/** + * Iterator called on obtained result for an attribute issuance. + * + * @param cls closure + * @param result the record data that can be handed to the subject + */ +typedef void (*GNUNET_CREDENTIAL_IssueResultProcessor) (void *cls, + struct GNUNET_CREDENTIAL_AttributeRecordData *data); + +/** + * Iterator called on obtained result for an attribute delegation. + * + * @param cls closure + * @param success GNUNET_YES if successful + * @param result the record data that can be handed to the subject + */ +typedef void (*GNUNET_CREDENTIAL_DelegateResultProcessor) (void *cls, + uint32_t success); + +/** + * Iterator called on obtained result for an attribute delegation removal. + * + * @param cls closure + * @param success GNUNET_YES if successful + * @param result the record data that can be handed to the subject + */ +typedef void (*GNUNET_CREDENTIAL_RemoveDelegateResultProcessor) (void *cls, + uint32_t success); + + /** - * Perform an asynchronous lookup operation for a credential. + * Performs attribute verification. + * Checks if there is a delegation chain from + * attribute ``issuer_attribute'' issued by the issuer + * with public key ``issuer_key'' maps to the attribute + * ``subject_attribute'' claimed by the subject with key + * ``subject_key'' * * @param handle handle to the Credential service - * @param credential the credential to look up - * @param subject Ego to check the credential for + * @param issuer_key the issuer public key + * @param issuer_attribute the issuer attribute + * @param subject_key the subject public key + * @param subject_attribute the attribute claimed by the subject * @param proc function to call on result * @param proc_cls closure for processor * @return handle to the queued request */ -struct GNUNET_CREDENTIAL_VerifyRequest* +struct GNUNET_CREDENTIAL_Request* GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, + const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, const char *issuer_attribute, - const char *subject_attribute, const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key, - const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, - uint32_t credential_flags, + const char *subject_attribute, GNUNET_CREDENTIAL_VerifyResultProcessor proc, void *proc_cls); /** - * Issue a credential to an identity + * Delegate an attribute * * @param handle handle to the Credential service - * @param issuer the identity that issues the credential - * @param subject the subject of the credential - * @param credential the name of the credential - * @param data the data of the credential + * @param issuer the ego that should be used to delegate the attribute + * @param attribute the name of the attribute to delegate + * @param subject the subject of the delegation + * @param delegated_attribute the name of the attribute that is delegated to + * @return handle to the queued request + */ +struct GNUNET_CREDENTIAL_Request * +GNUNET_CREDENTIAL_add_delegation (struct GNUNET_CREDENTIAL_Handle *handle, + struct GNUNET_IDENTITY_Ego *issuer, + const char *attribute, + struct GNUNET_CRYPTO_EcdsaPublicKey *subject, + const char *delegated_attribute, + GNUNET_CREDENTIAL_DelegateResultProcessor proc, + void *proc_cls); + +/** + * Remove a delegation + * + * @param handle handle to the Credential service + * @param issuer the ego that was used to delegate the attribute + * @param attribute the name of the attribute that is delegated * @return handle to the queued request */ -/**struct GNUNET_CREDENTIAL_IssueRequest * +struct GNUNET_CREDENTIAL_Request * +GNUNET_CREDENTIAL_remove_delegation (struct GNUNET_CREDENTIAL_Handle *handle, + struct GNUNET_IDENTITY_Ego *issuer, + const char *attribute, + GNUNET_CREDENTIAL_RemoveDelegateResultProcessor proc, + void *proc_cls); + + + +/** + * Issue an attribute to a subject + * + * @param handle handle to the Credential service + * @param issuer the ego that should be used to issue the attribute + * @param subject the subject of the attribute + * @param attribute the name of the attribute + * @return handle to the queued request + */ +struct GNUNET_CREDENTIAL_Request * GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle, struct GNUNET_IDENTITY_Ego *issuer, - struct GNUNET_IDENTITY_Ego *subject, - const char *credential, - struct GNUNET_CREDENTIAL_Data *data, + struct GNUNET_CRYPTO_EcdsaPublicKey *subject, + const char *attribute, GNUNET_CREDENTIAL_IssueResultProcessor proc, void *proc_cls); -*/ + + /** * Remove a credential * @@ -174,15 +281,15 @@ GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle, * @param credential the name of the credential * @return handle to the queued request */ - /** -struct GNUNET_CREDENTIAL_IssueRequest * -GNUNET_CREDENTIAL_remove (struct GNUNET_CREDENTIAL_Handle *handle, - struct GNUNET_IDENTITY_Ego *issuer, - struct GNUNET_IDENTITY_Ego *subject, - const char *credential, - GNUNET_CREDENTIAL_IssueResultProcessor proc, - void *proc_cls); -*/ +/** + struct GNUNET_CREDENTIAL_IssueRequest * + GNUNET_CREDENTIAL_remove (struct GNUNET_CREDENTIAL_Handle *handle, + struct GNUNET_IDENTITY_Ego *issuer, + struct GNUNET_IDENTITY_Ego *subject, + const char *credential, + GNUNET_CREDENTIAL_IssueResultProcessor proc, + void *proc_cls); + */ /** @@ -191,7 +298,7 @@ GNUNET_CREDENTIAL_remove (struct GNUNET_CREDENTIAL_Handle *handle, * @param lr the lookup request to cancel */ void -GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_VerifyRequest *vr); +GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_Request *vr); #if 0 /* keep Emacsens' auto-indent happy */ -- cgit v1.2.3 From 299525b4df387bd197b0ded1fb51e74f6d12cd86 Mon Sep 17 00:00:00 2001 From: Adnan H Date: Fri, 2 Dec 2016 10:44:32 +0100 Subject: - Test commit - adding author --- src/include/gnunet_credential_service.h | 1 + 1 file changed, 1 insertion(+) diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h index 84cc68146..a5dc49cfb 100644 --- a/src/include/gnunet_credential_service.h +++ b/src/include/gnunet_credential_service.h @@ -20,6 +20,7 @@ /** * @author Martin Schanzenbach + * @author Adnan Husain * * @file * API to the Credential service -- cgit v1.2.3 From 59f306e708fcfb8a88cfb58ae73b3f81b49512e3 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Fri, 2 Dec 2016 11:48:19 +0100 Subject: - fix call --- src/exit/gnunet-daemon-exit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/exit/gnunet-daemon-exit.c b/src/exit/gnunet-daemon-exit.c index 790780aa6..1b129c643 100644 --- a/src/exit/gnunet-daemon-exit.c +++ b/src/exit/gnunet-daemon-exit.c @@ -3865,7 +3865,7 @@ run (void *cls, if (GNUNET_YES != GNUNET_OS_check_helper_binary (binary, GNUNET_YES, - "-d gnunet-vpn - - - 169.1.3.3.7 255.255.255.0")) //no nat, ipv4 only + "gnunet-vpn - - - 169.1.3.7 255.255.255.0")) //no nat, ipv4 only { GNUNET_free (binary); GNUNET_log (GNUNET_ERROR_TYPE_ERROR, -- cgit v1.2.3 From 3664423a917b4cf3773445b40b5ad8f5dd8e35e8 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Fri, 2 Dec 2016 11:48:51 +0100 Subject: -add todos --- src/credential/gnunet-service-credential.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index 58be7853b..3ad2e2e1d 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -257,6 +257,17 @@ send_lookup_response (void* cls, } + /** + * TODO + * Start resolution of Attribute delegations from issuer + * + * - Build adequate data structures for attribute(s) to lookup + * - Use GNUNET_GNSRECORD_TYPE_XXX + * - recursively try to find match(es) with results found top + * - return one found credential chain + * + */ + /** * Get serialized record data size */ -- cgit v1.2.3 From 45c17975732ef486a7ef4c64fb7161c89275bf05 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Fri, 2 Dec 2016 13:50:43 +0100 Subject: - change record data name --- src/credential/plugin_gnsrecord_credential.c | 8 ++++---- src/include/gnunet_credential_service.h | 7 ++++--- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index cc645468d..480dc4c62 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c @@ -53,12 +53,12 @@ credential_value_to_string (void *cls, { case GNUNET_GNSRECORD_TYPE_CREDENTIAL: { - struct GNUNET_CREDENTIAL_AttributeRecordData cred; + struct GNUNET_CREDENTIAL_CredentialRecordData cred; char *cred_str; char *subject_pkey; char *issuer_pkey; uint32_t cf; // Credential flags - if (data_size < sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData)) + if (data_size < sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData)) return NULL; /* malformed */ memcpy (&cred, data, @@ -111,7 +111,7 @@ credential_string_to_value (void *cls, { case GNUNET_GNSRECORD_TYPE_CREDENTIAL: { - struct GNUNET_CREDENTIAL_AttributeRecordData *cred; + struct GNUNET_CREDENTIAL_CredentialRecordData *cred; unsigned int cf; // credential flags size_t enclen = (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8; @@ -134,7 +134,7 @@ credential_string_to_value (void *cls, s); return GNUNET_SYSERR; } - *data_size = sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData) + strlen (name) + 1; + *data_size = sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (name) + 1; *data = cred = GNUNET_malloc (*data_size); GNUNET_CRYPTO_ecdsa_public_key_from_string (subject_pkey, strlen (subject_pkey), diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h index a5dc49cfb..5675cd990 100644 --- a/src/include/gnunet_credential_service.h +++ b/src/include/gnunet_credential_service.h @@ -74,9 +74,9 @@ enum GNUNET_CREDENTIAL_CredentialFlags { GNUNET_NETWORK_STRUCT_BEGIN /** - * The attribute record + * The credential record */ -struct GNUNET_CREDENTIAL_AttributeRecordData { +struct GNUNET_CREDENTIAL_CredentialRecordData { /** * Public key of the subject this credential was issued to @@ -112,7 +112,7 @@ struct GNUNET_CREDENTIAL_AttributeRecordData { /** * The attribute delegation record */ -struct GNUNET_CREDENTIAL_AttributeDelegationRecordData { +struct GNUNET_CREDENTIAL_AttributeRecordData { /** * Public key of the subject this attribute was delegated to @@ -121,6 +121,7 @@ struct GNUNET_CREDENTIAL_AttributeDelegationRecordData { /** * Followed by the attribute that was delegated to as string + * May be empty */ }; -- cgit v1.2.3 From 113150fb91211dc0cc0901c2373f148b8486d9c9 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Fri, 2 Dec 2016 14:20:08 +0100 Subject: - add signatures to creds, add converter --- src/credential/plugin_gnsrecord_credential.c | 20 ++++++++++++++++++++ src/include/gnunet_credential_service.h | 22 ++++++++++++++-------- src/include/gnunet_signatures.h | 5 +++++ 3 files changed, 39 insertions(+), 8 deletions(-) diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index 480dc4c62..d321a43a4 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c @@ -51,6 +51,26 @@ credential_value_to_string (void *cls, switch (type) { + case GNUNET_GNSRECORD_TYPE_ATTRIBUTE: + { + struct GNUNET_CREDENTIAL_AttributeRecordData attr; + char *attr_str; + char *subject_pkey; + + if (data_size < sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData)) + return NULL; /* malformed */ + memcpy (&attr, + data, + sizeof (attr)); + cdata = data; + subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&attr.subject_key); + GNUNET_asprintf (&attr_str, + "%s.%s", + subject_pkey, + &cdata[sizeof (attr)]); + GNUNET_free (subject_pkey); + return attr_str; + } case GNUNET_GNSRECORD_TYPE_CREDENTIAL: { struct GNUNET_CREDENTIAL_CredentialRecordData cred; diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h index 5675cd990..b996b77db 100644 --- a/src/include/gnunet_credential_service.h +++ b/src/include/gnunet_credential_service.h @@ -79,16 +79,27 @@ GNUNET_NETWORK_STRUCT_BEGIN struct GNUNET_CREDENTIAL_CredentialRecordData { /** - * Public key of the subject this credential was issued to + * The signature for this credential by the issuer */ - struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; + struct GNUNET_CRYPTO_EcdsaSignature sig; + /** * Public key of the issuer */ struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; + + /** + * Signature purpose (data to sign, kind of signature) + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; /** + * Public key of the subject this credential was issued to + */ + struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; + + /** * Flags for this credential */ uint32_t credential_flags GNUNET_PACKED; @@ -98,12 +109,7 @@ struct GNUNET_CREDENTIAL_CredentialRecordData { */ uint64_t expiration GNUNET_PACKED; - /** - * The signature for this credential by the issuer - */ - struct GNUNET_CRYPTO_EcdsaSignature sig; - - /** + /** * Followed by the attribute string */ }; diff --git a/src/include/gnunet_signatures.h b/src/include/gnunet_signatures.h index 1e372bbea..353287cbf 100644 --- a/src/include/gnunet_signatures.h +++ b/src/include/gnunet_signatures.h @@ -190,6 +190,11 @@ extern "C" */ #define GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET 27 +/** + * Signature for a GNUnet credential + */ +#define GNUNET_SIGNATURE_PURPOSE_CREDENTIAL 28 + #if 0 /* keep Emacsens' auto-indent happy */ { #endif -- cgit v1.2.3 From 7b6f6c01a0395187b2b52fb703749c7e2d2ff03f Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Fri, 2 Dec 2016 14:31:40 +0100 Subject: -cleanup cli tool --- src/credential/gnunet-credential.c | 193 +++++++++---------------------------- 1 file changed, 43 insertions(+), 150 deletions(-) diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index 31cd4fd8f..bfd4223ba 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c @@ -24,7 +24,6 @@ */ #include "platform.h" #include -#include #include /** @@ -42,31 +41,11 @@ static struct GNUNET_CREDENTIAL_Handle *credential; */ static struct GNUNET_TIME_Relative timeout; -/** - * Credential to lookup. (-u option) - */ -static char *lookup_credential; - /** * Handle to verify request */ static struct GNUNET_CREDENTIAL_Request *verify_request; -/** - * Lookup an ego with the identity service. - */ -static struct GNUNET_IDENTITY_EgoLookup *el; - -/** - * Handle for identity service. - */ -static struct GNUNET_IDENTITY_Handle *identity; - -/** - * Active operation on identity service. - */ -static struct GNUNET_IDENTITY_Operation *id_op; - /** * Task scheduled to handle timeout. */ @@ -78,16 +57,19 @@ static struct GNUNET_SCHEDULER_Task *tt; static char *subject_key; /** - * Subject pubkey string + * Subject credential string */ -static char *issuer_key; - +static char *subject_credential; +/** + * Issuer pubkey string + */ +static char *issuer_key; /** - * Identity of the zone to use for the lookup (-z option) + * Issuer attribute */ -static char *zone_ego_name; +static char *issuer_attr; /** @@ -98,26 +80,11 @@ static char *zone_ego_name; static void do_shutdown (void *cls) { - if (NULL != el) - { - GNUNET_IDENTITY_ego_lookup_cancel (el); - el = NULL; - } - if (NULL != id_op) - { - GNUNET_IDENTITY_cancel (id_op); - id_op = NULL; - } if (NULL != verify_request) { GNUNET_CREDENTIAL_verify_cancel (verify_request); verify_request = NULL; } - if (NULL != identity) - { - GNUNET_IDENTITY_disconnect (identity); - identity = NULL; - } if (NULL != credential) { GNUNET_CREDENTIAL_disconnect (credential); @@ -172,20 +139,39 @@ handle_verify_result (void *cls, /** - * Perform the actual resolution, with the subject pkey and - * the issuer public key + * Main function that will be run. * - * @param pkey public key to use for the zone, can be NULL - * @param shorten_key private key used for shortening, can be NULL + * @param cls closure + * @param args remaining command-line arguments + * @param cfgfile name of the configuration file used (for saving, can be NULL!) + * @param c configuration */ static void -lookup_credentials (struct GNUNET_IDENTITY_Ego *ego) +run (void *cls, + char *const *args, + const char *cfgfile, + const struct GNUNET_CONFIGURATION_Handle *c) { + cfg = c; + credential = GNUNET_CREDENTIAL_connect (cfg); + + if (NULL == credential) + { + fprintf (stderr, + _("Failed to connect to CREDENTIAL\n")); + return; + } + tt = GNUNET_SCHEDULER_add_delayed (timeout, + &do_timeout, NULL); + GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); + + + struct GNUNET_CRYPTO_EcdsaPublicKey subject_pkey; struct GNUNET_CRYPTO_EcdsaPublicKey issuer_pkey; - if (NULL != subject_key && NULL != issuer_key && NULL != lookup_credential) + if (NULL != subject_key && NULL != issuer_key) { if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_public_key_from_string (subject_key, @@ -213,9 +199,9 @@ lookup_credentials (struct GNUNET_IDENTITY_Ego *ego) verify_request = GNUNET_CREDENTIAL_verify(credential, &issuer_pkey, - "test", //TODO argument + issuer_attr, //TODO argument &subject_pkey, - lookup_credential, + subject_credential, &handle_verify_result, NULL); return; @@ -230,93 +216,6 @@ lookup_credentials (struct GNUNET_IDENTITY_Ego *ego) } -/** - * Method called to with the ego we are to use for the lookup, - * when the ego is the one for the default master zone. - * - * @param cls closure (NULL, unused) - * @param ego ego handle, NULL if not found - * @param ctx context for application to store data for this ego - * (during the lifetime of this process, initially NULL) - * @param name name assigned by the user for this ego, - * NULL if the user just deleted the ego and it - * must thus no longer be used - */ -static void -identity_master_cb (void *cls, - struct GNUNET_IDENTITY_Ego *ego, - void **ctx, - const char *name) -{ - - id_op = NULL; - if (NULL == ego) - { - fprintf (stderr, - _("Ego for `gns-master' not found, cannot perform lookup. Did you run gnunet-gns-import.sh?\n")); - GNUNET_SCHEDULER_shutdown (); - return; - } - - lookup_credentials(ego); - - -} - - -/** - * Main function that will be run. - * - * @param cls closure - * @param args remaining command-line arguments - * @param cfgfile name of the configuration file used (for saving, can be NULL!) - * @param c configuration - */ -static void -run (void *cls, - char *const *args, - const char *cfgfile, - const struct GNUNET_CONFIGURATION_Handle *c) -{ - - cfg = c; - credential = GNUNET_CREDENTIAL_connect (cfg); - identity = GNUNET_IDENTITY_connect (cfg, NULL, NULL); - - - - - if (NULL == credential) - { - fprintf (stderr, - _("Failed to connect to CREDENTIAL\n")); - return; - } - if (NULL == identity) - { - fprintf (stderr, - _("Failed to connect to IDENTITY\n")); - return; - } - tt = GNUNET_SCHEDULER_add_delayed (timeout, - &do_timeout, NULL); - GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); - - - - GNUNET_break (NULL == id_op); - id_op = GNUNET_IDENTITY_get (identity, - "gns-master",//# TODO: Create credential-master - &identity_master_cb, - cls); - GNUNET_assert (NULL != id_op); - - - - -} - - /** * The main function for gnunet-gns. * @@ -328,24 +227,18 @@ int main (int argc, char *const *argv) { static const struct GNUNET_GETOPT_CommandLineOption options[] = { - {'u', "lookup", "CREDENTIAL", - gettext_noop ("Lookup a record for the given credential"), 1, - &GNUNET_GETOPT_set_string, &lookup_credential}, - /** { 'T', "timeout", "DELAY", - gettext_noop ("Specify timeout for the lookup"), 1, - &GNUNET_GETOPT_set_relative_time, &timeout }, - {'t', "type", "TYPE", - gettext_noop ("Specify the type of the record to lookup"), 1, - &GNUNET_GETOPT_set_string, &lookup_type},**/ - {'z', "zone", "NAME", - gettext_noop ("Specify the name of the ego of the zone to lookup the record in"), 1, - &GNUNET_GETOPT_set_string, &zone_ego_name}, {'s', "subject", "PKEY", - gettext_noop ("Specify the public key of the subject to lookup the credential for"), 1, + gettext_noop ("The public key of the subject to lookup the credential for"), 1, &GNUNET_GETOPT_set_string, &subject_key}, + {'c', "credential", "CRED", + gettext_noop ("The name of the credential presented by the subject"), 1, + &GNUNET_GETOPT_set_string, &subject_credential}, {'i', "issuer", "PKEY", - gettext_noop ("Specify the public key of the authority to verify the credential against"), 1, + gettext_noop ("The public key of the authority to verify the credential against"), 1, &GNUNET_GETOPT_set_string, &issuer_key}, + {'a', "attribute", "ATTR", + gettext_noop ("The issuer attribute to verify against"), 1, + &GNUNET_GETOPT_set_string, &issuer_attr}, GNUNET_GETOPT_OPTION_END }; int ret; -- cgit v1.2.3 From f89b1efa793f9c2201ab9f4575c0f283b3bba288 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Fri, 2 Dec 2016 15:36:56 +0100 Subject: -update test --- src/credential/test_credential_lookup.sh | 36 +++++++++++++++++++++++++++----- 1 file changed, 31 insertions(+), 5 deletions(-) diff --git a/src/credential/test_credential_lookup.sh b/src/credential/test_credential_lookup.sh index 216c281d7..fc6a59c50 100755 --- a/src/credential/test_credential_lookup.sh +++ b/src/credential/test_credential_lookup.sh @@ -14,16 +14,42 @@ then fi rm -rf `gnunet-config -c test_credential_lookup.conf -s PATHS -o GNUNET_HOME -f` + +# (1) PKEY1.user -> PKEY2.resu.user +# (2) PKEY2.resu -> PKEY3 +# (3) PKEY3.user -> PKEY4 + + which timeout &> /dev/null && DO_TIMEOUT="timeout 30" -TEST_CREDENTIAL="keySub keyIss credName" +TEST_ISSUER="PKEY1" +TEST_ATTR="user" +TEST_SUB_ATTR="resu" +TEST_DELEGATION_SUBJECT="PKEY2" +TEST_DELEGATION_ATTR="$TEST_SUB_ATTR.$TEST_ATTR" +TEST_SUBDELEGATION_SUBJECT="PKEY3" +TEST_SUBJECT="PKEY4" +TEST_CREDENTIAL="c1" gnunet-arm -s -c test_credential_lookup.conf -gnunet-identity -C testsubject -c test_credential_lookup.conf +gnunet-identity -C testone -c test_credential_lookup.conf +gnunet-identity -C testtwo -c test_credential_lookup.conf +gnunet-identity -C testthree -c test_credential_lookup.conf +gnunet-identity -C testfour -c test_credential_lookup.conf + +#TODO1 Get credential and store it with subject (3) +CRED=`$DO_TIMEOUT gnunet-credential --issue --issuer=$TEST_SUBDELEGATION_SUBJECT --attribute=$TEST_SUB_ATTR --expiration 1m -c test_credential_lookup.conf` +gnunet-namestore -p -z testfour -a -n $TEST_CREDENTIAL -t CRED -V $CRED -e 5m -c test_credential_lookup.conf + +# (1) +gnunet-namestore -p -z testone -a -n $TEST_ATTR -t ATTR -V "$TEST_DELEGATION_SUBJECT $TEST_DELEGATION_ATTR" + +# (2) +gnunet-namestore -p -z testtwo -a -n $TEST_SUB_ATTR -t ATTR -V "$TEST_SUBDELEGATION_SUBJECT" -#TODO1 Plugin serialization functions see REVERSE in gns/plugin_gnsrecord_gns.c -gnunet-namestore -p -z testsubject -a -n newcred -t CRED -V $TEST_CREDENTIAL -e never -c test_credential_lookup.conf #TODO2 Add -z swich like in gnunet-gns -RES_IP=`$DO_TIMEOUT gnunet-credential -z testsubject -s testsubject -u credName -c test_credential_lookup.conf` +RES_IP=`$DO_TIMEOUT gnunet-credential --verify --issuer=$TEST_ISSUER --attribute="$TEST_DELEGATION_ATTR" --subject=$TEST_SUBJECT --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf` + +#TODO cleanup properly gnunet-namestore -z testsubject -d -n newcred -t CRED -e never -c test_credential_lookup.conf gnunet-identity -D testsubject -c test_credential_lookup.conf gnunet-arm -e -c test_credential_lookup.conf -- cgit v1.2.3 From 6fb6ddb3cb9b4153033747ac42cbad66f9bc3268 Mon Sep 17 00:00:00 2001 From: Adnan H Date: Fri, 2 Dec 2016 15:38:10 +0100 Subject: - added DLL and some checks --- src/credential/gnunet-service-credential.c | 108 +++++++++++++++++++++-------- 1 file changed, 81 insertions(+), 27 deletions(-) diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index 58be7853b..620256cd9 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -45,25 +45,47 @@ /** * DLL for record */ -struct AttributeRecordEntry +struct CredentialRecordEntry { /** * DLL */ - struct AttributeRecordEntry *next; + struct CredentialRecordEntry *next; /** * DLL */ - struct AttributeRecordEntry *prev; + struct CredentialRecordEntry *prev; /** * Payload */ - struct GNUNET_CREDENTIAL_AttributeRecordData record_data; + struct GNUNET_CREDENTIAL_CredentialRecordData record_data; }; +/** + * DLL for attributes - Used as a queue + * Insert tail - Pop head + */ +struct AttributeRecordEntry +{ + /** + * DLL + */ + struct AttributeRecordEntry *next; + + /** + * DLL + */ + struct AttributeRecordEntry *prev; + + /** + * + */ + struct GNUNET_CREDENTIAL_AttributeDelegationRecordData; +} + /** * Handle to a lookup operation from api */ @@ -101,14 +123,24 @@ struct VerifyRequestHandle struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; /** - * Attribute Chain + * Credential Chain */ - struct AttributeRecordEntry *attr_chain_head; + struct CredentialRecordEntry *cred_chain_head; /** - * Attribute Chain + * Credential Chain + */ + struct CredentialRecordEntry *cred_chain_tail; + + /** + * Attribute Queue + */ + struct AttributeRecordEntry *attr_queue_head; + + /** + * Attribute Queue */ - struct AttributeRecordEntry *attr_chain_tail; + struct AttributeRecordEntry *attr_queue_tail; /** * request id @@ -228,19 +260,26 @@ send_lookup_response (void* cls, struct VerifyRequestHandle *vrh = cls; size_t len; int i; - int attr_record_count; + int cred_record_count; struct GNUNET_MQ_Envelope *env; struct VerifyResultMessage *rmsg; - const struct GNUNET_CREDENTIAL_AttributeRecordData *ard; - struct AttributeRecordEntry *ar_entry; - - attr_record_count = 0; + const struct GNUNET_CREDENTIAL_CredentialRecordData *crd; + struct GNUNET_CREDENTIAL_AttributeDelegationRecordData *adrd; + struct CredentialRecordEntry *cr_entry; + struct AttributeRecordEntry *attr_entry; + bool cred_verified; + + cred_record_count = 0; + adrd = GNUNET_CREDENTIAL_AttributeDelegationRecordData + GNUNET_CONTAINER_DLL_insert_tail (vrh->attr_queue_head, + vrh->attr_queue_tail, + attr_entry); for (i=0; i < rd_count; i++) { - if (GNUNET_GNSRECORD_TYPE_ATTRIBUTE != rd[i].record_type) + if (GNUNET_GNSRECORD_TYPE_CREDENTIAL != rd[i].record_type) continue; - attr_record_count++; - ard = rd[i].data; + cred_record_count++; + crd = rd[i].data; /** * TODO: * Check if we have already found our credential here @@ -249,18 +288,33 @@ send_lookup_response (void* cls, * Save all found attributes/issues and prepare forward * resolution of issuer attribute */ - ar_entry = GNUNET_new (struct AttributeRecordEntry); - ar_entry->record_data = *ard; - GNUNET_CONTAINER_DLL_insert_tail (vrh->attr_chain_head, - vrh->attr_chain_tail, - ar_entry); + cr_entry = GNUNET_new (struct CredentialRecordEntry); + cr_entry->record_data = *crd; + GNUNET_CONTAINER_DLL_insert_tail (vrh->cred_chain_head, + vrh->cred_chain_tail, + cr_entry); + + if(GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL, purpose, sig, issuer_key)) + { + cred_verified = true; + break; + } } + + + /** + * Check for attributes from the issuer and follow the chain + * till you get the required subject's attributes + */ + if(cred_verified != true){ + for(i=0 ; i < rd_count ; i++){ + /** * Get serialized record data size */ - len = attr_record_count * sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData); + len = cred_record_count * sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData); /** * Prepare a lookup result response message for the client @@ -277,12 +331,12 @@ send_lookup_response (void* cls, * Append at the end of rmsg */ i = 0; - struct GNUNET_CREDENTIAL_AttributeRecordData *tmp_record = (struct GNUNET_CREDENTIAL_AttributeRecordData*) &rmsg[1]; + struct GNUNET_CREDENTIAL_CredentialRecordData *tmp_record = (struct GNUNET_CREDENTIAL_CredentialRecordData*) &rmsg[1]; for (ar_entry = vrh->attr_chain_head; NULL != ar_entry; ar_entry = ar_entry->next) { memcpy (tmp_record, &ar_entry->record_data, - sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData)); + sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData)); tmp_record++; } GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(vrh->client), @@ -301,13 +355,13 @@ send_lookup_response (void* cls, "Completed verifications", 1, GNUNET_NO); GNUNET_STATISTICS_update (statistics, - "Attributes resolved", + "Credentials resolved", rd_count, GNUNET_NO); } /** - * Handle attribute verification requests from client + * Handle Credential verification requests from client * * @param cls the closure * @param client the client @@ -361,7 +415,7 @@ handle_verify (void *cls, vrh->lookup_request = GNUNET_GNS_lookup (gns, subject_attribute, &v_msg->subject_key, //subject_pkey, - GNUNET_GNSRECORD_TYPE_ATTRIBUTE, + GNUNET_GNSRECORD_TYPE_CREDENTIAL, GNUNET_GNS_LO_DEFAULT, NULL, //shorten_key, always NULL &send_lookup_response, -- cgit v1.2.3 From 59f9630b8be3dcde087a4ef6956217704d0dacb4 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Fri, 2 Dec 2016 15:57:58 +0100 Subject: -fix compile --- src/credential/gnunet-service-credential.c | 32 ++++++++++-------------------- 1 file changed, 11 insertions(+), 21 deletions(-) diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index ed7d249e3..aa3c02003 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -28,6 +28,7 @@ #include "gnunet_statistics_service.h" #include "credential.h" #include "gnunet_protocols.h" +#include "gnunet_signatures.h" // For Looking up GNS request #include @@ -83,8 +84,8 @@ struct AttributeRecordEntry /** * */ - struct GNUNET_CREDENTIAL_AttributeDelegationRecordData; -} + struct GNUNET_CREDENTIAL_AttributeRecordData record_data; +}; /** * Handle to a lookup operation from api @@ -264,16 +265,10 @@ send_lookup_response (void* cls, struct GNUNET_MQ_Envelope *env; struct VerifyResultMessage *rmsg; const struct GNUNET_CREDENTIAL_CredentialRecordData *crd; - struct GNUNET_CREDENTIAL_AttributeDelegationRecordData *adrd; struct CredentialRecordEntry *cr_entry; - struct AttributeRecordEntry *attr_entry; - bool cred_verified; + int cred_verified; cred_record_count = 0; - adrd = GNUNET_CREDENTIAL_AttributeDelegationRecordData - GNUNET_CONTAINER_DLL_insert_tail (vrh->attr_queue_head, - vrh->attr_queue_tail, - attr_entry); for (i=0; i < rd_count; i++) { if (GNUNET_GNSRECORD_TYPE_CREDENTIAL != rd[i].record_type) @@ -294,22 +289,17 @@ send_lookup_response (void* cls, vrh->cred_chain_tail, cr_entry); - if(GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL, purpose, sig, issuer_key)) + if(GNUNET_OK == GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL, + &crd->purpose, + &crd->sig, &crd->issuer_key)) { - cred_verified = true; + cred_verified = GNUNET_YES; break; } } - /** - * Check for attributes from the issuer and follow the chain - * till you get the required subject's attributes - */ - if(cred_verified != true){ - for(i=0 ; i < rd_count ; i++){ - /** * TODO @@ -335,7 +325,7 @@ send_lookup_response (void* cls, GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT); //Assign id so that client can find associated request rmsg->id = vrh->request_id; - rmsg->ad_count = htonl (attr_record_count); + rmsg->ad_count = htonl (cred_record_count); /** * Get serialized record data @@ -343,10 +333,10 @@ send_lookup_response (void* cls, */ i = 0; struct GNUNET_CREDENTIAL_CredentialRecordData *tmp_record = (struct GNUNET_CREDENTIAL_CredentialRecordData*) &rmsg[1]; - for (ar_entry = vrh->attr_chain_head; NULL != ar_entry; ar_entry = ar_entry->next) + for (cr_entry = vrh->cred_chain_head; NULL != cr_entry; cr_entry = cr_entry->next) { memcpy (tmp_record, - &ar_entry->record_data, + &cr_entry->record_data, sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData)); tmp_record++; } -- cgit v1.2.3 From 646723dd495657a184d1f7e439f4958a72bee1df Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Fri, 2 Dec 2016 17:29:08 +0100 Subject: - add verify and issue to cli --- src/credential/Makefile.am | 1 + src/credential/credential_api.c | 45 +++++++++ src/credential/gnunet-credential.c | 139 +++++++++++++++++++++++---- src/credential/plugin_gnsrecord_credential.c | 10 +- src/include/gnunet_credential_service.h | 22 +---- 5 files changed, 173 insertions(+), 44 deletions(-) diff --git a/src/credential/Makefile.am b/src/credential/Makefile.am index 6469895e3..e85c3cc2d 100644 --- a/src/credential/Makefile.am +++ b/src/credential/Makefile.am @@ -57,6 +57,7 @@ gnunet_credential_SOURCES = \ gnunet_credential_LDADD = \ libgnunetcredential.la \ $(top_builddir)/src/util/libgnunetutil.la \ + $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \ $(top_builddir)/src/identity/libgnunetidentity.la \ $(GN_LIBINTL) diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index 8ff66c574..8d3c96ca8 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c @@ -28,6 +28,7 @@ #include "gnunet_arm_service.h" #include "gnunet_hello_lib.h" #include "gnunet_protocols.h" +#include "gnunet_signatures.h" #include "credential.h" #include "gnunet_credential_service.h" #include "gnunet_identity_service.h" @@ -406,5 +407,49 @@ GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, return vr; } +/** + * Issue an attribute to a subject + * + * @param handle handle to the Credential service + * @param issuer the ego that should be used to issue the attribute + * @param subject the subject of the attribute + * @param attribute the name of the attribute + * @return handle to the queued request + */ +struct GNUNET_CREDENTIAL_CredentialRecordData * +GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, + struct GNUNET_CRYPTO_EcdsaPublicKey *subject, + const char *attribute) +{ + struct GNUNET_CREDENTIAL_CredentialRecordData *crd; + + crd = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (attribute) + 1); + + crd->purpose.size = htonl (strlen (attribute) + 1 + + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + + sizeof (struct GNUNET_TIME_AbsoluteNBO)); + crd->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); + GNUNET_CRYPTO_ecdsa_key_get_public (issuer, + &crd->issuer_key); + + GNUNET_memcpy (&crd[1], + attribute, + strlen (attribute)); + if (GNUNET_OK != + GNUNET_CRYPTO_ecdsa_sign (issuer, + &crd->purpose, + &crd->sig)) + { + GNUNET_break (0); + GNUNET_free (crd); + return NULL; + } + return crd; +} + + + /* end of credential_api.c */ diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index bfd4223ba..eaad6d5cf 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c @@ -25,12 +25,18 @@ #include "platform.h" #include #include +#include /** * Configuration we are using. */ static const struct GNUNET_CONFIGURATION_Handle *cfg; +/** + * EgoLookup + */ +static struct GNUNET_IDENTITY_EgoLookup *el; + /** * Handle to Credential service. */ @@ -61,16 +67,42 @@ static char *subject_key; */ static char *subject_credential; +/** + * Subject key + */ +struct GNUNET_CRYPTO_EcdsaPublicKey subject_pkey; + +/** + * Issuer key + */ +struct GNUNET_CRYPTO_EcdsaPublicKey issuer_pkey; + + /** * Issuer pubkey string */ static char *issuer_key; +/** + * Issuer ego + */ +static char *issuer_ego_name; + /** * Issuer attribute */ static char *issuer_attr; +/** + * Verify mode + */ +static uint32_t verify; + +/** + * Issue mode + */ +static uint32_t create_cred; + /** * Task run on shutdown. Cleans up everything. @@ -135,6 +167,45 @@ handle_verify_result (void *cls, GNUNET_SCHEDULER_shutdown (); } +/** + * Callback invoked from identity service with ego information. + * An @a ego of NULL means the ego was not found. + * + * @param cls closure with the configuration + * @param ego an ego known to identity service, or NULL + */ +static void +identity_cb (void *cls, + const struct GNUNET_IDENTITY_Ego *ego) +{ + const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; + struct GNUNET_CREDENTIAL_CredentialRecordData *crd; + + el = NULL; + if (NULL == ego) + { + if (NULL != issuer_ego_name) + { + fprintf (stderr, + _("Ego `%s' not known to identity service\n"), + issuer_ego_name); + } + GNUNET_SCHEDULER_shutdown (); + return; + } + privkey = GNUNET_IDENTITY_ego_get_private_key (ego); + GNUNET_free_non_null (issuer_ego_name); + issuer_ego_name = NULL; + crd = GNUNET_CREDENTIAL_issue (credential, + privkey, + &subject_pkey, + issuer_attr); + printf ("Success.\n"); + printf (GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_CREDENTIAL, + crd, + sizeof (crd) + strlen (issuer_attr) + 1)); +} + @@ -162,39 +233,53 @@ run (void *cls, _("Failed to connect to CREDENTIAL\n")); return; } + + + tt = GNUNET_SCHEDULER_add_delayed (timeout, &do_timeout, NULL); GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); - struct GNUNET_CRYPTO_EcdsaPublicKey subject_pkey; - struct GNUNET_CRYPTO_EcdsaPublicKey issuer_pkey; + if (NULL == subject_key) + { + fprintf (stderr, + _("Subject public key needed\n")); + GNUNET_SCHEDULER_shutdown (); + return; - if (NULL != subject_key && NULL != issuer_key) + } + if (GNUNET_OK != + GNUNET_CRYPTO_ecdsa_public_key_from_string (subject_key, + strlen (subject_key), + &subject_pkey)) { - if (GNUNET_OK != - GNUNET_CRYPTO_ecdsa_public_key_from_string (subject_key, - strlen (subject_key), - &subject_pkey)) + fprintf (stderr, + _("Subject public key `%s' is not well-formed\n"), + subject_key); + GNUNET_SCHEDULER_shutdown (); + return; + } + + if (GNUNET_YES == verify) { + if (NULL == issuer_key) { fprintf (stderr, - _("Subject public key `%s' is not well-formed\n"), - subject_key); + _("Issuer public key not well-formed\n")); GNUNET_SCHEDULER_shutdown (); return; - } + } if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_key, strlen (issuer_key), &issuer_pkey)) { fprintf (stderr, - _("Authority public key `%s' is not well-formed\n"), + _("Issuer public key `%s' is not well-formed\n"), issuer_key); GNUNET_SCHEDULER_shutdown (); - return; } verify_request = GNUNET_CREDENTIAL_verify(credential, @@ -204,15 +289,26 @@ run (void *cls, subject_credential, &handle_verify_result, NULL); + } else if (GNUNET_YES == create_cred) { + if (NULL == issuer_ego_name) + { + fprintf (stderr, + _("Issuer ego required\n")); + GNUNET_SCHEDULER_shutdown (); + return; + + } + el = GNUNET_IDENTITY_ego_lookup (cfg, + issuer_ego_name, + &identity_cb, + (void *) cfg); return; - } - else - { + } else { fprintf (stderr, _("Please specify name to lookup, subject key and issuer key!\n")); GNUNET_SCHEDULER_shutdown (); - return; } + return; } @@ -227,6 +323,12 @@ int main (int argc, char *const *argv) { static const struct GNUNET_GETOPT_CommandLineOption options[] = { + {'I', "issue", NULL, + gettext_noop ("create credential"), 0, + &GNUNET_GETOPT_set_one, &create_cred}, + {'V', "verify", NULL, + gettext_noop ("verify credential against attribute"), 0, + &GNUNET_GETOPT_set_one, &verify}, {'s', "subject", "PKEY", gettext_noop ("The public key of the subject to lookup the credential for"), 1, &GNUNET_GETOPT_set_string, &subject_key}, @@ -236,8 +338,11 @@ main (int argc, char *const *argv) {'i', "issuer", "PKEY", gettext_noop ("The public key of the authority to verify the credential against"), 1, &GNUNET_GETOPT_set_string, &issuer_key}, + {'e', "ego", "EGO", + gettext_noop ("The ego to use to issue"), 1, + &GNUNET_GETOPT_set_string, &issuer_ego_name}, {'a', "attribute", "ATTR", - gettext_noop ("The issuer attribute to verify against"), 1, + gettext_noop ("The issuer attribute to verify against or to issue"), 1, &GNUNET_GETOPT_set_string, &issuer_attr}, GNUNET_GETOPT_OPTION_END }; diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index d321a43a4..c7cbb8bdd 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c @@ -77,7 +77,6 @@ credential_value_to_string (void *cls, char *cred_str; char *subject_pkey; char *issuer_pkey; - uint32_t cf; // Credential flags if (data_size < sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData)) return NULL; /* malformed */ memcpy (&cred, @@ -86,13 +85,11 @@ credential_value_to_string (void *cls, cdata = data; subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.subject_key); issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.issuer_key); - cf = ntohl (cred.credential_flags); GNUNET_asprintf (&cred_str, - "%s %s %u %s", + "%s %s %s", subject_pkey, issuer_pkey, - (unsigned int) cf, &cdata[sizeof (cred)]); GNUNET_free (subject_pkey); GNUNET_free (issuer_pkey); @@ -132,7 +129,6 @@ credential_string_to_value (void *cls, case GNUNET_GNSRECORD_TYPE_CREDENTIAL: { struct GNUNET_CREDENTIAL_CredentialRecordData *cred; - unsigned int cf; // credential flags size_t enclen = (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8; if (enclen % 5 > 0) @@ -143,10 +139,9 @@ credential_string_to_value (void *cls, char name[253 + 1]; if (5 != SSCANF (s, - "%52s %52s %u %253s", + "%52s %52s %253s", subject_pkey, issuer_pkey, - &cf, name)) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, @@ -162,7 +157,6 @@ credential_string_to_value (void *cls, GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_pkey, strlen (issuer_pkey), &cred->issuer_key); - cred->credential_flags = htonl (cf); GNUNET_memcpy (&cred[1], name, strlen (name)); diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h index b996b77db..088d0c75e 100644 --- a/src/include/gnunet_credential_service.h +++ b/src/include/gnunet_credential_service.h @@ -99,11 +99,6 @@ struct GNUNET_CREDENTIAL_CredentialRecordData { */ struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; - /** - * Flags for this credential - */ - uint32_t credential_flags GNUNET_PACKED; - /** * Expiration time of this credential */ @@ -168,15 +163,6 @@ typedef void (*GNUNET_CREDENTIAL_VerifyResultProcessor) (void *cls, struct GNUNET_CRYPTO_EcdsaPublicKey *issuer, uint32_t result); -/** - * Iterator called on obtained result for an attribute issuance. - * - * @param cls closure - * @param result the record data that can be handed to the subject - */ -typedef void (*GNUNET_CREDENTIAL_IssueResultProcessor) (void *cls, - struct GNUNET_CREDENTIAL_AttributeRecordData *data); - /** * Iterator called on obtained result for an attribute delegation. * @@ -271,13 +257,11 @@ GNUNET_CREDENTIAL_remove_delegation (struct GNUNET_CREDENTIAL_Handle *handle, * @param attribute the name of the attribute * @return handle to the queued request */ -struct GNUNET_CREDENTIAL_Request * +struct GNUNET_CREDENTIAL_CredentialRecordData * GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle, - struct GNUNET_IDENTITY_Ego *issuer, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, struct GNUNET_CRYPTO_EcdsaPublicKey *subject, - const char *attribute, - GNUNET_CREDENTIAL_IssueResultProcessor proc, - void *proc_cls); + const char *attribute); /** -- cgit v1.2.3 From fcb5ecaede036d2bb89e5123345fd391520c344a Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 5 Dec 2016 19:26:27 +0100 Subject: -add issue test --- src/credential/credential_api.c | 2 +- src/credential/gnunet-credential.c | 28 +++++++------- src/credential/plugin_gnsrecord_credential.c | 56 ++++++++++++++-------------- 3 files changed, 43 insertions(+), 43 deletions(-) diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index 8d3c96ca8..88f5f4e17 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c @@ -433,7 +433,7 @@ GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle, crd->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); GNUNET_CRYPTO_ecdsa_key_get_public (issuer, &crd->issuer_key); - + crd->subject_key = *subject; GNUNET_memcpy (&crd[1], attribute, strlen (attribute)); diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index eaad6d5cf..874aa29cb 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c @@ -180,6 +180,7 @@ identity_cb (void *cls, { const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; struct GNUNET_CREDENTIAL_CredentialRecordData *crd; + char *res; el = NULL; if (NULL == ego) @@ -200,10 +201,11 @@ identity_cb (void *cls, privkey, &subject_pkey, issuer_attr); - printf ("Success.\n"); - printf (GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_CREDENTIAL, - crd, - sizeof (crd) + strlen (issuer_attr) + 1)); + res = GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_CREDENTIAL, + crd, + sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (issuer_attr) + 1); + printf ("%s\n", res); + GNUNET_SCHEDULER_shutdown (); } @@ -225,15 +227,6 @@ run (void *cls, { cfg = c; - credential = GNUNET_CREDENTIAL_connect (cfg); - - if (NULL == credential) - { - fprintf (stderr, - _("Failed to connect to CREDENTIAL\n")); - return; - } - tt = GNUNET_SCHEDULER_add_delayed (timeout, @@ -281,6 +274,15 @@ run (void *cls, issuer_key); GNUNET_SCHEDULER_shutdown (); } + credential = GNUNET_CREDENTIAL_connect (cfg); + + if (NULL == credential) + { + fprintf (stderr, + _("Failed to connect to CREDENTIAL\n")); + return; + } + verify_request = GNUNET_CREDENTIAL_verify(credential, &issuer_pkey, diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index c7cbb8bdd..67fd32e49 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c @@ -73,33 +73,31 @@ credential_value_to_string (void *cls, } case GNUNET_GNSRECORD_TYPE_CREDENTIAL: { - struct GNUNET_CREDENTIAL_CredentialRecordData cred; - char *cred_str; - char *subject_pkey; - char *issuer_pkey; - if (data_size < sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData)) - return NULL; /* malformed */ - memcpy (&cred, - data, - sizeof (cred)); - cdata = data; - subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.subject_key); - issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.issuer_key); + struct GNUNET_CREDENTIAL_CredentialRecordData cred; + char *cred_str; + char *subject_pkey; + char *issuer_pkey; + if (data_size < sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData)) + return NULL; /* malformed */ + memcpy (&cred, + data, + sizeof (cred)); + cdata = data; + subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.subject_key); + issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.issuer_key); GNUNET_asprintf (&cred_str, - "%s %s %s", - subject_pkey, - issuer_pkey, - &cdata[sizeof (cred)]); - GNUNET_free (subject_pkey); - GNUNET_free (issuer_pkey); - - - - return cred_str; - } - default: - return NULL; + "%s %s %s", + subject_pkey, + issuer_pkey, + &cdata[sizeof (cred)]); + GNUNET_free (subject_pkey); + GNUNET_free (issuer_pkey); + + return cred_str; + } + default: + return NULL; } } @@ -117,10 +115,10 @@ credential_value_to_string (void *cls, */ static int credential_string_to_value (void *cls, - uint32_t type, - const char *s, - void **data, - size_t *data_size) + uint32_t type, + const char *s, + void **data, + size_t *data_size) { if (NULL == s) return GNUNET_SYSERR; -- cgit v1.2.3 From 3e958fd99a5adeec8245005e44c349dd5be1b082 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 5 Dec 2016 19:57:16 +0100 Subject: -add simple test --- src/credential/credential_api.c | 9 ++++++--- src/credential/gnunet-credential.c | 11 +++++++++-- src/credential/plugin_gnsrecord_credential.c | 2 +- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index 88f5f4e17..344bb6e63 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c @@ -369,7 +369,7 @@ GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, struct GNUNET_CREDENTIAL_Request *vr; size_t nlen; - if (NULL == issuer_attribute) + if (NULL == issuer_attribute || NULL == subject_attribute) { GNUNET_break (0); return NULL; @@ -378,7 +378,7 @@ GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, LOG (GNUNET_ERROR_TYPE_DEBUG, "Trying to verify `%s' in CREDENTIAL\n", issuer_attribute); - nlen = strlen (issuer_attribute) + 1; + nlen = strlen (issuer_attribute) + 1 + strlen (subject_attribute) + 1; if (nlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (*vr)) { GNUNET_break (0); @@ -396,8 +396,11 @@ GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, v_msg->subject_key = *subject_key; v_msg->issuer_key = *issuer_key; GNUNET_memcpy (&v_msg[1], + issuer_attribute, + strlen (issuer_attribute)); + GNUNET_memcpy (((char*)&v_msg[1]) + strlen (issuer_attribute) + 1, subject_attribute, - nlen); + strlen (subject_attribute)); GNUNET_CONTAINER_DLL_insert (handle->verify_head, handle->verify_tail, vr); diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index 874aa29cb..a7b92447b 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c @@ -280,7 +280,14 @@ run (void *cls, { fprintf (stderr, _("Failed to connect to CREDENTIAL\n")); - return; + GNUNET_SCHEDULER_shutdown (); + } + + if (NULL == issuer_attr || NULL == subject_credential) + { + fprintf (stderr, + _("You must provide issuer and subject attributes\n")); + GNUNET_SCHEDULER_shutdown (); } @@ -334,7 +341,7 @@ main (int argc, char *const *argv) {'s', "subject", "PKEY", gettext_noop ("The public key of the subject to lookup the credential for"), 1, &GNUNET_GETOPT_set_string, &subject_key}, - {'c', "credential", "CRED", + {'b', "credential", "CRED", gettext_noop ("The name of the credential presented by the subject"), 1, &GNUNET_GETOPT_set_string, &subject_credential}, {'i', "issuer", "PKEY", diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index 67fd32e49..721e19fdb 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c @@ -136,7 +136,7 @@ credential_string_to_value (void *cls, char issuer_pkey[enclen + 1]; char name[253 + 1]; - if (5 != SSCANF (s, + if (3 != SSCANF (s, "%52s %52s %253s", subject_pkey, issuer_pkey, -- cgit v1.2.3 From ad04c24e83c23302b73b176f4d36603e7d8f1134 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 5 Dec 2016 20:50:48 +0100 Subject: -add tests --- src/credential/test_credential_issue.sh | 43 ++++++++++++++++++++ src/credential/test_credential_verify_simple.sh | 52 +++++++++++++++++++++++++ 2 files changed, 95 insertions(+) create mode 100755 src/credential/test_credential_issue.sh create mode 100755 src/credential/test_credential_verify_simple.sh diff --git a/src/credential/test_credential_issue.sh b/src/credential/test_credential_issue.sh new file mode 100755 index 000000000..a78bde6ed --- /dev/null +++ b/src/credential/test_credential_issue.sh @@ -0,0 +1,43 @@ +#!/bin/bash +trap "gnunet-arm -e -c test_credential_lookup.conf" SIGINT + +LOCATION=$(which gnunet-config) +if [ -z $LOCATION ] +then + LOCATION="gnunet-config" +fi +$LOCATION --version 1> /dev/null +if test $? != 0 +then + echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" + exit 77 +fi + +rm -rf `gnunet-config -c test_credential_lookup.conf -s PATHS -o GNUNET_HOME -f` + +# (1) PKEY1.user -> PKEY2.resu.user +# (2) PKEY2.resu -> PKEY3 +# (3) PKEY3.user -> PKEY4 + + +which timeout &> /dev/null && DO_TIMEOUT="timeout 30" + +TEST_ATTR="test" +gnunet-arm -s -c test_credential_lookup.conf +gnunet-identity -C testissuer -c test_credential_lookup.conf +gnunet-identity -C testsubject -c test_credential_lookup.conf +SUBJECT_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testsubject | awk '{print $3}') +ISSUER_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testissuer | awk '{print $3}') +EXPECTED="$SUBJECT_KEY $ISSUER_KEY $TEST_ATTR" +#TODO1 Get credential and store it with subject (3) +CRED=`$DO_TIMEOUT gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR -c test_credential_lookup.conf` + +gnunet-arm -e -c test_credential_lookup.conf + +if [ "$EXPECTED" == "$CRED" ] +then + exit 0 +else + echo "FAIL: Failed to issue credential, got $CRED." + exit 1 +fi diff --git a/src/credential/test_credential_verify_simple.sh b/src/credential/test_credential_verify_simple.sh new file mode 100755 index 000000000..73ea24137 --- /dev/null +++ b/src/credential/test_credential_verify_simple.sh @@ -0,0 +1,52 @@ +#!/bin/bash +trap "gnunet-arm -e -c test_credential_lookup.conf" SIGINT + +LOCATION=$(which gnunet-config) +if [ -z $LOCATION ] +then + LOCATION="gnunet-config" +fi +$LOCATION --version 1> /dev/null +if test $? != 0 +then + echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" + exit 77 +fi + +rm -rf `gnunet-config -c test_credential_lookup.conf -s PATHS -o GNUNET_HOME -f` + +# (3) Isser.user -> Subject + + +which timeout &> /dev/null && DO_TIMEOUT="timeout 30" +gnunet-arm -s -c test_credential_lookup.conf +gnunet-identity -C testissuer -c test_credential_lookup.conf +gnunet-identity -C testsubject -c test_credential_lookup.conf + +TEST_ATTR="user" +SUBJECT_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testsubject | awk '{print $3}') +ISSUER_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testissuer | awk '{print $3}') +CRED=`$DO_TIMEOUT gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR -c test_credential_lookup.conf` + +TEST_CREDENTIAL="t1" +gnunet-namestore -p -z testsubject -a -n $TEST_CREDENTIAL -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf + +#TODO2 Add -z swich like in gnunet-gns +#RES_CRED=`$DO_TIMEOUT gnunet-credential --verify --issuer=$ISSUER_KEY --attribute="$TEST_ATTR" --subject=$SUBJECT_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf` +valgrind gnunet-credential --verify --issuer=$ISSUER_KEY --attribute=$TEST_ATTR --subject=$SUBJECT_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf + +#TODO cleanup properly +gnunet-namestore -z testsubject -d -n $TEST_CREDENTIAL -t CRED -e never -c test_credential_lookup.conf +gnunet-identity -D testsubject -c test_credential_lookup.conf +gnunet-arm -e -c test_credential_lookup.conf + +#TODO3 proper test +exit 0 + +if [ "$RES_CRED" == "Ok!" ] +then + exit 0 +else + echo "FAIL: Failed to verify credential $RES_IP." + exit 1 +fi -- cgit v1.2.3 From e2351f98490794db3e04c83106899781feb3edf2 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 5 Dec 2016 21:34:22 +0100 Subject: -fix verifymessage --- src/credential/credential.h | 10 ++++++++++ src/credential/credential_api.c | 6 ++++-- src/credential/gnunet-service-credential.c | 32 +++++++++++++----------------- 3 files changed, 28 insertions(+), 20 deletions(-) diff --git a/src/credential/credential.h b/src/credential/credential.h index 2acaf73a5..8b5cf6db9 100644 --- a/src/credential/credential.h +++ b/src/credential/credential.h @@ -49,6 +49,16 @@ struct VerifyMessage */ struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; + /** + * Length of the issuer attribute + */ + uint16_t issuer_attribute_len; + + /** + * Length of the subject attribute + */ + uint16_t subject_attribute_len; + /** * Unique identifier for this request (for key collisions). */ diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index 344bb6e63..b6c585c72 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c @@ -378,7 +378,7 @@ GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, LOG (GNUNET_ERROR_TYPE_DEBUG, "Trying to verify `%s' in CREDENTIAL\n", issuer_attribute); - nlen = strlen (issuer_attribute) + 1 + strlen (subject_attribute) + 1; + nlen = strlen (issuer_attribute) + strlen (subject_attribute) + 1; if (nlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (*vr)) { GNUNET_break (0); @@ -395,10 +395,12 @@ GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, v_msg->id = htonl (vr->r_id); v_msg->subject_key = *subject_key; v_msg->issuer_key = *issuer_key; + v_msg->issuer_attribute_len = htons(strlen(issuer_attribute)); + v_msg->subject_attribute_len = htons(strlen(subject_attribute)); GNUNET_memcpy (&v_msg[1], issuer_attribute, strlen (issuer_attribute)); - GNUNET_memcpy (((char*)&v_msg[1]) + strlen (issuer_attribute) + 1, + GNUNET_memcpy (((char*)&v_msg[1]) + strlen (issuer_attribute), subject_attribute, strlen (subject_attribute)); GNUNET_CONTAINER_DLL_insert (handle->verify_head, diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index aa3c02003..117156379 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -217,9 +217,7 @@ check_verify (void *cls, const struct VerifyMessage *v_msg) { size_t msg_size; - size_t attr_len; - const char* s_attr; - const char* i_attr; + const char* attrs; msg_size = ntohs (v_msg->header.size); if (msg_size < sizeof (struct VerifyMessage)) @@ -227,17 +225,16 @@ check_verify (void *cls, GNUNET_break (0); return GNUNET_SYSERR; } - i_attr = (const char *) &v_msg[1]; - if ( ('\0' != i_attr[v_msg->header.size - sizeof (struct VerifyMessage) - 1]) || - (strlen (i_attr) > GNUNET_CREDENTIAL_MAX_LENGTH) ) + if ((ntohs (v_msg->issuer_attribute_len) > GNUNET_CREDENTIAL_MAX_LENGTH) || + (ntohs (v_msg->subject_attribute_len) > GNUNET_CREDENTIAL_MAX_LENGTH)) { GNUNET_break (0); return GNUNET_SYSERR; } - attr_len = strlen (i_attr); - s_attr = ((const char *) &v_msg[1]) + attr_len + 1; - if ( ('\0' != s_attr[v_msg->header.size - sizeof (struct VerifyMessage) - 1]) || - (strlen (s_attr) > GNUNET_CREDENTIAL_MAX_LENGTH) ) + attrs = (const char *) &v_msg[1]; + + if ( ('\0' != attrs[ntohs(v_msg->header.size) - sizeof (struct VerifyMessage) - 1]) || + (strlen (attrs) > GNUNET_CREDENTIAL_MAX_LENGTH * 2) ) { GNUNET_break (0); return GNUNET_SYSERR; @@ -266,7 +263,6 @@ send_lookup_response (void* cls, struct VerifyResultMessage *rmsg; const struct GNUNET_CREDENTIAL_CredentialRecordData *crd; struct CredentialRecordEntry *cr_entry; - int cred_verified; cred_record_count = 0; for (i=0; i < rd_count; i++) @@ -293,7 +289,6 @@ send_lookup_response (void* cls, &crd->purpose, &crd->sig, &crd->issuer_key)) { - cred_verified = GNUNET_YES; break; } @@ -372,12 +367,12 @@ static void handle_verify (void *cls, const struct VerifyMessage *v_msg) { + char attrs[GNUNET_CREDENTIAL_MAX_LENGTH*2 + 1]; char issuer_attribute[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; char subject_attribute[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; - size_t issuer_attribute_len; struct VerifyRequestHandle *vrh; struct GNUNET_SERVICE_Client *client = cls; - char *attrptr = issuer_attribute; + char *attrptr = attrs; const char *utf_in; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, @@ -385,10 +380,11 @@ handle_verify (void *cls, utf_in = (const char *) &v_msg[1]; GNUNET_STRINGS_utf8_tolower (utf_in, attrptr); - issuer_attribute_len = strlen (utf_in); - utf_in = (const char *) (&v_msg[1] + issuer_attribute_len + 1); - attrptr = subject_attribute; - GNUNET_STRINGS_utf8_tolower (utf_in, attrptr); + + GNUNET_memcpy (issuer_attribute, attrs, ntohs (v_msg->issuer_attribute_len)); + issuer_attribute[ntohs (v_msg->issuer_attribute_len)] = '\0'; + GNUNET_memcpy (subject_attribute, attrs+strlen(issuer_attribute), ntohs (v_msg->subject_attribute_len)); + subject_attribute[ntohs (v_msg->subject_attribute_len)] = '\0'; vrh = GNUNET_new (struct VerifyRequestHandle); GNUNET_CONTAINER_DLL_insert (vrh_head, vrh_tail, vrh); vrh->client = client; -- cgit v1.2.3 From 6d96eb580bec0831222811f3841174c39e437709 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 5 Dec 2016 21:55:23 +0100 Subject: - add signature to cred --- src/credential/plugin_gnsrecord_credential.c | 31 ++++++++++++++++++++-------- src/credential/test_credential_issue.sh | 13 +++--------- 2 files changed, 25 insertions(+), 19 deletions(-) diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index 721e19fdb..f6aec9bcc 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c @@ -77,6 +77,8 @@ credential_value_to_string (void *cls, char *cred_str; char *subject_pkey; char *issuer_pkey; + char *signature; + if (data_size < sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData)) return NULL; /* malformed */ memcpy (&cred, @@ -85,15 +87,18 @@ credential_value_to_string (void *cls, cdata = data; subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.subject_key); issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.issuer_key); - + GNUNET_STRINGS_base64_encode ((char*)&cred.sig, + sizeof (struct GNUNET_CRYPTO_EcdsaSignature), + &signature); GNUNET_asprintf (&cred_str, - "%s %s %s", - subject_pkey, + "%s.%s -> %s sig:%s", issuer_pkey, - &cdata[sizeof (cred)]); + &cdata[sizeof (cred)], + subject_pkey, + signature); GNUNET_free (subject_pkey); GNUNET_free (issuer_pkey); - + GNUNET_free (signature); return cred_str; } default: @@ -135,12 +140,15 @@ credential_string_to_value (void *cls, char subject_pkey[enclen + 1]; char issuer_pkey[enclen + 1]; char name[253 + 1]; + char signature[128]; //TODO max payload size + struct GNUNET_CRYPTO_EcdsaSignature *sig; - if (3 != SSCANF (s, - "%52s %52s %253s", - subject_pkey, + if (4 != SSCANF (s, + "%52s.%253s -> %52s sig:%s", issuer_pkey, - name)) + name, + subject_pkey, + signature)) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, _("Unable to parse CRED record string `%s'\n"), @@ -155,6 +163,11 @@ credential_string_to_value (void *cls, GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_pkey, strlen (issuer_pkey), &cred->issuer_key); + GNUNET_STRINGS_base64_decode (signature, + strlen (signature), + (char**)&sig); + cred->sig = *sig; + GNUNET_free (sig); GNUNET_memcpy (&cred[1], name, strlen (name)); diff --git a/src/credential/test_credential_issue.sh b/src/credential/test_credential_issue.sh index a78bde6ed..95eac2957 100755 --- a/src/credential/test_credential_issue.sh +++ b/src/credential/test_credential_issue.sh @@ -28,16 +28,9 @@ gnunet-identity -C testissuer -c test_credential_lookup.conf gnunet-identity -C testsubject -c test_credential_lookup.conf SUBJECT_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testsubject | awk '{print $3}') ISSUER_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testissuer | awk '{print $3}') -EXPECTED="$SUBJECT_KEY $ISSUER_KEY $TEST_ATTR" #TODO1 Get credential and store it with subject (3) -CRED=`$DO_TIMEOUT gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR -c test_credential_lookup.conf` +$DO_TIMEOUT gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR -c test_credential_lookup.conf +STATUS=$? gnunet-arm -e -c test_credential_lookup.conf - -if [ "$EXPECTED" == "$CRED" ] -then - exit 0 -else - echo "FAIL: Failed to issue credential, got $CRED." - exit 1 -fi +exit $STATUS -- cgit v1.2.3 From 01fcfd11a5e4c170e0b31c60157fb9748c0d3277 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 5 Dec 2016 22:09:11 +0100 Subject: - remove purpose from cred --- src/credential/credential_api.c | 21 +++++++++++++++------ src/credential/gnunet-service-credential.c | 21 ++++++++++++++++----- src/include/gnunet_credential_service.h | 5 ----- 3 files changed, 31 insertions(+), 16 deletions(-) diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index b6c585c72..3be2d8bbb 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c @@ -428,23 +428,32 @@ GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle, const char *attribute) { struct GNUNET_CREDENTIAL_CredentialRecordData *crd; + struct GNUNET_CRYPTO_EccSignaturePurpose *purp; crd = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (attribute) + 1); - crd->purpose.size = htonl (strlen (attribute) + 1 + - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + - sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + - sizeof (struct GNUNET_TIME_AbsoluteNBO)); - crd->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); + purp = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + + strlen (attribute) + 1); + purp->size = htonl (strlen (attribute) + 1 + + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose)); + + purp->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); GNUNET_CRYPTO_ecdsa_key_get_public (issuer, &crd->issuer_key); crd->subject_key = *subject; GNUNET_memcpy (&crd[1], attribute, strlen (attribute)); + GNUNET_memcpy (&purp[1], + subject, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + GNUNET_memcpy (&purp[1] + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), + attribute, + strlen (attribute)); if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_sign (issuer, - &crd->purpose, + purp, &crd->sig)) { GNUNET_break (0); diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index 117156379..20f6fe4e0 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -262,6 +262,7 @@ send_lookup_response (void* cls, struct GNUNET_MQ_Envelope *env; struct VerifyResultMessage *rmsg; const struct GNUNET_CREDENTIAL_CredentialRecordData *crd; + struct GNUNET_CRYPTO_EccSignaturePurpose *purp; struct CredentialRecordEntry *cr_entry; cred_record_count = 0; @@ -284,16 +285,26 @@ send_lookup_response (void* cls, GNUNET_CONTAINER_DLL_insert_tail (vrh->cred_chain_head, vrh->cred_chain_tail, cr_entry); - + purp = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + + strlen ((char*)&crd[1]) +1 ); + purp->size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + + strlen ((char*)&crd[1]) +1 ); + + purp->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); if(GNUNET_OK == GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL, - &crd->purpose, - &crd->sig, &crd->issuer_key)) - { + purp, + &crd->sig, + &crd->issuer_key)) + { + GNUNET_free (purp); break; } + GNUNET_free (purp); } - + /** diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h index 088d0c75e..151587768 100644 --- a/src/include/gnunet_credential_service.h +++ b/src/include/gnunet_credential_service.h @@ -89,11 +89,6 @@ struct GNUNET_CREDENTIAL_CredentialRecordData { */ struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; - /** - * Signature purpose (data to sign, kind of signature) - */ - struct GNUNET_CRYPTO_EccSignaturePurpose purpose; - /** * Public key of the subject this credential was issued to */ -- cgit v1.2.3 From 0f854e736bf6f2d62649fe38e25967dd71aec97f Mon Sep 17 00:00:00 2001 From: Adnan H Date: Mon, 5 Dec 2016 22:15:25 +0100 Subject: - starting backward resolution --- src/credential/gnunet-service-credential.c | 99 +++++++++++++++++++++++++++++- 1 file changed, 97 insertions(+), 2 deletions(-) diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index aa3c02003..047ea0075 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -82,11 +82,12 @@ struct AttributeRecordEntry struct AttributeRecordEntry *prev; /** - * + * Payload */ struct GNUNET_CREDENTIAL_AttributeRecordData record_data; }; + /** * Handle to a lookup operation from api */ @@ -117,6 +118,11 @@ struct VerifyRequestHandle * Issuer public key */ struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; + + /** + * Issuer attribute + */ + char *issuer_attribute; /** * Subject public key @@ -142,6 +148,11 @@ struct VerifyRequestHandle * Attribute Queue */ struct AttributeRecordEntry *attr_queue_tail; + + /** + * Current Attribute Pointer + */ + struct AttributeRecordEntry* attr_pointer; /** * request id @@ -245,6 +256,58 @@ check_verify (void *cls, return GNUNET_OK; } +static void +start_backward_resolution (void* cls, + uint32_t rd_count, + const struct GNUNET_GNSRECORD_Data *rd) +{ + struct VerifyRequestHandle *vrh = cls; + int i; + struct GNUNET_CREDENTIAL_CredentialRecordData *cred; + struct GNUNET_CREDENTIAL_AttributeRecordData *attr; + struct CredentialRecordEntry *cred_pointer; + const char *attribute; + const char *cred_attribute; + char *issuer_key; + char *cred_issuer_key; + const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key_ecdsa; + const struct GNUNET_CRYPTO_EcdsaPublicKey *cred_issuer_key_ecdsa; + + for(cred_pointer = vrh->cred_chain_head; cred_pointer != NULL; + cred_pointer = cred_pointer->next){ + cred = &cred_pointer->record_data; + issuer_key_ecdsa = &vrh->attr_pointer->record_data.subject_key; + cred_issuer_key_ecdsa = &cred_pointer->record_data.issuer_key; + + issuer_key = GNUNET_CRYPTO_ecdsa_public_key_to_string(issuer_key_ecdsa); + cred_issuer_key = GNUNET_CRYPTO_ecdsa_public_key_to_string(cred_issuer_key_ecdsa); + if(0 == strcmp(issuer_key,cred_issuer_key)) + { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Found issuer\n"); + } + + } + + + + //Start from next to head + for(vrh->attr_pointer = vrh->attr_queue_head->next ; vrh->attr_pointer->next != NULL ; + vrh->attr_pointer = vrh->attr_pointer->next ){ + + //Start with backward resolution + GNUNET_GNS_lookup (gns, + vrh->issuer_attribute, + &vrh->issuer_key, //issuer_key, + GNUNET_GNSRECORD_TYPE_ATTRIBUTE, + GNUNET_GNS_LO_DEFAULT, + NULL, //shorten_key, always NULL + &start_backward_resolution, + vrh); + } + + +} /** * Result from GNS lookup. @@ -269,6 +332,16 @@ send_lookup_response (void* cls, int cred_verified; cred_record_count = 0; + struct AttributeRecordEntry *attr_entry; + + struct GNUNET_CREDENTIAL_AttributeRecordData *ard = + GNUNET_new(struct GNUNET_CREDENTIAL_AttributeRecordData); + + attr_entry->record_data = *ard; + ard->subject_key = vrh->issuer_key; + GNUNET_CONTAINER_DLL_insert_tail (vrh->attr_queue_head, + vrh->attr_queue_tail, + attr_entry); for (i=0; i < rd_count; i++) { if (GNUNET_GNSRECORD_TYPE_CREDENTIAL != rd[i].record_type) @@ -298,7 +371,28 @@ send_lookup_response (void* cls, } } - + + + /** + * Check for attributes from the issuer and follow the chain + * till you get the required subject's attributes + */ + if(cred_verified != GNUNET_YES){ + + + vrh->attr_pointer = vrh->attr_queue_head; + + //Start with backward resolution + GNUNET_GNS_lookup (gns, + vrh->issuer_attribute, + &vrh->issuer_key, //issuer_key, + GNUNET_GNSRECORD_TYPE_ATTRIBUTE, + GNUNET_GNS_LO_DEFAULT, + NULL, //shorten_key, always NULL + &start_backward_resolution, + vrh); + } + /** @@ -395,6 +489,7 @@ handle_verify (void *cls, vrh->request_id = v_msg->id; vrh->issuer_key = v_msg->issuer_key; vrh->subject_key = v_msg->subject_key; + vrh->issuer_attribute = issuer_attribute; if (NULL == subject_attribute) { -- cgit v1.2.3 From a97e16efa84b72dd51dcb181d4ebdbcc58a111f9 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 5 Dec 2016 22:18:50 +0100 Subject: - add better test for verification --- src/credential/test_credential_lookup.sh | 66 -------------------------------- src/credential/test_credential_verify.sh | 62 ++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+), 66 deletions(-) delete mode 100755 src/credential/test_credential_lookup.sh create mode 100755 src/credential/test_credential_verify.sh diff --git a/src/credential/test_credential_lookup.sh b/src/credential/test_credential_lookup.sh deleted file mode 100755 index fc6a59c50..000000000 --- a/src/credential/test_credential_lookup.sh +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash -trap "gnunet-arm -e -c test_credential_lookup.conf" SIGINT - -LOCATION=$(which gnunet-config) -if [ -z $LOCATION ] -then - LOCATION="gnunet-config" -fi -$LOCATION --version 1> /dev/null -if test $? != 0 -then - echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" - exit 77 -fi - -rm -rf `gnunet-config -c test_credential_lookup.conf -s PATHS -o GNUNET_HOME -f` - -# (1) PKEY1.user -> PKEY2.resu.user -# (2) PKEY2.resu -> PKEY3 -# (3) PKEY3.user -> PKEY4 - - -which timeout &> /dev/null && DO_TIMEOUT="timeout 30" -TEST_ISSUER="PKEY1" -TEST_ATTR="user" -TEST_SUB_ATTR="resu" -TEST_DELEGATION_SUBJECT="PKEY2" -TEST_DELEGATION_ATTR="$TEST_SUB_ATTR.$TEST_ATTR" -TEST_SUBDELEGATION_SUBJECT="PKEY3" -TEST_SUBJECT="PKEY4" -TEST_CREDENTIAL="c1" -gnunet-arm -s -c test_credential_lookup.conf -gnunet-identity -C testone -c test_credential_lookup.conf -gnunet-identity -C testtwo -c test_credential_lookup.conf -gnunet-identity -C testthree -c test_credential_lookup.conf -gnunet-identity -C testfour -c test_credential_lookup.conf - -#TODO1 Get credential and store it with subject (3) -CRED=`$DO_TIMEOUT gnunet-credential --issue --issuer=$TEST_SUBDELEGATION_SUBJECT --attribute=$TEST_SUB_ATTR --expiration 1m -c test_credential_lookup.conf` -gnunet-namestore -p -z testfour -a -n $TEST_CREDENTIAL -t CRED -V $CRED -e 5m -c test_credential_lookup.conf - -# (1) -gnunet-namestore -p -z testone -a -n $TEST_ATTR -t ATTR -V "$TEST_DELEGATION_SUBJECT $TEST_DELEGATION_ATTR" - -# (2) -gnunet-namestore -p -z testtwo -a -n $TEST_SUB_ATTR -t ATTR -V "$TEST_SUBDELEGATION_SUBJECT" - - -#TODO2 Add -z swich like in gnunet-gns -RES_IP=`$DO_TIMEOUT gnunet-credential --verify --issuer=$TEST_ISSUER --attribute="$TEST_DELEGATION_ATTR" --subject=$TEST_SUBJECT --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf` - -#TODO cleanup properly -gnunet-namestore -z testsubject -d -n newcred -t CRED -e never -c test_credential_lookup.conf -gnunet-identity -D testsubject -c test_credential_lookup.conf -gnunet-arm -e -c test_credential_lookup.conf - -#TODO3 proper test -exit 0 - -#if [ "$RES_IP" == "$TEST_CRED" ] -#then -# exit 0 -#else -# echo "FAIL: Failed to resolve to proper IP, got $RES_IP." -# exit 1 -#fi diff --git a/src/credential/test_credential_verify.sh b/src/credential/test_credential_verify.sh new file mode 100755 index 000000000..6e5ba4647 --- /dev/null +++ b/src/credential/test_credential_verify.sh @@ -0,0 +1,62 @@ +#!/bin/bash +trap "gnunet-arm -e -c test_credential_lookup.conf" SIGINT + +LOCATION=$(which gnunet-config) +if [ -z $LOCATION ] +then + LOCATION="gnunet-config" +fi +$LOCATION --version 1> /dev/null +if test $? != 0 +then + echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" + exit 77 +fi + +rm -rf `gnunet-config -c test_credential_lookup.conf -s PATHS -o GNUNET_HOME -f` + +# (1) Authority.test -> Intermediate.org.user +# (2) Intermediate.org -> Issuer +# (3) Issuer.user -> Subject + + +which timeout &> /dev/null && DO_TIMEOUT="timeout 30" +gnunet-arm -s -c test_credential_lookup.conf +gnunet-identity -C testissuer -c test_credential_lookup.conf +gnunet-identity -C testsubject -c test_credential_lookup.conf +gnunet-identity -C testintermediate -c test_credential_lookup.conf +gnunet-identity -C testauthority -c test_credential_lookup.conf + +TEST_ATTR="user" +INTERMEDIATE_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testintermediate | awk '{print $3}') +SUBJECT_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testsubject | awk '{print $3}') +ISSUER_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testissuer | awk '{print $3}') +CRED=`$DO_TIMEOUT gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR -c test_credential_lookup.conf` + +TEST_CREDENTIAL="t1" +gnunet-namestore -p -z testsubject -a -n $TEST_CREDENTIAL -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf + +INTERMEDIATE_ATTR="org" +gnunet-namestore -p -z testintermediate -a -n $INTERMEDIATE_ATTR -t ATTR -V "$ISSUER_KEY" -e 5m -c test_credential_lookup.conf + +AUTHORITY_ATTR="test" +gnunet-namestore -p -z testauthority -a -n $AUTHORITY_ATTR -t ATTR -V "$INTERMEDIATE_KEY $INTERMEDIATE_ATTR.$TEST_ATTR" -e 5m -c test_credential_lookup.conf + +#TODO2 Add -z swich like in gnunet-gns +#RES_CRED=`$DO_TIMEOUT gnunet-credential --verify --issuer=$ISSUER_KEY --attribute="$TEST_ATTR" --subject=$SUBJECT_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf` +valgrind gnunet-credential --verify --issuer=$AUTHORITY_KEY --attribute=$AUTHORITY_ATTR --subject=$SUBJECT_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf + +#TODO cleanup properly +gnunet-namestore -z testsubject -d -n $TEST_CREDENTIAL -t CRED -e never -c test_credential_lookup.conf +gnunet-arm -e -c test_credential_lookup.conf + +#TODO3 proper test +exit 0 + +if [ "$RES_CRED" == "Ok!" ] +then + exit 0 +else + echo "FAIL: Failed to verify credential $RES_IP." + exit 1 +fi -- cgit v1.2.3 From 10b2bbf99b0dc611a735ad0a04d3ab5109a090f0 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Tue, 6 Dec 2016 10:09:21 +0100 Subject: -add expiration to cred --- src/credential/credential_api.c | 22 +++++++----------- src/credential/gnunet-credential.c | 34 +++++++++++++++++++++++++++- src/credential/gnunet-service-credential.c | 1 + src/credential/plugin_gnsrecord_credential.c | 19 +++++++++++++--- src/credential/test_credential_issue.sh | 2 +- src/include/gnunet_credential_service.h | 8 ++++++- 6 files changed, 66 insertions(+), 20 deletions(-) diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index 3be2d8bbb..eb7af5b53 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c @@ -425,35 +425,29 @@ struct GNUNET_CREDENTIAL_CredentialRecordData * GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle, const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, struct GNUNET_CRYPTO_EcdsaPublicKey *subject, - const char *attribute) + const char *attribute, + struct GNUNET_TIME_Absolute *expiration) { struct GNUNET_CREDENTIAL_CredentialRecordData *crd; - struct GNUNET_CRYPTO_EccSignaturePurpose *purp; crd = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (attribute) + 1); - purp = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + - strlen (attribute) + 1); - purp->size = htonl (strlen (attribute) + 1 + + crd->purpose.size = htonl (strlen (attribute) + 1 + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + - sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose)); + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + + sizeof (uint64_t)); - purp->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); + crd->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); GNUNET_CRYPTO_ecdsa_key_get_public (issuer, &crd->issuer_key); crd->subject_key = *subject; + crd->expiration = GNUNET_htonll (expiration->abs_value_us); GNUNET_memcpy (&crd[1], attribute, strlen (attribute)); - GNUNET_memcpy (&purp[1], - subject, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - GNUNET_memcpy (&purp[1] + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), - attribute, - strlen (attribute)); if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_sign (issuer, - purp, + &crd->purpose, &crd->sig)) { GNUNET_break (0); diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index a7b92447b..a2d494f2a 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c @@ -67,6 +67,11 @@ static char *subject_key; */ static char *subject_credential; +/** + * Credential TTL + */ +static char *expiration; + /** * Subject key */ @@ -180,6 +185,8 @@ identity_cb (void *cls, { const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; struct GNUNET_CREDENTIAL_CredentialRecordData *crd; + struct GNUNET_TIME_Absolute etime_abs; + struct GNUNET_TIME_Relative etime_rel; char *res; el = NULL; @@ -194,13 +201,35 @@ identity_cb (void *cls, GNUNET_SCHEDULER_shutdown (); return; } + if (NULL == expiration) + { + fprintf (stderr, + "Please specify a TTL\n"); + GNUNET_SCHEDULER_shutdown (); + return; + } else if (GNUNET_OK == GNUNET_STRINGS_fancy_time_to_relative (expiration, + &etime_rel)) + { + etime_abs = GNUNET_TIME_relative_to_absolute (etime_rel); + } else if (GNUNET_OK != GNUNET_STRINGS_fancy_time_to_absolute (expiration, + &etime_abs)) + { + fprintf (stderr, + "%s is not a valid ttl!\n", + expiration); + GNUNET_SCHEDULER_shutdown (); + return; + } + + privkey = GNUNET_IDENTITY_ego_get_private_key (ego); GNUNET_free_non_null (issuer_ego_name); issuer_ego_name = NULL; crd = GNUNET_CREDENTIAL_issue (credential, privkey, &subject_pkey, - issuer_attr); + issuer_attr, + &etime_abs); res = GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_CREDENTIAL, crd, sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (issuer_attr) + 1); @@ -353,6 +382,9 @@ main (int argc, char *const *argv) {'a', "attribute", "ATTR", gettext_noop ("The issuer attribute to verify against or to issue"), 1, &GNUNET_GETOPT_set_string, &issuer_attr}, + {'T', "ttl", "EXP", + gettext_noop ("The time to live for the credential"), 1, + &GNUNET_GETOPT_set_string, &expiration}, GNUNET_GETOPT_OPTION_END }; int ret; diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index 792d8741e..7f18c77f6 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -327,6 +327,7 @@ send_lookup_response (void* cls, const struct GNUNET_CREDENTIAL_CredentialRecordData *crd; struct GNUNET_CRYPTO_EccSignaturePurpose *purp; struct CredentialRecordEntry *cr_entry; + uint32_t cred_verified; cred_record_count = 0; struct AttributeRecordEntry *attr_entry; diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index f6aec9bcc..60b677a4e 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c @@ -74,10 +74,13 @@ credential_value_to_string (void *cls, case GNUNET_GNSRECORD_TYPE_CREDENTIAL: { struct GNUNET_CREDENTIAL_CredentialRecordData cred; + struct GNUNET_TIME_Absolute etime_abs; char *cred_str; char *subject_pkey; char *issuer_pkey; char *signature; + const char *expiration; + if (data_size < sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData)) return NULL; /* malformed */ @@ -87,14 +90,17 @@ credential_value_to_string (void *cls, cdata = data; subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.subject_key); issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.issuer_key); + etime_abs.abs_value_us = GNUNET_ntohll(cred.expiration); + expiration = GNUNET_STRINGS_absolute_time_to_string (etime_abs); GNUNET_STRINGS_base64_encode ((char*)&cred.sig, sizeof (struct GNUNET_CRYPTO_EcdsaSignature), &signature); GNUNET_asprintf (&cred_str, - "%s.%s -> %s sig:%s", + "%s.%s -> %s exp:%s sig:%s", issuer_pkey, &cdata[sizeof (cred)], subject_pkey, + expiration, signature); GNUNET_free (subject_pkey); GNUNET_free (issuer_pkey); @@ -141,13 +147,17 @@ credential_string_to_value (void *cls, char issuer_pkey[enclen + 1]; char name[253 + 1]; char signature[128]; //TODO max payload size + char expiration[256]; + struct GNUNET_CRYPTO_EcdsaSignature *sig; + struct GNUNET_TIME_Absolute etime_abs; - if (4 != SSCANF (s, - "%52s.%253s -> %52s sig:%s", + if (5 != SSCANF (s, + "%52s.%253s -> %52s exp:%255s sig:%127s", issuer_pkey, name, subject_pkey, + expiration, signature)) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, @@ -163,10 +173,13 @@ credential_string_to_value (void *cls, GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_pkey, strlen (issuer_pkey), &cred->issuer_key); + GNUNET_STRINGS_fancy_time_to_absolute (expiration, + &etime_abs); GNUNET_STRINGS_base64_decode (signature, strlen (signature), (char**)&sig); cred->sig = *sig; + cred->expiration = htonl (etime_abs.abs_value_us); GNUNET_free (sig); GNUNET_memcpy (&cred[1], name, diff --git a/src/credential/test_credential_issue.sh b/src/credential/test_credential_issue.sh index 95eac2957..4d1ba67c7 100755 --- a/src/credential/test_credential_issue.sh +++ b/src/credential/test_credential_issue.sh @@ -29,7 +29,7 @@ gnunet-identity -C testsubject -c test_credential_lookup.conf SUBJECT_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testsubject | awk '{print $3}') ISSUER_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testissuer | awk '{print $3}') #TODO1 Get credential and store it with subject (3) -$DO_TIMEOUT gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR -c test_credential_lookup.conf +$DO_TIMEOUT valgrind gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR --ttl=5m -c test_credential_lookup.conf STATUS=$? gnunet-arm -e -c test_credential_lookup.conf diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h index 151587768..a7de3c822 100644 --- a/src/include/gnunet_credential_service.h +++ b/src/include/gnunet_credential_service.h @@ -83,6 +83,10 @@ struct GNUNET_CREDENTIAL_CredentialRecordData { */ struct GNUNET_CRYPTO_EcdsaSignature sig; + /** + * Signature meta + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; /** * Public key of the issuer @@ -250,13 +254,15 @@ GNUNET_CREDENTIAL_remove_delegation (struct GNUNET_CREDENTIAL_Handle *handle, * @param issuer the ego that should be used to issue the attribute * @param subject the subject of the attribute * @param attribute the name of the attribute + * @param expiration the TTL of the credential * @return handle to the queued request */ struct GNUNET_CREDENTIAL_CredentialRecordData * GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle, const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, struct GNUNET_CRYPTO_EcdsaPublicKey *subject, - const char *attribute); + const char *attribute, + struct GNUNET_TIME_Absolute *expiration); /** -- cgit v1.2.3 From 97b457f5cbb8d4aeb7942ae23dc6dad84db30638 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Tue, 6 Dec 2016 10:13:30 +0100 Subject: -fix --- src/credential/gnunet-service-credential.c | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index 7f18c77f6..ec84d18a6 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -325,7 +325,6 @@ send_lookup_response (void* cls, struct GNUNET_MQ_Envelope *env; struct VerifyResultMessage *rmsg; const struct GNUNET_CREDENTIAL_CredentialRecordData *crd; - struct GNUNET_CRYPTO_EccSignaturePurpose *purp; struct CredentialRecordEntry *cr_entry; uint32_t cred_verified; @@ -359,23 +358,13 @@ send_lookup_response (void* cls, GNUNET_CONTAINER_DLL_insert_tail (vrh->cred_chain_head, vrh->cred_chain_tail, cr_entry); - purp = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + - strlen ((char*)&crd[1]) +1 ); - purp->size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + - strlen ((char*)&crd[1]) +1 ); - - purp->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); if(GNUNET_OK == GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL, - purp, + &crd->purpose, &crd->sig, &crd->issuer_key)) { - GNUNET_free (purp); break; } - GNUNET_free (purp); } -- cgit v1.2.3 From c0ccc8d723c94c6f9dbde6ed1e0ee6579989750c Mon Sep 17 00:00:00 2001 From: Adnan H Date: Tue, 6 Dec 2016 10:51:58 +0100 Subject: - minor fixes --- src/credential/gnunet-service-credential.c | 72 ++++++++++++++++-------------- 1 file changed, 38 insertions(+), 34 deletions(-) diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index 792d8741e..a4686e635 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -265,45 +265,46 @@ start_backward_resolution (void* cls, struct CredentialRecordEntry *cred_pointer; const char *attribute; const char *cred_attribute; - char *issuer_key; - char *cred_issuer_key; - const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key_ecdsa; - const struct GNUNET_CRYPTO_EcdsaPublicKey *cred_issuer_key_ecdsa; for(cred_pointer = vrh->cred_chain_head; cred_pointer != NULL; cred_pointer = cred_pointer->next){ cred = &cred_pointer->record_data; - issuer_key_ecdsa = &vrh->attr_pointer->record_data.subject_key; - cred_issuer_key_ecdsa = &cred_pointer->record_data.issuer_key; - issuer_key = GNUNET_CRYPTO_ecdsa_public_key_to_string(issuer_key_ecdsa); - cred_issuer_key = GNUNET_CRYPTO_ecdsa_public_key_to_string(cred_issuer_key_ecdsa); - if(0 == strcmp(issuer_key,cred_issuer_key)) - { + if(0 == memcmp (&vrh->attr_pointer->record_data.subject_key, + &cred_pointer->record_data.issuer_key, + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))){ + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found issuer\n"); - } + + } + + + } - - + + //Start from next to head - for(vrh->attr_pointer = vrh->attr_queue_head->next ; vrh->attr_pointer->next != NULL ; - vrh->attr_pointer = vrh->attr_pointer->next ){ + vrh->attr_pointer = vrh->attr_pointer->next; + + + if(vrh->attr_pointer->next != NULL){ //Start with backward resolution - GNUNET_GNS_lookup (gns, - vrh->issuer_attribute, - &vrh->issuer_key, //issuer_key, - GNUNET_GNSRECORD_TYPE_ATTRIBUTE, - GNUNET_GNS_LO_DEFAULT, - NULL, //shorten_key, always NULL - &start_backward_resolution, - vrh); + vrh->lookup_request = GNUNET_GNS_lookup (gns, + vrh->issuer_attribute, + &vrh->issuer_key, //issuer_key, + GNUNET_GNSRECORD_TYPE_ATTRIBUTE, + GNUNET_GNS_LO_DEFAULT, + NULL, //shorten_key, always NULL + &start_backward_resolution, + vrh); } + } /** @@ -327,13 +328,14 @@ send_lookup_response (void* cls, const struct GNUNET_CREDENTIAL_CredentialRecordData *crd; struct GNUNET_CRYPTO_EccSignaturePurpose *purp; struct CredentialRecordEntry *cr_entry; + uint32_t cred_verified; cred_record_count = 0; struct AttributeRecordEntry *attr_entry; struct GNUNET_CREDENTIAL_AttributeRecordData *ard = GNUNET_new(struct GNUNET_CREDENTIAL_AttributeRecordData); - + attr_entry->record_data = *ard; ard->subject_key = vrh->issuer_key; GNUNET_CONTAINER_DLL_insert_tail (vrh->attr_queue_head, @@ -386,17 +388,19 @@ send_lookup_response (void* cls, if(cred_verified != GNUNET_YES){ - vrh->attr_pointer = vrh->attr_queue_head; + vrh->attr_pointer = vrh->attr_pointer->next; + if(vrh->attr_pointer != NULL){ - //Start with backward resolution - GNUNET_GNS_lookup (gns, - vrh->issuer_attribute, - &vrh->issuer_key, //issuer_key, - GNUNET_GNSRECORD_TYPE_ATTRIBUTE, - GNUNET_GNS_LO_DEFAULT, - NULL, //shorten_key, always NULL - &start_backward_resolution, - vrh); + //Start with backward resolution + GNUNET_GNS_lookup (gns, + vrh->issuer_attribute, + &vrh->issuer_key, //issuer_key, + GNUNET_GNSRECORD_TYPE_ATTRIBUTE, + GNUNET_GNS_LO_DEFAULT, + NULL, //shorten_key, always NULL + &start_backward_resolution, + vrh); + } } -- cgit v1.2.3 From 14045cba92ab8167e1371f2e2447a5bcdd71f12a Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Tue, 6 Dec 2016 10:58:37 +0100 Subject: -fix --- src/credential/plugin_gnsrecord_credential.c | 23 ++++++++++++++--------- src/credential/test_credential_issue.sh | 12 ++++++++++-- 2 files changed, 24 insertions(+), 11 deletions(-) diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index 60b677a4e..93d8b8e83 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c @@ -29,6 +29,7 @@ #include "gnunet_gnsrecord_lib.h" #include "gnunet_credential_service.h" #include "gnunet_gnsrecord_plugin.h" +#include "gnunet_signatures.h" /** @@ -96,12 +97,12 @@ credential_value_to_string (void *cls, sizeof (struct GNUNET_CRYPTO_EcdsaSignature), &signature); GNUNET_asprintf (&cred_str, - "%s.%s -> %s exp:%s sig:%s", + "%s.%s -> %s | %s | %s", issuer_pkey, &cdata[sizeof (cred)], subject_pkey, - expiration, - signature); + signature, + expiration); GNUNET_free (subject_pkey); GNUNET_free (issuer_pkey); GNUNET_free (signature); @@ -153,18 +154,21 @@ credential_string_to_value (void *cls, struct GNUNET_TIME_Absolute etime_abs; if (5 != SSCANF (s, - "%52s.%253s -> %52s exp:%255s sig:%127s", + "%52s.%253s -> %52s | %s | %255[0-9a-zA-Z: ]", issuer_pkey, name, subject_pkey, - expiration, - signature)) + signature, + expiration)) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, _("Unable to parse CRED record string `%s'\n"), s); return GNUNET_SYSERR; } + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Found %s, %s, %s, %s, %s\n", + issuer_pkey, name, subject_pkey, signature, expiration); *data_size = sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (name) + 1; *data = cred = GNUNET_malloc (*data_size); GNUNET_CRYPTO_ecdsa_public_key_from_string (subject_pkey, @@ -179,15 +183,16 @@ credential_string_to_value (void *cls, strlen (signature), (char**)&sig); cred->sig = *sig; - cred->expiration = htonl (etime_abs.abs_value_us); + cred->expiration = GNUNET_htonll (etime_abs.abs_value_us); + cred->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); + cred->purpose.size = strlen (name) + 1 + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + sizeof (uint64_t); GNUNET_free (sig); GNUNET_memcpy (&cred[1], name, strlen (name)); - *data = GNUNET_strdup (s); - *data_size = strlen (s); return GNUNET_OK; } default: diff --git a/src/credential/test_credential_issue.sh b/src/credential/test_credential_issue.sh index 4d1ba67c7..b2ced204a 100755 --- a/src/credential/test_credential_issue.sh +++ b/src/credential/test_credential_issue.sh @@ -29,8 +29,16 @@ gnunet-identity -C testsubject -c test_credential_lookup.conf SUBJECT_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testsubject | awk '{print $3}') ISSUER_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testissuer | awk '{print $3}') #TODO1 Get credential and store it with subject (3) -$DO_TIMEOUT valgrind gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR --ttl=5m -c test_credential_lookup.conf +CRED=`$DO_TIMEOUT gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR --ttl=5m -c test_credential_lookup.conf` STATUS=$? +if test $? != 0 +then + echo "Error issuing..." + exit 1 +fi +#Try import +$DO_TIMEOUT gnunet-namestore -a -z testsubject -n c1 -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf + gnunet-arm -e -c test_credential_lookup.conf -exit $STATUS +exit $? -- cgit v1.2.3 From 1be263982990fc0650c30fb5f758d4100540561d Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Tue, 6 Dec 2016 22:21:49 +0100 Subject: - add simple verification --- src/credential/credential.h | 8 +- src/credential/credential_api.c | 17 +- src/credential/gnunet-credential.c | 7 +- src/credential/gnunet-service-credential.c | 221 ++++++++++++++---------- src/credential/plugin_gnsrecord_credential.c | 3 - src/credential/test_credential_verify_simple.sh | 8 +- src/include/gnunet_credential_service.h | 5 +- 7 files changed, 163 insertions(+), 106 deletions(-) diff --git a/src/credential/credential.h b/src/credential/credential.h index 8b5cf6db9..d52776cfa 100644 --- a/src/credential/credential.h +++ b/src/credential/credential.h @@ -83,12 +83,16 @@ struct VerifyResultMessage * Unique identifier for this request (for key collisions). */ uint32_t id GNUNET_PACKED; - + + /** + * Indicates if credential has been found at all + */ + uint32_t cred_found GNUNET_PACKED; /** * The number of credentials in the response */ - uint32_t ad_count GNUNET_PACKED; + uint32_t cd_count GNUNET_PACKED; /* followed by ad_count GNUNET_CREDENTIAL_RecordData structs*/ diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index eb7af5b53..5bc1e52f1 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c @@ -236,9 +236,18 @@ handle_result (void *cls, rd_count, rd)); */ - proc (proc_cls, - NULL, - GNUNET_NO); // TODO + if (GNUNET_NO == ntohl (vr_msg->cred_found)) + { + proc (proc_cls, + NULL, + 0, + NULL); // TODO + } else { + proc (proc_cls, + (struct GNUNET_CREDENTIAL_CredentialRecordData*) &vr_msg[1], + 0, + NULL); + } } @@ -254,7 +263,7 @@ reconnect (struct GNUNET_CREDENTIAL_Handle *handle) GNUNET_MQ_hd_var_size (result, GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT, struct VerifyResultMessage, - NULL), + handle), GNUNET_MQ_handler_end () }; struct GNUNET_CREDENTIAL_Request *vr; diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index a2d494f2a..d728f533d 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c @@ -157,13 +157,14 @@ do_timeout (void *cls) */ static void handle_verify_result (void *cls, - struct GNUNET_CRYPTO_EcdsaPublicKey *issuer, - uint32_t status) + struct GNUNET_CREDENTIAL_CredentialRecordData *cred, + uint32_t delegation_count, + struct GNUNET_CREDENTIAL_AttributeRecordData *deleg) { verify_request = NULL; - if (GNUNET_NO == status) + if (NULL == cred) printf ("Verify failed.\n"); else printf ("Successful.\n"); diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index ce040fe2b..4f06806d1 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -63,6 +63,11 @@ struct CredentialRecordEntry * Payload */ struct GNUNET_CREDENTIAL_CredentialRecordData record_data; + + /** + * Size + */ + uint64_t record_data_size; }; /** @@ -139,6 +144,11 @@ struct VerifyRequestHandle */ struct CredentialRecordEntry *cred_chain_tail; + /** + * Number of chain entries + */ + uint32_t cred_chain_entries; + /** * Attribute Queue */ @@ -152,7 +162,17 @@ struct VerifyRequestHandle /** * Current Attribute Pointer */ - struct AttributeRecordEntry* attr_pointer; + struct AttributeRecordEntry* attr_pointer; + + /** + * The found credential + */ + struct GNUNET_CREDENTIAL_CredentialRecordData *credential; + + /** + * Length of the credential + */ + uint32_t credential_size; /** * request id @@ -206,7 +226,11 @@ shutdown_task (void *cls) GNUNET_free (vrh); } - + if (NULL != gns) + { + GNUNET_GNS_disconnect (gns); + gns = NULL; + } if (NULL != statistics) { GNUNET_STATISTICS_destroy (statistics, @@ -259,28 +283,20 @@ start_backward_resolution (void* cls, const struct GNUNET_GNSRECORD_Data *rd) { struct VerifyRequestHandle *vrh = cls; - int i; struct GNUNET_CREDENTIAL_CredentialRecordData *cred; - struct GNUNET_CREDENTIAL_AttributeRecordData *attr; struct CredentialRecordEntry *cred_pointer; - const char *attribute; - const char *cred_attribute; for(cred_pointer = vrh->cred_chain_head; cred_pointer != NULL; cred_pointer = cred_pointer->next){ cred = &cred_pointer->record_data; - if(0 == memcmp (&vrh->attr_pointer->record_data.subject_key, + if(0 != memcmp (&vrh->attr_pointer->record_data.subject_key, &cred_pointer->record_data.issuer_key, - sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))){ - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Found issuer\n"); - - } + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))) + continue; - - + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Found issuer\n"); } @@ -307,6 +323,77 @@ start_backward_resolution (void* cls, } + +/** + * Send. + * + * @param handle the handle to the request + */ +static void +send_lookup_response (struct VerifyRequestHandle *vrh) +{ + size_t len; + struct GNUNET_MQ_Envelope *env; + struct VerifyResultMessage *rmsg; + struct CredentialRecordEntry *cr_entry; + uint32_t cred_verified; + + + /** + * Get serialized record data size + */ + len = vrh->credential_size; //TODO max length of attr + + //TODO add attr chain + /** + * Prepare a lookup result response message for the client + */ + env = GNUNET_MQ_msg_extra (rmsg, + len, + GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT); + //Assign id so that client can find associated request + rmsg->id = vrh->request_id; + rmsg->cd_count = htonl (vrh->cred_chain_entries); + + /** + * Get serialized record data + * Append at the end of rmsg + */ + rmsg->cred_found = htonl (GNUNET_NO); + if (NULL != vrh->credential) + { + memcpy (&rmsg[1], + vrh->credential, + vrh->credential_size); + rmsg->cred_found = htonl (GNUNET_YES); + } + + /*char* tmp_entry = (char*)&rmsg[1]; + for (cr_entry = vrh->cred_chain_head; NULL != cr_entry; cr_entry = cr_entry->next) + { + memcpy (tmp_entry, + &cr_entry->record_data, + cr_entry->record_data_size); + tmp_entry += cr_entry->record_data_size; + }*/ + GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(vrh->client), + env); + + GNUNET_CONTAINER_DLL_remove (vrh_head, vrh_tail, vrh); + + /** + * TODO: + * - Free DLL + * - Refactor into cleanup_handle() function for this + */ + GNUNET_free (vrh); + + GNUNET_STATISTICS_update (statistics, + "Completed verifications", 1, + GNUNET_NO); +} + + /** * Result from GNS lookup. * @@ -315,31 +402,18 @@ start_backward_resolution (void* cls, * @param rd the record data */ static void -send_lookup_response (void* cls, +handle_credential_query (void* cls, uint32_t rd_count, const struct GNUNET_GNSRECORD_Data *rd) { struct VerifyRequestHandle *vrh = cls; - size_t len; - int i; int cred_record_count; - struct GNUNET_MQ_Envelope *env; - struct VerifyResultMessage *rmsg; + int i; const struct GNUNET_CREDENTIAL_CredentialRecordData *crd; struct CredentialRecordEntry *cr_entry; uint32_t cred_verified; cred_record_count = 0; - struct AttributeRecordEntry *attr_entry; - - struct GNUNET_CREDENTIAL_AttributeRecordData *ard = - GNUNET_new(struct GNUNET_CREDENTIAL_AttributeRecordData); - - attr_entry->record_data = *ard; - ard->subject_key = vrh->issuer_key; - GNUNET_CONTAINER_DLL_insert_tail (vrh->attr_queue_head, - vrh->attr_queue_tail, - attr_entry); for (i=0; i < rd_count; i++) { if (GNUNET_GNSRECORD_TYPE_CREDENTIAL != rd[i].record_type) @@ -356,19 +430,37 @@ send_lookup_response (void* cls, */ cr_entry = GNUNET_new (struct CredentialRecordEntry); cr_entry->record_data = *crd; + cr_entry->record_data_size = rd[i].data_size; GNUNET_CONTAINER_DLL_insert_tail (vrh->cred_chain_head, vrh->cred_chain_tail, cr_entry); - if(GNUNET_OK == GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL, + /*if(GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL, &crd->purpose, &crd->sig, &crd->issuer_key)) { - break; - } + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "Invalid credential found\n"); + continue; + }*/ + if (0 != memcmp (&crd->issuer_key, + &vrh->issuer_key, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) + continue; + if (0 != strcmp ((char*)&crd[1], vrh->issuer_attribute)) + continue; + vrh->credential = GNUNET_malloc (rd[i].data_size); + memcpy (vrh->credential, + rd[i].data, + rd[i].data_size); + vrh->credential_size = rd[i].data_size; + //Found match prematurely + send_lookup_response (vrh); + return; } + GNUNET_break (0); //TODO remove when implemented /** * Check for attributes from the issuer and follow the chain @@ -403,56 +495,9 @@ send_lookup_response (void* cls, * - return one found credential chain * */ - - /** - * Get serialized record data size - */ - len = cred_record_count * sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData); - - /** - * Prepare a lookup result response message for the client - */ - env = GNUNET_MQ_msg_extra (rmsg, - len, - GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT); - //Assign id so that client can find associated request - rmsg->id = vrh->request_id; - rmsg->ad_count = htonl (cred_record_count); - - /** - * Get serialized record data - * Append at the end of rmsg - */ - i = 0; - struct GNUNET_CREDENTIAL_CredentialRecordData *tmp_record = (struct GNUNET_CREDENTIAL_CredentialRecordData*) &rmsg[1]; - for (cr_entry = vrh->cred_chain_head; NULL != cr_entry; cr_entry = cr_entry->next) - { - memcpy (tmp_record, - &cr_entry->record_data, - sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData)); - tmp_record++; - } - GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(vrh->client), - env); - - GNUNET_CONTAINER_DLL_remove (vrh_head, vrh_tail, vrh); - - /** - * TODO: - * - Free DLL - * - Refactor into cleanup_handle() function for this - */ - GNUNET_free (vrh); - - GNUNET_STATISTICS_update (statistics, - "Completed verifications", 1, - GNUNET_NO); - GNUNET_STATISTICS_update (statistics, - "Credentials resolved", - rd_count, - GNUNET_NO); } + /** * Handle Credential verification requests from client * @@ -466,7 +511,7 @@ handle_verify (void *cls, { char attrs[GNUNET_CREDENTIAL_MAX_LENGTH*2 + 1]; char issuer_attribute[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; - char subject_attribute[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; + char subject_attribute[GNUNET_CREDENTIAL_MAX_LENGTH + 1 + 4]; struct VerifyRequestHandle *vrh; struct GNUNET_SERVICE_Client *client = cls; char *attrptr = attrs; @@ -481,27 +526,29 @@ handle_verify (void *cls, GNUNET_memcpy (issuer_attribute, attrs, ntohs (v_msg->issuer_attribute_len)); issuer_attribute[ntohs (v_msg->issuer_attribute_len)] = '\0'; GNUNET_memcpy (subject_attribute, attrs+strlen(issuer_attribute), ntohs (v_msg->subject_attribute_len)); - subject_attribute[ntohs (v_msg->subject_attribute_len)] = '\0'; + strcpy (subject_attribute+ntohs (v_msg->subject_attribute_len), + ".gnu"); + subject_attribute[ntohs (v_msg->subject_attribute_len)+4] = '\0'; vrh = GNUNET_new (struct VerifyRequestHandle); GNUNET_CONTAINER_DLL_insert (vrh_head, vrh_tail, vrh); vrh->client = client; vrh->request_id = v_msg->id; vrh->issuer_key = v_msg->issuer_key; vrh->subject_key = v_msg->subject_key; - vrh->issuer_attribute = issuer_attribute; + vrh->issuer_attribute = GNUNET_strdup (issuer_attribute); if (NULL == subject_attribute) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No subject attribute provided!\n"); - send_lookup_response (vrh, 0, NULL); + send_lookup_response (vrh); return; } if (NULL == issuer_attribute) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No issuer attribute provided!\n"); - send_lookup_response (vrh, 0, NULL); + send_lookup_response (vrh); return; } /** @@ -513,7 +560,7 @@ handle_verify (void *cls, GNUNET_GNSRECORD_TYPE_CREDENTIAL, GNUNET_GNS_LO_DEFAULT, NULL, //shorten_key, always NULL - &send_lookup_response, + &handle_credential_query, vrh); } diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index 93d8b8e83..ff95ec119 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c @@ -166,9 +166,6 @@ credential_string_to_value (void *cls, s); return GNUNET_SYSERR; } - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Found %s, %s, %s, %s, %s\n", - issuer_pkey, name, subject_pkey, signature, expiration); *data_size = sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (name) + 1; *data = cred = GNUNET_malloc (*data_size); GNUNET_CRYPTO_ecdsa_public_key_from_string (subject_pkey, diff --git a/src/credential/test_credential_verify_simple.sh b/src/credential/test_credential_verify_simple.sh index 73ea24137..ce0a2207a 100755 --- a/src/credential/test_credential_verify_simple.sh +++ b/src/credential/test_credential_verify_simple.sh @@ -26,14 +26,14 @@ gnunet-identity -C testsubject -c test_credential_lookup.conf TEST_ATTR="user" SUBJECT_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testsubject | awk '{print $3}') ISSUER_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testissuer | awk '{print $3}') -CRED=`$DO_TIMEOUT gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR -c test_credential_lookup.conf` +CRED=`$DO_TIMEOUT gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR --ttl=5m -c test_credential_lookup.conf` TEST_CREDENTIAL="t1" gnunet-namestore -p -z testsubject -a -n $TEST_CREDENTIAL -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf #TODO2 Add -z swich like in gnunet-gns #RES_CRED=`$DO_TIMEOUT gnunet-credential --verify --issuer=$ISSUER_KEY --attribute="$TEST_ATTR" --subject=$SUBJECT_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf` -valgrind gnunet-credential --verify --issuer=$ISSUER_KEY --attribute=$TEST_ATTR --subject=$SUBJECT_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf +RES_CRED=`gnunet-credential --verify --issuer=$ISSUER_KEY --attribute=$TEST_ATTR --subject=$SUBJECT_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf` #TODO cleanup properly gnunet-namestore -z testsubject -d -n $TEST_CREDENTIAL -t CRED -e never -c test_credential_lookup.conf @@ -41,9 +41,7 @@ gnunet-identity -D testsubject -c test_credential_lookup.conf gnunet-arm -e -c test_credential_lookup.conf #TODO3 proper test -exit 0 - -if [ "$RES_CRED" == "Ok!" ] +if [ "$RES_CRED" == "Successful." ] then exit 0 else diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h index a7de3c822..f7b09b3ff 100644 --- a/src/include/gnunet_credential_service.h +++ b/src/include/gnunet_credential_service.h @@ -159,8 +159,9 @@ GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle); * @param rd the records in reply */ typedef void (*GNUNET_CREDENTIAL_VerifyResultProcessor) (void *cls, - struct GNUNET_CRYPTO_EcdsaPublicKey *issuer, - uint32_t result); + struct GNUNET_CREDENTIAL_CredentialRecordData *credential, + uint32_t delegation_length, + struct GNUNET_CREDENTIAL_AttributeRecordData *delegation_chain); /** * Iterator called on obtained result for an attribute delegation. -- cgit v1.2.3 From 68f5813fdac760d6bc8d832b298f2621bc0e7023 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Wed, 7 Dec 2016 10:53:45 +0100 Subject: - add signature check --- src/credential/gnunet-service-credential.c | 4 ++-- src/credential/plugin_gnsrecord_credential.c | 4 ++-- src/credential/test_credential_verify_simple.sh | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index 4f06806d1..272ccebdf 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -434,7 +434,7 @@ handle_credential_query (void* cls, GNUNET_CONTAINER_DLL_insert_tail (vrh->cred_chain_head, vrh->cred_chain_tail, cr_entry); - /*if(GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL, + if(GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL, &crd->purpose, &crd->sig, &crd->issuer_key)) @@ -442,7 +442,7 @@ handle_credential_query (void* cls, GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Invalid credential found\n"); continue; - }*/ + } if (0 != memcmp (&crd->issuer_key, &vrh->issuer_key, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index ff95ec119..90ac393d0 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c @@ -182,8 +182,8 @@ credential_string_to_value (void *cls, cred->sig = *sig; cred->expiration = GNUNET_htonll (etime_abs.abs_value_us); cred->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); - cred->purpose.size = strlen (name) + 1 + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + sizeof (uint64_t); + cred->purpose.size = htonl (strlen (name) + 1 + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + sizeof (uint64_t)); GNUNET_free (sig); GNUNET_memcpy (&cred[1], name, diff --git a/src/credential/test_credential_verify_simple.sh b/src/credential/test_credential_verify_simple.sh index ce0a2207a..2fac4659e 100755 --- a/src/credential/test_credential_verify_simple.sh +++ b/src/credential/test_credential_verify_simple.sh @@ -19,7 +19,7 @@ rm -rf `gnunet-config -c test_credential_lookup.conf -s PATHS -o GNUNET_HOME -f` which timeout &> /dev/null && DO_TIMEOUT="timeout 30" -gnunet-arm -s -c test_credential_lookup.conf +#gnunet-arm -s -c test_credential_lookup.conf gnunet-identity -C testissuer -c test_credential_lookup.conf gnunet-identity -C testsubject -c test_credential_lookup.conf @@ -45,6 +45,6 @@ if [ "$RES_CRED" == "Successful." ] then exit 0 else - echo "FAIL: Failed to verify credential $RES_IP." + echo "FAIL: Failed to verify credential." exit 1 fi -- cgit v1.2.3 From 3ea628e269dc3ebec59336cfb2f883161a031662 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Wed, 7 Dec 2016 11:46:41 +0100 Subject: -start delegation; cleanup --- src/credential/gnunet-service-credential.c | 244 +++++++++++++++++------------ 1 file changed, 141 insertions(+), 103 deletions(-) diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index 272ccebdf..662c26a5e 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -62,34 +62,44 @@ struct CredentialRecordEntry /** * Payload */ - struct GNUNET_CREDENTIAL_CredentialRecordData record_data; + struct GNUNET_CREDENTIAL_CredentialRecordData *data; /** * Size */ - uint64_t record_data_size; + uint64_t data_size; }; /** * DLL for attributes - Used as a queue * Insert tail - Pop head */ -struct AttributeRecordEntry +struct AttributeQueueEntry { /** * DLL */ - struct AttributeRecordEntry *next; + struct AttributeQueueEntry *next; /** * DLL */ - struct AttributeRecordEntry *prev; + struct AttributeQueueEntry *prev; /** * Payload */ - struct GNUNET_CREDENTIAL_AttributeRecordData record_data; + struct GNUNET_CREDENTIAL_AttributeRecordData *data; + + /** + * Size + */ + uint64_t data_size; + + /** + * Parent attribute delegation + */ + struct AttributeQueueEntry *parent; }; @@ -152,17 +162,17 @@ struct VerifyRequestHandle /** * Attribute Queue */ - struct AttributeRecordEntry *attr_queue_head; + struct AttributeQueueEntry *attr_queue_head; /** * Attribute Queue */ - struct AttributeRecordEntry *attr_queue_tail; + struct AttributeQueueEntry *attr_queue_tail; /** * Current Attribute Pointer */ - struct AttributeRecordEntry* attr_pointer; + struct AttributeQueueEntry *current_attribute; /** * The found credential @@ -277,53 +287,6 @@ check_verify (void *cls, return GNUNET_OK; } -static void -start_backward_resolution (void* cls, - uint32_t rd_count, - const struct GNUNET_GNSRECORD_Data *rd) -{ - struct VerifyRequestHandle *vrh = cls; - struct GNUNET_CREDENTIAL_CredentialRecordData *cred; - struct CredentialRecordEntry *cred_pointer; - - for(cred_pointer = vrh->cred_chain_head; cred_pointer != NULL; - cred_pointer = cred_pointer->next){ - cred = &cred_pointer->record_data; - - if(0 != memcmp (&vrh->attr_pointer->record_data.subject_key, - &cred_pointer->record_data.issuer_key, - sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))) - continue; - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Found issuer\n"); - - } - - - - //Start from next to head - vrh->attr_pointer = vrh->attr_pointer->next; - - - - if(vrh->attr_pointer->next != NULL){ - //Start with backward resolution - vrh->lookup_request = GNUNET_GNS_lookup (gns, - vrh->issuer_attribute, - &vrh->issuer_key, //issuer_key, - GNUNET_GNSRECORD_TYPE_ATTRIBUTE, - GNUNET_GNS_LO_DEFAULT, - NULL, //shorten_key, always NULL - &start_backward_resolution, - vrh); - } - - - -} - - /** * Send. * @@ -335,9 +298,6 @@ send_lookup_response (struct VerifyRequestHandle *vrh) size_t len; struct GNUNET_MQ_Envelope *env; struct VerifyResultMessage *rmsg; - struct CredentialRecordEntry *cr_entry; - uint32_t cred_verified; - /** * Get serialized record data size @@ -369,13 +329,13 @@ send_lookup_response (struct VerifyRequestHandle *vrh) } /*char* tmp_entry = (char*)&rmsg[1]; - for (cr_entry = vrh->cred_chain_head; NULL != cr_entry; cr_entry = cr_entry->next) - { + for (cr_entry = vrh->cred_chain_head; NULL != cr_entry; cr_entry = cr_entry->next) + { memcpy (tmp_entry, - &cr_entry->record_data, - cr_entry->record_data_size); + &cr_entry->record_data, + cr_entry->record_data_size); tmp_entry += cr_entry->record_data_size; - }*/ + }*/ GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(vrh->client), env); @@ -394,6 +354,96 @@ send_lookup_response (struct VerifyRequestHandle *vrh) } +static void +start_backward_resolution (void* cls, + uint32_t rd_count, + const struct GNUNET_GNSRECORD_Data *rd) +{ + struct VerifyRequestHandle *vrh = cls; + struct GNUNET_CREDENTIAL_CredentialRecordData *cred; + const struct GNUNET_CREDENTIAL_AttributeRecordData *attr; + struct CredentialRecordEntry *cred_pointer; + struct AttributeQueueEntry *attr_entry; + int i; + + for (i=0; i < rd_count; i++) + { + if (GNUNET_GNSRECORD_TYPE_ATTRIBUTE != rd[i].record_type) + continue; + attr = rd[i].data; + for(cred_pointer = vrh->cred_chain_head; cred_pointer != NULL; + cred_pointer = cred_pointer->next){ + cred = cred_pointer->data; + + attr_entry = GNUNET_new (struct AttributeQueueEntry); + + attr_entry->data = GNUNET_malloc (rd[i].data_size); + memcpy (attr_entry->data, + rd[i].data, + rd[i].data_size); + attr_entry->data_size = rd[i].data_size; + + attr_entry->parent = vrh->current_attribute; + + GNUNET_CONTAINER_DLL_insert (vrh->attr_queue_head, + vrh->attr_queue_tail, + attr_entry); + + if(0 != memcmp (&attr->subject_key, + &cred_pointer->data->issuer_key, + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))) + continue; + + if (0 != strcmp ((char*)&attr[1], (char*)&cred[1])) + continue; + + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Found issuer\n"); + vrh->credential = GNUNET_malloc (rd[i].data_size); + memcpy (vrh->credential, + rd[i].data, + rd[i].data_size); + vrh->credential_size = rd[i].data_size; + //Found match + send_lookup_response (vrh); + return; + + } + } + + + + //Start from next to head + vrh->current_attribute = vrh->attr_queue_head; + + if(vrh->current_attribute != NULL) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "We are all out of attributes...\n"); + send_lookup_response (vrh); + return; + } + + GNUNET_CONTAINER_DLL_remove (vrh->attr_queue_head, + vrh->attr_queue_tail, + vrh->current_attribute); + + + + //Start with backward resolution + vrh->lookup_request = GNUNET_GNS_lookup (gns, + (char*)&vrh->current_attribute->data[1], + &vrh->current_attribute->data->subject_key, //issuer_key, + GNUNET_GNSRECORD_TYPE_ATTRIBUTE, + GNUNET_GNS_LO_DEFAULT, + NULL, //shorten_key, always NULL + &start_backward_resolution, + vrh); +} + + + /** * Result from GNS lookup. * @@ -403,15 +453,14 @@ send_lookup_response (struct VerifyRequestHandle *vrh) */ static void handle_credential_query (void* cls, - uint32_t rd_count, - const struct GNUNET_GNSRECORD_Data *rd) + uint32_t rd_count, + const struct GNUNET_GNSRECORD_Data *rd) { struct VerifyRequestHandle *vrh = cls; int cred_record_count; int i; const struct GNUNET_CREDENTIAL_CredentialRecordData *crd; struct CredentialRecordEntry *cr_entry; - uint32_t cred_verified; cred_record_count = 0; for (i=0; i < rd_count; i++) @@ -428,12 +477,6 @@ handle_credential_query (void* cls, * Save all found attributes/issues and prepare forward * resolution of issuer attribute */ - cr_entry = GNUNET_new (struct CredentialRecordEntry); - cr_entry->record_data = *crd; - cr_entry->record_data_size = rd[i].data_size; - GNUNET_CONTAINER_DLL_insert_tail (vrh->cred_chain_head, - vrh->cred_chain_tail, - cr_entry); if(GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL, &crd->purpose, &crd->sig, @@ -443,6 +486,16 @@ handle_credential_query (void* cls, "Invalid credential found\n"); continue; } + cr_entry = GNUNET_new (struct CredentialRecordEntry); + cr_entry->data = GNUNET_malloc (rd[i].data_size); + memcpy (cr_entry->data, + crd, + rd[i].data_size); + cr_entry->data_size = rd[i].data_size; + GNUNET_CONTAINER_DLL_insert_tail (vrh->cred_chain_head, + vrh->cred_chain_tail, + cr_entry); + if (0 != memcmp (&crd->issuer_key, &vrh->issuer_key, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) @@ -466,35 +519,20 @@ handle_credential_query (void* cls, * Check for attributes from the issuer and follow the chain * till you get the required subject's attributes */ - if(cred_verified != GNUNET_YES){ - - - vrh->attr_pointer = vrh->attr_pointer->next; - if(vrh->attr_pointer != NULL){ - - //Start with backward resolution - GNUNET_GNS_lookup (gns, - vrh->issuer_attribute, - &vrh->issuer_key, //issuer_key, - GNUNET_GNSRECORD_TYPE_ATTRIBUTE, - GNUNET_GNS_LO_DEFAULT, - NULL, //shorten_key, always NULL - &start_backward_resolution, - vrh); - } - } - - - /** - * TODO - * Start resolution of Attribute delegations from issuer - * - * - Build adequate data structures for attribute(s) to lookup - * - Use GNUNET_GNSRECORD_TYPE_XXX - * - recursively try to find match(es) with results found top - * - return one found credential chain - * - */ + char issuer_attribute_name[strlen (vrh->issuer_attribute)]; + strcpy (issuer_attribute_name, + vrh->issuer_attribute); + strcpy (issuer_attribute_name + strlen (vrh->issuer_attribute), + ".gnu"); + //Start with backward resolution + GNUNET_GNS_lookup (gns, + issuer_attribute_name, + &vrh->issuer_key, //issuer_key, + GNUNET_GNSRECORD_TYPE_ATTRIBUTE, + GNUNET_GNS_LO_DEFAULT, + NULL, //shorten_key, always NULL + &start_backward_resolution, + vrh); } @@ -527,7 +565,7 @@ handle_verify (void *cls, issuer_attribute[ntohs (v_msg->issuer_attribute_len)] = '\0'; GNUNET_memcpy (subject_attribute, attrs+strlen(issuer_attribute), ntohs (v_msg->subject_attribute_len)); strcpy (subject_attribute+ntohs (v_msg->subject_attribute_len), - ".gnu"); + ".gnu"); subject_attribute[ntohs (v_msg->subject_attribute_len)+4] = '\0'; vrh = GNUNET_new (struct VerifyRequestHandle); GNUNET_CONTAINER_DLL_insert (vrh_head, vrh_tail, vrh); -- cgit v1.2.3 From 671f7c5fb4dcb596a2b6d065c2cd5f39be3fb431 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Wed, 7 Dec 2016 14:56:57 +0100 Subject: - add delegation resolution --- src/credential/gnunet-service-credential.c | 102 +++++++++++++++++++++------ src/credential/plugin_gnsrecord_credential.c | 53 ++++++++++++-- src/credential/test_credential_verify.sh | 11 ++- 3 files changed, 131 insertions(+), 35 deletions(-) diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index 662c26a5e..bf85b1583 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -100,6 +100,11 @@ struct AttributeQueueEntry * Parent attribute delegation */ struct AttributeQueueEntry *parent; + + /** + * Trailing attribute context + */ + char *attr_trailer; }; @@ -364,40 +369,74 @@ start_backward_resolution (void* cls, const struct GNUNET_CREDENTIAL_AttributeRecordData *attr; struct CredentialRecordEntry *cred_pointer; struct AttributeQueueEntry *attr_entry; + char *expanded_attr; + char *check_attr; int i; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Got %d attrs\n", rd_count); for (i=0; i < rd_count; i++) { if (GNUNET_GNSRECORD_TYPE_ATTRIBUTE != rd[i].record_type) continue; + attr = rd[i].data; + attr_entry = GNUNET_new (struct AttributeQueueEntry); + attr_entry->data_size = rd[i].data_size; + if (NULL != vrh->current_attribute && + NULL != vrh->current_attribute->attr_trailer) + { + if (rd[i].data_size == sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData)) + { + GNUNET_asprintf (&expanded_attr, + "%s", + vrh->current_attribute->attr_trailer); + + } else { + GNUNET_asprintf (&expanded_attr, + "%s.%s", + (char*)&attr[1], + vrh->current_attribute->attr_trailer); + } + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Expanded to %s\n", expanded_attr); + attr_entry->data_size += strlen (vrh->current_attribute->attr_trailer) + 1; + } else { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Not Expanding %s\n", (char*)&attr[1]); + } + attr_entry->data = GNUNET_malloc (attr_entry->data_size); + memcpy (attr_entry->data, + rd[i].data, + rd[i].data_size); + if (NULL != vrh->current_attribute && NULL != vrh->current_attribute->attr_trailer) + { + memcpy ((char*)&attr_entry->data[1], + expanded_attr, + strlen (expanded_attr)); + } + check_attr = (char*)&attr_entry->data[1]; + check_attr[attr_entry->data_size] = '\0'; + attr_entry->parent = vrh->current_attribute; + + GNUNET_CONTAINER_DLL_insert (vrh->attr_queue_head, + vrh->attr_queue_tail, + attr_entry); for(cred_pointer = vrh->cred_chain_head; cred_pointer != NULL; cred_pointer = cred_pointer->next){ cred = cred_pointer->data; - - attr_entry = GNUNET_new (struct AttributeQueueEntry); - - attr_entry->data = GNUNET_malloc (rd[i].data_size); - memcpy (attr_entry->data, - rd[i].data, - rd[i].data_size); - attr_entry->data_size = rd[i].data_size; - - attr_entry->parent = vrh->current_attribute; - - GNUNET_CONTAINER_DLL_insert (vrh->attr_queue_head, - vrh->attr_queue_tail, - attr_entry); - if(0 != memcmp (&attr->subject_key, &cred_pointer->data->issuer_key, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))) continue; + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Checking if %s matches %s\n", + (char*)&attr_entry->data[1], (char*)&cred[1]); - if (0 != strcmp ((char*)&attr[1], (char*)&cred[1])) + if (0 != strcmp ((char*)&attr_entry->data[1], (char*)&cred[1])) continue; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found issuer\n"); vrh->credential = GNUNET_malloc (rd[i].data_size); @@ -417,9 +456,9 @@ start_backward_resolution (void* cls, //Start from next to head vrh->current_attribute = vrh->attr_queue_head; - if(vrh->current_attribute != NULL) + if(NULL == vrh->current_attribute) { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "We are all out of attributes...\n"); send_lookup_response (vrh); return; @@ -432,14 +471,32 @@ start_backward_resolution (void* cls, //Start with backward resolution + char issuer_attribute_name[strlen ((char*)&vrh->current_attribute->data[1])]; + char *lookup_attr; + strcpy (issuer_attribute_name, + (char*)&vrh->current_attribute->data[1]); + char *next_attr = strtok (issuer_attribute_name, "."); + GNUNET_asprintf (&lookup_attr, + "%s.gnu", + next_attr); + next_attr += strlen (next_attr) + 1; + vrh->current_attribute->attr_trailer = GNUNET_strdup (next_attr); + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Looking up %s\n", lookup_attr); + if (NULL != vrh->current_attribute->attr_trailer) + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "%s still to go...\n", vrh->current_attribute->attr_trailer); + vrh->lookup_request = GNUNET_GNS_lookup (gns, - (char*)&vrh->current_attribute->data[1], + lookup_attr, &vrh->current_attribute->data->subject_key, //issuer_key, GNUNET_GNSRECORD_TYPE_ATTRIBUTE, GNUNET_GNS_LO_DEFAULT, NULL, //shorten_key, always NULL &start_backward_resolution, vrh); + GNUNET_free (lookup_attr); } @@ -513,8 +570,6 @@ handle_credential_query (void* cls, } - GNUNET_break (0); //TODO remove when implemented - /** * Check for attributes from the issuer and follow the chain * till you get the required subject's attributes @@ -524,6 +579,9 @@ handle_credential_query (void* cls, vrh->issuer_attribute); strcpy (issuer_attribute_name + strlen (vrh->issuer_attribute), ".gnu"); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Looking up %s\n", issuer_attribute_name); + //Start with backward resolution GNUNET_GNS_lookup (gns, issuer_attribute_name, diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index 90ac393d0..ece4be1e3 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c @@ -65,10 +65,15 @@ credential_value_to_string (void *cls, sizeof (attr)); cdata = data; subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&attr.subject_key); - GNUNET_asprintf (&attr_str, - "%s.%s", - subject_pkey, - &cdata[sizeof (attr)]); + if (data_size == sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData)) + { + return subject_pkey; + } else { + GNUNET_asprintf (&attr_str, + "%s %s", + subject_pkey, + &cdata[sizeof (attr)]); + } GNUNET_free (subject_pkey); return attr_str; } @@ -82,7 +87,7 @@ credential_value_to_string (void *cls, char *signature; const char *expiration; - + if (data_size < sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData)) return NULL; /* malformed */ memcpy (&cred, @@ -136,6 +141,41 @@ credential_string_to_value (void *cls, return GNUNET_SYSERR; switch (type) { + case GNUNET_GNSRECORD_TYPE_ATTRIBUTE: + { + struct GNUNET_CREDENTIAL_AttributeRecordData *attr; + char attr_str[253 + 1]; + char subject_pkey[52 + 1]; + int matches = 0; + matches = SSCANF (s, + "%s %s", + subject_pkey, + attr_str); + if (0 == matches) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + _("Unable to parse ATTR record string `%s'\n"), + s); + return GNUNET_SYSERR; + + } + if (1 == matches) { + *data_size = sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData); + } else if (2 == matches) { + *data_size = sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData) + strlen (attr_str) + 1; + } + *data = attr = GNUNET_malloc (*data_size); + GNUNET_CRYPTO_ecdsa_public_key_from_string (subject_pkey, + strlen (subject_pkey), + &attr->subject_key); + if (NULL != attr_str) + GNUNET_memcpy (&attr[1], + attr_str, + strlen (attr_str)); + + + return GNUNET_OK; + } case GNUNET_GNSRECORD_TYPE_CREDENTIAL: { struct GNUNET_CREDENTIAL_CredentialRecordData *cred; @@ -183,7 +223,7 @@ credential_string_to_value (void *cls, cred->expiration = GNUNET_htonll (etime_abs.abs_value_us); cred->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); cred->purpose.size = htonl (strlen (name) + 1 + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + sizeof (uint64_t)); + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + sizeof (uint64_t)); GNUNET_free (sig); GNUNET_memcpy (&cred[1], name, @@ -207,6 +247,7 @@ static struct { uint32_t number; } name_map[] = { { "CRED", GNUNET_GNSRECORD_TYPE_CREDENTIAL }, + { "ATTR", GNUNET_GNSRECORD_TYPE_ATTRIBUTE }, { NULL, UINT32_MAX } }; diff --git a/src/credential/test_credential_verify.sh b/src/credential/test_credential_verify.sh index 6e5ba4647..ab3c78f41 100755 --- a/src/credential/test_credential_verify.sh +++ b/src/credential/test_credential_verify.sh @@ -31,7 +31,8 @@ TEST_ATTR="user" INTERMEDIATE_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testintermediate | awk '{print $3}') SUBJECT_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testsubject | awk '{print $3}') ISSUER_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testissuer | awk '{print $3}') -CRED=`$DO_TIMEOUT gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR -c test_credential_lookup.conf` +AUTHORITY_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testauthority | awk '{print $3}') +CRED=`$DO_TIMEOUT gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR --ttl=5m -c test_credential_lookup.conf` TEST_CREDENTIAL="t1" gnunet-namestore -p -z testsubject -a -n $TEST_CREDENTIAL -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf @@ -43,17 +44,13 @@ AUTHORITY_ATTR="test" gnunet-namestore -p -z testauthority -a -n $AUTHORITY_ATTR -t ATTR -V "$INTERMEDIATE_KEY $INTERMEDIATE_ATTR.$TEST_ATTR" -e 5m -c test_credential_lookup.conf #TODO2 Add -z swich like in gnunet-gns -#RES_CRED=`$DO_TIMEOUT gnunet-credential --verify --issuer=$ISSUER_KEY --attribute="$TEST_ATTR" --subject=$SUBJECT_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf` -valgrind gnunet-credential --verify --issuer=$AUTHORITY_KEY --attribute=$AUTHORITY_ATTR --subject=$SUBJECT_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf +RES_CRED=`gnunet-credential --verify --issuer=$AUTHORITY_KEY --attribute=$AUTHORITY_ATTR --subject=$SUBJECT_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf` #TODO cleanup properly gnunet-namestore -z testsubject -d -n $TEST_CREDENTIAL -t CRED -e never -c test_credential_lookup.conf gnunet-arm -e -c test_credential_lookup.conf -#TODO3 proper test -exit 0 - -if [ "$RES_CRED" == "Ok!" ] +if [ "$RES_CRED" == "Successful." ] then exit 0 else -- cgit v1.2.3 From b4925b163d455ade842965ff95c09752ed49d20b Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Wed, 7 Dec 2016 15:51:34 +0100 Subject: - fix test --- src/credential/Makefile.am | 6 ++++-- src/credential/gnunet-service-credential.c | 8 -------- src/credential/test_credential_verify_simple.sh | 2 +- 3 files changed, 5 insertions(+), 11 deletions(-) diff --git a/src/credential/Makefile.am b/src/credential/Makefile.am index e85c3cc2d..47204ae26 100644 --- a/src/credential/Makefile.am +++ b/src/credential/Makefile.am @@ -103,8 +103,10 @@ libgnunetcredential_la_LDFLAGS = \ # $(GN_PLUGIN_LDFLAGS) -#check_SCRIPTS = \ - #test_gns_lookup.sh +check_SCRIPTS = \ + test_credential_issue.sh \ + test_credential_verify_simple.sh \ + test_credential_verify.sh if ENABLE_TEST_RUN if HAVE_SQLITE diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index bf85b1583..9f7b60f1f 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -526,14 +526,6 @@ handle_credential_query (void* cls, continue; cred_record_count++; crd = rd[i].data; - /** - * TODO: - * Check if we have already found our credential here - * If so return success - * Else - * Save all found attributes/issues and prepare forward - * resolution of issuer attribute - */ if(GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL, &crd->purpose, &crd->sig, diff --git a/src/credential/test_credential_verify_simple.sh b/src/credential/test_credential_verify_simple.sh index 2fac4659e..924f2ab4a 100755 --- a/src/credential/test_credential_verify_simple.sh +++ b/src/credential/test_credential_verify_simple.sh @@ -19,7 +19,7 @@ rm -rf `gnunet-config -c test_credential_lookup.conf -s PATHS -o GNUNET_HOME -f` which timeout &> /dev/null && DO_TIMEOUT="timeout 30" -#gnunet-arm -s -c test_credential_lookup.conf +gnunet-arm -s -c test_credential_lookup.conf gnunet-identity -C testissuer -c test_credential_lookup.conf gnunet-identity -C testsubject -c test_credential_lookup.conf -- cgit v1.2.3 From 472380f62852feed2cacff57c70f1c888bc3b9e6 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Wed, 7 Dec 2016 16:02:24 +0100 Subject: -add confs --- src/credential/test_credential_defaults.conf | 24 ++++++++++++++++++++++++ src/credential/test_credential_lookup.conf | 25 +++++++++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 src/credential/test_credential_defaults.conf create mode 100644 src/credential/test_credential_lookup.conf diff --git a/src/credential/test_credential_defaults.conf b/src/credential/test_credential_defaults.conf new file mode 100644 index 000000000..d157ddd43 --- /dev/null +++ b/src/credential/test_credential_defaults.conf @@ -0,0 +1,24 @@ +@INLINE@ ../../contrib/no_forcestart.conf + +[PATHS] +GNUNET_TEST_HOME = /tmp/test-gnunet-credential-testing/ + +[namestore-sqlite] +FILENAME = $GNUNET_TEST_HOME/namestore/sqlite_test.db + +[namecache-sqlite] +FILENAME=$GNUNET_TEST_HOME/namecache/namecache.db + +[identity] +# Directory where we store information about our egos +EGODIR = $GNUNET_TEST_HOME/identity/egos/ + +[dhtcache] +DATABASE = heap + +[transport] +PLUGINS = tcp + +[transport-tcp] +BINDTO = 127.0.0.1 + diff --git a/src/credential/test_credential_lookup.conf b/src/credential/test_credential_lookup.conf new file mode 100644 index 000000000..bf321f9db --- /dev/null +++ b/src/credential/test_credential_lookup.conf @@ -0,0 +1,25 @@ +@INLINE@ test_credential_defaults.conf + +[PATHS] +GNUNET_TEST_HOME = /tmp/test-gnunet-credential-peer-1/ + +[dht] +AUTOSTART = YES + +[transport] +PLUGINS = + +[credential] +AUTOSTART = YES +PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/credlog + +[gns] +#PREFIX = valgrind --leak-check=full --track-origins=yes +AUTOSTART = YES +AUTO_IMPORT_PKEY = YES +MAX_PARALLEL_BACKGROUND_QUERIES = 10 +DEFAULT_LOOKUP_TIMEOUT = 15 s +RECORD_PUT_INTERVAL = 1 h +ZONE_PUBLISH_TIME_WINDOW = 1 h +DNS_ROOT=PD67SGHF3E0447TU9HADIVU9OM7V4QHTOG0EBU69TFRI2LG63DR0 + -- cgit v1.2.3 From d0f60b23e15edfd27a0885a3cd0bd6daa765cde3 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Wed, 7 Dec 2016 16:43:35 +0100 Subject: - fix; more recognizable case in test --- po/POTFILES.in | 8 ++++ src/credential/gnunet-service-credential.c | 11 ++++-- src/credential/test_credential_verify.sh | 59 +++++++++++++++++++----------- 3 files changed, 54 insertions(+), 24 deletions(-) diff --git a/po/POTFILES.in b/po/POTFILES.in index 03cf22279..b3cc2b3ee 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -71,6 +71,10 @@ src/core/gnunet-service-core.c src/core/gnunet-service-core_kx.c src/core/gnunet-service-core_sessions.c src/core/gnunet-service-core_typemap.c +src/credential/credential_api.c +src/credential/gnunet-credential.c +src/credential/gnunet-service-credential.c +src/credential/plugin_gnsrecord_credential.c src/curl/curl.c src/curl/curl_reschedule.c src/datacache/datacache.c @@ -244,7 +248,11 @@ src/nat/gnunet-helper-nat-server-windows.c src/nat/gnunet-nat.c src/nat/gnunet-nat-server.c src/nat/gnunet-service-nat.c +src/nat/gnunet-service-nat_helper.c +src/nat/gnunet-service-nat_stun.c src/nat/nat_api.c +src/nat/nat_api_stun.c +src/nat/nat_api_test.c src/nat/nat_auto.c src/nat/nat.c src/nat/nat_mini.c diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index 9f7b60f1f..f07c777d6 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -476,11 +476,16 @@ start_backward_resolution (void* cls, strcpy (issuer_attribute_name, (char*)&vrh->current_attribute->data[1]); char *next_attr = strtok (issuer_attribute_name, "."); - GNUNET_asprintf (&lookup_attr, + GNUNET_asprintf (&lookup_attr, "%s.gnu", next_attr); - next_attr += strlen (next_attr) + 1; - vrh->current_attribute->attr_trailer = GNUNET_strdup (next_attr); + if (strlen (next_attr) == strlen ((char*)&vrh->current_attribute->data[1])) + { + vrh->current_attribute->attr_trailer = NULL; + } else { + next_attr += strlen (next_attr) + 1; + vrh->current_attribute->attr_trailer = GNUNET_strdup (next_attr); + } GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Looking up %s\n", lookup_attr); diff --git a/src/credential/test_credential_verify.sh b/src/credential/test_credential_verify.sh index ab3c78f41..3b76d20e5 100755 --- a/src/credential/test_credential_verify.sh +++ b/src/credential/test_credential_verify.sh @@ -15,39 +15,56 @@ fi rm -rf `gnunet-config -c test_credential_lookup.conf -s PATHS -o GNUNET_HOME -f` -# (1) Authority.test -> Intermediate.org.user -# (2) Intermediate.org -> Issuer -# (3) Issuer.user -> Subject +# (1) Service.user -> GNU.project.member +# (2) GNU.project -> GNUnet +# (3) GNUnet.member -> GNUnet.developer +# (4) GNUnet.member -> GNUnet.user +# (5) GNUnet.developer -> Alice which timeout &> /dev/null && DO_TIMEOUT="timeout 30" gnunet-arm -s -c test_credential_lookup.conf -gnunet-identity -C testissuer -c test_credential_lookup.conf -gnunet-identity -C testsubject -c test_credential_lookup.conf -gnunet-identity -C testintermediate -c test_credential_lookup.conf -gnunet-identity -C testauthority -c test_credential_lookup.conf +gnunet-identity -C service -c test_credential_lookup.conf +gnunet-identity -C alice -c test_credential_lookup.conf +gnunet-identity -C gnu -c test_credential_lookup.conf +gnunet-identity -C gnunet -c test_credential_lookup.conf -TEST_ATTR="user" -INTERMEDIATE_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testintermediate | awk '{print $3}') -SUBJECT_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testsubject | awk '{print $3}') -ISSUER_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testissuer | awk '{print $3}') -AUTHORITY_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testauthority | awk '{print $3}') -CRED=`$DO_TIMEOUT gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR --ttl=5m -c test_credential_lookup.conf` +GNU_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep gnu | grep -v gnunet | awk '{print $3}') +ALICE_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep alice | awk '{print $3}') +GNUNET_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep gnunet | awk '{print $3}') +SERVICE_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep service | awk '{print $3}') -TEST_CREDENTIAL="t1" -gnunet-namestore -p -z testsubject -a -n $TEST_CREDENTIAL -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf +USER_ATTR="user" +GNU_PROJECT_ATTR="project" +MEMBER_ATTR="member" +DEVELOPER_ATTR="developer" +DEV_ATTR="developer" +TEST_CREDENTIAL="mygnunetcreds" -INTERMEDIATE_ATTR="org" -gnunet-namestore -p -z testintermediate -a -n $INTERMEDIATE_ATTR -t ATTR -V "$ISSUER_KEY" -e 5m -c test_credential_lookup.conf +# (1) A service assigns the attribute "user" to all entities that have been assigned "member" by entities that werde assigned "project" from GNU +gnunet-namestore -p -z service -a -n $USER_ATTR -t ATTR -V "$GNU_KEY $GNU_PROJECT_ATTR.$MEMBER_ATTR" -e 5m -c test_credential_lookup.conf -AUTHORITY_ATTR="test" -gnunet-namestore -p -z testauthority -a -n $AUTHORITY_ATTR -t ATTR -V "$INTERMEDIATE_KEY $INTERMEDIATE_ATTR.$TEST_ATTR" -e 5m -c test_credential_lookup.conf +# (2) GNU recognized GNUnet as a GNU project and delegates the "project" attribute +gnunet-namestore -p -z gnu -a -n $GNU_PROJECT_ATTR -t ATTR -V "$GNUNET_KEY" -e 5m -c test_credential_lookup.conf + +# (3+4) GNUnet assigns the attribute "member" to all entities gnunet has also assigned "developer" or "user" +gnunet-namestore -p -z gnunet -a -n $MEMBER_ATTR -t ATTR -V "$GNUNET_KEY $DEVELOPER_ATTR" -e 5m -c test_credential_lookup.conf +gnunet-namestore -p -z gnunet -a -n $MEMBER_ATTR -t ATTR -V "$GNUNET_KEY $USER_ATTR" -e 5m -c test_credential_lookup.conf + +# (5) GNUnet issues Alice the credential "developer" +CRED=`$DO_TIMEOUT gnunet-credential --issue --ego=gnunet --subject=$ALICE_KEY --attribute=$DEV_ATTR --ttl=5m -c test_credential_lookup.conf` + +# Alice stores the credential under "mygnunetcreds" +gnunet-namestore -p -z alice -a -n $TEST_CREDENTIAL -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf #TODO2 Add -z swich like in gnunet-gns -RES_CRED=`gnunet-credential --verify --issuer=$AUTHORITY_KEY --attribute=$AUTHORITY_ATTR --subject=$SUBJECT_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf` +RES_CRED=`gnunet-credential --verify --issuer=$SERVICE_KEY --attribute=$USER_ATTR --subject=$ALICE_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf` #TODO cleanup properly -gnunet-namestore -z testsubject -d -n $TEST_CREDENTIAL -t CRED -e never -c test_credential_lookup.conf +gnunet-namestore -z alice -d -n $TEST_CREDENTIAL -t CRED -e never -c test_credential_lookup.conf +gnunet-namestore -z gnu -d -n $GNU_PROJECT_ATTR -t ATTR -c test_credential_lookup.conf +gnunet-namestore -z gnunet -d -n $MEMBER_ATTR -t ATTR -c test_credential_lookup.conf +gnunet-namestore -z service -d -n $USER_ATTR -t ATTR -c test_credential_lookup.conf gnunet-arm -e -c test_credential_lookup.conf if [ "$RES_CRED" == "Successful." ] -- cgit v1.2.3 From 78b7c56bd1502ec87054521970a8e5b9cf225b66 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 12 Dec 2016 18:38:35 +0100 Subject: - Add rest plugin for credential --- src/credential/Makefile.am | 43 ++-- src/credential/plugin_rest_credential.c | 418 ++++++++++++++++++++++++++++++++ 2 files changed, 434 insertions(+), 27 deletions(-) create mode 100644 src/credential/plugin_rest_credential.c diff --git a/src/credential/Makefile.am b/src/credential/Makefile.am index 47204ae26..13da9dc0f 100644 --- a/src/credential/Makefile.am +++ b/src/credential/Makefile.am @@ -4,16 +4,6 @@ AM_CPPFLAGS = -I$(top_srcdir)/src/include EXTRA_DIST = \ test_credential_defaults.conf \ test_credential_lookup.conf -# test_gns_nick_shorten.conf \ -#### test_gns_proxy.conf \ -# test_gns_simple_lookup.conf \ -# gns-helper-service-w32.conf \ -# w32nsp.def \ -# gnunet-gns-proxy-setup-ca \ -# zonefiles/J7POEUT41A8PBFS7KVVDRF88GBOU4HK8PSU5QKVLVE3R9T91E99G.zkey \ -# zonefiles/OEFL7A4VEF1B40QLEMTG5D8G1CN6EN16QUSG5R2DT71GRJN34LSG.zkey \ -# zonefiles/test_zonekey \ -# $(check_SCRIPTS) if USE_COVERAGE @@ -45,11 +35,11 @@ plugin_LTLIBRARIES = \ libgnunet_plugin_gnsrecord_credential.la -#if HAVE_MHD -#if HAVE_JSON -#plugin_LTLIBRARIES += libgnunet_plugin_rest_gns.la -#endif -#endif +if HAVE_MHD +if HAVE_JSON +plugin_LTLIBRARIES += libgnunet_plugin_rest_credential.la +endif +endif gnunet_credential_SOURCES = \ @@ -89,18 +79,17 @@ libgnunetcredential_la_LDFLAGS = \ $(GN_LIB_LDFLAGS) -#libgnunet_plugin_rest_gns_la_SOURCES = \ -# plugin_rest_gns.c -#libgnunet_plugin_rest_gns_la_LIBADD = \ -# libgnunetgns.la \ -# $(top_builddir)/src/rest/libgnunetrest.la \ -# $(top_builddir)/src/identity/libgnunetidentity.la \ -# $(top_builddir)/src/jsonapi/libgnunetjsonapi.la \ -# $(top_builddir)/src/jsonapi/libgnunetjsonapiutils.la \ -# $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \ -# $(LTLIBINTL) -ljansson -lmicrohttpd -#libgnunet_plugin_rest_gns_la_LDFLAGS = \ -# $(GN_PLUGIN_LDFLAGS) +libgnunet_plugin_rest_credential_la_SOURCES = \ + plugin_rest_credential.c +libgnunet_plugin_rest_credential_la_LIBADD = \ + libgnunetcredential.la \ + $(top_builddir)/src/rest/libgnunetrest.la \ + $(top_builddir)/src/jsonapi/libgnunetjsonapi.la \ + $(top_builddir)/src/jsonapi/libgnunetjsonapiutils.la \ + $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \ + $(LTLIBINTL) -ljansson -lmicrohttpd +libgnunet_plugin_rest_credential_la_LDFLAGS = \ + $(GN_PLUGIN_LDFLAGS) check_SCRIPTS = \ diff --git a/src/credential/plugin_rest_credential.c b/src/credential/plugin_rest_credential.c new file mode 100644 index 000000000..51d91079a --- /dev/null +++ b/src/credential/plugin_rest_credential.c @@ -0,0 +1,418 @@ +/* + This file is part of GNUnet. + Copyright (C) 2012-2016 GNUnet e.V. + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. + */ +/** + * @author Martin Schanzenbach + * @file gns/plugin_rest_credential.c + * @brief GNUnet CREDENTIAL REST plugin + * + */ + +#include "platform.h" +#include "gnunet_rest_plugin.h" +#include +#include +#include +#include +#include +#include +#include +#include + +#define GNUNET_REST_API_NS_CREDENTIAL "/credential" + +#define GNUNET_REST_JSONAPI_CREDENTIAL_ISSUER_ATTR "attribute" + +#define GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_ATTR "credential" + +/** + * @brief struct returned by the initialization function of the plugin + */ +struct Plugin +{ + const struct GNUNET_CONFIGURATION_Handle *cfg; +}; + +const struct GNUNET_CONFIGURATION_Handle *cfg; + +struct VerifyHandle +{ + /** + * Handle to Credential service. + */ + struct GNUNET_CREDENTIAL_Handle *credential; + + /** + * Handle to lookup request + */ + struct GNUNET_CREDENTIAL_Request *verify_request; + + /** + * Handle to rest request + */ + struct GNUNET_REST_RequestHandle *rest_handle; + + /** + * ID of a task associated with the resolution process. + */ + struct GNUNET_SCHEDULER_Task * timeout_task; + + /** + * The root of the received JSON or NULL + */ + json_t *json_root; + + /** + * The plugin result processor + */ + GNUNET_REST_ResultProcessor proc; + + /** + * The closure of the result processor + */ + void *proc_cls; + + /** + * The issuer attribute to verify + */ + char *issuer_attr; + + /** + * The subject attribute + */ + char *subject_attr; + + /** + * The public key of the issuer + */ + struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; + + /** + * The public key of the subject + */ + struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; + + /** + * HTTP response code + */ + int response_code; + + /** + * Timeout + */ + struct GNUNET_TIME_Relative timeout; + +}; + + +/** + * Cleanup lookup handle. + * + * @param handle Handle to clean up + */ +static void +cleanup_handle (struct VerifyHandle *handle) +{ + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Cleaning up\n"); + if (NULL != handle->json_root) + json_decref (handle->json_root); + + if (NULL != handle->issuer_attr) + GNUNET_free (handle->issuer_attr); + if (NULL != handle->subject_attr) + GNUNET_free (handle->subject_attr); + if (NULL != handle->verify_request) + { + GNUNET_CREDENTIAL_verify_cancel (handle->verify_request); + handle->verify_request = NULL; + } + if (NULL != handle->credential) + { + GNUNET_CREDENTIAL_disconnect (handle->credential); + handle->credential = NULL; + } + + if (NULL != handle->timeout_task) + { + GNUNET_SCHEDULER_cancel (handle->timeout_task); + } + GNUNET_free (handle); +} + + +/** + * Task run on shutdown. Cleans up everything. + * + * @param cls unused + * @param tc scheduler context + */ +static void +do_error (void *cls) +{ + struct VerifyHandle *handle = cls; + struct MHD_Response *resp; + + resp = GNUNET_REST_create_response (NULL); + handle->proc (handle->proc_cls, resp, handle->response_code); + cleanup_handle (handle); +} + + +static void +verify_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle, + const char* url, + void *cls) +{ + struct VerifyHandle *handle = cls; + struct GNUNET_HashCode key; + char *tmp; + char *entity_attr; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Connecting...\n"); + handle->credential = GNUNET_CREDENTIAL_connect (cfg); + handle->timeout_task = GNUNET_SCHEDULER_add_delayed (handle->timeout, + &do_error, handle); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Connected\n"); + if (NULL == handle->credential) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Connecting to CREDENTIAL failed\n"); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_CREDENTIAL_ISSUER_ATTR, + strlen (GNUNET_REST_JSONAPI_CREDENTIAL_ISSUER_ATTR), + &key); + if ( GNUNET_NO == + GNUNET_CONTAINER_multihashmap_contains (conndata_handle->url_param_map, + &key) ) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Missing issuer attribute\n"); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + tmp = GNUNET_CONTAINER_multihashmap_get (conndata_handle->url_param_map, + &key); + entity_attr = GNUNET_strdup (tmp); + tmp = strtok(entity_attr, "."); + if (NULL == tmp) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Malformed issuer or attribute\n"); + GNUNET_free (entity_attr); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + if (GNUNET_OK != + GNUNET_CRYPTO_ecdsa_public_key_from_string (tmp, + strlen (tmp), + &handle->issuer_key)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Malformed issuer key\n"); + GNUNET_free (entity_attr); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + tmp = strtok (NULL, "."); //Issuer attribute + if (NULL == tmp) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Malformed attribute\n"); + GNUNET_free (entity_attr); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + handle->issuer_attr = GNUNET_strdup (tmp); + GNUNET_free (entity_attr); + + GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_ATTR, + strlen (GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_ATTR), + &key); + if ( GNUNET_NO == + GNUNET_CONTAINER_multihashmap_contains (conndata_handle->url_param_map, + &key) ) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Missing subject or attribute\n"); + GNUNET_free (entity_attr); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + tmp = GNUNET_CONTAINER_multihashmap_get (conndata_handle->url_param_map, + &key); + entity_attr = GNUNET_strdup (tmp); + tmp = strtok(entity_attr, "."); + if (NULL == tmp) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Malformed subject\n"); + GNUNET_free (entity_attr); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + if (GNUNET_OK != + GNUNET_CRYPTO_ecdsa_public_key_from_string (tmp, + strlen (tmp), + &handle->subject_key)) { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Malformed subject key\n"); + GNUNET_free (entity_attr); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + tmp = strtok (NULL, "."); + if (NULL == tmp) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Malformed subject attribute\n"); + GNUNET_free (entity_attr); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + handle->subject_attr = GNUNET_strdup (tmp); + GNUNET_free (entity_attr); + + handle->verify_request = GNUNET_CREDENTIAL_verify (handle->credential, + &handle->issuer_key, + handle->issuer_attr, + &handle->subject_key, + handle->subject_attr, + NULL, + NULL); + +} + +/** + * Handle rest request + * + * @param handle the lookup handle + */ +static void +options_cont (struct GNUNET_REST_RequestHandle *con_handle, + const char* url, + void *cls) +{ + struct MHD_Response *resp; + struct VerifyHandle *handle = cls; + + //For GNS, independent of path return all options + resp = GNUNET_REST_create_response (NULL); + MHD_add_response_header (resp, + "Access-Control-Allow-Methods", + MHD_HTTP_METHOD_GET); + handle->proc (handle->proc_cls, + resp, + MHD_HTTP_OK); + cleanup_handle (handle); +} + + +/** + * Function processing the REST call + * + * @param method HTTP method + * @param url URL of the HTTP request + * @param data body of the HTTP request (optional) + * @param data_size length of the body + * @param proc callback function for the result + * @param proc_cls closure for callback function + * @return GNUNET_OK if request accepted + */ +static void +rest_credential_process_request(struct GNUNET_REST_RequestHandle *conndata_handle, + GNUNET_REST_ResultProcessor proc, + void *proc_cls) +{ + struct VerifyHandle *handle = GNUNET_new (struct VerifyHandle); + struct GNUNET_REST_RequestHandlerError err; + + handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; + handle->proc_cls = proc_cls; + handle->proc = proc; + handle->rest_handle = conndata_handle; + + static const struct GNUNET_REST_RequestHandler handlers[] = { + {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_CREDENTIAL, &verify_cred_cont}, + {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_CREDENTIAL, &options_cont}, + GNUNET_REST_HANDLER_END + }; + + if (GNUNET_NO == GNUNET_JSONAPI_handle_request (conndata_handle, + handlers, + &err, + handle)) + { + handle->response_code = err.error_code; + GNUNET_SCHEDULER_add_now (&do_error, handle); + } +} + + +/** + * Entry point for the plugin. + * + * @param cls the "struct GNUNET_NAMESTORE_PluginEnvironment*" + * @return NULL on error, otherwise the plugin context + */ +void * +libgnunet_plugin_rest_credential_init (void *cls) +{ + static struct Plugin plugin; + cfg = cls; + struct GNUNET_REST_Plugin *api; + + if (NULL != plugin.cfg) + return NULL; /* can only initialize once! */ + memset (&plugin, 0, sizeof (struct Plugin)); + plugin.cfg = cfg; + api = GNUNET_new (struct GNUNET_REST_Plugin); + api->cls = &plugin; + api->name = GNUNET_REST_API_NS_CREDENTIAL; + api->process_request = &rest_credential_process_request; + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + _("GNS REST API initialized\n")); + return api; +} + + +/** + * Exit point from the plugin. + * + * @param cls the plugin context (as returned by "init") + * @return always NULL + */ +void * +libgnunet_plugin_rest_credential_done (void *cls) +{ + struct GNUNET_REST_Plugin *api = cls; + struct Plugin *plugin = api->cls; + + plugin->cfg = NULL; + GNUNET_free (api); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "GNS REST plugin is finished\n"); + return NULL; +} + +/* end of plugin_rest_gns.c */ -- cgit v1.2.3 From d03ce063cf660a1f9f37b917eab3747a40937d68 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Tue, 13 Dec 2016 10:18:40 +0100 Subject: -more rest --- src/credential/credential_api.c | 2 +- src/credential/gnunet-service-credential.c | 2 +- src/credential/plugin_gnsrecord_credential.c | 4 +- src/credential/plugin_rest_credential.c | 153 ++++++++++++++++++++++++++- src/include/gnunet_credential_service.h | 2 +- 5 files changed, 153 insertions(+), 10 deletions(-) diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index 5bc1e52f1..54a02484d 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c @@ -457,7 +457,7 @@ GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle, if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_sign (issuer, &crd->purpose, - &crd->sig)) + &crd->signature)) { GNUNET_break (0); GNUNET_free (crd); diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index f07c777d6..e0e845468 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -533,7 +533,7 @@ handle_credential_query (void* cls, crd = rd[i].data; if(GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL, &crd->purpose, - &crd->sig, + &crd->signature, &crd->issuer_key)) { GNUNET_log (GNUNET_ERROR_TYPE_WARNING, diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index ece4be1e3..281113a34 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c @@ -98,7 +98,7 @@ credential_value_to_string (void *cls, issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.issuer_key); etime_abs.abs_value_us = GNUNET_ntohll(cred.expiration); expiration = GNUNET_STRINGS_absolute_time_to_string (etime_abs); - GNUNET_STRINGS_base64_encode ((char*)&cred.sig, + GNUNET_STRINGS_base64_encode ((char*)&cred.signature, sizeof (struct GNUNET_CRYPTO_EcdsaSignature), &signature); GNUNET_asprintf (&cred_str, @@ -219,7 +219,7 @@ credential_string_to_value (void *cls, GNUNET_STRINGS_base64_decode (signature, strlen (signature), (char**)&sig); - cred->sig = *sig; + cred->signature = *sig; cred->expiration = GNUNET_htonll (etime_abs.abs_value_us); cred->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); cred->purpose.size = htonl (strlen (name) + 1 + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + diff --git a/src/credential/plugin_rest_credential.c b/src/credential/plugin_rest_credential.c index 51d91079a..137f55c47 100644 --- a/src/credential/plugin_rest_credential.c +++ b/src/credential/plugin_rest_credential.c @@ -37,6 +37,12 @@ #define GNUNET_REST_API_NS_CREDENTIAL "/credential" +#define GNUNET_REST_JSONAPI_CREDENTIAL "credential" + +#define GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO "credential" + +#define GNUNET_REST_JSONAPI_CREDENTIAL_CHAIN "chain" + #define GNUNET_REST_JSONAPI_CREDENTIAL_ISSUER_ATTR "attribute" #define GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_ATTR "credential" @@ -174,6 +180,143 @@ do_error (void *cls) cleanup_handle (handle); } +/** + * Attribute delegation to JSON + * @param attr the attribute + * @return JSON, NULL if failed + */ +static json_t* +attribute_delegation_to_json (struct GNUNET_CREDENTIAL_AttributeRecordData *attr) +{ + char *subject; + char *attribute; + json_t *attr_obj; + + subject = GNUNET_CRYPTO_ecdsa_public_key_to_string (&attr->subject_key); + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Subject in credential malformed\n"); + return NULL; + } + attribute = (char*)&attr[1]; + attr_obj = json_object (); + json_object_set_new (attr_obj, "subject", json_string (subject)); + json_object_set_new (attr_obj, "attribute", json_string (attribute)); + GNUNET_free (subject); + return attr_obj; +} + +/** + * Credential to JSON + * @param cred the credential + * @return the resulting json, NULL if failed + */ +static json_t* +credential_to_json (struct GNUNET_CREDENTIAL_CredentialRecordData *cred) +{ + struct GNUNET_TIME_Absolute exp; + const char* exp_str; + char *issuer; + char *subject; + char *attribute; + char *signature; + json_t *cred_obj; + + issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->issuer_key); + if (NULL == issuer) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Issuer in credential malformed\n"); + return NULL; + } + subject = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->subject_key); + if (NULL == subject) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Subject in credential malformed\n"); + GNUNET_free (issuer); + return NULL; + } + GNUNET_STRINGS_base64_encode ((char*)&cred->signature, + sizeof (struct GNUNET_CRYPTO_EcdsaSignature), + &signature); + attribute = (char*)&cred[1]; + exp.abs_value_us = ntohs (cred->expiration); + exp_str = GNUNET_STRINGS_absolute_time_to_string (exp); + cred_obj = json_object (); + json_object_set_new (cred_obj, "issuer", json_string (issuer)); + json_object_set_new (cred_obj, "subject", json_string (subject)); + json_object_set_new (cred_obj, "attribute", json_string (attribute)); + json_object_set_new (cred_obj, "signature", json_string (signature)); + json_object_set_new (cred_obj, "expiration", json_string (exp_str)); + GNUNET_free (issuer); + GNUNET_free (subject); + GNUNET_free (signature); + return cred_obj; +} + +/** + * Function called with the result of a Credential lookup. + * + * @param cls the 'const char *' name that was resolved + * @param cd_count number of records returned + * @param cd array of @a cd_count records with the results + */ +static void +handle_verify_response (void *cls, + struct GNUNET_CREDENTIAL_CredentialRecordData *cred, + uint32_t delegation_count, + struct GNUNET_CREDENTIAL_AttributeRecordData *deleg) +{ + + struct VerifyHandle *handle = cls; + struct MHD_Response *resp; + struct GNUNET_JSONAPI_Document *json_document; + struct GNUNET_JSONAPI_Resource *json_resource; + json_t *cred_obj; + json_t *attr_obj; + json_t *result_array; + char *result; + uint32_t i; + + handle->verify_request = NULL; + if (NULL == cred) { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Verify failed.\n"); + handle->response_code = MHD_HTTP_NOT_FOUND; + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + json_document = GNUNET_JSONAPI_document_new (); + json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO, + handle->issuer_attr); + cred_obj = credential_to_json (cred); + result_array = json_array (); + for (i = 0; i < delegation_count; i++) + { + attr_obj = attribute_delegation_to_json (&(deleg[i])); + json_array_append (result_array, attr_obj); + json_decref (attr_obj); + } + GNUNET_JSONAPI_resource_add_attr (json_resource, + GNUNET_REST_JSONAPI_CREDENTIAL, + cred_obj); + GNUNET_JSONAPI_resource_add_attr (json_resource, + GNUNET_REST_JSONAPI_CREDENTIAL_CHAIN, + result_array); + GNUNET_JSONAPI_document_resource_add (json_document, json_resource); + GNUNET_JSONAPI_document_serialize (json_document, &result); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Result %s\n", + result); + json_decref (result_array); + GNUNET_JSONAPI_document_delete (json_document); + resp = GNUNET_REST_create_response (result); + handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); + GNUNET_free (result); + cleanup_handle (handle); +} + static void verify_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle, @@ -292,14 +435,14 @@ verify_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle, } handle->subject_attr = GNUNET_strdup (tmp); GNUNET_free (entity_attr); - + handle->verify_request = GNUNET_CREDENTIAL_verify (handle->credential, &handle->issuer_key, handle->issuer_attr, &handle->subject_key, handle->subject_attr, - NULL, - NULL); + &handle_verify_response, + handle); } @@ -341,8 +484,8 @@ options_cont (struct GNUNET_REST_RequestHandle *con_handle, */ static void rest_credential_process_request(struct GNUNET_REST_RequestHandle *conndata_handle, - GNUNET_REST_ResultProcessor proc, - void *proc_cls) + GNUNET_REST_ResultProcessor proc, + void *proc_cls) { struct VerifyHandle *handle = GNUNET_new (struct VerifyHandle); struct GNUNET_REST_RequestHandlerError err; diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h index f7b09b3ff..549c25ef8 100644 --- a/src/include/gnunet_credential_service.h +++ b/src/include/gnunet_credential_service.h @@ -81,7 +81,7 @@ struct GNUNET_CREDENTIAL_CredentialRecordData { /** * The signature for this credential by the issuer */ - struct GNUNET_CRYPTO_EcdsaSignature sig; + struct GNUNET_CRYPTO_EcdsaSignature signature; /** * Signature meta -- cgit v1.2.3 From 490a5b6451470aef6a5a963e4ccef3b2ca5cd326 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Tue, 13 Dec 2016 20:11:14 +0100 Subject: -add parallel delegationr resolution --- src/credential/gnunet-service-credential.c | 460 +++++++++++++++++++---------- 1 file changed, 301 insertions(+), 159 deletions(-) diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index e0e845468..ea74bd7d2 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -43,6 +43,31 @@ #define GNUNET_CREDENTIAL_MAX_LENGTH 255 +struct VerifyRequestHandle; + +struct GNUNET_CREDENTIAL_DelegationChainEntry +{ + /** + * The issuer + */ + struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; + + /** + * The subject + */ + struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; + + /** + * The issued attribute + */ + char *issuer_attribute; + + /** + * The delegated attribute + */ + char *subject_attribute; +}; + /** * DLL for record */ @@ -71,40 +96,75 @@ struct CredentialRecordEntry }; /** - * DLL for attributes - Used as a queue + * DLL for delegations - Used as a queue * Insert tail - Pop head */ -struct AttributeQueueEntry +struct DelegationQueueEntry { /** * DLL */ - struct AttributeQueueEntry *next; + struct DelegationQueueEntry *next; /** * DLL */ - struct AttributeQueueEntry *prev; + struct DelegationQueueEntry *prev; /** - * Payload + * Children of this attribute */ - struct GNUNET_CREDENTIAL_AttributeRecordData *data; + struct DelegationQueueEntry *children_head; /** - * Size + * Children of this attribute */ - uint64_t data_size; + struct DelegationQueueEntry *children_tail; + + /** + * GNS handle + */ + struct GNUNET_GNS_LookupRequest *lookup_request; + + /** + * Verify handle + */ + struct VerifyRequestHandle *handle; /** * Parent attribute delegation */ - struct AttributeQueueEntry *parent; + struct DelegationQueueEntry *parent; + + /** + * Issuer key + */ + struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key; + + /** + * Issuer attribute delegated to + */ + char *issuer_attribute; + + /** + * The current attribute to look up + */ + char *lookup_attribute; /** * Trailing attribute context */ char *attr_trailer; + + /** + * Still to resolve delegation as string + */ + char *unresolved_attribute_delegation; + + /** + * The delegation chain entry + */ + struct GNUNET_CREDENTIAL_DelegationChainEntry *delegation_chain_entry; }; @@ -128,12 +188,13 @@ struct VerifyRequestHandle * Handle to the requesting client */ struct GNUNET_SERVICE_Client *client; - + /** - * Handle to GNS lookup + * GNS handle */ struct GNUNET_GNS_LookupRequest *lookup_request; + /** * Issuer public key */ @@ -165,19 +226,19 @@ struct VerifyRequestHandle uint32_t cred_chain_entries; /** - * Attribute Queue + * Delegation Queue */ - struct AttributeQueueEntry *attr_queue_head; + struct DelegationQueueEntry *chain_start; /** - * Attribute Queue + * Delegation Queue */ - struct AttributeQueueEntry *attr_queue_tail; + struct DelegationQueueEntry *chain_end; /** - * Current Attribute Pointer + * Current Delegation Pointer */ - struct AttributeQueueEntry *current_attribute; + struct DelegationQueueEntry *current_delegation; /** * The found credential @@ -194,6 +255,11 @@ struct VerifyRequestHandle */ uint32_t request_id; + /** + * Pending lookups + */ + uint64_t pending_lookups; + }; @@ -212,13 +278,58 @@ static struct VerifyRequestHandle *vrh_tail; */ static struct GNUNET_STATISTICS_Handle *statistics; - - /** * Handle to GNS service. */ static struct GNUNET_GNS_Handle *gns; + +static void +cleanup_delegation_queue (struct DelegationQueueEntry *dq_entry) +{ + struct DelegationQueueEntry *child; + if (NULL == dq_entry) + return; + + for (child = dq_entry->children_head; NULL != child; child = dq_entry->children_head) + { + GNUNET_CONTAINER_DLL_remove (dq_entry->children_head, + dq_entry->children_tail, + child); + cleanup_delegation_queue (child); + } + if (NULL != dq_entry->lookup_request) + { + GNUNET_GNS_lookup_cancel (dq_entry->lookup_request); + dq_entry->lookup_request = NULL; + } + if (NULL != dq_entry->delegation_chain_entry) + { + if (NULL != dq_entry->delegation_chain_entry->subject_attribute) + GNUNET_free (dq_entry->delegation_chain_entry->subject_attribute); + if (NULL != dq_entry->delegation_chain_entry->issuer_attribute) + GNUNET_free (dq_entry->delegation_chain_entry->issuer_attribute); + GNUNET_free (dq_entry->delegation_chain_entry); + } + GNUNET_free (dq_entry); +} + +static void +cleanup_handle (struct VerifyRequestHandle *vrh) +{ + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Cleaning up...\n"); + if (NULL != vrh->lookup_request) + { + GNUNET_GNS_lookup_cancel (vrh->lookup_request); + vrh->lookup_request = NULL; + } + cleanup_delegation_queue (vrh->chain_start); + if (NULL != vrh->issuer_attribute) + GNUNET_free (vrh->issuer_attribute); + GNUNET_free (vrh); +} + /** * Task run during shutdown. * @@ -229,16 +340,17 @@ static void shutdown_task (void *cls) { struct VerifyRequestHandle *vrh; - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Shutting down!\n"); + + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Shutting down!\n"); + while (NULL != (vrh = vrh_head)) { //CREDENTIAL_resolver_lookup_cancel (clh->lookup); GNUNET_CONTAINER_DLL_remove (vrh_head, vrh_tail, vrh); - GNUNET_free (vrh); + cleanup_handle (vrh); } if (NULL != gns) @@ -252,7 +364,7 @@ shutdown_task (void *cls) GNUNET_NO); statistics = NULL; } - + } /** @@ -264,7 +376,7 @@ shutdown_task (void *cls) */ static int check_verify (void *cls, - const struct VerifyMessage *v_msg) + const struct VerifyMessage *v_msg) { size_t msg_size; const char* attrs; @@ -282,7 +394,7 @@ check_verify (void *cls, return GNUNET_SYSERR; } attrs = (const char *) &v_msg[1]; - + if ( ('\0' != attrs[ntohs(v_msg->header.size) - sizeof (struct VerifyMessage) - 1]) || (strlen (attrs) > GNUNET_CREDENTIAL_MAX_LENGTH * 2) ) { @@ -300,21 +412,27 @@ check_verify (void *cls, static void send_lookup_response (struct VerifyRequestHandle *vrh) { - size_t len; struct GNUNET_MQ_Envelope *env; struct VerifyResultMessage *rmsg; + struct DelegationQueueEntry *dq_entry; + char *write_ptr; + size_t size = vrh->credential_size; - /** - * Get serialized record data size - */ - len = vrh->credential_size; //TODO max length of attr + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Sending response\n"); + + for (dq_entry = vrh->chain_end; NULL != dq_entry; dq_entry = dq_entry->parent) + { + if (NULL == dq_entry->delegation_chain_entry) + break; + size += sizeof (struct GNUNET_CREDENTIAL_DelegationChainEntry); + if (NULL != dq_entry->delegation_chain_entry->subject_attribute) + size += strlen (dq_entry->delegation_chain_entry->subject_attribute) + 1; + size += strlen(dq_entry->delegation_chain_entry->issuer_attribute) + 1; + } - //TODO add attr chain - /** - * Prepare a lookup result response message for the client - */ env = GNUNET_MQ_msg_extra (rmsg, - len, + size, GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT); //Assign id so that client can find associated request rmsg->id = vrh->request_id; @@ -325,6 +443,7 @@ send_lookup_response (struct VerifyRequestHandle *vrh) * Append at the end of rmsg */ rmsg->cred_found = htonl (GNUNET_NO); + if (NULL != vrh->credential) { memcpy (&rmsg[1], @@ -332,26 +451,33 @@ send_lookup_response (struct VerifyRequestHandle *vrh) vrh->credential_size); rmsg->cred_found = htonl (GNUNET_YES); } - - /*char* tmp_entry = (char*)&rmsg[1]; - for (cr_entry = vrh->cred_chain_head; NULL != cr_entry; cr_entry = cr_entry->next) + //TODO refactor into serializer module + write_ptr = (char*)&rmsg[1] + vrh->credential_size; + for (dq_entry = vrh->chain_end; NULL != dq_entry; dq_entry = dq_entry->parent) + { + if (NULL == dq_entry->delegation_chain_entry) + break; + memcpy (write_ptr, + dq_entry->delegation_chain_entry, + sizeof (struct GNUNET_CREDENTIAL_DelegationChainEntry)); + write_ptr += sizeof (struct GNUNET_CREDENTIAL_DelegationChainEntry); + if (NULL != dq_entry->delegation_chain_entry->subject_attribute) { - memcpy (tmp_entry, - &cr_entry->record_data, - cr_entry->record_data_size); - tmp_entry += cr_entry->record_data_size; - }*/ + GNUNET_snprintf (write_ptr, + strlen (dq_entry->delegation_chain_entry->subject_attribute) + 2, + "%s;", + dq_entry->delegation_chain_entry->subject_attribute); + write_ptr += strlen (dq_entry->delegation_chain_entry->subject_attribute) + 1; + } + memcpy (write_ptr, + dq_entry->delegation_chain_entry->issuer_attribute, + strlen(dq_entry->delegation_chain_entry->issuer_attribute)); + write_ptr += strlen(dq_entry->delegation_chain_entry->issuer_attribute) + 1; + } GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(vrh->client), env); - GNUNET_CONTAINER_DLL_remove (vrh_head, vrh_tail, vrh); - - /** - * TODO: - * - Free DLL - * - Refactor into cleanup_handle() function for this - */ - GNUNET_free (vrh); + cleanup_handle(vrh); GNUNET_STATISTICS_update (statistics, "Completed verifications", 1, @@ -360,20 +486,26 @@ send_lookup_response (struct VerifyRequestHandle *vrh) static void -start_backward_resolution (void* cls, - uint32_t rd_count, - const struct GNUNET_GNSRECORD_Data *rd) +backward_resolution (void* cls, + uint32_t rd_count, + const struct GNUNET_GNSRECORD_Data *rd) { - struct VerifyRequestHandle *vrh = cls; + + struct VerifyRequestHandle *vrh; struct GNUNET_CREDENTIAL_CredentialRecordData *cred; const struct GNUNET_CREDENTIAL_AttributeRecordData *attr; struct CredentialRecordEntry *cred_pointer; - struct AttributeQueueEntry *attr_entry; + struct DelegationQueueEntry *current_delegation; + struct DelegationQueueEntry *dq_entry; char *expanded_attr; - char *check_attr; int i; - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + + + current_delegation = cls; + current_delegation->lookup_request = NULL; + vrh = current_delegation->handle; + vrh->pending_lookups--; + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Got %d attrs\n", rd_count); for (i=0; i < rd_count; i++) @@ -381,131 +513,129 @@ start_backward_resolution (void* cls, if (GNUNET_GNSRECORD_TYPE_ATTRIBUTE != rd[i].record_type) continue; + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Found new attribute delegation. Creating new Job...\n"); attr = rd[i].data; - attr_entry = GNUNET_new (struct AttributeQueueEntry); - attr_entry->data_size = rd[i].data_size; - if (NULL != vrh->current_attribute && - NULL != vrh->current_attribute->attr_trailer) + dq_entry = GNUNET_new (struct DelegationQueueEntry); + if (NULL != current_delegation->attr_trailer) { if (rd[i].data_size == sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData)) { GNUNET_asprintf (&expanded_attr, "%s", - vrh->current_attribute->attr_trailer); + current_delegation->attr_trailer); } else { GNUNET_asprintf (&expanded_attr, "%s.%s", (char*)&attr[1], - vrh->current_attribute->attr_trailer); + current_delegation->attr_trailer); } - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Expanded to %s\n", expanded_attr); - attr_entry->data_size += strlen (vrh->current_attribute->attr_trailer) + 1; + dq_entry->unresolved_attribute_delegation = expanded_attr; } else { - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Not Expanding %s\n", (char*)&attr[1]); + if (rd[i].data_size > sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Not Expanding %s\n", (char*)&attr[1]); + dq_entry->unresolved_attribute_delegation = GNUNET_strdup ((char*)&attr[1]); + } } - attr_entry->data = GNUNET_malloc (attr_entry->data_size); - memcpy (attr_entry->data, - rd[i].data, - rd[i].data_size); - if (NULL != vrh->current_attribute && NULL != vrh->current_attribute->attr_trailer) - { - memcpy ((char*)&attr_entry->data[1], - expanded_attr, - strlen (expanded_attr)); - } - check_attr = (char*)&attr_entry->data[1]; - check_attr[attr_entry->data_size] = '\0'; - attr_entry->parent = vrh->current_attribute; - - GNUNET_CONTAINER_DLL_insert (vrh->attr_queue_head, - vrh->attr_queue_tail, - attr_entry); + + //Add a credential chain entry + dq_entry->delegation_chain_entry = GNUNET_new (struct GNUNET_CREDENTIAL_DelegationChainEntry); + dq_entry->delegation_chain_entry->subject_key = attr->subject_key; + dq_entry->issuer_key = GNUNET_new (struct GNUNET_CRYPTO_EcdsaPublicKey); + GNUNET_memcpy (dq_entry->issuer_key, + &attr->subject_key, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + if (rd[i].data_size > sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData)) + dq_entry->delegation_chain_entry->subject_attribute = GNUNET_strdup ((char*)&attr[1]); + dq_entry->delegation_chain_entry->issuer_key = *current_delegation->issuer_key; + dq_entry->delegation_chain_entry->issuer_attribute = GNUNET_strdup (current_delegation->lookup_attribute); + + dq_entry->parent = current_delegation; + GNUNET_CONTAINER_DLL_insert (current_delegation->children_head, + current_delegation->children_tail, + dq_entry); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Checking for cred match\n"); + /** + * Check if this delegation already matches one of our credentials + */ for(cred_pointer = vrh->cred_chain_head; cred_pointer != NULL; - cred_pointer = cred_pointer->next){ + cred_pointer = cred_pointer->next) + { cred = cred_pointer->data; if(0 != memcmp (&attr->subject_key, &cred_pointer->data->issuer_key, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))) continue; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Checking if %s matches %s\n", - (char*)&attr_entry->data[1], (char*)&cred[1]); + dq_entry->unresolved_attribute_delegation, (char*)&cred[1]); - if (0 != strcmp ((char*)&attr_entry->data[1], (char*)&cred[1])) + if (0 != strcmp (dq_entry->unresolved_attribute_delegation, (char*)&cred[1])) continue; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Found issuer\n"); - vrh->credential = GNUNET_malloc (rd[i].data_size); - memcpy (vrh->credential, - rd[i].data, - rd[i].data_size); - vrh->credential_size = rd[i].data_size; - //Found match + vrh->credential = GNUNET_malloc (cred_pointer->data_size); + vrh->credential_size = cred_pointer->data_size; + vrh->chain_end = dq_entry; + //Found match send_lookup_response (vrh); return; } - } - - + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Building new lookup request\n"); + //Continue with backward resolution + char issuer_attribute_name[strlen (dq_entry->unresolved_attribute_delegation)+1]; + strcpy (issuer_attribute_name, + dq_entry->unresolved_attribute_delegation); + char *next_attr = strtok (issuer_attribute_name, "."); + GNUNET_asprintf (&dq_entry->lookup_attribute, + "%s.gnu", + next_attr); + if (strlen (next_attr) == strlen (dq_entry->unresolved_attribute_delegation)) + { + dq_entry->attr_trailer = NULL; + } else { + next_attr += strlen (next_attr) + 1; + dq_entry->attr_trailer = GNUNET_strdup (next_attr); + } - //Start from next to head - vrh->current_attribute = vrh->attr_queue_head; + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Looking up %s\n", dq_entry->lookup_attribute); + if (NULL != dq_entry->attr_trailer) + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "%s still to go...\n", dq_entry->attr_trailer); + + vrh->pending_lookups++; + dq_entry->handle = vrh; + dq_entry->lookup_request = GNUNET_GNS_lookup (gns, + dq_entry->lookup_attribute, + dq_entry->issuer_key, //issuer_key, + GNUNET_GNSRECORD_TYPE_ATTRIBUTE, + GNUNET_GNS_LO_DEFAULT, + NULL, //shorten_key, always NULL + &backward_resolution, + dq_entry); + } - if(NULL == vrh->current_attribute) + if(0 == vrh->pending_lookups) { - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "We are all out of attributes...\n"); send_lookup_response (vrh); return; - } - - GNUNET_CONTAINER_DLL_remove (vrh->attr_queue_head, - vrh->attr_queue_tail, - vrh->current_attribute); - - - //Start with backward resolution - char issuer_attribute_name[strlen ((char*)&vrh->current_attribute->data[1])]; - char *lookup_attr; - strcpy (issuer_attribute_name, - (char*)&vrh->current_attribute->data[1]); - char *next_attr = strtok (issuer_attribute_name, "."); - GNUNET_asprintf (&lookup_attr, - "%s.gnu", - next_attr); - if (strlen (next_attr) == strlen ((char*)&vrh->current_attribute->data[1])) - { - vrh->current_attribute->attr_trailer = NULL; - } else { - next_attr += strlen (next_attr) + 1; - vrh->current_attribute->attr_trailer = GNUNET_strdup (next_attr); } - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Looking up %s\n", lookup_attr); - if (NULL != vrh->current_attribute->attr_trailer) - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "%s still to go...\n", vrh->current_attribute->attr_trailer); - - vrh->lookup_request = GNUNET_GNS_lookup (gns, - lookup_attr, - &vrh->current_attribute->data->subject_key, //issuer_key, - GNUNET_GNSRECORD_TYPE_ATTRIBUTE, - GNUNET_GNS_LO_DEFAULT, - NULL, //shorten_key, always NULL - &start_backward_resolution, - vrh); - GNUNET_free (lookup_attr); } - /** * Result from GNS lookup. * @@ -519,11 +649,13 @@ handle_credential_query (void* cls, const struct GNUNET_GNSRECORD_Data *rd) { struct VerifyRequestHandle *vrh = cls; - int cred_record_count; - int i; + struct DelegationQueueEntry *dq_entry; const struct GNUNET_CREDENTIAL_CredentialRecordData *crd; struct CredentialRecordEntry *cr_entry; + int cred_record_count; + int i; + vrh->lookup_request = NULL; cred_record_count = 0; for (i=0; i < rd_count; i++) { @@ -561,6 +693,7 @@ handle_credential_query (void* cls, rd[i].data, rd[i].data_size); vrh->credential_size = rd[i].data_size; + vrh->chain_end = NULL; //Found match prematurely send_lookup_response (vrh); return; @@ -576,18 +709,24 @@ handle_credential_query (void* cls, vrh->issuer_attribute); strcpy (issuer_attribute_name + strlen (vrh->issuer_attribute), ".gnu"); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Looking up %s\n", issuer_attribute_name); - + dq_entry = GNUNET_new (struct DelegationQueueEntry); + dq_entry->issuer_key = &vrh->issuer_key; + dq_entry->issuer_attribute = GNUNET_strdup (vrh->issuer_attribute); + dq_entry->handle = vrh; + dq_entry->lookup_attribute = GNUNET_strdup (vrh->issuer_attribute); + vrh->chain_start = dq_entry; + vrh->pending_lookups = 1; //Start with backward resolution - GNUNET_GNS_lookup (gns, - issuer_attribute_name, - &vrh->issuer_key, //issuer_key, - GNUNET_GNSRECORD_TYPE_ATTRIBUTE, - GNUNET_GNS_LO_DEFAULT, - NULL, //shorten_key, always NULL - &start_backward_resolution, - vrh); + dq_entry->lookup_request = GNUNET_GNS_lookup (gns, + issuer_attribute_name, + &vrh->issuer_key, //issuer_key, + GNUNET_GNSRECORD_TYPE_ATTRIBUTE, + GNUNET_GNS_LO_DEFAULT, + NULL, //shorten_key, always NULL + &backward_resolution, + dq_entry); } @@ -610,7 +749,7 @@ handle_verify (void *cls, char *attrptr = attrs; const char *utf_in; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Received VERIFY message\n"); utf_in = (const char *) &v_msg[1]; @@ -644,6 +783,9 @@ handle_verify (void *cls, send_lookup_response (vrh); return; } + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Looking up %s\n", + subject_attribute); /** * First, get attribute from subject */ @@ -669,7 +811,7 @@ client_disconnect_cb (void *cls, struct GNUNET_SERVICE_Client *client, void *app_ctx) { - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Client %p disconnected\n", client); } @@ -687,7 +829,7 @@ client_connect_cb (void *cls, struct GNUNET_SERVICE_Client *client, struct GNUNET_MQ_Handle *mq) { - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Client %p connected\n", client); return client; -- cgit v1.2.3 From 12a3d957faa3932db31ffea0497dd083fd381b86 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Tue, 13 Dec 2016 21:09:11 +0100 Subject: -fix memleaks --- src/credential/gnunet-service-credential.c | 29 ++++++++++++++++++++++++++++- src/gns/gns_api.c | 1 + 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index ea74bd7d2..38d74e2ab 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -298,6 +298,16 @@ cleanup_delegation_queue (struct DelegationQueueEntry *dq_entry) child); cleanup_delegation_queue (child); } + if (NULL != dq_entry->issuer_key) + GNUNET_free (dq_entry->issuer_key); + if (NULL != dq_entry->lookup_attribute) + GNUNET_free (dq_entry->lookup_attribute); + if (NULL != dq_entry->issuer_attribute) + GNUNET_free (dq_entry->issuer_attribute); + if (NULL != dq_entry->unresolved_attribute_delegation) + GNUNET_free (dq_entry->unresolved_attribute_delegation); + if (NULL != dq_entry->attr_trailer) + GNUNET_free (dq_entry->attr_trailer); if (NULL != dq_entry->lookup_request) { GNUNET_GNS_lookup_cancel (dq_entry->lookup_request); @@ -317,6 +327,7 @@ cleanup_delegation_queue (struct DelegationQueueEntry *dq_entry) static void cleanup_handle (struct VerifyRequestHandle *vrh) { + struct CredentialRecordEntry *cr_entry; GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Cleaning up...\n"); if (NULL != vrh->lookup_request) @@ -324,9 +335,22 @@ cleanup_handle (struct VerifyRequestHandle *vrh) GNUNET_GNS_lookup_cancel (vrh->lookup_request); vrh->lookup_request = NULL; } + if (NULL != vrh->credential) + GNUNET_free (vrh->credential); cleanup_delegation_queue (vrh->chain_start); if (NULL != vrh->issuer_attribute) GNUNET_free (vrh->issuer_attribute); + for (cr_entry = vrh->cred_chain_head; + NULL != vrh->cred_chain_head; + cr_entry = vrh->cred_chain_head) + { + GNUNET_CONTAINER_DLL_remove (vrh->cred_chain_head, + vrh->cred_chain_tail, + cr_entry); + if (NULL != cr_entry->data) + GNUNET_free (cr_entry->data); + GNUNET_free (cr_entry); + } GNUNET_free (vrh); } @@ -712,7 +736,10 @@ handle_credential_query (void* cls, GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Looking up %s\n", issuer_attribute_name); dq_entry = GNUNET_new (struct DelegationQueueEntry); - dq_entry->issuer_key = &vrh->issuer_key; + dq_entry->issuer_key = GNUNET_new (struct GNUNET_CRYPTO_EcdsaPublicKey); + memcpy (dq_entry->issuer_key, + &vrh->issuer_key, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); dq_entry->issuer_attribute = GNUNET_strdup (vrh->issuer_attribute); dq_entry->handle = vrh; dq_entry->lookup_attribute = GNUNET_strdup (vrh->issuer_attribute); diff --git a/src/gns/gns_api.c b/src/gns/gns_api.c index 3f6425b42..acb56f2c4 100644 --- a/src/gns/gns_api.c +++ b/src/gns/gns_api.c @@ -357,6 +357,7 @@ handle_result (void *cls, GNUNET_CONTAINER_DLL_remove (handle->lookup_head, handle->lookup_tail, lr); + GNUNET_free (lr->env); GNUNET_free (lr); GNUNET_assert (GNUNET_OK == GNUNET_GNSRECORD_records_deserialize (mlen, -- cgit v1.2.3 From 80bdda1c79efb648cb56bdfb63da0c2c0db3ff45 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Wed, 14 Dec 2016 07:52:23 +0100 Subject: -add serializer --- src/credential/Makefile.am | 6 +- src/credential/credential.h | 2 +- src/credential/credential_api.c | 24 ++-- src/credential/credential_serialization.c | 215 +++++++++++++++++++++++++++++ src/credential/credential_serialization.h | 81 +++++++++++ src/credential/gnunet-credential.c | 38 ++++- src/credential/gnunet-service-credential.c | 114 +++++++++------ src/credential/plugin_rest_credential.c | 63 +++++---- src/credential/test_credential_verify.sh | 5 +- src/include/gnunet_credential_service.h | 69 ++++++++- 10 files changed, 530 insertions(+), 87 deletions(-) create mode 100644 src/credential/credential_serialization.c create mode 100644 src/credential/credential_serialization.h diff --git a/src/credential/Makefile.am b/src/credential/Makefile.am index 13da9dc0f..51dbb34d7 100644 --- a/src/credential/Makefile.am +++ b/src/credential/Makefile.am @@ -63,8 +63,9 @@ libgnunet_plugin_gnsrecord_credential_la_LDFLAGS = \ gnunet_service_credential_SOURCES = \ - gnunet-service-credential.c + gnunet-service-credential.c gnunet_service_credential_LDADD = \ + libgnunetcredential.la \ $(top_builddir)/src/util/libgnunetutil.la \ $(top_builddir)/src/gns/libgnunetgns.la \ $(top_builddir)/src/statistics/libgnunetstatistics.la \ @@ -72,7 +73,8 @@ gnunet_service_credential_LDADD = \ libgnunetcredential_la_SOURCES = \ - credential_api.c credential.h + credential_api.c credential.h \ + credential_serialization.c libgnunetcredential_la_LIBADD = \ $(top_builddir)/src/util/libgnunetutil.la $(XLIB) libgnunetcredential_la_LDFLAGS = \ diff --git a/src/credential/credential.h b/src/credential/credential.h index d52776cfa..209fcdcaa 100644 --- a/src/credential/credential.h +++ b/src/credential/credential.h @@ -92,7 +92,7 @@ struct VerifyResultMessage /** * The number of credentials in the response */ - uint32_t cd_count GNUNET_PACKED; + uint32_t d_count GNUNET_PACKED; /* followed by ad_count GNUNET_CREDENTIAL_RecordData structs*/ diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index 54a02484d..cae670206 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c @@ -30,6 +30,7 @@ #include "gnunet_protocols.h" #include "gnunet_signatures.h" #include "credential.h" +#include "credential_serialization.h" #include "gnunet_credential_service.h" #include "gnunet_identity_service.h" @@ -213,6 +214,10 @@ handle_result (void *cls, struct GNUNET_CREDENTIAL_Handle *handle = cls; uint32_t r_id = ntohl (vr_msg->id); struct GNUNET_CREDENTIAL_Request *vr; + size_t mlen = ntohs (vr_msg->header.size) - sizeof (*vr_msg); + uint32_t d_count = ntohl (vr_msg->d_count); + struct GNUNET_CREDENTIAL_Delegation d_chain[d_count]; + struct GNUNET_CREDENTIAL_Credential cred; GNUNET_CREDENTIAL_VerifyResultProcessor proc; void *proc_cls; @@ -229,24 +234,23 @@ handle_result (void *cls, handle->verify_tail, vr); GNUNET_free (vr); - /** GNUNET_assert (GNUNET_OK == - GNUNET_CREDENTIAL_records_deserialize (mlen, - (const char*) &lookup_msg[1], - rd_count, - rd)); - */ + GNUNET_CREDENTIAL_delegation_chain_deserialize (mlen, + (const char*) &vr_msg[1], + d_count, + d_chain, + &cred)); if (GNUNET_NO == ntohl (vr_msg->cred_found)) { proc (proc_cls, - NULL, 0, + NULL, NULL); // TODO } else { proc (proc_cls, - (struct GNUNET_CREDENTIAL_CredentialRecordData*) &vr_msg[1], - 0, - NULL); + d_count, + d_chain, + &cred); } } diff --git a/src/credential/credential_serialization.c b/src/credential/credential_serialization.c new file mode 100644 index 000000000..2fbcebd9f --- /dev/null +++ b/src/credential/credential_serialization.c @@ -0,0 +1,215 @@ +/* + This file is part of GNUnet. + Copyright (C) 2009-2013, 2016 GNUnet e.V. + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. +*/ + + +/** + * @file credential/credential_serialization.c + * @brief API to serialize and deserialize delegation chains + * and credentials + * @author Martin Schanzenbach + */ +#include "platform.h" +#include "gnunet_util_lib.h" +#include "gnunet_constants.h" +#include "gnunet_credential_service.h" + +GNUNET_NETWORK_STRUCT_BEGIN + +struct NetworkRecord +{ + /** + * Issuer key + */ + struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; + + /** + * Subject key + */ + struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; + + /** + * Issuer attributes + */ + uint32_t issuer_attribute_len GNUNET_PACKED; + + /** + * Subject attributes + */ + uint32_t subject_attribute_len GNUNET_PACKED; +}; + +GNUNET_NETWORK_STRUCT_END + +/** + * Calculate how many bytes we will need to serialize + * the given delegation chain and credential + * + * @param d_count number of delegation chain entries + * @param dd array of #GNUNET_CREDENTIAL_Delegation + * @param cd a #GNUNET_CREDENTIAL_Credential + * @return the required size to serialize + */ +size_t +GNUNET_CREDENTIAL_delegation_chain_get_size (unsigned int d_count, + const struct GNUNET_CREDENTIAL_Delegation *dd, + const struct GNUNET_CREDENTIAL_Credential *cd) +{ + unsigned int i; + size_t ret; + + ret = sizeof (struct NetworkRecord) * (d_count + 1); + + for (i=0; i= ret); + ret += dd[i].issuer_attribute_len + dd[i].subject_attribute_len; + } + GNUNET_assert ((ret + cd->issuer_attribute_len) >= ret); + ret += cd->issuer_attribute_len; + return ret; +} + +/** + * Serizalize the given delegation chain entries and credential + * + * @param d_count number of delegation chain entries + * @param dd array of #GNUNET_CREDENTIAL_Delegation + * @param cd a #GNUNET_CREDENTIAL_Credential + * @param dest_size size of the destination + * @param dest where to store the result + * @return the size of the data, -1 on failure + */ +ssize_t +GNUNET_CREDENTIAL_delegation_chain_serialize (unsigned int d_count, + const struct GNUNET_CREDENTIAL_Delegation *dd, + const struct GNUNET_CREDENTIAL_Credential *cd, + size_t dest_size, + char *dest) +{ + struct NetworkRecord rec; + unsigned int i; + size_t off; + + off = 0; + for (i=0;i dest_size) + return -1; + GNUNET_memcpy (&dest[off], + &rec, + sizeof (rec)); + off += sizeof (rec); + if (off + dd[i].issuer_attribute_len > dest_size) + return -1; + GNUNET_memcpy (&dest[off], + dd[i].issuer_attribute, + dd[i].issuer_attribute_len); + off += dd[i].issuer_attribute_len; + if (0 == dd[i].subject_attribute_len) + continue; + if (off + dd[i].subject_attribute_len > dest_size) + return -1; + GNUNET_memcpy (&dest[off], + dd[i].subject_attribute, + dd[i].subject_attribute_len); + off += dd[i].subject_attribute_len; + } + rec.issuer_attribute_len = htonl ((uint32_t) cd->issuer_attribute_len); + rec.subject_attribute_len = htonl (0); + rec.issuer_key = cd->issuer_key; + if (off + sizeof (rec) > dest_size) + return -1; + GNUNET_memcpy (&dest[off], + &rec, + sizeof (rec)); + off += sizeof (rec); + if (off + cd->issuer_attribute_len > dest_size) + return -1; + GNUNET_memcpy (&dest[off], + cd->issuer_attribute, + cd->issuer_attribute_len); + off += cd->issuer_attribute_len; + + return off; +} + + +/** + * Deserialize the given destination + * + * @param len size of the serialized delegation chain and cred + * @param src the serialized data + * @param d_count the number of delegation chain entries + * @param dd where to put the delegation chain entries + * @param cd where to put the credential data + * @return #GNUNET_OK on success, #GNUNET_SYSERR on error + */ +int +GNUNET_CREDENTIAL_delegation_chain_deserialize (size_t len, + const char *src, + unsigned int d_count, + struct GNUNET_CREDENTIAL_Delegation *dd, + struct GNUNET_CREDENTIAL_Credential *cd) +{ + struct NetworkRecord rec; + unsigned int i; + size_t off; + + off = 0; + for (i=0;i len) + return GNUNET_SYSERR; + GNUNET_memcpy (&rec, &src[off], sizeof (rec)); + dd[i].issuer_attribute_len = ntohl ((uint32_t) rec.issuer_attribute_len); + dd[i].issuer_key = rec.issuer_key; + dd[i].subject_key = rec.subject_key; + off += sizeof (rec); + if (off + dd[i].issuer_attribute_len > len) + return GNUNET_SYSERR; + dd[i].issuer_attribute = &src[off]; + off += dd[i].issuer_attribute_len; + dd[i].subject_attribute_len = ntohl ((uint32_t) rec.subject_attribute_len); + if (off + dd[i].subject_attribute_len > len) + return GNUNET_SYSERR; + dd[i].subject_attribute = &src[off]; + off += dd[i].subject_attribute_len; + } + if (off + sizeof (rec) > len) + return GNUNET_SYSERR; + GNUNET_memcpy (&rec, &src[off], sizeof (rec)); + cd->issuer_attribute_len = ntohl ((uint32_t) rec.issuer_attribute_len); + cd->issuer_key = rec.issuer_key; + cd->subject_key = rec.subject_key; + off += sizeof (rec); + if (off + cd->issuer_attribute_len > len) + return GNUNET_SYSERR; + cd->issuer_attribute = &src[off]; + off += cd->issuer_attribute_len; + return GNUNET_OK; +} + +/* end of credential_serialization.c */ diff --git a/src/credential/credential_serialization.h b/src/credential/credential_serialization.h new file mode 100644 index 000000000..7e984ce0a --- /dev/null +++ b/src/credential/credential_serialization.h @@ -0,0 +1,81 @@ +/* + This file is part of GNUnet. + Copyright (C) 2009-2013, 2016 GNUnet e.V. + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. +*/ + + +/** + * @file credential/credential_serialization.h + * @brief API to serialize and deserialize delegation chains + * and credentials + * @author Martin Schanzenbach + */ +#include "platform.h" +#include "gnunet_util_lib.h" +#include "gnunet_constants.h" +#include "gnunet_credential_service.h" + +/** + * Calculate how many bytes we will need to serialize + * the given delegation chain and credential + * + * @param d_count number of delegation chain entries + * @param dd array of #GNUNET_CREDENTIAL_Delegation + * @param cd a #GNUNET_CREDENTIAL_Credential + * @return the required size to serialize + */ +size_t +GNUNET_CREDENTIAL_delegation_chain_get_size (unsigned int d_count, + const struct GNUNET_CREDENTIAL_Delegation *dd, + const struct GNUNET_CREDENTIAL_Credential *cd); + +/** + * Serizalize the given delegation chain entries and credential + * + * @param d_count number of delegation chain entries + * @param dd array of #GNUNET_CREDENTIAL_Delegation + * @param cd a #GNUNET_CREDENTIAL_Credential + * @param dest_size size of the destination + * @param dest where to store the result + * @return the size of the data, -1 on failure + */ +ssize_t +GNUNET_CREDENTIAL_delegation_chain_serialize (unsigned int d_count, + const struct GNUNET_CREDENTIAL_Delegation *dd, + const struct GNUNET_CREDENTIAL_Credential *cd, + size_t dest_size, + char *dest); + + +/** + * Deserialize the given destination + * + * @param len size of the serialized delegation chain and cred + * @param src the serialized data + * @param d_count the number of delegation chain entries + * @param dd where to put the delegation chain entries + * @param cd where to put the credential data + * @return #GNUNET_OK on success, #GNUNET_SYSERR on error + */ +int +GNUNET_CREDENTIAL_delegation_chain_deserialize (size_t len, + const char *src, + unsigned int d_count, + struct GNUNET_CREDENTIAL_Delegation *dd, + struct GNUNET_CREDENTIAL_Credential *cd); +/* end of credential_serialization.h */ diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index d728f533d..82f0e349c 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c @@ -157,17 +157,43 @@ do_timeout (void *cls) */ static void handle_verify_result (void *cls, - struct GNUNET_CREDENTIAL_CredentialRecordData *cred, - uint32_t delegation_count, - struct GNUNET_CREDENTIAL_AttributeRecordData *deleg) + unsigned int d_count, + struct GNUNET_CREDENTIAL_Delegation *dc, + struct GNUNET_CREDENTIAL_Credential *cred) { - + int i; verify_request = NULL; if (NULL == cred) - printf ("Verify failed.\n"); + printf ("Failed.\n"); else + { + for (i=0;icredential_size; + struct GNUNET_CREDENTIAL_Delegation dd[vrh->d_count]; + struct GNUNET_CREDENTIAL_Credential cred; GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Sending response\n"); - - for (dq_entry = vrh->chain_end; NULL != dq_entry; dq_entry = dq_entry->parent) + dq_entry = vrh->chain_end; + for (int i=0; id_count; i++) { - if (NULL == dq_entry->delegation_chain_entry) - break; - size += sizeof (struct GNUNET_CREDENTIAL_DelegationChainEntry); + dd[i].issuer_key = dq_entry->delegation_chain_entry->issuer_key; + dd[i].subject_key = dq_entry->delegation_chain_entry->subject_key; + dd[i].issuer_attribute = dq_entry->delegation_chain_entry->issuer_attribute; + dd[i].issuer_attribute_len = strlen (dq_entry->delegation_chain_entry->issuer_attribute); + dd[i].subject_attribute_len = 0; if (NULL != dq_entry->delegation_chain_entry->subject_attribute) - size += strlen (dq_entry->delegation_chain_entry->subject_attribute) + 1; - size += strlen(dq_entry->delegation_chain_entry->issuer_attribute) + 1; + { + dd[i].subject_attribute = dq_entry->delegation_chain_entry->subject_attribute; + dd[i].subject_attribute_len = strlen(dq_entry->delegation_chain_entry->subject_attribute); + } + dq_entry = dq_entry->parent; } + /** + * Get serialized record data + * Append at the end of rmsg + */ + cred.issuer_key = vrh->credential->issuer_key; + cred.subject_key = vrh->credential->issuer_key; + cred.issuer_attribute_len = strlen((char*)&vrh->credential[1]); + cred.issuer_attribute = (char*)&vrh->credential[1]; + size = GNUNET_CREDENTIAL_delegation_chain_get_size (vrh->d_count, + dd, + &cred); env = GNUNET_MQ_msg_extra (rmsg, size, GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT); //Assign id so that client can find associated request rmsg->id = vrh->request_id; - rmsg->cd_count = htonl (vrh->cred_chain_entries); - - /** - * Get serialized record data - * Append at the end of rmsg - */ - rmsg->cred_found = htonl (GNUNET_NO); + rmsg->d_count = htonl (vrh->d_count); if (NULL != vrh->credential) - { - memcpy (&rmsg[1], - vrh->credential, - vrh->credential_size); rmsg->cred_found = htonl (GNUNET_YES); - } + else + rmsg->cred_found = htonl (GNUNET_NO); + + GNUNET_assert (-1 != GNUNET_CREDENTIAL_delegation_chain_serialize (vrh->d_count, + dd, + &cred, + size, + (char*)&rmsg[1])); + + + /*for (dq_entry = vrh->chain_end; NULL != dq_entry; dq_entry = dq_entry->parent) + { + if (NULL == dq_entry->delegation_chain_entry) + break; + size += sizeof (struct GNUNET_CREDENTIAL_DelegationChainEntry); + if (NULL != dq_entry->delegation_chain_entry->subject_attribute) + size += strlen (dq_entry->delegation_chain_entry->subject_attribute) + 1; + size += strlen(dq_entry->delegation_chain_entry->issuer_attribute) + 1; + d_count++; + }*/ + //TODO refactor into serializer module - write_ptr = (char*)&rmsg[1] + vrh->credential_size; - for (dq_entry = vrh->chain_end; NULL != dq_entry; dq_entry = dq_entry->parent) - { + /*write_ptr = (char*)&rmsg[1] + vrh->credential_size; + for (dq_entry = vrh->chain_end; NULL != dq_entry; dq_entry = dq_entry->parent) + { if (NULL == dq_entry->delegation_chain_entry) - break; + break; memcpy (write_ptr, - dq_entry->delegation_chain_entry, - sizeof (struct GNUNET_CREDENTIAL_DelegationChainEntry)); + dq_entry->delegation_chain_entry, + sizeof (struct GNUNET_CREDENTIAL_DelegationChainEntry)); write_ptr += sizeof (struct GNUNET_CREDENTIAL_DelegationChainEntry); if (NULL != dq_entry->delegation_chain_entry->subject_attribute) { - GNUNET_snprintf (write_ptr, - strlen (dq_entry->delegation_chain_entry->subject_attribute) + 2, - "%s;", - dq_entry->delegation_chain_entry->subject_attribute); - write_ptr += strlen (dq_entry->delegation_chain_entry->subject_attribute) + 1; + GNUNET_snprintf (write_ptr, + strlen (dq_entry->delegation_chain_entry->subject_attribute) + 2, + "%s;", + dq_entry->delegation_chain_entry->subject_attribute); + write_ptr += strlen (dq_entry->delegation_chain_entry->subject_attribute) + 1; } memcpy (write_ptr, - dq_entry->delegation_chain_entry->issuer_attribute, - strlen(dq_entry->delegation_chain_entry->issuer_attribute)); + dq_entry->delegation_chain_entry->issuer_attribute, + strlen(dq_entry->delegation_chain_entry->issuer_attribute)); write_ptr += strlen(dq_entry->delegation_chain_entry->issuer_attribute) + 1; - } + }*/ GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(vrh->client), env); GNUNET_CONTAINER_DLL_remove (vrh_head, vrh_tail, vrh); @@ -580,6 +613,7 @@ backward_resolution (void* cls, dq_entry->delegation_chain_entry->issuer_attribute = GNUNET_strdup (current_delegation->lookup_attribute); dq_entry->parent = current_delegation; + dq_entry->d_count = current_delegation->d_count + 1; GNUNET_CONTAINER_DLL_insert (current_delegation->children_head, current_delegation->children_tail, dq_entry); @@ -608,6 +642,7 @@ backward_resolution (void* cls, vrh->credential = GNUNET_malloc (cred_pointer->data_size); vrh->credential_size = cred_pointer->data_size; vrh->chain_end = dq_entry; + vrh->d_count = dq_entry->d_count; //Found match send_lookup_response (vrh); return; @@ -743,6 +778,7 @@ handle_credential_query (void* cls, dq_entry->issuer_attribute = GNUNET_strdup (vrh->issuer_attribute); dq_entry->handle = vrh; dq_entry->lookup_attribute = GNUNET_strdup (vrh->issuer_attribute); + dq_entry->d_count = 0; vrh->chain_start = dq_entry; vrh->pending_lookups = 1; //Start with backward resolution diff --git a/src/credential/plugin_rest_credential.c b/src/credential/plugin_rest_credential.c index 137f55c47..798f76049 100644 --- a/src/credential/plugin_rest_credential.c +++ b/src/credential/plugin_rest_credential.c @@ -186,22 +186,45 @@ do_error (void *cls) * @return JSON, NULL if failed */ static json_t* -attribute_delegation_to_json (struct GNUNET_CREDENTIAL_AttributeRecordData *attr) +attribute_delegation_to_json (struct GNUNET_CREDENTIAL_Delegation *delegation_chain_entry) { char *subject; - char *attribute; + char *issuer; + char iss_attribute[delegation_chain_entry->issuer_attribute_len]; + char sub_attribute[delegation_chain_entry->subject_attribute_len]; json_t *attr_obj; - subject = GNUNET_CRYPTO_ecdsa_public_key_to_string (&attr->subject_key); + issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string (&delegation_chain_entry->issuer_key); + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Issuer in delegation malformed\n"); + return NULL; + } + subject = GNUNET_CRYPTO_ecdsa_public_key_to_string (&delegation_chain_entry->subject_key); { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Subject in credential malformed\n"); + GNUNET_free (issuer); return NULL; } - attribute = (char*)&attr[1]; attr_obj = json_object (); + memcpy (iss_attribute, + delegation_chain_entry->issuer_attribute, + delegation_chain_entry->issuer_attribute_len); + iss_attribute[delegation_chain_entry->issuer_attribute_len] = '\0'; + json_object_set_new (attr_obj, "subject", json_string (subject)); - json_object_set_new (attr_obj, "attribute", json_string (attribute)); + json_object_set_new (attr_obj, "issuer", json_string (issuer)); + json_object_set_new (attr_obj, "issuer_attribute", json_string (iss_attribute)); + + if (0 < delegation_chain_entry->subject_attribute_len) + { + memcpy (sub_attribute, + delegation_chain_entry->subject_attribute, + delegation_chain_entry->subject_attribute_len); + sub_attribute[delegation_chain_entry->subject_attribute_len] = '\0'; + json_object_set_new (attr_obj, "subject_attribute", json_string (sub_attribute)); + } GNUNET_free (subject); return attr_obj; } @@ -212,14 +235,11 @@ attribute_delegation_to_json (struct GNUNET_CREDENTIAL_AttributeRecordData *attr * @return the resulting json, NULL if failed */ static json_t* -credential_to_json (struct GNUNET_CREDENTIAL_CredentialRecordData *cred) +credential_to_json (struct GNUNET_CREDENTIAL_Credential *cred) { - struct GNUNET_TIME_Absolute exp; - const char* exp_str; char *issuer; char *subject; - char *attribute; - char *signature; + char attribute[cred->issuer_attribute_len + 1]; json_t *cred_obj; issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->issuer_key); @@ -237,21 +257,16 @@ credential_to_json (struct GNUNET_CREDENTIAL_CredentialRecordData *cred) GNUNET_free (issuer); return NULL; } - GNUNET_STRINGS_base64_encode ((char*)&cred->signature, - sizeof (struct GNUNET_CRYPTO_EcdsaSignature), - &signature); - attribute = (char*)&cred[1]; - exp.abs_value_us = ntohs (cred->expiration); - exp_str = GNUNET_STRINGS_absolute_time_to_string (exp); + memcpy (attribute, + cred->issuer_attribute, + cred->issuer_attribute_len); + attribute[cred->issuer_attribute_len] = '\0'; cred_obj = json_object (); json_object_set_new (cred_obj, "issuer", json_string (issuer)); json_object_set_new (cred_obj, "subject", json_string (subject)); json_object_set_new (cred_obj, "attribute", json_string (attribute)); - json_object_set_new (cred_obj, "signature", json_string (signature)); - json_object_set_new (cred_obj, "expiration", json_string (exp_str)); GNUNET_free (issuer); GNUNET_free (subject); - GNUNET_free (signature); return cred_obj; } @@ -264,9 +279,9 @@ credential_to_json (struct GNUNET_CREDENTIAL_CredentialRecordData *cred) */ static void handle_verify_response (void *cls, - struct GNUNET_CREDENTIAL_CredentialRecordData *cred, - uint32_t delegation_count, - struct GNUNET_CREDENTIAL_AttributeRecordData *deleg) + unsigned int d_count, + struct GNUNET_CREDENTIAL_Delegation *delegation_chain, + struct GNUNET_CREDENTIAL_Credential *cred) { struct VerifyHandle *handle = cls; @@ -292,9 +307,9 @@ handle_verify_response (void *cls, handle->issuer_attr); cred_obj = credential_to_json (cred); result_array = json_array (); - for (i = 0; i < delegation_count; i++) + for (i = 0; i < d_count; i++) { - attr_obj = attribute_delegation_to_json (&(deleg[i])); + attr_obj = attribute_delegation_to_json (&delegation_chain[i]); json_array_append (result_array, attr_obj); json_decref (attr_obj); } diff --git a/src/credential/test_credential_verify.sh b/src/credential/test_credential_verify.sh index 3b76d20e5..012341f5f 100755 --- a/src/credential/test_credential_verify.sh +++ b/src/credential/test_credential_verify.sh @@ -67,10 +67,11 @@ gnunet-namestore -z gnunet -d -n $MEMBER_ATTR -t ATTR -c test_credential_lookup. gnunet-namestore -z service -d -n $USER_ATTR -t ATTR -c test_credential_lookup.conf gnunet-arm -e -c test_credential_lookup.conf -if [ "$RES_CRED" == "Successful." ] +if [ "$RES_CRED" != "Failed." ] then + echo $RES_CRED exit 0 else - echo "FAIL: Failed to verify credential $RES_IP." + echo "FAIL: Failed to verify credential $RES_CRED." exit 1 fi diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h index 549c25ef8..ba72b752b 100644 --- a/src/include/gnunet_credential_service.h +++ b/src/include/gnunet_credential_service.h @@ -125,6 +125,69 @@ struct GNUNET_CREDENTIAL_AttributeRecordData { */ }; +/** + * A delegation +*/ +struct GNUNET_CREDENTIAL_Delegation { + + /** + * The issuer of the delegation + */ + struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; + + /** + * Public key of the subject this attribute was delegated to + */ + struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; + + /** + * Length of the attribute + */ + uint32_t issuer_attribute_len; + + /** + * The attribute + */ + const char *issuer_attribute; + + /** + * Length of the attribute + */ + uint32_t subject_attribute_len; + + /** + * The attribute + */ + const char *subject_attribute; +}; + + +/** + * A credential +*/ +struct GNUNET_CREDENTIAL_Credential { + + /** + * The issuer of the credential + */ + struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; + + /** + * Public key of the subject this credential was issued to + */ + struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; + + /** + * Length of the attribute + */ + uint32_t issuer_attribute_len; + + /** + * The attribute + */ + const char *issuer_attribute; + +}; GNUNET_NETWORK_STRUCT_END @@ -159,9 +222,9 @@ GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle); * @param rd the records in reply */ typedef void (*GNUNET_CREDENTIAL_VerifyResultProcessor) (void *cls, - struct GNUNET_CREDENTIAL_CredentialRecordData *credential, - uint32_t delegation_length, - struct GNUNET_CREDENTIAL_AttributeRecordData *delegation_chain); + unsigned int d_count, + struct GNUNET_CREDENTIAL_Delegation *delegation_chain, + struct GNUNET_CREDENTIAL_Credential *credential); /** * Iterator called on obtained result for an attribute delegation. -- cgit v1.2.3 From 8052eb6445f29eec791e7c473a15334a66c91141 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Wed, 14 Dec 2016 08:18:14 +0100 Subject: -fix gns mq; fix serializer --- src/credential/gnunet-credential.c | 23 +++++------------ src/credential/gnunet-service-credential.c | 41 +++--------------------------- src/credential/plugin_rest_credential.c | 16 +++--------- src/gns/gns_api.c | 12 +++++---- 4 files changed, 21 insertions(+), 71 deletions(-) diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index 82f0e349c..a728939dc 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c @@ -170,27 +170,18 @@ handle_verify_result (void *cls, { for (i=0;idelegation_chain_entry->issuer_key; dd[i].subject_key = dq_entry->delegation_chain_entry->subject_key; dd[i].issuer_attribute = dq_entry->delegation_chain_entry->issuer_attribute; - dd[i].issuer_attribute_len = strlen (dq_entry->delegation_chain_entry->issuer_attribute); + dd[i].issuer_attribute_len = strlen (dq_entry->delegation_chain_entry->issuer_attribute)+1; dd[i].subject_attribute_len = 0; if (NULL != dq_entry->delegation_chain_entry->subject_attribute) { dd[i].subject_attribute = dq_entry->delegation_chain_entry->subject_attribute; - dd[i].subject_attribute_len = strlen(dq_entry->delegation_chain_entry->subject_attribute); + dd[i].subject_attribute_len = strlen(dq_entry->delegation_chain_entry->subject_attribute)+1; } dq_entry = dq_entry->parent; } @@ -471,7 +471,7 @@ send_lookup_response (struct VerifyRequestHandle *vrh) * Get serialized record data * Append at the end of rmsg */ - cred.issuer_key = vrh->credential->issuer_key; + cred.issuer_key = vrh->credential->issuer_key; cred.subject_key = vrh->credential->issuer_key; cred.issuer_attribute_len = strlen((char*)&vrh->credential[1]); cred.issuer_attribute = (char*)&vrh->credential[1]; @@ -496,41 +496,6 @@ send_lookup_response (struct VerifyRequestHandle *vrh) size, (char*)&rmsg[1])); - - /*for (dq_entry = vrh->chain_end; NULL != dq_entry; dq_entry = dq_entry->parent) - { - if (NULL == dq_entry->delegation_chain_entry) - break; - size += sizeof (struct GNUNET_CREDENTIAL_DelegationChainEntry); - if (NULL != dq_entry->delegation_chain_entry->subject_attribute) - size += strlen (dq_entry->delegation_chain_entry->subject_attribute) + 1; - size += strlen(dq_entry->delegation_chain_entry->issuer_attribute) + 1; - d_count++; - }*/ - - //TODO refactor into serializer module - /*write_ptr = (char*)&rmsg[1] + vrh->credential_size; - for (dq_entry = vrh->chain_end; NULL != dq_entry; dq_entry = dq_entry->parent) - { - if (NULL == dq_entry->delegation_chain_entry) - break; - memcpy (write_ptr, - dq_entry->delegation_chain_entry, - sizeof (struct GNUNET_CREDENTIAL_DelegationChainEntry)); - write_ptr += sizeof (struct GNUNET_CREDENTIAL_DelegationChainEntry); - if (NULL != dq_entry->delegation_chain_entry->subject_attribute) - { - GNUNET_snprintf (write_ptr, - strlen (dq_entry->delegation_chain_entry->subject_attribute) + 2, - "%s;", - dq_entry->delegation_chain_entry->subject_attribute); - write_ptr += strlen (dq_entry->delegation_chain_entry->subject_attribute) + 1; - } - memcpy (write_ptr, - dq_entry->delegation_chain_entry->issuer_attribute, - strlen(dq_entry->delegation_chain_entry->issuer_attribute)); - write_ptr += strlen(dq_entry->delegation_chain_entry->issuer_attribute) + 1; - }*/ GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(vrh->client), env); GNUNET_CONTAINER_DLL_remove (vrh_head, vrh_tail, vrh); diff --git a/src/credential/plugin_rest_credential.c b/src/credential/plugin_rest_credential.c index 798f76049..cdd0e86e9 100644 --- a/src/credential/plugin_rest_credential.c +++ b/src/credential/plugin_rest_credential.c @@ -190,8 +190,6 @@ attribute_delegation_to_json (struct GNUNET_CREDENTIAL_Delegation *delegation_ch { char *subject; char *issuer; - char iss_attribute[delegation_chain_entry->issuer_attribute_len]; - char sub_attribute[delegation_chain_entry->subject_attribute_len]; json_t *attr_obj; issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string (&delegation_chain_entry->issuer_key); @@ -208,22 +206,16 @@ attribute_delegation_to_json (struct GNUNET_CREDENTIAL_Delegation *delegation_ch return NULL; } attr_obj = json_object (); - memcpy (iss_attribute, - delegation_chain_entry->issuer_attribute, - delegation_chain_entry->issuer_attribute_len); - iss_attribute[delegation_chain_entry->issuer_attribute_len] = '\0'; json_object_set_new (attr_obj, "subject", json_string (subject)); json_object_set_new (attr_obj, "issuer", json_string (issuer)); - json_object_set_new (attr_obj, "issuer_attribute", json_string (iss_attribute)); + json_object_set_new (attr_obj, "issuer_attribute", + json_string (delegation_chain_entry->issuer_attribute)); if (0 < delegation_chain_entry->subject_attribute_len) { - memcpy (sub_attribute, - delegation_chain_entry->subject_attribute, - delegation_chain_entry->subject_attribute_len); - sub_attribute[delegation_chain_entry->subject_attribute_len] = '\0'; - json_object_set_new (attr_obj, "subject_attribute", json_string (sub_attribute)); + json_object_set_new (attr_obj, "subject_attribute", + json_string (delegation_chain_entry->subject_attribute)); } GNUNET_free (subject); return attr_obj; diff --git a/src/gns/gns_api.c b/src/gns/gns_api.c index acb56f2c4..5ad7b4fae 100644 --- a/src/gns/gns_api.c +++ b/src/gns/gns_api.c @@ -354,11 +354,7 @@ handle_result (void *cls, return; proc = lr->lookup_proc; proc_cls = lr->proc_cls; - GNUNET_CONTAINER_DLL_remove (handle->lookup_head, - handle->lookup_tail, - lr); - GNUNET_free (lr->env); - GNUNET_free (lr); + GNUNET_assert (GNUNET_OK == GNUNET_GNSRECORD_records_deserialize (mlen, (const char*) &lookup_msg[1], @@ -367,6 +363,12 @@ handle_result (void *cls, proc (proc_cls, rd_count, rd); + GNUNET_CONTAINER_DLL_remove (handle->lookup_head, + handle->lookup_tail, + lr); + if (NULL != lr->env) + GNUNET_MQ_discard (lr->env); + GNUNET_free (lr); } -- cgit v1.2.3 From a80e5610fe689631da94242e05f5ad85b21b6b4d Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Wed, 14 Dec 2016 08:35:22 +0100 Subject: -fix --- src/credential/gnunet-credential.c | 19 +++++++++++++++---- src/credential/gnunet-service-credential.c | 14 +++++++++++--- src/credential/test_credential_verify.sh | 3 ++- 3 files changed, 28 insertions(+), 8 deletions(-) diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index a728939dc..41b17ef66 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c @@ -162,26 +162,37 @@ handle_verify_result (void *cls, struct GNUNET_CREDENTIAL_Credential *cred) { int i; + char* iss_key; + char* sub_key; verify_request = NULL; if (NULL == cred) printf ("Failed.\n"); else { + iss_key = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->issuer_key); + sub_key = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->subject_key); + printf ("(0) %s.%s <- %s (Subject)\n", + iss_key, cred->issuer_attribute, + sub_key); + GNUNET_free (iss_key); + GNUNET_free (sub_key); for (i=0;icredential->issuer_key; - cred.subject_key = vrh->credential->issuer_key; + cred.subject_key = vrh->credential->subject_key; cred.issuer_attribute_len = strlen((char*)&vrh->credential[1]); cred.issuer_attribute = (char*)&vrh->credential[1]; size = GNUNET_CREDENTIAL_delegation_chain_get_size (vrh->d_count, @@ -520,6 +520,7 @@ backward_resolution (void* cls, struct DelegationQueueEntry *current_delegation; struct DelegationQueueEntry *dq_entry; char *expanded_attr; + char *lookup_attribute; int i; @@ -605,6 +606,9 @@ backward_resolution (void* cls, GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Found issuer\n"); vrh->credential = GNUNET_malloc (cred_pointer->data_size); + memcpy (vrh->credential, + cred, + cred_pointer->data_size); vrh->credential_size = cred_pointer->data_size; vrh->chain_end = dq_entry; vrh->d_count = dq_entry->d_count; @@ -620,9 +624,12 @@ backward_resolution (void* cls, strcpy (issuer_attribute_name, dq_entry->unresolved_attribute_delegation); char *next_attr = strtok (issuer_attribute_name, "."); - GNUNET_asprintf (&dq_entry->lookup_attribute, + GNUNET_asprintf (&lookup_attribute, "%s.gnu", next_attr); + GNUNET_asprintf (&dq_entry->lookup_attribute, + "%s", + next_attr); if (strlen (next_attr) == strlen (dq_entry->unresolved_attribute_delegation)) { dq_entry->attr_trailer = NULL; @@ -640,13 +647,14 @@ backward_resolution (void* cls, vrh->pending_lookups++; dq_entry->handle = vrh; dq_entry->lookup_request = GNUNET_GNS_lookup (gns, - dq_entry->lookup_attribute, + lookup_attribute, dq_entry->issuer_key, //issuer_key, GNUNET_GNSRECORD_TYPE_ATTRIBUTE, GNUNET_GNS_LO_DEFAULT, NULL, //shorten_key, always NULL &backward_resolution, dq_entry); + GNUNET_free (lookup_attribute); } if(0 == vrh->pending_lookups) diff --git a/src/credential/test_credential_verify.sh b/src/credential/test_credential_verify.sh index 012341f5f..6d69e337b 100755 --- a/src/credential/test_credential_verify.sh +++ b/src/credential/test_credential_verify.sh @@ -60,6 +60,7 @@ gnunet-namestore -p -z alice -a -n $TEST_CREDENTIAL -t CRED -V "$CRED" -e 5m -c #TODO2 Add -z swich like in gnunet-gns RES_CRED=`gnunet-credential --verify --issuer=$SERVICE_KEY --attribute=$USER_ATTR --subject=$ALICE_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf` + #TODO cleanup properly gnunet-namestore -z alice -d -n $TEST_CREDENTIAL -t CRED -e never -c test_credential_lookup.conf gnunet-namestore -z gnu -d -n $GNU_PROJECT_ATTR -t ATTR -c test_credential_lookup.conf @@ -69,7 +70,7 @@ gnunet-arm -e -c test_credential_lookup.conf if [ "$RES_CRED" != "Failed." ] then - echo $RES_CRED + echo -e "${RES_CRED}" exit 0 else echo "FAIL: Failed to verify credential $RES_CRED." -- cgit v1.2.3 From 02066879bd7eb841d01e1359021de3bc3aca11e0 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Wed, 14 Dec 2016 16:20:54 +0100 Subject: -towards type4 --- src/credential/Makefile.am | 1 + src/credential/credential_serialization.c | 129 ++++++- src/credential/credential_serialization.h | 91 +++-- src/credential/gnunet-service-credential.c | 520 ++++++++++++++++----------- src/credential/plugin_gnsrecord_credential.c | 168 +++++++-- src/credential/test_credential_verify.sh | 4 +- src/include/gnunet_credential_service.h | 40 +++ 7 files changed, 685 insertions(+), 268 deletions(-) diff --git a/src/credential/Makefile.am b/src/credential/Makefile.am index 51dbb34d7..5852bd0a0 100644 --- a/src/credential/Makefile.am +++ b/src/credential/Makefile.am @@ -55,6 +55,7 @@ gnunet_credential_LDADD = \ libgnunet_plugin_gnsrecord_credential_la_SOURCES = \ plugin_gnsrecord_credential.c libgnunet_plugin_gnsrecord_credential_la_LIBADD = \ + libgnunetcredential.la \ $(top_builddir)/src/util/libgnunetutil.la \ $(LTLIBINTL) libgnunet_plugin_gnsrecord_credential_la_LDFLAGS = \ diff --git a/src/credential/credential_serialization.c b/src/credential/credential_serialization.c index 2fbcebd9f..99138441e 100644 --- a/src/credential/credential_serialization.c +++ b/src/credential/credential_serialization.c @@ -32,7 +32,21 @@ GNUNET_NETWORK_STRUCT_BEGIN -struct NetworkRecord +struct DelegationRecordData +{ + /** + * Subject key + */ + struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; + + /** + * Subject attributes + */ + uint32_t subject_attribute_len GNUNET_PACKED; +}; + + +struct ChainEntry { /** * Issuer key @@ -57,6 +71,113 @@ struct NetworkRecord GNUNET_NETWORK_STRUCT_END + +/** + * Calculate how many bytes we will need to serialize + * the given delegation chain and credential + * + * @param d_count number of delegation chain entries + * @param dd array of #GNUNET_CREDENTIAL_Delegation + * @param cd a #GNUNET_CREDENTIAL_Credential + * @return the required size to serialize + */ +size_t +GNUNET_CREDENTIAL_delegation_set_get_size (unsigned int ds_count, + const struct GNUNET_CREDENTIAL_DelegationSetRecord *dsr) +{ + unsigned int i; + size_t ret; + + ret = sizeof (struct DelegationRecordData) * (ds_count); + + for (i=0; i= ret); + ret += dsr[i].subject_attribute_len; + } + return ret; +} + +/** + * Serizalize the given delegation chain entries and credential + * + * @param d_count number of delegation chain entries + * @param dd array of #GNUNET_CREDENTIAL_Delegation + * @param cd a #GNUNET_CREDENTIAL_Credential + * @param dest_size size of the destination + * @param dest where to store the result + * @return the size of the data, -1 on failure + */ +ssize_t +GNUNET_CREDENTIAL_delegation_set_serialize (unsigned int d_count, + const struct GNUNET_CREDENTIAL_DelegationSetRecord *dsr, + size_t dest_size, + char *dest) +{ + struct DelegationRecordData rec; + unsigned int i; + size_t off; + + off = 0; + for (i=0;i dest_size) + return -1; + GNUNET_memcpy (&dest[off], + &rec, + sizeof (rec)); + off += sizeof (rec); + if (0 == dsr[i].subject_attribute_len) + continue; + if (off + dsr[i].subject_attribute_len > dest_size) + return -1; + GNUNET_memcpy (&dest[off], + dsr[i].subject_attribute, + dsr[i].subject_attribute_len); + off += dsr[i].subject_attribute_len; + } + return off; +} + + +/** + * Deserialize the given destination + * + * @param len size of the serialized delegation chain and cred + * @param src the serialized data + * @param d_count the number of delegation chain entries + * @param dd where to put the delegation chain entries + * @param cd where to put the credential data + * @return #GNUNET_OK on success, #GNUNET_SYSERR on error + */ +int +GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len, + const char *src, + unsigned int d_count, + struct GNUNET_CREDENTIAL_DelegationSetRecord *dsr) +{ + struct DelegationRecordData rec; + unsigned int i; + size_t off; + + off = 0; + for (i=0;i len) + return GNUNET_SYSERR; + GNUNET_memcpy (&rec, &src[off], sizeof (rec)); + dsr[i].subject_key = rec.subject_key; + off += sizeof (rec); + dsr[i].subject_attribute_len = ntohl ((uint32_t) rec.subject_attribute_len); + if (off + dsr[i].subject_attribute_len > len) + return GNUNET_SYSERR; + dsr[i].subject_attribute = &src[off]; + off += dsr[i].subject_attribute_len; + } + return GNUNET_OK; +} /** * Calculate how many bytes we will need to serialize * the given delegation chain and credential @@ -74,7 +195,7 @@ GNUNET_CREDENTIAL_delegation_chain_get_size (unsigned int d_count, unsigned int i; size_t ret; - ret = sizeof (struct NetworkRecord) * (d_count + 1); + ret = sizeof (struct ChainEntry) * (d_count + 1); for (i=0; ichildren_head; NULL != child; child = dq_entry->children_head) + for (dq_entry = ds_entry->queue_entries_head; + NULL != dq_entry; + dq_entry = ds_entry->queue_entries_head) { - GNUNET_CONTAINER_DLL_remove (dq_entry->children_head, - dq_entry->children_tail, - child); - cleanup_delegation_queue (child); + GNUNET_CONTAINER_DLL_remove (ds_entry->queue_entries_head, + ds_entry->queue_entries_tail, + dq_entry); + for (child = dq_entry->set_entries_head; + NULL != child; + child = dq_entry->set_entries_head) + { + GNUNET_CONTAINER_DLL_remove (dq_entry->set_entries_head, + dq_entry->set_entries_tail, + child); + cleanup_delegation_set (child); + } + GNUNET_free (dq_entry); } - if (NULL != dq_entry->issuer_key) - GNUNET_free (dq_entry->issuer_key); - if (NULL != dq_entry->lookup_attribute) - GNUNET_free (dq_entry->lookup_attribute); - if (NULL != dq_entry->issuer_attribute) - GNUNET_free (dq_entry->issuer_attribute); - if (NULL != dq_entry->unresolved_attribute_delegation) - GNUNET_free (dq_entry->unresolved_attribute_delegation); - if (NULL != dq_entry->attr_trailer) - GNUNET_free (dq_entry->attr_trailer); - if (NULL != dq_entry->lookup_request) + if (NULL != ds_entry->issuer_key) + GNUNET_free (ds_entry->issuer_key); + if (NULL != ds_entry->lookup_attribute) + GNUNET_free (ds_entry->lookup_attribute); + if (NULL != ds_entry->issuer_attribute) + GNUNET_free (ds_entry->issuer_attribute); + if (NULL != ds_entry->unresolved_attribute_delegation) + GNUNET_free (ds_entry->unresolved_attribute_delegation); + if (NULL != ds_entry->attr_trailer) + GNUNET_free (ds_entry->attr_trailer); + if (NULL != ds_entry->lookup_request) { - GNUNET_GNS_lookup_cancel (dq_entry->lookup_request); - dq_entry->lookup_request = NULL; + GNUNET_GNS_lookup_cancel (ds_entry->lookup_request); + ds_entry->lookup_request = NULL; } - if (NULL != dq_entry->delegation_chain_entry) + if (NULL != ds_entry->delegation_chain_entry) { - if (NULL != dq_entry->delegation_chain_entry->subject_attribute) - GNUNET_free (dq_entry->delegation_chain_entry->subject_attribute); - if (NULL != dq_entry->delegation_chain_entry->issuer_attribute) - GNUNET_free (dq_entry->delegation_chain_entry->issuer_attribute); - GNUNET_free (dq_entry->delegation_chain_entry); + if (NULL != ds_entry->delegation_chain_entry->subject_attribute) + GNUNET_free (ds_entry->delegation_chain_entry->subject_attribute); + if (NULL != ds_entry->delegation_chain_entry->issuer_attribute) + GNUNET_free (ds_entry->delegation_chain_entry->issuer_attribute); + GNUNET_free (ds_entry->delegation_chain_entry); } - GNUNET_free (dq_entry); + GNUNET_free (ds_entry); } static void @@ -343,7 +411,7 @@ cleanup_handle (struct VerifyRequestHandle *vrh) } if (NULL != vrh->credential) GNUNET_free (vrh->credential); - cleanup_delegation_queue (vrh->chain_start); + cleanup_delegation_set (vrh->root_set); if (NULL != vrh->issuer_attribute) GNUNET_free (vrh->issuer_attribute); for (cr_entry = vrh->cred_chain_head; @@ -444,57 +512,63 @@ send_lookup_response (struct VerifyRequestHandle *vrh) { struct GNUNET_MQ_Envelope *env; struct VerifyResultMessage *rmsg; - struct DelegationQueueEntry *dq_entry; + struct DelegationChainEntry *dce; size_t size = vrh->credential_size; - struct GNUNET_CREDENTIAL_Delegation dd[vrh->d_count]; + struct GNUNET_CREDENTIAL_Delegation dd[vrh->delegation_chain_size]; struct GNUNET_CREDENTIAL_Credential cred; + int i; GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Sending response\n"); - dq_entry = vrh->chain_end; - for (int i=0; id_count; i++) + i = 0; + for (dce = vrh->delegation_chain_head; + NULL != dce; + dce = dce->next) { - dd[i].issuer_key = dq_entry->delegation_chain_entry->issuer_key; - dd[i].subject_key = dq_entry->delegation_chain_entry->subject_key; - dd[i].issuer_attribute = dq_entry->delegation_chain_entry->issuer_attribute; - dd[i].issuer_attribute_len = strlen (dq_entry->delegation_chain_entry->issuer_attribute)+1; + dd[i].issuer_key = dce->issuer_key; + dd[i].subject_key = dce->subject_key; + dd[i].issuer_attribute = dce->issuer_attribute; + dd[i].issuer_attribute_len = strlen (dce->issuer_attribute)+1; dd[i].subject_attribute_len = 0; - if (NULL != dq_entry->delegation_chain_entry->subject_attribute) + if (NULL != dce->subject_attribute) { - dd[i].subject_attribute = dq_entry->delegation_chain_entry->subject_attribute; - dd[i].subject_attribute_len = strlen(dq_entry->delegation_chain_entry->subject_attribute)+1; + dd[i].subject_attribute = dce->subject_attribute; + dd[i].subject_attribute_len = strlen(dce->subject_attribute)+1; } - dq_entry = dq_entry->parent; + i++; } - /** + /** * Get serialized record data * Append at the end of rmsg */ cred.issuer_key = vrh->credential->issuer_key; cred.subject_key = vrh->credential->subject_key; - cred.issuer_attribute_len = strlen((char*)&vrh->credential[1]); + cred.issuer_attribute_len = strlen((char*)&vrh->credential[1])+1; cred.issuer_attribute = (char*)&vrh->credential[1]; - size = GNUNET_CREDENTIAL_delegation_chain_get_size (vrh->d_count, + size = GNUNET_CREDENTIAL_delegation_chain_get_size (vrh->delegation_chain_size, dd, &cred); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "SIZE; %llu count: %d\n",size,vrh->delegation_chain_size); env = GNUNET_MQ_msg_extra (rmsg, size, GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT); //Assign id so that client can find associated request rmsg->id = vrh->request_id; - rmsg->d_count = htonl (vrh->d_count); + rmsg->d_count = htonl (vrh->delegation_chain_size); if (NULL != vrh->credential) rmsg->cred_found = htonl (GNUNET_YES); else rmsg->cred_found = htonl (GNUNET_NO); - GNUNET_assert (-1 != GNUNET_CREDENTIAL_delegation_chain_serialize (vrh->d_count, - dd, - &cred, - size, - (char*)&rmsg[1])); + GNUNET_assert (-1 != + GNUNET_CREDENTIAL_delegation_chain_serialize (vrh->delegation_chain_size, + dd, + &cred, + size, + (char*)&rmsg[1])); GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(vrh->client), env); @@ -515,146 +589,194 @@ backward_resolution (void* cls, struct VerifyRequestHandle *vrh; struct GNUNET_CREDENTIAL_CredentialRecordData *cred; - const struct GNUNET_CREDENTIAL_AttributeRecordData *attr; + const struct GNUNET_CREDENTIAL_DelegationRecordData *sets; struct CredentialRecordEntry *cred_pointer; - struct DelegationQueueEntry *current_delegation; + struct DelegationSetEntry *current_set; + struct DelegationSetEntry *ds_entry; + struct DelegationSetEntry *tmp_set; struct DelegationQueueEntry *dq_entry; char *expanded_attr; char *lookup_attribute; int i; + int j; - current_delegation = cls; - current_delegation->lookup_request = NULL; - vrh = current_delegation->handle; + current_set = cls; + current_set->lookup_request = NULL; + vrh = current_set->handle; vrh->pending_lookups--; GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Got %d attrs\n", rd_count); + // Each OR for (i=0; i < rd_count; i++) { if (GNUNET_GNSRECORD_TYPE_ATTRIBUTE != rd[i].record_type) continue; + sets = rd[i].data; + struct GNUNET_CREDENTIAL_DelegationSetRecord set[ntohl(sets->set_count)]; GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Found new attribute delegation. Creating new Job...\n"); - attr = rd[i].data; + "Found new attribute delegation with %d sets. Creating new Job...\n", + ntohl (sets->set_count)); + + if (GNUNET_OK !=GNUNET_CREDENTIAL_delegation_set_deserialize (GNUNET_ntohll(sets->data_size), + (const char*)&sets[1], + ntohl(sets->set_count), + set)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to deserialize!\n"); + continue; + } dq_entry = GNUNET_new (struct DelegationQueueEntry); - if (NULL != current_delegation->attr_trailer) + dq_entry->required_solutions = ntohl(sets->set_count); + dq_entry->parent_set = current_set; + GNUNET_CONTAINER_DLL_insert (current_set->queue_entries_head, + current_set->queue_entries_tail, + dq_entry); + // Each AND + for (j=0; jset_count); j++) { - if (rd[i].data_size == sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData)) + ds_entry = GNUNET_new (struct DelegationSetEntry); + if (NULL != current_set->attr_trailer) { - GNUNET_asprintf (&expanded_attr, - "%s", - current_delegation->attr_trailer); - + if (0 == set[j].subject_attribute_len) + { + GNUNET_asprintf (&expanded_attr, + "%s", + current_set->attr_trailer); + + } else { + GNUNET_asprintf (&expanded_attr, + "%s.%s", + set[j].subject_attribute, + current_set->attr_trailer); + } + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Expanded to %s\n", expanded_attr); + ds_entry->unresolved_attribute_delegation = expanded_attr; } else { - GNUNET_asprintf (&expanded_attr, - "%s.%s", - (char*)&attr[1], - current_delegation->attr_trailer); + if (0 != set[j].subject_attribute_len) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Not Expanding %s\n", set[j].subject_attribute); + ds_entry->unresolved_attribute_delegation = GNUNET_strdup (set[j].subject_attribute); + } } + + //Add a credential chain entry + ds_entry->delegation_chain_entry = GNUNET_new (struct DelegationChainEntry); + ds_entry->delegation_chain_entry->subject_key = set[j].subject_key; + ds_entry->issuer_key = GNUNET_new (struct GNUNET_CRYPTO_EcdsaPublicKey); + GNUNET_memcpy (ds_entry->issuer_key, + &set[j].subject_key, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + if (0 < set[j].subject_attribute_len) + ds_entry->delegation_chain_entry->subject_attribute = GNUNET_strdup (set[j].subject_attribute); + ds_entry->delegation_chain_entry->issuer_key = *current_set->issuer_key; + ds_entry->delegation_chain_entry->issuer_attribute = GNUNET_strdup (current_set->lookup_attribute); + + ds_entry->parent_queue_entry = dq_entry; //current_delegation; + GNUNET_CONTAINER_DLL_insert (dq_entry->set_entries_head, + dq_entry->set_entries_tail, + ds_entry); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Expanded to %s\n", expanded_attr); - dq_entry->unresolved_attribute_delegation = expanded_attr; - } else { - if (rd[i].data_size > sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData)) + "Checking for cred match\n"); + /** + * Check if this delegation already matches one of our credentials + */ + for(cred_pointer = vrh->cred_chain_head; cred_pointer != NULL; + cred_pointer = cred_pointer->next) { + cred = cred_pointer->data; + if(0 != memcmp (&set->subject_key, + &cred_pointer->data->issuer_key, + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))) + continue; GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Not Expanding %s\n", (char*)&attr[1]); - dq_entry->unresolved_attribute_delegation = GNUNET_strdup ((char*)&attr[1]); - } - } + "Checking if %s matches %s\n", + ds_entry->unresolved_attribute_delegation, (char*)&cred[1]); - //Add a credential chain entry - dq_entry->delegation_chain_entry = GNUNET_new (struct GNUNET_CREDENTIAL_DelegationChainEntry); - dq_entry->delegation_chain_entry->subject_key = attr->subject_key; - dq_entry->issuer_key = GNUNET_new (struct GNUNET_CRYPTO_EcdsaPublicKey); - GNUNET_memcpy (dq_entry->issuer_key, - &attr->subject_key, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - if (rd[i].data_size > sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData)) - dq_entry->delegation_chain_entry->subject_attribute = GNUNET_strdup ((char*)&attr[1]); - dq_entry->delegation_chain_entry->issuer_key = *current_delegation->issuer_key; - dq_entry->delegation_chain_entry->issuer_attribute = GNUNET_strdup (current_delegation->lookup_attribute); - - dq_entry->parent = current_delegation; - dq_entry->d_count = current_delegation->d_count + 1; - GNUNET_CONTAINER_DLL_insert (current_delegation->children_head, - current_delegation->children_tail, - dq_entry); - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Checking for cred match\n"); - /** - * Check if this delegation already matches one of our credentials - */ - for(cred_pointer = vrh->cred_chain_head; cred_pointer != NULL; - cred_pointer = cred_pointer->next) - { - cred = cred_pointer->data; - if(0 != memcmp (&attr->subject_key, - &cred_pointer->data->issuer_key, - sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))) - continue; - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Checking if %s matches %s\n", - dq_entry->unresolved_attribute_delegation, (char*)&cred[1]); + if (0 != strcmp (ds_entry->unresolved_attribute_delegation, (char*)&cred[1])) + continue; - if (0 != strcmp (dq_entry->unresolved_attribute_delegation, (char*)&cred[1])) - continue; + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Found issuer\n"); + + //Backtrack + for (tmp_set = ds_entry; + NULL != tmp_set->parent_queue_entry; + tmp_set = tmp_set->parent_queue_entry->parent_set) + { + tmp_set->parent_queue_entry->required_solutions--; + if (NULL != tmp_set->delegation_chain_entry) + { + vrh->delegation_chain_size++; + GNUNET_CONTAINER_DLL_insert (vrh->delegation_chain_head, + vrh->delegation_chain_tail, + tmp_set->delegation_chain_entry); + } + if (0 < tmp_set->parent_queue_entry->required_solutions) + break; + } + + if (NULL == tmp_set->parent_queue_entry) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "All solutions found\n"); + vrh->credential = GNUNET_malloc (cred_pointer->data_size); + memcpy (vrh->credential, + cred, + cred_pointer->data_size); + vrh->credential_size = cred_pointer->data_size; + //Found match + send_lookup_response (vrh); + return; + } + } GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Found issuer\n"); - vrh->credential = GNUNET_malloc (cred_pointer->data_size); - memcpy (vrh->credential, - cred, - cred_pointer->data_size); - vrh->credential_size = cred_pointer->data_size; - vrh->chain_end = dq_entry; - vrh->d_count = dq_entry->d_count; - //Found match - send_lookup_response (vrh); - return; - - } - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Building new lookup request\n"); - //Continue with backward resolution - char issuer_attribute_name[strlen (dq_entry->unresolved_attribute_delegation)+1]; - strcpy (issuer_attribute_name, - dq_entry->unresolved_attribute_delegation); - char *next_attr = strtok (issuer_attribute_name, "."); - GNUNET_asprintf (&lookup_attribute, - "%s.gnu", - next_attr); - GNUNET_asprintf (&dq_entry->lookup_attribute, - "%s", - next_attr); - if (strlen (next_attr) == strlen (dq_entry->unresolved_attribute_delegation)) - { - dq_entry->attr_trailer = NULL; - } else { - next_attr += strlen (next_attr) + 1; - dq_entry->attr_trailer = GNUNET_strdup (next_attr); - } + "Building new lookup request from %s\n", + ds_entry->unresolved_attribute_delegation); + //Continue with backward resolution + char issuer_attribute_name[strlen (ds_entry->unresolved_attribute_delegation)+1]; + strcpy (issuer_attribute_name, + ds_entry->unresolved_attribute_delegation); + char *next_attr = strtok (issuer_attribute_name, "."); + GNUNET_asprintf (&lookup_attribute, + "%s.gnu", + next_attr); + GNUNET_asprintf (&ds_entry->lookup_attribute, + "%s", + next_attr); + if (strlen (next_attr) == strlen (ds_entry->unresolved_attribute_delegation)) + { + ds_entry->attr_trailer = NULL; + } else { + next_attr += strlen (next_attr) + 1; + ds_entry->attr_trailer = GNUNET_strdup (next_attr); + } - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Looking up %s\n", dq_entry->lookup_attribute); - if (NULL != dq_entry->attr_trailer) GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "%s still to go...\n", dq_entry->attr_trailer); - - vrh->pending_lookups++; - dq_entry->handle = vrh; - dq_entry->lookup_request = GNUNET_GNS_lookup (gns, - lookup_attribute, - dq_entry->issuer_key, //issuer_key, - GNUNET_GNSRECORD_TYPE_ATTRIBUTE, - GNUNET_GNS_LO_DEFAULT, - NULL, //shorten_key, always NULL - &backward_resolution, - dq_entry); - GNUNET_free (lookup_attribute); + "Looking up %s\n", ds_entry->lookup_attribute); + if (NULL != ds_entry->attr_trailer) + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "%s still to go...\n", ds_entry->attr_trailer); + + vrh->pending_lookups++; + ds_entry->handle = vrh; + ds_entry->lookup_request = GNUNET_GNS_lookup (gns, + lookup_attribute, + ds_entry->issuer_key, //issuer_key, + GNUNET_GNSRECORD_TYPE_ATTRIBUTE, + GNUNET_GNS_LO_DEFAULT, + NULL, //shorten_key, always NULL + &backward_resolution, + ds_entry); + GNUNET_free (lookup_attribute); + } } if(0 == vrh->pending_lookups) @@ -681,7 +803,7 @@ handle_credential_query (void* cls, const struct GNUNET_GNSRECORD_Data *rd) { struct VerifyRequestHandle *vrh = cls; - struct DelegationQueueEntry *dq_entry; + struct DelegationSetEntry *ds_entry; const struct GNUNET_CREDENTIAL_CredentialRecordData *crd; struct CredentialRecordEntry *cr_entry; int cred_record_count; @@ -725,7 +847,6 @@ handle_credential_query (void* cls, rd[i].data, rd[i].data_size); vrh->credential_size = rd[i].data_size; - vrh->chain_end = NULL; //Found match prematurely send_lookup_response (vrh); return; @@ -743,26 +864,25 @@ handle_credential_query (void* cls, ".gnu"); GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Looking up %s\n", issuer_attribute_name); - dq_entry = GNUNET_new (struct DelegationQueueEntry); - dq_entry->issuer_key = GNUNET_new (struct GNUNET_CRYPTO_EcdsaPublicKey); - memcpy (dq_entry->issuer_key, + ds_entry = GNUNET_new (struct DelegationSetEntry); + ds_entry->issuer_key = GNUNET_new (struct GNUNET_CRYPTO_EcdsaPublicKey); + memcpy (ds_entry->issuer_key, &vrh->issuer_key, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - dq_entry->issuer_attribute = GNUNET_strdup (vrh->issuer_attribute); - dq_entry->handle = vrh; - dq_entry->lookup_attribute = GNUNET_strdup (vrh->issuer_attribute); - dq_entry->d_count = 0; - vrh->chain_start = dq_entry; + ds_entry->issuer_attribute = GNUNET_strdup (vrh->issuer_attribute); + ds_entry->handle = vrh; + ds_entry->lookup_attribute = GNUNET_strdup (vrh->issuer_attribute); + vrh->root_set = ds_entry; vrh->pending_lookups = 1; //Start with backward resolution - dq_entry->lookup_request = GNUNET_GNS_lookup (gns, + ds_entry->lookup_request = GNUNET_GNS_lookup (gns, issuer_attribute_name, &vrh->issuer_key, //issuer_key, GNUNET_GNSRECORD_TYPE_ATTRIBUTE, GNUNET_GNS_LO_DEFAULT, NULL, //shorten_key, always NULL &backward_resolution, - dq_entry); + ds_entry); } @@ -819,7 +939,7 @@ handle_verify (void *cls, send_lookup_response (vrh); return; } - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Looking up %s\n", subject_attribute); /** diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index 281113a34..d21185981 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c @@ -30,6 +30,7 @@ #include "gnunet_credential_service.h" #include "gnunet_gnsrecord_plugin.h" #include "gnunet_signatures.h" +#include "credential_serialization.h" /** @@ -54,27 +55,69 @@ credential_value_to_string (void *cls, { case GNUNET_GNSRECORD_TYPE_ATTRIBUTE: { - struct GNUNET_CREDENTIAL_AttributeRecordData attr; + struct GNUNET_CREDENTIAL_DelegationRecordData sets; char *attr_str; char *subject_pkey; - - if (data_size < sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData)) + char *tmp_str; + int i; + if (data_size < sizeof (struct GNUNET_CREDENTIAL_DelegationRecordData)) return NULL; /* malformed */ - memcpy (&attr, + memcpy (&sets, data, - sizeof (attr)); + sizeof (sets)); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "SIZE %llu needed: %llu + %llu\n", + data_size, + GNUNET_ntohll (sets.data_size), + sizeof (sets)); + cdata = data; - subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&attr.subject_key); - if (data_size == sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData)) + struct GNUNET_CREDENTIAL_DelegationSetRecord set[ntohl(sets.set_count)]; + if (GNUNET_OK != GNUNET_CREDENTIAL_delegation_set_deserialize (GNUNET_ntohll (sets.data_size), + &cdata[sizeof (sets)], + ntohl (sets.set_count), + set)) + return NULL; + + for (i=0;isubject_key); - if (NULL != attr_str) - GNUNET_memcpy (&attr[1], - attr_str, - strlen (attr_str)); - - + tmp_data_size = GNUNET_CREDENTIAL_delegation_set_get_size (entries, + set); + if (-1 == tmp_data_size) + return GNUNET_SYSERR; + *data_size += tmp_data_size; + *data = sets = GNUNET_malloc (*data_size); + GNUNET_CREDENTIAL_delegation_set_serialize (entries, + set, + tmp_data_size, + (char*)&sets[1]); + sets->set_count = htonl (entries); + sets->data_size = GNUNET_htonll (tmp_data_size); + + GNUNET_free (tmp_str); return GNUNET_OK; } case GNUNET_GNSRECORD_TYPE_CREDENTIAL: diff --git a/src/credential/test_credential_verify.sh b/src/credential/test_credential_verify.sh index 6d69e337b..52a4fd2fc 100755 --- a/src/credential/test_credential_verify.sh +++ b/src/credential/test_credential_verify.sh @@ -23,7 +23,7 @@ rm -rf `gnunet-config -c test_credential_lookup.conf -s PATHS -o GNUNET_HOME -f` which timeout &> /dev/null && DO_TIMEOUT="timeout 30" -gnunet-arm -s -c test_credential_lookup.conf +#gnunet-arm -s -c test_credential_lookup.conf gnunet-identity -C service -c test_credential_lookup.conf gnunet-identity -C alice -c test_credential_lookup.conf gnunet-identity -C gnu -c test_credential_lookup.conf @@ -44,6 +44,8 @@ TEST_CREDENTIAL="mygnunetcreds" # (1) A service assigns the attribute "user" to all entities that have been assigned "member" by entities that werde assigned "project" from GNU gnunet-namestore -p -z service -a -n $USER_ATTR -t ATTR -V "$GNU_KEY $GNU_PROJECT_ATTR.$MEMBER_ATTR" -e 5m -c test_credential_lookup.conf +valgrind gnunet-namestore -D -z service -c test_credential_lookup.conf + # (2) GNU recognized GNUnet as a GNU project and delegates the "project" attribute gnunet-namestore -p -z gnu -a -n $GNU_PROJECT_ATTR -t ATTR -V "$GNUNET_KEY" -e 5m -c test_credential_lookup.conf diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h index ba72b752b..b28d90140 100644 --- a/src/include/gnunet_credential_service.h +++ b/src/include/gnunet_credential_service.h @@ -125,6 +125,46 @@ struct GNUNET_CREDENTIAL_AttributeRecordData { */ }; +/** + * The attribute delegation record +*/ +struct GNUNET_CREDENTIAL_DelegationRecordData { + + uint32_t set_count; + + uint64_t data_size; + + char *data; + + /** + * Followed by the attribute that was delegated to as string + * May be empty + */ +}; + + + +/** + * The attribute delegation record +*/ +struct GNUNET_CREDENTIAL_DelegationSetRecord { + + /** + * Public key of the subject this attribute was delegated to + */ + struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; + + uint32_t subject_attribute_len; + + const char *subject_attribute; + + /** + * Followed by the attribute that was delegated to as string + * May be empty + */ +}; + + /** * A delegation */ -- cgit v1.2.3 From 745f0dc8f07ef5275f829b13524d6afcc251e58a Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Wed, 14 Dec 2016 17:35:49 +0100 Subject: -fixes, prettify --- src/credential/credential.h | 7 ++- src/credential/credential_api.c | 10 +++- src/credential/credential_serialization.c | 75 +++++++++++++++---------- src/credential/credential_serialization.h | 6 ++ src/credential/gnunet-credential.c | 29 ++++++---- src/credential/gnunet-service-credential.c | 82 +++++++++++++++++----------- src/credential/plugin_gnsrecord_credential.c | 15 +---- src/credential/plugin_rest_credential.c | 26 ++++++--- src/credential/test_credential_verify.sh | 4 +- src/include/gnunet_credential_service.h | 24 ++------ 10 files changed, 160 insertions(+), 118 deletions(-) diff --git a/src/credential/credential.h b/src/credential/credential.h index 209fcdcaa..3ba8e9c9e 100644 --- a/src/credential/credential.h +++ b/src/credential/credential.h @@ -90,10 +90,15 @@ struct VerifyResultMessage uint32_t cred_found GNUNET_PACKED; /** - * The number of credentials in the response + * The number of delegations in the response */ uint32_t d_count GNUNET_PACKED; + /** + * The number of credentials in the response + */ + uint32_t c_count GNUNET_PACKED; + /* followed by ad_count GNUNET_CREDENTIAL_RecordData structs*/ }; diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index cae670206..860504e61 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c @@ -216,8 +216,9 @@ handle_result (void *cls, struct GNUNET_CREDENTIAL_Request *vr; size_t mlen = ntohs (vr_msg->header.size) - sizeof (*vr_msg); uint32_t d_count = ntohl (vr_msg->d_count); + uint32_t c_count = ntohl (vr_msg->c_count); struct GNUNET_CREDENTIAL_Delegation d_chain[d_count]; - struct GNUNET_CREDENTIAL_Credential cred; + struct GNUNET_CREDENTIAL_Credential creds[c_count]; GNUNET_CREDENTIAL_VerifyResultProcessor proc; void *proc_cls; @@ -239,18 +240,21 @@ handle_result (void *cls, (const char*) &vr_msg[1], d_count, d_chain, - &cred)); + c_count, + creds)); if (GNUNET_NO == ntohl (vr_msg->cred_found)) { proc (proc_cls, 0, NULL, + 0, NULL); // TODO } else { proc (proc_cls, d_count, d_chain, - &cred); + c_count, + creds); } } diff --git a/src/credential/credential_serialization.c b/src/credential/credential_serialization.c index 99138441e..b08920d96 100644 --- a/src/credential/credential_serialization.c +++ b/src/credential/credential_serialization.c @@ -184,18 +184,21 @@ GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len, * * @param d_count number of delegation chain entries * @param dd array of #GNUNET_CREDENTIAL_Delegation + * @param c_count number of credential entries * @param cd a #GNUNET_CREDENTIAL_Credential * @return the required size to serialize */ size_t GNUNET_CREDENTIAL_delegation_chain_get_size (unsigned int d_count, const struct GNUNET_CREDENTIAL_Delegation *dd, + unsigned int c_count, const struct GNUNET_CREDENTIAL_Credential *cd) { unsigned int i; size_t ret; - ret = sizeof (struct ChainEntry) * (d_count + 1); + ret = sizeof (struct ChainEntry) * (d_count); + ret += sizeof (struct ChainEntry) * (c_count); for (i=0; i= ret); ret += dd[i].issuer_attribute_len + dd[i].subject_attribute_len; } - GNUNET_assert ((ret + cd->issuer_attribute_len) >= ret); - ret += cd->issuer_attribute_len; + for (i=0; i= ret); + ret += cd[i].issuer_attribute_len; + } return ret; } @@ -214,6 +220,7 @@ GNUNET_CREDENTIAL_delegation_chain_get_size (unsigned int d_count, * * @param d_count number of delegation chain entries * @param dd array of #GNUNET_CREDENTIAL_Delegation + * @param c_count number of credential entries * @param cd a #GNUNET_CREDENTIAL_Credential * @param dest_size size of the destination * @param dest where to store the result @@ -222,6 +229,7 @@ GNUNET_CREDENTIAL_delegation_chain_get_size (unsigned int d_count, ssize_t GNUNET_CREDENTIAL_delegation_chain_serialize (unsigned int d_count, const struct GNUNET_CREDENTIAL_Delegation *dd, + unsigned int c_count, const struct GNUNET_CREDENTIAL_Credential *cd, size_t dest_size, char *dest) @@ -258,21 +266,25 @@ GNUNET_CREDENTIAL_delegation_chain_serialize (unsigned int d_count, dd[i].subject_attribute_len); off += dd[i].subject_attribute_len; } - rec.issuer_attribute_len = htonl ((uint32_t) cd->issuer_attribute_len); - rec.subject_attribute_len = htonl (0); - rec.issuer_key = cd->issuer_key; - if (off + sizeof (rec) > dest_size) - return -1; - GNUNET_memcpy (&dest[off], - &rec, - sizeof (rec)); - off += sizeof (rec); - if (off + cd->issuer_attribute_len > dest_size) - return -1; - GNUNET_memcpy (&dest[off], - cd->issuer_attribute, - cd->issuer_attribute_len); - off += cd->issuer_attribute_len; + for (i=0;i dest_size) + return -1; + GNUNET_memcpy (&dest[off], + &rec, + sizeof (rec)); + off += sizeof (rec); + if (off + cd[i].issuer_attribute_len > dest_size) + return -1; + GNUNET_memcpy (&dest[off], + cd[i].issuer_attribute, + cd[i].issuer_attribute_len); + off += cd[i].issuer_attribute_len; + } return off; } @@ -285,6 +297,7 @@ GNUNET_CREDENTIAL_delegation_chain_serialize (unsigned int d_count, * @param src the serialized data * @param d_count the number of delegation chain entries * @param dd where to put the delegation chain entries + * @param c_count the number of credential entries * @param cd where to put the credential data * @return #GNUNET_OK on success, #GNUNET_SYSERR on error */ @@ -293,6 +306,7 @@ GNUNET_CREDENTIAL_delegation_chain_deserialize (size_t len, const char *src, unsigned int d_count, struct GNUNET_CREDENTIAL_Delegation *dd, + unsigned int c_count, struct GNUNET_CREDENTIAL_Credential *cd) { struct ChainEntry rec; @@ -319,17 +333,20 @@ GNUNET_CREDENTIAL_delegation_chain_deserialize (size_t len, dd[i].subject_attribute = &src[off]; off += dd[i].subject_attribute_len; } - if (off + sizeof (rec) > len) - return GNUNET_SYSERR; - GNUNET_memcpy (&rec, &src[off], sizeof (rec)); - cd->issuer_attribute_len = ntohl ((uint32_t) rec.issuer_attribute_len); - cd->issuer_key = rec.issuer_key; - cd->subject_key = rec.subject_key; - off += sizeof (rec); - if (off + cd->issuer_attribute_len > len) - return GNUNET_SYSERR; - cd->issuer_attribute = &src[off]; - off += cd->issuer_attribute_len; + for (i=0;i len) + return GNUNET_SYSERR; + GNUNET_memcpy (&rec, &src[off], sizeof (rec)); + cd[i].issuer_attribute_len = ntohl ((uint32_t) rec.issuer_attribute_len); + cd[i].issuer_key = rec.issuer_key; + cd[i].subject_key = rec.subject_key; + off += sizeof (rec); + if (off + cd[i].issuer_attribute_len > len) + return GNUNET_SYSERR; + cd[i].issuer_attribute = &src[off]; + off += cd[i].issuer_attribute_len; + } return GNUNET_OK; } diff --git a/src/credential/credential_serialization.h b/src/credential/credential_serialization.h index 7f6d0dda9..39ac0103b 100644 --- a/src/credential/credential_serialization.h +++ b/src/credential/credential_serialization.h @@ -79,12 +79,14 @@ GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len, * * @param d_count number of delegation chain entries * @param dd array of #GNUNET_CREDENTIAL_Delegation + * @param c_count number of credential entries * @param cd a #GNUNET_CREDENTIAL_Credential * @return the required size to serialize */ size_t GNUNET_CREDENTIAL_delegation_chain_get_size (unsigned int d_count, const struct GNUNET_CREDENTIAL_Delegation *dd, + unsigned int c_count, const struct GNUNET_CREDENTIAL_Credential *cd); /** @@ -92,6 +94,7 @@ GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len, * * @param d_count number of delegation chain entries * @param dd array of #GNUNET_CREDENTIAL_Delegation + * @param c_count number of credential entries * @param cd a #GNUNET_CREDENTIAL_Credential * @param dest_size size of the destination * @param dest where to store the result @@ -100,6 +103,7 @@ GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len, ssize_t GNUNET_CREDENTIAL_delegation_chain_serialize (unsigned int d_count, const struct GNUNET_CREDENTIAL_Delegation *dd, + unsigned int c_count, const struct GNUNET_CREDENTIAL_Credential *cd, size_t dest_size, char *dest); @@ -112,6 +116,7 @@ GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len, * @param src the serialized data * @param d_count the number of delegation chain entries * @param dd where to put the delegation chain entries + * @param c_count number of credential entries * @param cd where to put the credential data * @return #GNUNET_OK on success, #GNUNET_SYSERR on error */ @@ -120,5 +125,6 @@ GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len, const char *src, unsigned int d_count, struct GNUNET_CREDENTIAL_Delegation *dd, + unsigned int c_count, struct GNUNET_CREDENTIAL_Credential *cd); /* end of credential_serialization.h */ diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index 41b17ef66..a743458d5 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c @@ -159,6 +159,7 @@ static void handle_verify_result (void *cls, unsigned int d_count, struct GNUNET_CREDENTIAL_Delegation *dc, + unsigned int c_count, struct GNUNET_CREDENTIAL_Credential *cred) { int i; @@ -170,30 +171,36 @@ handle_verify_result (void *cls, printf ("Failed.\n"); else { - iss_key = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->issuer_key); - sub_key = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->subject_key); - printf ("(0) %s.%s <- %s (Subject)\n", - iss_key, cred->issuer_attribute, - sub_key); - GNUNET_free (iss_key); - GNUNET_free (sub_key); + printf("Delegation Chain:\n"); for (i=0;ilookup_request) { @@ -439,7 +444,7 @@ shutdown_task (void *cls) { struct VerifyRequestHandle *vrh; - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Shutting down!\n"); while (NULL != (vrh = vrh_head)) @@ -515,10 +520,12 @@ send_lookup_response (struct VerifyRequestHandle *vrh) struct DelegationChainEntry *dce; size_t size = vrh->credential_size; struct GNUNET_CREDENTIAL_Delegation dd[vrh->delegation_chain_size]; - struct GNUNET_CREDENTIAL_Credential cred; + struct GNUNET_CREDENTIAL_Credential cred[vrh->cred_chain_size]; + struct GNUNET_CREDENTIAL_CredentialRecordData *crd; + struct CredentialRecordEntry *cd; int i; - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Sending response\n"); i = 0; for (dce = vrh->delegation_chain_head; @@ -542,21 +549,29 @@ send_lookup_response (struct VerifyRequestHandle *vrh) * Get serialized record data * Append at the end of rmsg */ - cred.issuer_key = vrh->credential->issuer_key; - cred.subject_key = vrh->credential->subject_key; - cred.issuer_attribute_len = strlen((char*)&vrh->credential[1])+1; - cred.issuer_attribute = (char*)&vrh->credential[1]; + i = 0; + for (cd = vrh->cred_chain_head; + NULL != cd; + cd = cd->next) + { + crd = cd->data; + cred[i].issuer_key = crd->issuer_key; + cred[i].subject_key = crd->subject_key; + cred[i].issuer_attribute_len = strlen((char*)&crd[1])+1; + cred[i].issuer_attribute = (char*)&crd[1]; + i++; + } size = GNUNET_CREDENTIAL_delegation_chain_get_size (vrh->delegation_chain_size, dd, - &cred); - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "SIZE; %llu count: %d\n",size,vrh->delegation_chain_size); + vrh->cred_chain_size, + cred); env = GNUNET_MQ_msg_extra (rmsg, size, GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT); //Assign id so that client can find associated request rmsg->id = vrh->request_id; rmsg->d_count = htonl (vrh->delegation_chain_size); + rmsg->c_count = htonl (vrh->cred_chain_size); if (NULL != vrh->credential) rmsg->cred_found = htonl (GNUNET_YES); @@ -566,7 +581,8 @@ send_lookup_response (struct VerifyRequestHandle *vrh) GNUNET_assert (-1 != GNUNET_CREDENTIAL_delegation_chain_serialize (vrh->delegation_chain_size, dd, - &cred, + vrh->cred_chain_size, + cred, size, (char*)&rmsg[1])); @@ -605,7 +621,7 @@ backward_resolution (void* cls, current_set->lookup_request = NULL; vrh = current_set->handle; vrh->pending_lookups--; - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Got %d attrs\n", rd_count); // Each OR @@ -616,7 +632,7 @@ backward_resolution (void* cls, sets = rd[i].data; struct GNUNET_CREDENTIAL_DelegationSetRecord set[ntohl(sets->set_count)]; - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found new attribute delegation with %d sets. Creating new Job...\n", ntohl (sets->set_count)); @@ -653,13 +669,13 @@ backward_resolution (void* cls, set[j].subject_attribute, current_set->attr_trailer); } - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Expanded to %s\n", expanded_attr); ds_entry->unresolved_attribute_delegation = expanded_attr; } else { if (0 != set[j].subject_attribute_len) { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Not Expanding %s\n", set[j].subject_attribute); ds_entry->unresolved_attribute_delegation = GNUNET_strdup (set[j].subject_attribute); } @@ -682,7 +698,7 @@ backward_resolution (void* cls, dq_entry->set_entries_tail, ds_entry); - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Checking for cred match\n"); /** * Check if this delegation already matches one of our credentials @@ -695,14 +711,14 @@ backward_resolution (void* cls, &cred_pointer->data->issuer_key, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))) continue; - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Checking if %s matches %s\n", ds_entry->unresolved_attribute_delegation, (char*)&cred[1]); if (0 != strcmp (ds_entry->unresolved_attribute_delegation, (char*)&cred[1])) continue; - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found issuer\n"); //Backtrack @@ -724,7 +740,7 @@ backward_resolution (void* cls, if (NULL == tmp_set->parent_queue_entry) { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "All solutions found\n"); vrh->credential = GNUNET_malloc (cred_pointer->data_size); memcpy (vrh->credential, @@ -735,9 +751,12 @@ backward_resolution (void* cls, send_lookup_response (vrh); return; } + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Not all solutions found yet.\n"); + continue; } - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Building new lookup request from %s\n", ds_entry->unresolved_attribute_delegation); //Continue with backward resolution @@ -759,10 +778,10 @@ backward_resolution (void* cls, ds_entry->attr_trailer = GNUNET_strdup (next_attr); } - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Looking up %s\n", ds_entry->lookup_attribute); if (NULL != ds_entry->attr_trailer) - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "%s still to go...\n", ds_entry->attr_trailer); vrh->pending_lookups++; @@ -781,7 +800,7 @@ backward_resolution (void* cls, if(0 == vrh->pending_lookups) { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "We are all out of attributes...\n"); send_lookup_response (vrh); return; @@ -835,6 +854,7 @@ handle_credential_query (void* cls, GNUNET_CONTAINER_DLL_insert_tail (vrh->cred_chain_head, vrh->cred_chain_tail, cr_entry); + vrh->cred_chain_size++; if (0 != memcmp (&crd->issuer_key, &vrh->issuer_key, @@ -862,7 +882,7 @@ handle_credential_query (void* cls, vrh->issuer_attribute); strcpy (issuer_attribute_name + strlen (vrh->issuer_attribute), ".gnu"); - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Looking up %s\n", issuer_attribute_name); ds_entry = GNUNET_new (struct DelegationSetEntry); ds_entry->issuer_key = GNUNET_new (struct GNUNET_CRYPTO_EcdsaPublicKey); @@ -905,7 +925,7 @@ handle_verify (void *cls, char *attrptr = attrs; const char *utf_in; - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received VERIFY message\n"); utf_in = (const char *) &v_msg[1]; @@ -939,7 +959,7 @@ handle_verify (void *cls, send_lookup_response (vrh); return; } - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Looking up %s\n", subject_attribute); /** @@ -967,7 +987,7 @@ client_disconnect_cb (void *cls, struct GNUNET_SERVICE_Client *client, void *app_ctx) { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Client %p disconnected\n", client); } @@ -985,7 +1005,7 @@ client_connect_cb (void *cls, struct GNUNET_SERVICE_Client *client, struct GNUNET_MQ_Handle *mq) { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Client %p connected\n", client); return client; diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index d21185981..1358afdb1 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c @@ -65,12 +65,6 @@ credential_value_to_string (void *cls, memcpy (&sets, data, sizeof (sets)); - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "SIZE %llu needed: %llu + %llu\n", - data_size, - GNUNET_ntohll (sets.data_size), - sizeof (sets)); - cdata = data; struct GNUNET_CREDENTIAL_DelegationSetRecord set[ntohl(sets.set_count)]; if (GNUNET_OK != GNUNET_CREDENTIAL_delegation_set_deserialize (GNUNET_ntohll (sets.data_size), @@ -238,15 +232,8 @@ credential_string_to_value (void *cls, strlen (subject_pkey), &set[i].subject_key); if (2 == matches) { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Adding %s (data size %llu)\n", - attr_str, - tmp_data_size); - /*GNUNET_memcpy (&set[1], - attr_str, - strlen (attr_str)+1);*/ set[i].subject_attribute_len = strlen (attr_str) + 1; - set[i].subject_attribute = GNUNET_strdup (attr_str);//(const char*)&set[1]; + set[i].subject_attribute = GNUNET_strdup (attr_str); } token = strtok (NULL , ","); } diff --git a/src/credential/plugin_rest_credential.c b/src/credential/plugin_rest_credential.c index cdd0e86e9..f6e4fc5a8 100644 --- a/src/credential/plugin_rest_credential.c +++ b/src/credential/plugin_rest_credential.c @@ -41,7 +41,7 @@ #define GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO "credential" -#define GNUNET_REST_JSONAPI_CREDENTIAL_CHAIN "chain" +#define GNUNET_REST_JSONAPI_DELEGATIONS "delegations" #define GNUNET_REST_JSONAPI_CREDENTIAL_ISSUER_ATTR "attribute" @@ -273,6 +273,7 @@ static void handle_verify_response (void *cls, unsigned int d_count, struct GNUNET_CREDENTIAL_Delegation *delegation_chain, + unsigned int c_count, struct GNUNET_CREDENTIAL_Credential *cred) { @@ -282,7 +283,8 @@ handle_verify_response (void *cls, struct GNUNET_JSONAPI_Resource *json_resource; json_t *cred_obj; json_t *attr_obj; - json_t *result_array; + json_t *cred_array; + json_t *attr_array; char *result; uint32_t i; @@ -298,25 +300,33 @@ handle_verify_response (void *cls, json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO, handle->issuer_attr); cred_obj = credential_to_json (cred); - result_array = json_array (); + attr_array = json_array (); for (i = 0; i < d_count; i++) { attr_obj = attribute_delegation_to_json (&delegation_chain[i]); - json_array_append (result_array, attr_obj); + json_array_append (attr_array, attr_obj); json_decref (attr_obj); } + cred_array = json_array (); + for (i=0;iproc (handle->proc_cls, resp, MHD_HTTP_OK); diff --git a/src/credential/test_credential_verify.sh b/src/credential/test_credential_verify.sh index 52a4fd2fc..6d69e337b 100755 --- a/src/credential/test_credential_verify.sh +++ b/src/credential/test_credential_verify.sh @@ -23,7 +23,7 @@ rm -rf `gnunet-config -c test_credential_lookup.conf -s PATHS -o GNUNET_HOME -f` which timeout &> /dev/null && DO_TIMEOUT="timeout 30" -#gnunet-arm -s -c test_credential_lookup.conf +gnunet-arm -s -c test_credential_lookup.conf gnunet-identity -C service -c test_credential_lookup.conf gnunet-identity -C alice -c test_credential_lookup.conf gnunet-identity -C gnu -c test_credential_lookup.conf @@ -44,8 +44,6 @@ TEST_CREDENTIAL="mygnunetcreds" # (1) A service assigns the attribute "user" to all entities that have been assigned "member" by entities that werde assigned "project" from GNU gnunet-namestore -p -z service -a -n $USER_ATTR -t ATTR -V "$GNU_KEY $GNU_PROJECT_ATTR.$MEMBER_ATTR" -e 5m -c test_credential_lookup.conf -valgrind gnunet-namestore -D -z service -c test_credential_lookup.conf - # (2) GNU recognized GNUnet as a GNU project and delegates the "project" attribute gnunet-namestore -p -z gnu -a -n $GNU_PROJECT_ATTR -t ATTR -V "$GNUNET_KEY" -e 5m -c test_credential_lookup.conf diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h index b28d90140..7419407d3 100644 --- a/src/include/gnunet_credential_service.h +++ b/src/include/gnunet_credential_service.h @@ -109,22 +109,6 @@ struct GNUNET_CREDENTIAL_CredentialRecordData { }; -/** - * The attribute delegation record -*/ -struct GNUNET_CREDENTIAL_AttributeRecordData { - - /** - * Public key of the subject this attribute was delegated to - */ - struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; - - /** - * Followed by the attribute that was delegated to as string - * May be empty - */ -}; - /** * The attribute delegation record */ @@ -257,13 +241,15 @@ GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle); * Iterator called on obtained result for an attribute verification. * * @param cls closure - * @param issuer the issuer of the attribute NULL if verification failed - * @param result the result of the verification - * @param rd the records in reply + * @param d_count the number of delegations processed + * @param delegation_chain the delegations processed + * @param c_count the number of credentials found + * @param credential the credentials */ typedef void (*GNUNET_CREDENTIAL_VerifyResultProcessor) (void *cls, unsigned int d_count, struct GNUNET_CREDENTIAL_Delegation *delegation_chain, + unsigned int c_count, struct GNUNET_CREDENTIAL_Credential *credential); /** -- cgit v1.2.3 From fb662a6b560d84903e5b9601a1df1778dd12ae44 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Wed, 14 Dec 2016 23:16:12 +0100 Subject: -tests --- src/credential/Makefile.am | 3 +- src/credential/test_credential_lookup.conf | 2 +- src/credential/test_credential_verify_and.sh | 81 ++++++++++++++++++++++++++++ 3 files changed, 84 insertions(+), 2 deletions(-) create mode 100755 src/credential/test_credential_verify_and.sh diff --git a/src/credential/Makefile.am b/src/credential/Makefile.am index 5852bd0a0..5f3b60270 100644 --- a/src/credential/Makefile.am +++ b/src/credential/Makefile.am @@ -98,7 +98,8 @@ libgnunet_plugin_rest_credential_la_LDFLAGS = \ check_SCRIPTS = \ test_credential_issue.sh \ test_credential_verify_simple.sh \ - test_credential_verify.sh + test_credential_verify.sh \ + test_credential_verify_and.sh if ENABLE_TEST_RUN if HAVE_SQLITE diff --git a/src/credential/test_credential_lookup.conf b/src/credential/test_credential_lookup.conf index bf321f9db..57c62fab3 100644 --- a/src/credential/test_credential_lookup.conf +++ b/src/credential/test_credential_lookup.conf @@ -11,7 +11,7 @@ PLUGINS = [credential] AUTOSTART = YES -PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/credlog +#PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/credlog [gns] #PREFIX = valgrind --leak-check=full --track-origins=yes diff --git a/src/credential/test_credential_verify_and.sh b/src/credential/test_credential_verify_and.sh new file mode 100755 index 000000000..833d36f95 --- /dev/null +++ b/src/credential/test_credential_verify_and.sh @@ -0,0 +1,81 @@ +#!/bin/bash +trap "gnunet-arm -e -c test_credential_lookup.conf" SIGINT + +LOCATION=$(which gnunet-config) +if [ -z $LOCATION ] +then + LOCATION="gnunet-config" +fi +$LOCATION --version 1> /dev/null +if test $? != 0 +then + echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" + exit 77 +fi + +rm -rf `gnunet-config -c test_credential_lookup.conf -s PATHS -o GNUNET_HOME -f` + +# (1) Service.user -> GNU.project.member +# (2) GNU.project -> GNUnet +# (3) GNUnet.member -> GNUnet.developer +# (4) GNUnet.member -> GNUnet.user +# (5) GNUnet.developer -> Alice + + +which timeout &> /dev/null && DO_TIMEOUT="timeout 30" +gnunet-arm -s -c test_credential_lookup.conf +gnunet-identity -C service -c test_credential_lookup.conf +gnunet-identity -C alice -c test_credential_lookup.conf +gnunet-identity -C gnu -c test_credential_lookup.conf +gnunet-identity -C gnunet -c test_credential_lookup.conf + +GNU_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep gnu | grep -v gnunet | awk '{print $3}') +ALICE_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep alice | awk '{print $3}') +GNUNET_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep gnunet | awk '{print $3}') +SERVICE_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep service | awk '{print $3}') + +USER_ATTR="user" +GNU_PROJECT_ATTR="project" +MEMBER_ATTR="member" +DEVELOPER_ATTR="developer" +DEV_ATTR="developer" +TEST_CREDENTIAL="mygnunetcreds" + +# (1) A service assigns the attribute "user" to all entities that have been assigned "member" by entities that werde assigned "project" from GNU +gnunet-namestore -p -z service -a -n $USER_ATTR -t ATTR -V "$GNU_KEY $GNU_PROJECT_ATTR.$MEMBER_ATTR" -e 5m -c test_credential_lookup.conf + +# (2) GNU recognized GNUnet as a GNU project and delegates the "project" attribute +gnunet-namestore -p -z gnu -a -n $GNU_PROJECT_ATTR -t ATTR -V "$GNUNET_KEY" -e 5m -c test_credential_lookup.conf + +# (3+4) GNUnet assigns the attribute "member" to all entities gnunet has also assigned "developer" or "user" +gnunet-namestore -p -z gnunet -a -n $MEMBER_ATTR -t ATTR -V "$GNUNET_KEY $DEVELOPER_ATTR,$GNUNET_KEY $USER_ATTR" -e 5m -c test_credential_lookup.conf + +# (5) GNUnet issues Alice the credential "developer" +CRED1=`$DO_TIMEOUT gnunet-credential --issue --ego=gnunet --subject=$ALICE_KEY --attribute=$DEV_ATTR --ttl=5m -c test_credential_lookup.conf` +# (5) GNUnet issues Alice the credential "user" +CRED2=`$DO_TIMEOUT gnunet-credential --issue --ego=gnunet --subject=$ALICE_KEY --attribute=$USER_ATTR --ttl=5m -c test_credential_lookup.conf` + + +# Alice stores the credential under "mygnunetcreds" +gnunet-namestore -p -z alice -a -n $TEST_CREDENTIAL -t CRED -V "$CRED1" -e 5m -c test_credential_lookup.conf +gnunet-namestore -p -z alice -a -n $TEST_CREDENTIAL -t CRED -V "$CRED2" -e 5m -c test_credential_lookup.conf + +#TODO2 Add -z swich like in gnunet-gns +RES_CRED=`gnunet-credential --verify --issuer=$SERVICE_KEY --attribute=$USER_ATTR --subject=$ALICE_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf` + + +#TODO cleanup properly +gnunet-namestore -z alice -d -n $TEST_CREDENTIAL -t CRED -e never -c test_credential_lookup.conf +gnunet-namestore -z gnu -d -n $GNU_PROJECT_ATTR -t ATTR -c test_credential_lookup.conf +gnunet-namestore -z gnunet -d -n $MEMBER_ATTR -t ATTR -c test_credential_lookup.conf +gnunet-namestore -z service -d -n $USER_ATTR -t ATTR -c test_credential_lookup.conf +gnunet-arm -e -c test_credential_lookup.conf + +if [ "$RES_CRED" != "Failed." ] +then + echo -e "${RES_CRED}" + exit 0 +else + echo "FAIL: Failed to verify credential $RES_CRED." + exit 1 +fi -- cgit v1.2.3 From 7a6a665cea13854c28384fd4e51da0f10b4933cc Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Thu, 15 Dec 2016 13:36:40 +0100 Subject: -fix rest; prelim test; --- src/credential/credential_api.c | 1 + src/credential/plugin_rest_credential.c | 31 +++++++--- src/credential/test_credential_lookup.conf | 3 + src/credential/test_credential_verify_rest.sh | 84 +++++++++++++++++++++++++++ 4 files changed, 111 insertions(+), 8 deletions(-) create mode 100755 src/credential/test_credential_verify_rest.sh diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index 860504e61..d9e01c1d3 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c @@ -234,6 +234,7 @@ handle_result (void *cls, GNUNET_CONTAINER_DLL_remove (handle->verify_head, handle->verify_tail, vr); + GNUNET_MQ_discard (vr->env); GNUNET_free (vr); GNUNET_assert (GNUNET_OK == GNUNET_CREDENTIAL_delegation_chain_deserialize (mlen, diff --git a/src/credential/plugin_rest_credential.c b/src/credential/plugin_rest_credential.c index f6e4fc5a8..11e6fb276 100644 --- a/src/credential/plugin_rest_credential.c +++ b/src/credential/plugin_rest_credential.c @@ -193,12 +193,14 @@ attribute_delegation_to_json (struct GNUNET_CREDENTIAL_Delegation *delegation_ch json_t *attr_obj; issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string (&delegation_chain_entry->issuer_key); + if (NULL == issuer) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Issuer in delegation malformed\n"); return NULL; } subject = GNUNET_CRYPTO_ecdsa_public_key_to_string (&delegation_chain_entry->subject_key); + if (NULL == subject) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Subject in credential malformed\n"); @@ -207,16 +209,17 @@ attribute_delegation_to_json (struct GNUNET_CREDENTIAL_Delegation *delegation_ch } attr_obj = json_object (); - json_object_set_new (attr_obj, "subject", json_string (subject)); - json_object_set_new (attr_obj, "issuer", json_string (issuer)); + json_object_set_new (attr_obj, "issuer", json_string (issuer)); json_object_set_new (attr_obj, "issuer_attribute", json_string (delegation_chain_entry->issuer_attribute)); + json_object_set_new (attr_obj, "subject", json_string (subject)); if (0 < delegation_chain_entry->subject_attribute_len) { json_object_set_new (attr_obj, "subject_attribute", json_string (delegation_chain_entry->subject_attribute)); } + GNUNET_free (issuer); GNUNET_free (subject); return attr_obj; } @@ -286,6 +289,8 @@ handle_verify_response (void *cls, json_t *cred_array; json_t *attr_array; char *result; + char *issuer; + char *id; uint32_t i; handle->verify_request = NULL; @@ -296,23 +301,33 @@ handle_verify_response (void *cls, GNUNET_SCHEDULER_add_now (&do_error, handle); return; } + issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string (&handle->issuer_key); + if (NULL == issuer) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Issuer in delegation malformed\n"); + return; + } + GNUNET_asprintf (&id, + "%s.%s", + issuer, + handle->issuer_attr); + GNUNET_free (issuer); json_document = GNUNET_JSONAPI_document_new (); json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO, - handle->issuer_attr); - cred_obj = credential_to_json (cred); + id); + GNUNET_free (id); attr_array = json_array (); for (i = 0; i < d_count; i++) { attr_obj = attribute_delegation_to_json (&delegation_chain[i]); - json_array_append (attr_array, attr_obj); - json_decref (attr_obj); + json_array_append_new (attr_array, attr_obj); } cred_array = json_array (); for (i=0;i /dev/null +if test $? != 0 +then + echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" + exit 77 +fi + +rm -rf `gnunet-config -c test_credential_lookup.conf -s PATHS -o GNUNET_HOME -f` + +# (1) Service.user -> GNU.project.member +# (2) GNU.project -> GNUnet +# (3) GNUnet.member -> GNUnet.developer +# (4) GNUnet.member -> GNUnet.user +# (5) GNUnet.developer -> Alice + + +which timeout &> /dev/null && DO_TIMEOUT="timeout 30" +gnunet-arm -s -c test_credential_lookup.conf +gnunet-identity -C service -c test_credential_lookup.conf +gnunet-identity -C alice -c test_credential_lookup.conf +gnunet-identity -C gnu -c test_credential_lookup.conf +gnunet-identity -C gnunet -c test_credential_lookup.conf + +GNU_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep gnu | grep -v gnunet | awk '{print $3}') +ALICE_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep alice | awk '{print $3}') +GNUNET_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep gnunet | awk '{print $3}') +SERVICE_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep service | awk '{print $3}') + +USER_ATTR="user" +GNU_PROJECT_ATTR="project" +MEMBER_ATTR="member" +DEVELOPER_ATTR="developer" +DEV_ATTR="developer" +TEST_CREDENTIAL="mygnunetcreds" + +# (1) A service assigns the attribute "user" to all entities that have been assigned "member" by entities that werde assigned "project" from GNU +gnunet-namestore -p -z service -a -n $USER_ATTR -t ATTR -V "$GNU_KEY $GNU_PROJECT_ATTR.$MEMBER_ATTR" -e 5m -c test_credential_lookup.conf + +# (2) GNU recognized GNUnet as a GNU project and delegates the "project" attribute +gnunet-namestore -p -z gnu -a -n $GNU_PROJECT_ATTR -t ATTR -V "$GNUNET_KEY" -e 5m -c test_credential_lookup.conf + +# (3+4) GNUnet assigns the attribute "member" to all entities gnunet has also assigned "developer" or "user" +gnunet-namestore -p -z gnunet -a -n $MEMBER_ATTR -t ATTR -V "$GNUNET_KEY $DEVELOPER_ATTR" -e 5m -c test_credential_lookup.conf +gnunet-namestore -p -z gnunet -a -n $MEMBER_ATTR -t ATTR -V "$GNUNET_KEY $USER_ATTR" -e 5m -c test_credential_lookup.conf + +# (5) GNUnet issues Alice the credential "developer" +CRED=`$DO_TIMEOUT gnunet-credential --issue --ego=gnunet --subject=$ALICE_KEY --attribute=$DEV_ATTR --ttl=5m -c test_credential_lookup.conf` + +# Alice stores the credential under "mygnunetcreds" +gnunet-namestore -p -z alice -a -n $TEST_CREDENTIAL -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf + +#TODO2 Add -z swich like in gnunet-gns +RES_CRED=`gnunet-credential --verify --issuer=$SERVICE_KEY --attribute=$USER_ATTR --subject=$ALICE_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf` + +gnunet-arm -i rest -c test_credential_lookup.conf + +sleep 5 + +echo "localhost:7776/credential?attribute=$SERVICE_KEY.$USER_ATTR&credential=$ALICE_KEY.$TEST_CREDENTIAL" +curl -v "localhost:7776/credential?attribute=$SERVICE_KEY.$USER_ATTR&credential=$ALICE_KEY.$TEST_CREDENTIAL" + +#TODO cleanup properly +gnunet-namestore -z alice -d -n $TEST_CREDENTIAL -t CRED -e never -c test_credential_lookup.conf +gnunet-namestore -z gnu -d -n $GNU_PROJECT_ATTR -t ATTR -c test_credential_lookup.conf +gnunet-namestore -z gnunet -d -n $MEMBER_ATTR -t ATTR -c test_credential_lookup.conf +gnunet-namestore -z service -d -n $USER_ATTR -t ATTR -c test_credential_lookup.conf +gnunet-arm -e -c test_credential_lookup.conf + +if [ "$RES_CRED" != "Failed." ] +then + echo -e "${RES_CRED}" + exit 0 +else + echo "FAIL: Failed to verify credential $RES_CRED." + exit 1 +fi -- cgit v1.2.3 From 9c5ecc381458c941fdb70f1f4a47e76daac4eda5 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sat, 17 Dec 2016 00:00:10 +0100 Subject: -refactoring --- src/credential/credential_misc.c | 168 +++++++++++++++++++++++++++++++++++++++ src/credential/credential_misc.h | 35 ++++++++ 2 files changed, 203 insertions(+) create mode 100644 src/credential/credential_misc.c create mode 100644 src/credential/credential_misc.h diff --git a/src/credential/credential_misc.c b/src/credential/credential_misc.c new file mode 100644 index 000000000..f1be433e0 --- /dev/null +++ b/src/credential/credential_misc.c @@ -0,0 +1,168 @@ +/* + This file is part of GNUnet. + Copyright (C) 2009-2013, 2016 GNUnet e.V. + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. +*/ + + +/** + * @file credential/credential_mic.c + * @brief Misc API for credentials + * + * @author Martin Schanzenbach + */ +#include "platform.h" +#include "gnunet_util_lib.h" +#include "gnunet_constants.h" +#include "gnunet_credential_service.h" +#include "gnunet_signatures.h" +#include "credential.h" +#include + +char* +GNUNET_CREDENTIAL_credential_to_string (const struct GNUNET_CREDENTIAL_Credential *cred) +{ + char *cred_str; + char *subject_pkey; + char *issuer_pkey; + char *signature; + + + subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->subject_key); + issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->issuer_key); + GNUNET_STRINGS_base64_encode ((char*)&cred->signature, + sizeof (struct GNUNET_CRYPTO_EcdsaSignature), + &signature); + GNUNET_asprintf (&cred_str, + "%s.%s -> %s | %s | %"SCNu64, + issuer_pkey, + cred->issuer_attribute, + subject_pkey, + signature, + cred->expiration.abs_value_us); + GNUNET_free (subject_pkey); + GNUNET_free (issuer_pkey); + GNUNET_free (signature); + return cred_str; +} + +struct GNUNET_CREDENTIAL_Credential* +GNUNET_CREDENTIAL_credential_from_string (const char* s) +{ + struct GNUNET_CREDENTIAL_Credential *cred; + size_t enclen = (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8; + if (enclen % 5 > 0) + enclen += 5 - enclen % 5; + enclen /= 5; /* 260/5 = 52 */ + char subject_pkey[enclen + 1]; + char issuer_pkey[enclen + 1]; + char name[253 + 1]; + char signature[256]; //TODO max payload size + + struct GNUNET_CRYPTO_EcdsaSignature *sig; + struct GNUNET_TIME_Absolute etime_abs; + + if (5 != SSCANF (s, + "%52s.%253s -> %52s | %s | %"SCNu64, + issuer_pkey, + name, + subject_pkey, + signature, + &etime_abs.abs_value_us)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + _("Unable to parse CRED record string `%s'\n"), + s); + return NULL; + } + cred = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_Credential) + strlen (name) + 1); + GNUNET_CRYPTO_ecdsa_public_key_from_string (subject_pkey, + strlen (subject_pkey), + &cred->subject_key); + GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_pkey, + strlen (issuer_pkey), + &cred->issuer_key); + GNUNET_assert (sizeof (struct GNUNET_CRYPTO_EcdsaSignature) == GNUNET_STRINGS_base64_decode (signature, + strlen (signature), + (char**)&sig)); + cred->signature = *sig; + cred->expiration = etime_abs; + GNUNET_free (sig); + GNUNET_memcpy (&cred[1], + name, + strlen (name)+1); + cred->issuer_attribute = (char*)&cred[1]; + return cred; +} + +/** + * Issue an attribute to a subject + * + * @param handle handle to the Credential service + * @param issuer the ego that should be used to issue the attribute + * @param subject the subject of the attribute + * @param attribute the name of the attribute + * @return handle to the queued request + */ +struct GNUNET_CREDENTIAL_Credential * +GNUNET_CREDENTIAL_credential_issue (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, + struct GNUNET_CRYPTO_EcdsaPublicKey *subject, + const char *attribute, + struct GNUNET_TIME_Absolute *expiration) +{ + struct CredentialEntry *crd; + struct GNUNET_CREDENTIAL_Credential *cred; + size_t size; + + size = sizeof (struct CredentialEntry) + strlen (attribute) + 1; + crd = GNUNET_malloc (size); + cred = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_Credential) + strlen (attribute) + 1); + crd->purpose.size = htonl (size - sizeof (struct GNUNET_CRYPTO_EcdsaSignature)); + + crd->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); + GNUNET_CRYPTO_ecdsa_key_get_public (issuer, + &crd->issuer_key); + crd->subject_key = *subject; + crd->expiration = GNUNET_htonll (expiration->abs_value_us); + crd->issuer_attribute_len = htonl (strlen (attribute)+1); + GNUNET_memcpy ((char*)&crd[1], + attribute, + strlen (attribute)+1); + if (GNUNET_OK != + GNUNET_CRYPTO_ecdsa_sign (issuer, + &crd->purpose, + &crd->signature)) + { + GNUNET_break (0); + GNUNET_free (crd); + return NULL; + } + cred->signature = crd->signature; + cred->expiration = *expiration; + GNUNET_CRYPTO_ecdsa_key_get_public (issuer, + &cred->issuer_key); + + cred->subject_key = *subject; + GNUNET_memcpy (&cred[1], + attribute, + strlen (attribute)+1); + cred->issuer_attribute = (char*)&cred[1]; + GNUNET_free (crd); + return cred; +} + + diff --git a/src/credential/credential_misc.h b/src/credential/credential_misc.h new file mode 100644 index 000000000..c3aa8c214 --- /dev/null +++ b/src/credential/credential_misc.h @@ -0,0 +1,35 @@ +/* + This file is part of GNUnet + Copyright (C) 2012-2013 GNUnet e.V. + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. + */ +/** + * @file credential/credential_misc.h + * @brief Credential helper functions + */ +#ifndef CREDENTIAL_MISC_H +#define CREDENTIAL_MISC_H + + + +char* +GNUNET_CREDENTIAL_credential_to_string (const struct GNUNET_CREDENTIAL_Credential *cred); + +struct GNUNET_CREDENTIAL_Credential* +GNUNET_CREDENTIAL_credential_from_string (const char* str); + +#endif -- cgit v1.2.3 From 33e847bf4edc06be68589467d0f6a31c07d911ac Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sun, 18 Dec 2016 16:52:59 +0100 Subject: -fixes --- src/credential/Makefile.am | 5 +- src/credential/credential.h | 76 +++++++ src/credential/credential_api.c | 48 ----- src/credential/credential_serialization.c | 159 +++++++++------ src/credential/credential_serialization.h | 20 +- src/credential/gnunet-credential.c | 21 +- src/credential/gnunet-service-credential.c | 150 ++++++-------- src/credential/plugin_gnsrecord_credential.c | 115 +++-------- src/credential/plugin_rest_credential.c | 258 ++++++++++++++++++++++-- src/credential/test_credential_issue.sh | 4 +- src/credential/test_credential_lookup.conf | 2 +- src/credential/test_credential_verify_simple.sh | 2 +- src/identity-provider/identity_provider_api.c | 12 +- src/identity/plugin_rest_identity.c | 3 - src/include/gnunet_credential_service.h | 111 +++++----- src/jsonapi/jsonapi_document.c | 32 ++- 16 files changed, 600 insertions(+), 418 deletions(-) diff --git a/src/credential/Makefile.am b/src/credential/Makefile.am index 5f3b60270..0d9aed71b 100644 --- a/src/credential/Makefile.am +++ b/src/credential/Makefile.am @@ -74,8 +74,9 @@ gnunet_service_credential_LDADD = \ libgnunetcredential_la_SOURCES = \ - credential_api.c credential.h \ - credential_serialization.c + credential_api.c \ + credential_serialization.c \ + credential_misc.c libgnunetcredential_la_LIBADD = \ $(top_builddir)/src/util/libgnunetutil.la $(XLIB) libgnunetcredential_la_LDFLAGS = \ diff --git a/src/credential/credential.h b/src/credential/credential.h index 3ba8e9c9e..c5c0183cc 100644 --- a/src/credential/credential.h +++ b/src/credential/credential.h @@ -103,6 +103,82 @@ struct VerifyResultMessage }; +struct DelegationRecordData +{ + /** + * Subject key + */ + struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; + + /** + * Subject attributes + */ + uint32_t subject_attribute_len GNUNET_PACKED; +}; + + +struct ChainEntry +{ + /** + * Issuer key + */ + struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; + + /** + * Subject key + */ + struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; + + /** + * Issuer attributes + */ + uint32_t issuer_attribute_len GNUNET_PACKED; + + /** + * Subject attributes + */ + uint32_t subject_attribute_len GNUNET_PACKED; +}; + + +struct CredentialEntry +{ + + /** + * The signature for this credential by the issuer + */ + struct GNUNET_CRYPTO_EcdsaSignature signature; + + /** + * Signature meta + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + + /** + * Public key of the issuer + */ + struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; + + /** + * Public key of the subject this credential was issued to + */ + struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; + + /** + * Expiration time of this credential + */ + uint64_t expiration GNUNET_PACKED; + + /** + * Issuer attribute length + */ + uint32_t issuer_attribute_len; + + /** + * Followed by the attribute string + */ +}; + GNUNET_NETWORK_STRUCT_END diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index d9e01c1d3..e991b4153 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c @@ -430,52 +430,4 @@ GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, return vr; } -/** - * Issue an attribute to a subject - * - * @param handle handle to the Credential service - * @param issuer the ego that should be used to issue the attribute - * @param subject the subject of the attribute - * @param attribute the name of the attribute - * @return handle to the queued request - */ -struct GNUNET_CREDENTIAL_CredentialRecordData * -GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, - struct GNUNET_CRYPTO_EcdsaPublicKey *subject, - const char *attribute, - struct GNUNET_TIME_Absolute *expiration) -{ - struct GNUNET_CREDENTIAL_CredentialRecordData *crd; - - crd = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (attribute) + 1); - - crd->purpose.size = htonl (strlen (attribute) + 1 + - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + - sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + - sizeof (uint64_t)); - - crd->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); - GNUNET_CRYPTO_ecdsa_key_get_public (issuer, - &crd->issuer_key); - crd->subject_key = *subject; - crd->expiration = GNUNET_htonll (expiration->abs_value_us); - GNUNET_memcpy (&crd[1], - attribute, - strlen (attribute)); - if (GNUNET_OK != - GNUNET_CRYPTO_ecdsa_sign (issuer, - &crd->purpose, - &crd->signature)) - { - GNUNET_break (0); - GNUNET_free (crd); - return NULL; - } - return crd; -} - - - - /* end of credential_api.c */ diff --git a/src/credential/credential_serialization.c b/src/credential/credential_serialization.c index b08920d96..0586e6baa 100644 --- a/src/credential/credential_serialization.c +++ b/src/credential/credential_serialization.c @@ -29,48 +29,8 @@ #include "gnunet_util_lib.h" #include "gnunet_constants.h" #include "gnunet_credential_service.h" - -GNUNET_NETWORK_STRUCT_BEGIN - -struct DelegationRecordData -{ - /** - * Subject key - */ - struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; - - /** - * Subject attributes - */ - uint32_t subject_attribute_len GNUNET_PACKED; -}; - - -struct ChainEntry -{ - /** - * Issuer key - */ - struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; - - /** - * Subject key - */ - struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; - - /** - * Issuer attributes - */ - uint32_t issuer_attribute_len GNUNET_PACKED; - - /** - * Subject attributes - */ - uint32_t subject_attribute_len GNUNET_PACKED; -}; - -GNUNET_NETWORK_STRUCT_END - +#include "gnunet_signatures.h" +#include "credential.h" /** * Calculate how many bytes we will need to serialize @@ -83,7 +43,7 @@ GNUNET_NETWORK_STRUCT_END */ size_t GNUNET_CREDENTIAL_delegation_set_get_size (unsigned int ds_count, - const struct GNUNET_CREDENTIAL_DelegationSetRecord *dsr) + const struct GNUNET_CREDENTIAL_DelegationSet *dsr) { unsigned int i; size_t ret; @@ -110,7 +70,7 @@ GNUNET_CREDENTIAL_delegation_set_get_size (unsigned int ds_count, */ ssize_t GNUNET_CREDENTIAL_delegation_set_serialize (unsigned int d_count, - const struct GNUNET_CREDENTIAL_DelegationSetRecord *dsr, + const struct GNUNET_CREDENTIAL_DelegationSet *dsr, size_t dest_size, char *dest) { @@ -156,7 +116,7 @@ int GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len, const char *src, unsigned int d_count, - struct GNUNET_CREDENTIAL_DelegationSetRecord *dsr) + struct GNUNET_CREDENTIAL_DelegationSet *dsr) { struct DelegationRecordData rec; unsigned int i; @@ -173,7 +133,7 @@ GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len, dsr[i].subject_attribute_len = ntohl ((uint32_t) rec.subject_attribute_len); if (off + dsr[i].subject_attribute_len > len) return GNUNET_SYSERR; - dsr[i].subject_attribute = &src[off]; + dsr[i].subject_attribute = (char*)&src[off]; off += dsr[i].subject_attribute_len; } return GNUNET_OK; @@ -198,7 +158,7 @@ GNUNET_CREDENTIAL_delegation_chain_get_size (unsigned int d_count, size_t ret; ret = sizeof (struct ChainEntry) * (d_count); - ret += sizeof (struct ChainEntry) * (c_count); + ret += sizeof (struct CredentialEntry) * (c_count); for (i=0; i dest_size) + c_rec.issuer_attribute_len = htonl ((uint32_t) cd[i].issuer_attribute_len); + c_rec.issuer_key = cd[i].issuer_key; + c_rec.subject_key = cd[i].subject_key; + c_rec.signature = cd[i].signature; + c_rec.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); + c_rec.purpose.size = htonl ((sizeof (struct CredentialEntry) + cd[i].issuer_attribute_len) - sizeof (struct GNUNET_CRYPTO_EcdsaSignature)); + c_rec.expiration = htonl ((uint32_t) cd[i].expiration.abs_value_us); + if (off + sizeof (c_rec) > dest_size) return -1; GNUNET_memcpy (&dest[off], - &rec, - sizeof (rec)); - off += sizeof (rec); + &c_rec, + sizeof (c_rec)); + off += sizeof (c_rec); if (off + cd[i].issuer_attribute_len > dest_size) return -1; GNUNET_memcpy (&dest[off], @@ -310,6 +274,7 @@ GNUNET_CREDENTIAL_delegation_chain_deserialize (size_t len, struct GNUNET_CREDENTIAL_Credential *cd) { struct ChainEntry rec; + struct CredentialEntry c_rec; unsigned int i; size_t off; @@ -335,13 +300,15 @@ GNUNET_CREDENTIAL_delegation_chain_deserialize (size_t len, } for (i=0;i len) + if (off + sizeof (c_rec) > len) return GNUNET_SYSERR; - GNUNET_memcpy (&rec, &src[off], sizeof (rec)); - cd[i].issuer_attribute_len = ntohl ((uint32_t) rec.issuer_attribute_len); - cd[i].issuer_key = rec.issuer_key; - cd[i].subject_key = rec.subject_key; - off += sizeof (rec); + GNUNET_memcpy (&c_rec, &src[off], sizeof (c_rec)); + cd[i].issuer_attribute_len = ntohl ((uint32_t) c_rec.issuer_attribute_len); + cd[i].issuer_key = c_rec.issuer_key; + cd[i].subject_key = c_rec.subject_key; + cd[i].signature = c_rec.signature; + cd[i].expiration.abs_value_us = ntohl((uint32_t) c_rec.expiration); + off += sizeof (c_rec); if (off + cd[i].issuer_attribute_len > len) return GNUNET_SYSERR; cd[i].issuer_attribute = &src[off]; @@ -350,4 +317,74 @@ GNUNET_CREDENTIAL_delegation_chain_deserialize (size_t len, return GNUNET_OK; } + +int +GNUNET_CREDENTIAL_credential_serialize (struct GNUNET_CREDENTIAL_Credential *cred, + char **data) +{ + size_t size; + struct CredentialEntry *cdata; + + size = sizeof (struct CredentialEntry) + strlen (cred->issuer_attribute) + 1; + *data = GNUNET_malloc (size); + cdata = (struct CredentialEntry*)*data; + cdata->subject_key = cred->subject_key; + cdata->issuer_key = cred->issuer_key; + cdata->expiration = GNUNET_htonll (cred->expiration.abs_value_us); + cdata->signature = cred->signature; + cdata->issuer_attribute_len = htonl (strlen (cred->issuer_attribute) + 1); + cdata->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); + cdata->purpose.size = htonl (size - sizeof (struct GNUNET_CRYPTO_EcdsaSignature)); + GNUNET_memcpy (&cdata[1], + cred->issuer_attribute, + strlen (cred->issuer_attribute)); + + if(GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL, + &cdata->purpose, + &cdata->signature, + &cdata->issuer_key)) + { + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "Invalid credential\n"); + //return NULL; + } + return size; +} + +struct GNUNET_CREDENTIAL_Credential* +GNUNET_CREDENTIAL_credential_deserialize (const char* data, + size_t data_size) +{ + struct GNUNET_CREDENTIAL_Credential *cred; + struct CredentialEntry *cdata; + char *issuer_attribute; + + if (data_size < sizeof (struct CredentialEntry)) + return NULL; + cdata = (struct CredentialEntry*)data; + if(GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL, + &cdata->purpose, + &cdata->signature, + &cdata->issuer_key)) + { + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "Invalid credential\n"); + //return NULL; + } + issuer_attribute = (char*)&cdata[1]; + + cred = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_Credential) + ntohl(cdata->issuer_attribute_len)); + + cred->issuer_key = cdata->issuer_key; + cred->subject_key = cdata->subject_key; + GNUNET_memcpy (&cred[1], + issuer_attribute, + ntohl (cdata->issuer_attribute_len)); + cred->signature = cdata->signature; + cred->issuer_attribute = (char*)&cred[1]; + cred->expiration.abs_value_us = GNUNET_ntohll (cdata->expiration); + return cred; +} + + /* end of credential_serialization.c */ diff --git a/src/credential/credential_serialization.h b/src/credential/credential_serialization.h index 39ac0103b..eb1327f34 100644 --- a/src/credential/credential_serialization.h +++ b/src/credential/credential_serialization.h @@ -25,6 +25,9 @@ * and credentials * @author Martin Schanzenbach */ +#ifndef CREDENTIAL_SERIALIZATION_H +#define CREDENTIAL_SERIALIZATION_H + #include "platform.h" #include "gnunet_util_lib.h" #include "gnunet_constants.h" @@ -40,7 +43,7 @@ */ size_t GNUNET_CREDENTIAL_delegation_set_get_size (unsigned int ds_count, - const struct GNUNET_CREDENTIAL_DelegationSetRecord *dsr); + const struct GNUNET_CREDENTIAL_DelegationSet *dsr); /** * Serizalize the given delegation record entries @@ -53,7 +56,7 @@ GNUNET_CREDENTIAL_delegation_set_get_size (unsigned int ds_count, */ ssize_t GNUNET_CREDENTIAL_delegation_set_serialize (unsigned int d_count, - const struct GNUNET_CREDENTIAL_DelegationSetRecord *dsr, + const struct GNUNET_CREDENTIAL_DelegationSet *dsr, size_t dest_size, char *dest); @@ -71,7 +74,7 @@ int GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len, const char *src, unsigned int d_count, - struct GNUNET_CREDENTIAL_DelegationSetRecord *dsr); + struct GNUNET_CREDENTIAL_DelegationSet *dsr); /** * Calculate how many bytes we will need to serialize @@ -127,4 +130,13 @@ GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len, struct GNUNET_CREDENTIAL_Delegation *dd, unsigned int c_count, struct GNUNET_CREDENTIAL_Credential *cd); - /* end of credential_serialization.h */ + +int +GNUNET_CREDENTIAL_credential_serialize (struct GNUNET_CREDENTIAL_Credential *cred, + char **data); + +struct GNUNET_CREDENTIAL_Credential* +GNUNET_CREDENTIAL_credential_deserialize (const char* data, + size_t data_size); +#endif +/* end of credential_serialization.h */ diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index a743458d5..b31c2f66e 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c @@ -26,6 +26,8 @@ #include #include #include +#include "credential_misc.h" +#include "credential_serialization.h" /** * Configuration we are using. @@ -220,7 +222,7 @@ identity_cb (void *cls, const struct GNUNET_IDENTITY_Ego *ego) { const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; - struct GNUNET_CREDENTIAL_CredentialRecordData *crd; + struct GNUNET_CREDENTIAL_Credential *crd; struct GNUNET_TIME_Absolute etime_abs; struct GNUNET_TIME_Relative etime_rel; char *res; @@ -261,14 +263,13 @@ identity_cb (void *cls, privkey = GNUNET_IDENTITY_ego_get_private_key (ego); GNUNET_free_non_null (issuer_ego_name); issuer_ego_name = NULL; - crd = GNUNET_CREDENTIAL_issue (credential, - privkey, - &subject_pkey, - issuer_attr, - &etime_abs); - res = GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_CREDENTIAL, - crd, - sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (issuer_attr) + 1); + crd = GNUNET_CREDENTIAL_credential_issue (privkey, + &subject_pkey, + issuer_attr, + &etime_abs); + + res = GNUNET_CREDENTIAL_credential_to_string (crd); + GNUNET_free (crd); printf ("%s\n", res); GNUNET_SCHEDULER_shutdown (); } @@ -354,7 +355,7 @@ run (void *cls, _("You must provide issuer and subject attributes\n")); GNUNET_SCHEDULER_shutdown (); } - + printf ("Trying to find a chain from a credential under %s of %s to the attribute %s issued by %s\n", subject_credential, subject_key, issuer_attr, issuer_key); diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index 2b3eb8b4c..55907e0d7 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -46,7 +46,7 @@ struct VerifyRequestHandle; -struct DelegationSetEntry; +struct DelegationSetQueueEntry; struct DelegationChainEntry @@ -101,12 +101,7 @@ struct CredentialRecordEntry /** * Payload */ - struct GNUNET_CREDENTIAL_CredentialRecordData *data; - - /** - * Size - */ - uint64_t data_size; + struct GNUNET_CREDENTIAL_Credential *credential; }; /** @@ -128,17 +123,17 @@ struct DelegationQueueEntry /** * Sets under this Queue */ - struct DelegationSetEntry *set_entries_head; + struct DelegationSetQueueEntry *set_entries_head; /** * Sets under this Queue */ - struct DelegationSetEntry *set_entries_tail; + struct DelegationSetQueueEntry *set_entries_tail; /** * Parent set */ - struct DelegationSetEntry *parent_set; + struct DelegationSetQueueEntry *parent_set; /** * Required solutions @@ -150,17 +145,17 @@ struct DelegationQueueEntry * DLL for delegation sets * Used for AND delegation set */ -struct DelegationSetEntry +struct DelegationSetQueueEntry { /** * DLL */ - struct DelegationSetEntry *next; + struct DelegationSetQueueEntry *next; /** * DLL */ - struct DelegationSetEntry *prev; + struct DelegationSetQueueEntry *prev; /** * GNS handle @@ -299,23 +294,13 @@ struct VerifyRequestHandle /** * Root Delegation Set */ - struct DelegationSetEntry *root_set; + struct DelegationSetQueueEntry *root_set; /** * Current Delegation Pointer */ struct DelegationQueueEntry *current_delegation; - /** - * The found credential - */ - struct GNUNET_CREDENTIAL_CredentialRecordData *credential; - - /** - * Length of the credential - */ - uint32_t credential_size; - /** * request id */ @@ -351,10 +336,10 @@ static struct GNUNET_GNS_Handle *gns; static void -cleanup_delegation_set (struct DelegationSetEntry *ds_entry) +cleanup_delegation_set (struct DelegationSetQueueEntry *ds_entry) { struct DelegationQueueEntry *dq_entry; - struct DelegationSetEntry *child; + struct DelegationSetQueueEntry *child; if (NULL == ds_entry) return; @@ -414,8 +399,6 @@ cleanup_handle (struct VerifyRequestHandle *vrh) GNUNET_GNS_lookup_cancel (vrh->lookup_request); vrh->lookup_request = NULL; } - if (NULL != vrh->credential) - GNUNET_free (vrh->credential); cleanup_delegation_set (vrh->root_set); if (NULL != vrh->issuer_attribute) GNUNET_free (vrh->issuer_attribute); @@ -426,8 +409,8 @@ cleanup_handle (struct VerifyRequestHandle *vrh) GNUNET_CONTAINER_DLL_remove (vrh->cred_chain_head, vrh->cred_chain_tail, cr_entry); - if (NULL != cr_entry->data) - GNUNET_free (cr_entry->data); + if (NULL != cr_entry->credential); + GNUNET_free (cr_entry->credential); GNUNET_free (cr_entry); } GNUNET_free (vrh); @@ -518,48 +501,45 @@ send_lookup_response (struct VerifyRequestHandle *vrh) struct GNUNET_MQ_Envelope *env; struct VerifyResultMessage *rmsg; struct DelegationChainEntry *dce; - size_t size = vrh->credential_size; struct GNUNET_CREDENTIAL_Delegation dd[vrh->delegation_chain_size]; struct GNUNET_CREDENTIAL_Credential cred[vrh->cred_chain_size]; - struct GNUNET_CREDENTIAL_CredentialRecordData *crd; struct CredentialRecordEntry *cd; + size_t size; int i; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Sending response\n"); - i = 0; - for (dce = vrh->delegation_chain_head; - NULL != dce; - dce = dce->next) + dce = vrh->delegation_chain_head; + for (i=0;idelegation_chain_size;i++) { dd[i].issuer_key = dce->issuer_key; dd[i].subject_key = dce->subject_key; dd[i].issuer_attribute = dce->issuer_attribute; dd[i].issuer_attribute_len = strlen (dce->issuer_attribute)+1; dd[i].subject_attribute_len = 0; + dd[i].subject_attribute = NULL; if (NULL != dce->subject_attribute) { dd[i].subject_attribute = dce->subject_attribute; dd[i].subject_attribute_len = strlen(dce->subject_attribute)+1; } - i++; + dce = dce->next; } /** * Get serialized record data * Append at the end of rmsg */ - i = 0; - for (cd = vrh->cred_chain_head; - NULL != cd; - cd = cd->next) + cd = vrh->cred_chain_head; + for (i=0;icred_chain_size;i++) { - crd = cd->data; - cred[i].issuer_key = crd->issuer_key; - cred[i].subject_key = crd->subject_key; - cred[i].issuer_attribute_len = strlen((char*)&crd[1])+1; - cred[i].issuer_attribute = (char*)&crd[1]; - i++; + cred[i].issuer_key = cd->credential->issuer_key; + cred[i].subject_key = cd->credential->subject_key; + cred[i].issuer_attribute_len = strlen(cd->credential->issuer_attribute)+1; + cred[i].issuer_attribute = cd->credential->issuer_attribute; + cred[i].expiration = cd->credential->expiration; + cred[i].signature = cd->credential->signature; + cd = cd->next; } size = GNUNET_CREDENTIAL_delegation_chain_get_size (vrh->delegation_chain_size, dd, @@ -573,18 +553,18 @@ send_lookup_response (struct VerifyRequestHandle *vrh) rmsg->d_count = htonl (vrh->delegation_chain_size); rmsg->c_count = htonl (vrh->cred_chain_size); - if (NULL != vrh->credential) + if (0 < vrh->cred_chain_size) rmsg->cred_found = htonl (GNUNET_YES); else rmsg->cred_found = htonl (GNUNET_NO); GNUNET_assert (-1 != - GNUNET_CREDENTIAL_delegation_chain_serialize (vrh->delegation_chain_size, - dd, - vrh->cred_chain_size, - cred, - size, - (char*)&rmsg[1])); + GNUNET_CREDENTIAL_delegation_chain_serialize (vrh->delegation_chain_size, + dd, + vrh->cred_chain_size, + cred, + size, + (char*)&rmsg[1])); GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(vrh->client), env); @@ -604,12 +584,11 @@ backward_resolution (void* cls, { struct VerifyRequestHandle *vrh; - struct GNUNET_CREDENTIAL_CredentialRecordData *cred; - const struct GNUNET_CREDENTIAL_DelegationRecordData *sets; + const struct GNUNET_CREDENTIAL_DelegationRecord *sets; struct CredentialRecordEntry *cred_pointer; - struct DelegationSetEntry *current_set; - struct DelegationSetEntry *ds_entry; - struct DelegationSetEntry *tmp_set; + struct DelegationSetQueueEntry *current_set; + struct DelegationSetQueueEntry *ds_entry; + struct DelegationSetQueueEntry *tmp_set; struct DelegationQueueEntry *dq_entry; char *expanded_attr; char *lookup_attribute; @@ -631,15 +610,15 @@ backward_resolution (void* cls, continue; sets = rd[i].data; - struct GNUNET_CREDENTIAL_DelegationSetRecord set[ntohl(sets->set_count)]; + struct GNUNET_CREDENTIAL_DelegationSet set[ntohl(sets->set_count)]; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found new attribute delegation with %d sets. Creating new Job...\n", - ntohl (sets->set_count)); + ntohl (sets->set_count)); if (GNUNET_OK !=GNUNET_CREDENTIAL_delegation_set_deserialize (GNUNET_ntohll(sets->data_size), - (const char*)&sets[1], - ntohl(sets->set_count), - set)) + (const char*)&sets[1], + ntohl(sets->set_count), + set)) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to deserialize!\n"); @@ -654,7 +633,7 @@ backward_resolution (void* cls, // Each AND for (j=0; jset_count); j++) { - ds_entry = GNUNET_new (struct DelegationSetEntry); + ds_entry = GNUNET_new (struct DelegationSetQueueEntry); if (NULL != current_set->attr_trailer) { if (0 == set[j].subject_attribute_len) @@ -706,16 +685,17 @@ backward_resolution (void* cls, for(cred_pointer = vrh->cred_chain_head; cred_pointer != NULL; cred_pointer = cred_pointer->next) { - cred = cred_pointer->data; if(0 != memcmp (&set->subject_key, - &cred_pointer->data->issuer_key, + &cred_pointer->credential->issuer_key, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))) continue; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Checking if %s matches %s\n", - ds_entry->unresolved_attribute_delegation, (char*)&cred[1]); + ds_entry->unresolved_attribute_delegation, + cred_pointer->credential->issuer_attribute); - if (0 != strcmp (ds_entry->unresolved_attribute_delegation, (char*)&cred[1])) + if (0 != strcmp (ds_entry->unresolved_attribute_delegation, + cred_pointer->credential->issuer_attribute)) continue; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, @@ -742,11 +722,6 @@ backward_resolution (void* cls, { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "All solutions found\n"); - vrh->credential = GNUNET_malloc (cred_pointer->data_size); - memcpy (vrh->credential, - cred, - cred_pointer->data_size); - vrh->credential_size = cred_pointer->data_size; //Found match send_lookup_response (vrh); return; @@ -822,8 +797,8 @@ handle_credential_query (void* cls, const struct GNUNET_GNSRECORD_Data *rd) { struct VerifyRequestHandle *vrh = cls; - struct DelegationSetEntry *ds_entry; - const struct GNUNET_CREDENTIAL_CredentialRecordData *crd; + struct DelegationSetQueueEntry *ds_entry; + struct GNUNET_CREDENTIAL_Credential *crd; struct CredentialRecordEntry *cr_entry; int cred_record_count; int i; @@ -835,22 +810,16 @@ handle_credential_query (void* cls, if (GNUNET_GNSRECORD_TYPE_CREDENTIAL != rd[i].record_type) continue; cred_record_count++; - crd = rd[i].data; - if(GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL, - &crd->purpose, - &crd->signature, - &crd->issuer_key)) + crd = GNUNET_CREDENTIAL_credential_deserialize (rd[i].data, + rd[i].data_size); + if (NULL == crd) { GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Invalid credential found\n"); continue; } cr_entry = GNUNET_new (struct CredentialRecordEntry); - cr_entry->data = GNUNET_malloc (rd[i].data_size); - memcpy (cr_entry->data, - crd, - rd[i].data_size); - cr_entry->data_size = rd[i].data_size; + cr_entry->credential = crd; GNUNET_CONTAINER_DLL_insert_tail (vrh->cred_chain_head, vrh->cred_chain_tail, cr_entry); @@ -860,13 +829,8 @@ handle_credential_query (void* cls, &vrh->issuer_key, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) continue; - if (0 != strcmp ((char*)&crd[1], vrh->issuer_attribute)) + if (0 != strcmp (crd->issuer_attribute, vrh->issuer_attribute)) continue; - vrh->credential = GNUNET_malloc (rd[i].data_size); - memcpy (vrh->credential, - rd[i].data, - rd[i].data_size); - vrh->credential_size = rd[i].data_size; //Found match prematurely send_lookup_response (vrh); return; @@ -884,7 +848,7 @@ handle_credential_query (void* cls, ".gnu"); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Looking up %s\n", issuer_attribute_name); - ds_entry = GNUNET_new (struct DelegationSetEntry); + ds_entry = GNUNET_new (struct DelegationSetQueueEntry); ds_entry->issuer_key = GNUNET_new (struct GNUNET_CRYPTO_EcdsaPublicKey); memcpy (ds_entry->issuer_key, &vrh->issuer_key, diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index 1358afdb1..5c3c03832 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c @@ -31,7 +31,7 @@ #include "gnunet_gnsrecord_plugin.h" #include "gnunet_signatures.h" #include "credential_serialization.h" - +#include "credential_misc.h" /** * Convert the 'value' of a record to a string. @@ -55,18 +55,18 @@ credential_value_to_string (void *cls, { case GNUNET_GNSRECORD_TYPE_ATTRIBUTE: { - struct GNUNET_CREDENTIAL_DelegationRecordData sets; + struct GNUNET_CREDENTIAL_DelegationRecord sets; char *attr_str; char *subject_pkey; char *tmp_str; int i; - if (data_size < sizeof (struct GNUNET_CREDENTIAL_DelegationRecordData)) + if (data_size < sizeof (struct GNUNET_CREDENTIAL_DelegationRecord)) return NULL; /* malformed */ memcpy (&sets, data, sizeof (sets)); cdata = data; - struct GNUNET_CREDENTIAL_DelegationSetRecord set[ntohl(sets.set_count)]; + struct GNUNET_CREDENTIAL_DelegationSet set[ntohl(sets.set_count)]; if (GNUNET_OK != GNUNET_CREDENTIAL_delegation_set_deserialize (GNUNET_ntohll (sets.data_size), &cdata[sizeof (sets)], ntohl (sets.set_count), @@ -116,38 +116,13 @@ credential_value_to_string (void *cls, } case GNUNET_GNSRECORD_TYPE_CREDENTIAL: { - struct GNUNET_CREDENTIAL_CredentialRecordData cred; - struct GNUNET_TIME_Absolute etime_abs; + struct GNUNET_CREDENTIAL_Credential *cred; char *cred_str; - char *subject_pkey; - char *issuer_pkey; - char *signature; - const char *expiration; - - if (data_size < sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData)) - return NULL; /* malformed */ - memcpy (&cred, - data, - sizeof (cred)); - cdata = data; - subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.subject_key); - issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.issuer_key); - etime_abs.abs_value_us = GNUNET_ntohll(cred.expiration); - expiration = GNUNET_STRINGS_absolute_time_to_string (etime_abs); - GNUNET_STRINGS_base64_encode ((char*)&cred.signature, - sizeof (struct GNUNET_CRYPTO_EcdsaSignature), - &signature); - GNUNET_asprintf (&cred_str, - "%s.%s -> %s | %s | %s", - issuer_pkey, - &cdata[sizeof (cred)], - subject_pkey, - signature, - expiration); - GNUNET_free (subject_pkey); - GNUNET_free (issuer_pkey); - GNUNET_free (signature); + cred = GNUNET_CREDENTIAL_credential_deserialize (data, + data_size); + cred_str = GNUNET_CREDENTIAL_credential_to_string (cred); + GNUNET_free (cred); return cred_str; } default: @@ -180,7 +155,7 @@ credential_string_to_value (void *cls, { case GNUNET_GNSRECORD_TYPE_ATTRIBUTE: { - struct GNUNET_CREDENTIAL_DelegationRecordData *sets; + struct GNUNET_CREDENTIAL_DelegationRecord *sets; char attr_str[253 + 1]; char subject_pkey[52 + 1]; char *token; @@ -194,7 +169,7 @@ credential_string_to_value (void *cls, token = strtok (tmp_str, ","); entries = 0; tmp_data_size = 0; - *data_size = sizeof (struct GNUNET_CREDENTIAL_DelegationRecordData); + *data_size = sizeof (struct GNUNET_CREDENTIAL_DelegationRecord); while (NULL != token) { matches = SSCANF (token, @@ -210,9 +185,9 @@ credential_string_to_value (void *cls, return GNUNET_SYSERR; } if (1 == matches) { - tmp_data_size += sizeof (struct GNUNET_CREDENTIAL_DelegationSetRecord); + tmp_data_size += sizeof (struct GNUNET_CREDENTIAL_DelegationRecordSet); } else if (2 == matches) { - tmp_data_size += sizeof (struct GNUNET_CREDENTIAL_DelegationSetRecord) + strlen (attr_str) + 1; + tmp_data_size += sizeof (struct GNUNET_CREDENTIAL_DelegationRecordSet) + strlen (attr_str) + 1; } entries++; token = strtok (NULL, ","); @@ -220,8 +195,7 @@ credential_string_to_value (void *cls, GNUNET_free (tmp_str); tmp_str = GNUNET_strdup (s); token = strtok (tmp_str, ","); - struct GNUNET_CREDENTIAL_DelegationSetRecord *set; - set = GNUNET_malloc (entries * sizeof (struct GNUNET_CREDENTIAL_DelegationSetRecord)); + struct GNUNET_CREDENTIAL_DelegationSet set[entries]; for (i=0;iset_count = htonl (entries); sets->data_size = GNUNET_htonll (tmp_data_size); @@ -255,58 +235,11 @@ credential_string_to_value (void *cls, } case GNUNET_GNSRECORD_TYPE_CREDENTIAL: { - struct GNUNET_CREDENTIAL_CredentialRecordData *cred; - - size_t enclen = (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8; - if (enclen % 5 > 0) - enclen += 5 - enclen % 5; - enclen /= 5; /* 260/5 = 52 */ - char subject_pkey[enclen + 1]; - char issuer_pkey[enclen + 1]; - char name[253 + 1]; - char signature[128]; //TODO max payload size - char expiration[256]; - - struct GNUNET_CRYPTO_EcdsaSignature *sig; - struct GNUNET_TIME_Absolute etime_abs; - - if (5 != SSCANF (s, - "%52s.%253s -> %52s | %s | %255[0-9a-zA-Z: ]", - issuer_pkey, - name, - subject_pkey, - signature, - expiration)) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - _("Unable to parse CRED record string `%s'\n"), - s); - return GNUNET_SYSERR; - } - *data_size = sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (name) + 1; - *data = cred = GNUNET_malloc (*data_size); - GNUNET_CRYPTO_ecdsa_public_key_from_string (subject_pkey, - strlen (subject_pkey), - &cred->subject_key); - GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_pkey, - strlen (issuer_pkey), - &cred->issuer_key); - GNUNET_STRINGS_fancy_time_to_absolute (expiration, - &etime_abs); - GNUNET_STRINGS_base64_decode (signature, - strlen (signature), - (char**)&sig); - cred->signature = *sig; - cred->expiration = GNUNET_htonll (etime_abs.abs_value_us); - cred->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); - cred->purpose.size = htonl (strlen (name) + 1 + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + sizeof (uint64_t)); - GNUNET_free (sig); - GNUNET_memcpy (&cred[1], - name, - strlen (name)); - + struct GNUNET_CREDENTIAL_Credential *cred; + cred = GNUNET_CREDENTIAL_credential_from_string (s); + *data_size = GNUNET_CREDENTIAL_credential_serialize (cred, + (char**)data); return GNUNET_OK; } default: diff --git a/src/credential/plugin_rest_credential.c b/src/credential/plugin_rest_credential.c index 11e6fb276..2df65d7ad 100644 --- a/src/credential/plugin_rest_credential.c +++ b/src/credential/plugin_rest_credential.c @@ -37,6 +37,14 @@ #define GNUNET_REST_API_NS_CREDENTIAL "/credential" +#define GNUNET_REST_API_NS_CREDENTIAL_ISSUE "/credential/issue" + +#define GNUNET_REST_API_NS_CREDENTIAL_VERIFY "/credential/verify" + +#define GNUNET_REST_JSONAPI_CREDENTIAL_EXPIRATION "expiration" + +#define GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_KEY "subject_key" + #define GNUNET_REST_JSONAPI_CREDENTIAL "credential" #define GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO "credential" @@ -57,7 +65,7 @@ struct Plugin const struct GNUNET_CONFIGURATION_Handle *cfg; -struct VerifyHandle +struct RequestHandle { /** * Handle to Credential service. @@ -69,6 +77,21 @@ struct VerifyHandle */ struct GNUNET_CREDENTIAL_Request *verify_request; + /** + * Handle to issue request + */ + struct GNUNET_CREDENTIAL_Request *issue_request; + + /** + * Handle to identity + */ + struct GNUNET_IDENTITY_Handle *identity; + + /** + * Handle to identity operation + */ + struct GNUNET_IDENTITY_Operation *id_op; + /** * Handle to rest request */ @@ -133,7 +156,7 @@ struct VerifyHandle * @param handle Handle to clean up */ static void -cleanup_handle (struct VerifyHandle *handle) +cleanup_handle (struct RequestHandle *handle) { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Cleaning up\n"); @@ -145,16 +168,13 @@ cleanup_handle (struct VerifyHandle *handle) if (NULL != handle->subject_attr) GNUNET_free (handle->subject_attr); if (NULL != handle->verify_request) - { GNUNET_CREDENTIAL_verify_cancel (handle->verify_request); - handle->verify_request = NULL; - } if (NULL != handle->credential) - { GNUNET_CREDENTIAL_disconnect (handle->credential); - handle->credential = NULL; - } - + if (NULL != handle->id_op) + GNUNET_IDENTITY_cancel (handle->id_op); + if (NULL != handle->identity) + GNUNET_IDENTITY_disconnect (handle->identity); if (NULL != handle->timeout_task) { GNUNET_SCHEDULER_cancel (handle->timeout_task); @@ -172,7 +192,7 @@ cleanup_handle (struct VerifyHandle *handle) static void do_error (void *cls) { - struct VerifyHandle *handle = cls; + struct RequestHandle *handle = cls; struct MHD_Response *resp; resp = GNUNET_REST_create_response (NULL); @@ -280,7 +300,7 @@ handle_verify_response (void *cls, struct GNUNET_CREDENTIAL_Credential *cred) { - struct VerifyHandle *handle = cls; + struct RequestHandle *handle = cls; struct MHD_Response *resp; struct GNUNET_JSONAPI_Document *json_document; struct GNUNET_JSONAPI_Resource *json_resource; @@ -355,7 +375,7 @@ verify_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle, const char* url, void *cls) { - struct VerifyHandle *handle = cls; + struct RequestHandle *handle = cls; struct GNUNET_HashCode key; char *tmp; char *entity_attr; @@ -478,6 +498,213 @@ verify_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle, } +void +send_cred_response (struct RequestHandle *handle, + struct GNUNET_CREDENTIAL_Credential *cred) +{ + struct MHD_Response *resp; + struct GNUNET_JSONAPI_Document *json_document; + struct GNUNET_JSONAPI_Resource *json_resource; + json_t *cred_obj; + char *result; + char *issuer; + char *subject; + char *signature; + char *id; + + GNUNET_assert (NULL == cred); + issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->issuer_key); + if (NULL == issuer) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Subject malformed\n"); + return; + } + GNUNET_asprintf (&id, + "%s.%s", + issuer, + (char*)&cred[1]); + subject = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->subject_key); + if (NULL == subject) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Subject malformed\n"); + return; + } + GNUNET_STRINGS_base64_encode ((char*)&cred->signature, + sizeof (struct GNUNET_CRYPTO_EcdsaSignature), + &signature); + json_document = GNUNET_JSONAPI_document_new (); + json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO, + id); + GNUNET_free (id); + cred_obj = json_object(); + json_object_set_new (cred_obj, "issuer", json_string (issuer)); + json_object_set_new (cred_obj, "subject", json_string (subject)); + json_object_set_new (cred_obj, "expiration", json_integer( cred->expiration.abs_value_us)); + json_object_set_new (cred_obj, "signature", json_string (signature)); + GNUNET_JSONAPI_resource_add_attr (json_resource, + GNUNET_REST_JSONAPI_CREDENTIAL, + cred_obj); + GNUNET_JSONAPI_document_resource_add (json_document, json_resource); + GNUNET_JSONAPI_document_serialize (json_document, &result); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Result %s\n", + result); + json_decref (cred_obj); + GNUNET_JSONAPI_document_delete (json_document); + resp = GNUNET_REST_create_response (result); + handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); + GNUNET_free (result); + GNUNET_free (signature); + GNUNET_free (issuer); + GNUNET_free (subject); + cleanup_handle (handle); +} + +void +get_cred_issuer_cb (void *cls, + struct GNUNET_IDENTITY_Ego *ego, + void **ctx, + const char *name) +{ + struct RequestHandle *handle = cls; + struct GNUNET_TIME_Absolute etime_abs; + struct GNUNET_TIME_Relative etime_rel; + const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer_key; + struct GNUNET_HashCode key; + struct GNUNET_CREDENTIAL_Credential *cred; + char* expiration_str; + char* tmp; + + handle->id_op = NULL; + + if (NULL == name) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Issuer not configured!\n"); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Connecting to credential service...\n"); + handle->credential = GNUNET_CREDENTIAL_connect (cfg); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Connected\n"); + if (NULL == handle->credential) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Connecting to CREDENTIAL failed\n"); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_CREDENTIAL_EXPIRATION, + strlen (GNUNET_REST_JSONAPI_CREDENTIAL_EXPIRATION), + &key); + if ( GNUNET_NO == + GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, + &key) ) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Missing expiration\n"); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + expiration_str = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, + &key); + if (GNUNET_OK == GNUNET_STRINGS_fancy_time_to_relative (expiration_str, + &etime_rel)) + { + etime_abs = GNUNET_TIME_relative_to_absolute (etime_rel); + } else if (GNUNET_OK != GNUNET_STRINGS_fancy_time_to_absolute (expiration_str, + &etime_abs)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Malformed expiration: %s\n", expiration_str); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_CREDENTIAL_ISSUER_ATTR, + strlen (GNUNET_REST_JSONAPI_CREDENTIAL_ISSUER_ATTR), + &key); + if ( GNUNET_NO == + GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, + &key) ) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Missing issuer attribute\n"); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + handle->issuer_attr = GNUNET_strdup(GNUNET_CONTAINER_multihashmap_get + (handle->rest_handle->url_param_map, + &key)); + GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_KEY, + strlen (GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_KEY), + &key); + if ( GNUNET_NO == + GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, + &key) ) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Missing subject\n"); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + tmp = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, + &key); + if (NULL == tmp) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Malformed subject\n"); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + if (GNUNET_OK != + GNUNET_CRYPTO_ecdsa_public_key_from_string (tmp, + strlen (tmp), + &handle->subject_key)) { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Malformed subject key\n"); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + issuer_key = GNUNET_IDENTITY_ego_get_private_key (ego); + cred = GNUNET_CREDENTIAL_credential_issue (issuer_key, + &handle->subject_key, + handle->issuer_attr, + &etime_abs); + if (NULL == cred) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to create credential\n"); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + send_cred_response (handle, cred); +} + + +static void +issue_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle, + const char* url, + void *cls) +{ + struct RequestHandle *handle = cls; + + handle->identity = GNUNET_IDENTITY_connect (cfg, + NULL, + NULL); + handle->id_op = GNUNET_IDENTITY_get(handle->identity, + "credential-issuer", + &get_cred_issuer_cb, + handle); + handle->timeout_task = GNUNET_SCHEDULER_add_delayed (handle->timeout, + &do_error, + handle); +} + /** * Handle rest request * @@ -489,7 +716,7 @@ options_cont (struct GNUNET_REST_RequestHandle *con_handle, void *cls) { struct MHD_Response *resp; - struct VerifyHandle *handle = cls; + struct RequestHandle *handle = cls; //For GNS, independent of path return all options resp = GNUNET_REST_create_response (NULL); @@ -519,7 +746,7 @@ rest_credential_process_request(struct GNUNET_REST_RequestHandle *conndata_handl GNUNET_REST_ResultProcessor proc, void *proc_cls) { - struct VerifyHandle *handle = GNUNET_new (struct VerifyHandle); + struct RequestHandle *handle = GNUNET_new (struct RequestHandle); struct GNUNET_REST_RequestHandlerError err; handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; @@ -528,7 +755,8 @@ rest_credential_process_request(struct GNUNET_REST_RequestHandle *conndata_handl handle->rest_handle = conndata_handle; static const struct GNUNET_REST_RequestHandler handlers[] = { - {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_CREDENTIAL, &verify_cred_cont}, + {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_CREDENTIAL_VERIFY, &verify_cred_cont}, + {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_CREDENTIAL_ISSUE, &issue_cred_cont}, {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_CREDENTIAL, &options_cont}, GNUNET_REST_HANDLER_END }; diff --git a/src/credential/test_credential_issue.sh b/src/credential/test_credential_issue.sh index b2ced204a..158d91c5b 100755 --- a/src/credential/test_credential_issue.sh +++ b/src/credential/test_credential_issue.sh @@ -39,6 +39,6 @@ then fi #Try import $DO_TIMEOUT gnunet-namestore -a -z testsubject -n c1 -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf - +RES=$? gnunet-arm -e -c test_credential_lookup.conf -exit $? +exit $RES diff --git a/src/credential/test_credential_lookup.conf b/src/credential/test_credential_lookup.conf index f4bf36c52..7aa193abd 100644 --- a/src/credential/test_credential_lookup.conf +++ b/src/credential/test_credential_lookup.conf @@ -14,7 +14,7 @@ AUTOSTART = YES #PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/credlog [rest] -PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/restlog +#PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/restlog [gns] #PREFIX = valgrind --leak-check=full --track-origins=yes diff --git a/src/credential/test_credential_verify_simple.sh b/src/credential/test_credential_verify_simple.sh index 924f2ab4a..c4fd8c7a3 100755 --- a/src/credential/test_credential_verify_simple.sh +++ b/src/credential/test_credential_verify_simple.sh @@ -39,7 +39,7 @@ RES_CRED=`gnunet-credential --verify --issuer=$ISSUER_KEY --attribute=$TEST_ATTR gnunet-namestore -z testsubject -d -n $TEST_CREDENTIAL -t CRED -e never -c test_credential_lookup.conf gnunet-identity -D testsubject -c test_credential_lookup.conf gnunet-arm -e -c test_credential_lookup.conf - +echo $RES_CRED #TODO3 proper test if [ "$RES_CRED" == "Successful." ] then diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c index 28ff90fc4..1d242f66a 100644 --- a/src/identity-provider/identity_provider_api.c +++ b/src/identity-provider/identity_provider_api.c @@ -223,12 +223,12 @@ check_exchange_result (void *cls, const struct ExchangeResultMessage *erm) { char *str; - size_t size = ntohs (erm->header.size) - sizeof (*erm); + size_t size = ntohs (erm->header.size); - str = (char *) &erm[1]; + str = (char *) &erm[0]; if ( (size > sizeof (struct ExchangeResultMessage)) && - ('\0' != str[size - sizeof (struct ExchangeResultMessage) - 1]) ) + ('\0' != str[size - 1]) ) { GNUNET_break (0); return GNUNET_SYSERR; @@ -248,10 +248,10 @@ check_result (void *cls, const struct IssueResultMessage *irm) { char *str; - size_t size = ntohs (irm->header.size) - sizeof (*irm); - str = (char*) &irm[1]; + size_t size = ntohs (irm->header.size); + str = (char*) &irm[0]; if ( (size > sizeof (struct IssueResultMessage)) && - ('\0' != str[size - sizeof (struct IssueResultMessage) - 1]) ) + ('\0' != str[size - 1]) ) { GNUNET_break (0); return GNUNET_SYSERR; diff --git a/src/identity/plugin_rest_identity.c b/src/identity/plugin_rest_identity.c index e64b2685a..5f34d0f1b 100644 --- a/src/identity/plugin_rest_identity.c +++ b/src/identity/plugin_rest_identity.c @@ -427,9 +427,6 @@ ego_info_response (struct GNUNET_REST_RequestHandle *con, continue; json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_EGO, ego_entry->keystring); - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Egoname: %s\n", - ego_entry->identifier); name_str = json_string (ego_entry->identifier); GNUNET_JSONAPI_resource_add_attr ( json_resource, diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h index 7419407d3..906163c14 100644 --- a/src/include/gnunet_credential_service.h +++ b/src/include/gnunet_credential_service.h @@ -74,65 +74,49 @@ enum GNUNET_CREDENTIAL_CredentialFlags { GNUNET_NETWORK_STRUCT_BEGIN /** - * The credential record + * The attribute delegation record */ -struct GNUNET_CREDENTIAL_CredentialRecordData { - - /** - * The signature for this credential by the issuer - */ - struct GNUNET_CRYPTO_EcdsaSignature signature; - - /** - * Signature meta - */ - struct GNUNET_CRYPTO_EccSignaturePurpose purpose; +struct GNUNET_CREDENTIAL_DelegationRecord { /** - * Public key of the issuer + * Number of delegation sets in this record */ - struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; - + uint32_t set_count; + /** - * Public key of the subject this credential was issued to + * Length of delegation sets */ - struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; - + uint64_t data_size; /** - * Expiration time of this credential - */ - uint64_t expiration GNUNET_PACKED; - - /** - * Followed by the attribute string + * Followed by set_count DelegationSetRecords + * */ }; - /** * The attribute delegation record -*/ -struct GNUNET_CREDENTIAL_DelegationRecordData { - - uint32_t set_count; + */ +struct GNUNET_CREDENTIAL_DelegationRecordSet { - uint64_t data_size; + /** + * Public key of the subject this attribute was delegated to + */ + struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; - char *data; - /** - * Followed by the attribute that was delegated to as string - * May be empty + * Length of attribute, may be 0 */ + uint32_t subject_attribute_len; }; +GNUNET_NETWORK_STRUCT_END /** * The attribute delegation record -*/ -struct GNUNET_CREDENTIAL_DelegationSetRecord { - + */ +struct GNUNET_CREDENTIAL_DelegationSet { + /** * Public key of the subject this attribute was delegated to */ @@ -140,20 +124,18 @@ struct GNUNET_CREDENTIAL_DelegationSetRecord { uint32_t subject_attribute_len; - const char *subject_attribute; - /** - * Followed by the attribute that was delegated to as string - * May be empty + * The subject attribute */ + const char *subject_attribute; }; /** * A delegation -*/ + */ struct GNUNET_CREDENTIAL_Delegation { - + /** * The issuer of the delegation */ @@ -188,9 +170,9 @@ struct GNUNET_CREDENTIAL_Delegation { /** * A credential -*/ + */ struct GNUNET_CREDENTIAL_Credential { - + /** * The issuer of the credential */ @@ -201,6 +183,16 @@ struct GNUNET_CREDENTIAL_Credential { */ struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; + /** + * Signature of this credential + */ + struct GNUNET_CRYPTO_EcdsaSignature signature; + + /** + * Expiration of this credential + */ + struct GNUNET_TIME_Absolute expiration; + /** * Length of the attribute */ @@ -210,11 +202,8 @@ struct GNUNET_CREDENTIAL_Credential { * The attribute */ const char *issuer_attribute; - -}; - -GNUNET_NETWORK_STRUCT_END +}; @@ -260,7 +249,7 @@ typedef void (*GNUNET_CREDENTIAL_VerifyResultProcessor) (void *cls, * @param result the record data that can be handed to the subject */ typedef void (*GNUNET_CREDENTIAL_DelegateResultProcessor) (void *cls, - uint32_t success); + uint32_t success); /** * Iterator called on obtained result for an attribute delegation removal. @@ -270,7 +259,7 @@ typedef void (*GNUNET_CREDENTIAL_DelegateResultProcessor) (void *cls, * @param result the record data that can be handed to the subject */ typedef void (*GNUNET_CREDENTIAL_RemoveDelegateResultProcessor) (void *cls, - uint32_t success); + uint32_t success); @@ -330,10 +319,10 @@ GNUNET_CREDENTIAL_add_delegation (struct GNUNET_CREDENTIAL_Handle *handle, */ struct GNUNET_CREDENTIAL_Request * GNUNET_CREDENTIAL_remove_delegation (struct GNUNET_CREDENTIAL_Handle *handle, - struct GNUNET_IDENTITY_Ego *issuer, - const char *attribute, - GNUNET_CREDENTIAL_RemoveDelegateResultProcessor proc, - void *proc_cls); + struct GNUNET_IDENTITY_Ego *issuer, + const char *attribute, + GNUNET_CREDENTIAL_RemoveDelegateResultProcessor proc, + void *proc_cls); @@ -347,12 +336,12 @@ GNUNET_CREDENTIAL_remove_delegation (struct GNUNET_CREDENTIAL_Handle *handle, * @param expiration the TTL of the credential * @return handle to the queued request */ -struct GNUNET_CREDENTIAL_CredentialRecordData * -GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, - struct GNUNET_CRYPTO_EcdsaPublicKey *subject, - const char *attribute, - struct GNUNET_TIME_Absolute *expiration); +struct GNUNET_CREDENTIAL_Credential* +GNUNET_CREDENTIAL_credential_issue ( + const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, + struct GNUNET_CRYPTO_EcdsaPublicKey *subject, + const char *attribute, + struct GNUNET_TIME_Absolute *expiration); /** diff --git a/src/jsonapi/jsonapi_document.c b/src/jsonapi/jsonapi_document.c index 600b7ee6a..8022a9f6e 100644 --- a/src/jsonapi/jsonapi_document.c +++ b/src/jsonapi/jsonapi_document.c @@ -332,28 +332,20 @@ GNUNET_JSONAPI_document_to_json (const struct GNUNET_JSONAPI_Document *doc, GNUNET_JSONAPI_KEY_ERRORS, res_json); } else { - switch (doc->res_count) + if (0 == doc->res_count) { - case 0: - res_json = json_null(); - break; - case 1: + res_json = json_null(); + } else { + res_json = json_array (); + for (res = doc->res_list_head; + res != NULL; + res = res->next) + { GNUNET_assert (GNUNET_OK == - GNUNET_JSONAPI_resource_to_json (doc->res_list_head, - &res_json)); - break; - default: - res_json = json_array (); - for (res = doc->res_list_head; - res != NULL; - res = res->next) - { - GNUNET_assert (GNUNET_OK == - GNUNET_JSONAPI_resource_to_json (res, - &res_json_tmp)); - json_array_append (res_json, res_json_tmp); - } - break; + GNUNET_JSONAPI_resource_to_json (res, + &res_json_tmp)); + json_array_append (res_json, res_json_tmp); + } } json_object_set_new (*root_json, GNUNET_JSONAPI_KEY_DATA, -- cgit v1.2.3 From 8ce40b5e7381b44c847dedc0d1fd1ec4e56ba856 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 19 Dec 2016 11:55:26 +0100 Subject: -fix rest issue --- src/credential/Makefile.am | 1 + src/credential/plugin_rest_credential.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/credential/Makefile.am b/src/credential/Makefile.am index 0d9aed71b..db3bc8027 100644 --- a/src/credential/Makefile.am +++ b/src/credential/Makefile.am @@ -88,6 +88,7 @@ libgnunet_plugin_rest_credential_la_SOURCES = \ libgnunet_plugin_rest_credential_la_LIBADD = \ libgnunetcredential.la \ $(top_builddir)/src/rest/libgnunetrest.la \ + $(top_builddir)/src/identity/libgnunetidentity.la \ $(top_builddir)/src/jsonapi/libgnunetjsonapi.la \ $(top_builddir)/src/jsonapi/libgnunetjsonapiutils.la \ $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \ diff --git a/src/credential/plugin_rest_credential.c b/src/credential/plugin_rest_credential.c index 2df65d7ad..651de0075 100644 --- a/src/credential/plugin_rest_credential.c +++ b/src/credential/plugin_rest_credential.c @@ -512,7 +512,7 @@ send_cred_response (struct RequestHandle *handle, char *signature; char *id; - GNUNET_assert (NULL == cred); + GNUNET_assert (NULL != cred); issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->issuer_key); if (NULL == issuer) { -- cgit v1.2.3 From b34ecee66712dd181d37d4f6f6a623cea2dc9df7 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 19 Dec 2016 13:41:16 +0100 Subject: -fix --- src/credential/gnunet-service-credential.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index 55907e0d7..942b38652 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -805,6 +805,15 @@ handle_credential_query (void* cls, vrh->lookup_request = NULL; cred_record_count = 0; + + if (0 == rd_count) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "No credentials found\n"); + send_lookup_response (vrh); + return; + } + for (i=0; i < rd_count; i++) { if (GNUNET_GNSRECORD_TYPE_CREDENTIAL != rd[i].record_type) -- cgit v1.2.3 From b0937948acc28e39ac2ed53799dbc63bad8b2936 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 19 Dec 2016 16:54:53 +0100 Subject: -fix --- src/jsonapi/jsonapi_resource.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/jsonapi/jsonapi_resource.c b/src/jsonapi/jsonapi_resource.c index 85bca10ee..4a166f58a 100644 --- a/src/jsonapi/jsonapi_resource.c +++ b/src/jsonapi/jsonapi_resource.c @@ -92,9 +92,9 @@ GNUNET_JSONAPI_resource_new (const char *type, const char *id) { struct GNUNET_JSONAPI_Resource *res; - if ( (NULL == type) || (0 == strlen (type)) ) + if (NULL == type) return NULL; - if ( (NULL == id) || (0 == strlen (id)) ) + if (NULL == id) return NULL; res = GNUNET_new (struct GNUNET_JSONAPI_Resource); -- cgit v1.2.3 From a84624407eedd5418d36de590571da47d2f47015 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Wed, 28 Dec 2016 18:40:17 +0100 Subject: -change api --- src/credential/Makefile.am | 1 + src/credential/credential.h | 47 +++- src/credential/credential_api.c | 142 ++++++++--- src/credential/credential_misc.c | 1 + src/credential/credential_serialization.c | 175 ++++++++++---- src/credential/credential_serialization.h | 17 ++ src/credential/gnunet-credential.c | 171 ++++++++++++-- src/credential/gnunet-service-credential.c | 367 ++++++++++++++++++++++------- src/credential/plugin_rest_credential.c | 3 +- src/credential/test_credential_collect.sh | 47 ++++ src/credential/test_credential_lookup.conf | 2 +- src/credential/test_credential_verify.sh | 5 +- src/include/gnunet_credential_service.h | 15 +- src/include/gnunet_protocols.h | 4 + 14 files changed, 797 insertions(+), 200 deletions(-) create mode 100755 src/credential/test_credential_collect.sh diff --git a/src/credential/Makefile.am b/src/credential/Makefile.am index db3bc8027..ca11c5e4f 100644 --- a/src/credential/Makefile.am +++ b/src/credential/Makefile.am @@ -69,6 +69,7 @@ gnunet_service_credential_LDADD = \ libgnunetcredential.la \ $(top_builddir)/src/util/libgnunetutil.la \ $(top_builddir)/src/gns/libgnunetgns.la \ + $(top_builddir)/src/namestore/libgnunetnamestore.la \ $(top_builddir)/src/statistics/libgnunetstatistics.la \ $(GN_LIBINTL) diff --git a/src/credential/credential.h b/src/credential/credential.h index c5c0183cc..f16249c1b 100644 --- a/src/credential/credential.h +++ b/src/credential/credential.h @@ -29,6 +29,41 @@ GNUNET_NETWORK_STRUCT_BEGIN +/** + * Message from client to Credential service to collect credentials. + */ +struct CollectMessage +{ + /** + * Header of type #GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY + */ + struct GNUNET_MessageHeader header; + + /** + * Subject public key + */ + struct GNUNET_CRYPTO_EcdsaPrivateKey subject_key; + + /** + * Trust anchor + */ + struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; + + /** + * Length of the issuer attribute + */ + uint16_t issuer_attribute_len; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + + /* Followed by the zero-terminated attribute */ + +}; + + /** * Message from client to Credential service to verify attributes. */ @@ -50,21 +85,21 @@ struct VerifyMessage struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; /** - * Length of the issuer attribute + * Number of credentials */ - uint16_t issuer_attribute_len; + uint32_t c_count; /** - * Length of the subject attribute + * Length of the issuer attribute */ - uint16_t subject_attribute_len; + uint16_t issuer_attribute_len; /** * Unique identifier for this request (for key collisions). */ uint32_t id GNUNET_PACKED; - /* Followed by the zero-terminated attributes to look up */ + /* Followed by the zero-terminated attribute and credentials to look up */ }; @@ -72,7 +107,7 @@ struct VerifyMessage /** * Message from CREDENTIAL service to client: new results. */ -struct VerifyResultMessage +struct DelegationChainResultMessage { /** * Header of type #GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index e991b4153..b201d4d9c 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c @@ -61,7 +61,7 @@ struct GNUNET_CREDENTIAL_Request /** * processor to call on verify result */ - GNUNET_CREDENTIAL_VerifyResultProcessor verify_proc; + GNUNET_CREDENTIAL_CredentialResultProcessor verify_proc; /** * @e verify_proc closure @@ -100,12 +100,12 @@ struct GNUNET_CREDENTIAL_Handle /** * Head of linked list of active verify requests. */ - struct GNUNET_CREDENTIAL_Request *verify_head; + struct GNUNET_CREDENTIAL_Request *request_head; /** * Tail of linked list of active verify requests. */ - struct GNUNET_CREDENTIAL_Request *verify_tail; + struct GNUNET_CREDENTIAL_Request *request_tail; /** * Reconnect task @@ -185,7 +185,6 @@ mq_error_handler (void *cls, force_reconnect (handle); } - /** * Check validity of message received from the CREDENTIAL service * @@ -194,7 +193,7 @@ mq_error_handler (void *cls, */ static int check_result (void *cls, - const struct VerifyResultMessage *vr_msg) + const struct DelegationChainResultMessage *vr_msg) { //TODO return GNUNET_OK; @@ -209,7 +208,7 @@ check_result (void *cls, */ static void handle_result (void *cls, - const struct VerifyResultMessage *vr_msg) + const struct DelegationChainResultMessage *vr_msg) { struct GNUNET_CREDENTIAL_Handle *handle = cls; uint32_t r_id = ntohl (vr_msg->id); @@ -219,30 +218,30 @@ handle_result (void *cls, uint32_t c_count = ntohl (vr_msg->c_count); struct GNUNET_CREDENTIAL_Delegation d_chain[d_count]; struct GNUNET_CREDENTIAL_Credential creds[c_count]; - GNUNET_CREDENTIAL_VerifyResultProcessor proc; + GNUNET_CREDENTIAL_CredentialResultProcessor proc; void *proc_cls; LOG (GNUNET_ERROR_TYPE_DEBUG, "Received verify reply from CREDENTIAL service\n"); - for (vr = handle->verify_head; NULL != vr; vr = vr->next) + for (vr = handle->request_head; NULL != vr; vr = vr->next) if (vr->r_id == r_id) break; if (NULL == vr) return; proc = vr->verify_proc; proc_cls = vr->proc_cls; - GNUNET_CONTAINER_DLL_remove (handle->verify_head, - handle->verify_tail, + GNUNET_CONTAINER_DLL_remove (handle->request_head, + handle->request_tail, vr); GNUNET_MQ_discard (vr->env); GNUNET_free (vr); GNUNET_assert (GNUNET_OK == GNUNET_CREDENTIAL_delegation_chain_deserialize (mlen, - (const char*) &vr_msg[1], - d_count, - d_chain, - c_count, - creds)); + (const char*) &vr_msg[1], + d_count, + d_chain, + c_count, + creds)); if (GNUNET_NO == ntohl (vr_msg->cred_found)) { proc (proc_cls, @@ -271,7 +270,11 @@ reconnect (struct GNUNET_CREDENTIAL_Handle *handle) struct GNUNET_MQ_MessageHandler handlers[] = { GNUNET_MQ_hd_var_size (result, GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT, - struct VerifyResultMessage, + struct DelegationChainResultMessage, + handle), + GNUNET_MQ_hd_var_size (result, + GNUNET_MESSAGE_TYPE_CREDENTIAL_COLLECT_RESULT, + struct DelegationChainResultMessage, handle), GNUNET_MQ_handler_end () }; @@ -287,7 +290,7 @@ reconnect (struct GNUNET_CREDENTIAL_Handle *handle) handle); if (NULL == handle->mq) return; - for (vr = handle->verify_head; NULL != vr; vr = vr->next) + for (vr = handle->request_head; NULL != vr; vr = vr->next) GNUNET_MQ_send_copy (handle->mq, vr->env); } @@ -334,7 +337,7 @@ GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle) GNUNET_SCHEDULER_cancel (handle->reconnect_task); handle->reconnect_task = NULL; } - GNUNET_assert (NULL == handle->verify_head); + GNUNET_assert (NULL == handle->request_head); GNUNET_free (handle); } @@ -349,13 +352,81 @@ GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_Request *vr) { struct GNUNET_CREDENTIAL_Handle *handle = vr->credential_handle; - GNUNET_CONTAINER_DLL_remove (handle->verify_head, - handle->verify_tail, + GNUNET_CONTAINER_DLL_remove (handle->request_head, + handle->request_tail, vr); GNUNET_MQ_discard (vr->env); GNUNET_free (vr); } + +/** + * Performs attribute collection. + * Collects all credentials of subject to fulfill the + * attribute, if possible + * + * @param handle handle to the Credential service + * @param issuer_key the issuer public key + * @param issuer_attribute the issuer attribute + * @param subject_key the subject public key + * @param credential_count number of credentials provided + * @param credentials subject credentials + * @param proc function to call on result + * @param proc_cls closure for processor + * @return handle to the queued request + */ +struct GNUNET_CREDENTIAL_Request* +GNUNET_CREDENTIAL_collect (struct GNUNET_CREDENTIAL_Handle *handle, + const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, + const char *issuer_attribute, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *subject_key, + GNUNET_CREDENTIAL_CredentialResultProcessor proc, + void *proc_cls) +{ + /* IPC to shorten credential names, return shorten_handle */ + struct CollectMessage *c_msg; + struct GNUNET_CREDENTIAL_Request *vr; + size_t nlen; + + if (NULL == issuer_attribute) + { + GNUNET_break (0); + return NULL; + } + + //DEBUG LOG + LOG (GNUNET_ERROR_TYPE_DEBUG, + "Trying to collect `%s' in CREDENTIAL\n", + issuer_attribute); + nlen = strlen (issuer_attribute) + 1; + if (nlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (*vr)) + { + GNUNET_break (0); + return NULL; + } + vr = GNUNET_new (struct GNUNET_CREDENTIAL_Request); + vr->credential_handle = handle; + vr->verify_proc = proc; + vr->proc_cls = proc_cls; + vr->r_id = handle->r_id_gen++; + vr->env = GNUNET_MQ_msg_extra (c_msg, + nlen, + GNUNET_MESSAGE_TYPE_CREDENTIAL_COLLECT); + c_msg->id = htonl (vr->r_id); + c_msg->subject_key = *subject_key; + c_msg->issuer_key = *issuer_key; + c_msg->issuer_attribute_len = htons(strlen(issuer_attribute)); + GNUNET_memcpy (&c_msg[1], + issuer_attribute, + strlen (issuer_attribute)); + GNUNET_CONTAINER_DLL_insert (handle->request_head, + handle->request_tail, + vr); + if (NULL != handle->mq) + GNUNET_MQ_send_copy (handle->mq, + vr->env); + return vr; +} /** * Performs attribute verification. * Checks if there is a delegation chain from @@ -368,7 +439,8 @@ GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_Request *vr) * @param issuer_key the issuer public key * @param issuer_attribute the issuer attribute * @param subject_key the subject public key - * @param subject_attribute the attribute claimed by the subject + * @param credential_count number of credentials provided + * @param credentials subject credentials * @param proc function to call on result * @param proc_cls closure for processor * @return handle to the queued request @@ -378,25 +450,31 @@ GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, const char *issuer_attribute, const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key, - const char *subject_attribute, - GNUNET_CREDENTIAL_VerifyResultProcessor proc, + uint32_t credential_count, + const struct GNUNET_CREDENTIAL_Credential *credentials, + GNUNET_CREDENTIAL_CredentialResultProcessor proc, void *proc_cls) { /* IPC to shorten credential names, return shorten_handle */ struct VerifyMessage *v_msg; struct GNUNET_CREDENTIAL_Request *vr; size_t nlen; + size_t clen; - if (NULL == issuer_attribute || NULL == subject_attribute) + if (NULL == issuer_attribute || NULL == credentials) { GNUNET_break (0); return NULL; } + + clen = GNUNET_CREDENTIAL_credentials_get_size (credential_count, + credentials); + //DEBUG LOG LOG (GNUNET_ERROR_TYPE_DEBUG, "Trying to verify `%s' in CREDENTIAL\n", issuer_attribute); - nlen = strlen (issuer_attribute) + strlen (subject_attribute) + 1; + nlen = strlen (issuer_attribute) + 1 + clen; if (nlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (*vr)) { GNUNET_break (0); @@ -412,17 +490,19 @@ GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY); v_msg->id = htonl (vr->r_id); v_msg->subject_key = *subject_key; + v_msg->c_count = htonl(credential_count); v_msg->issuer_key = *issuer_key; v_msg->issuer_attribute_len = htons(strlen(issuer_attribute)); - v_msg->subject_attribute_len = htons(strlen(subject_attribute)); GNUNET_memcpy (&v_msg[1], issuer_attribute, strlen (issuer_attribute)); - GNUNET_memcpy (((char*)&v_msg[1]) + strlen (issuer_attribute), - subject_attribute, - strlen (subject_attribute)); - GNUNET_CONTAINER_DLL_insert (handle->verify_head, - handle->verify_tail, + GNUNET_CREDENTIAL_credentials_serialize (credential_count, + credentials, + clen, + ((char*)&v_msg[1]) + + strlen (issuer_attribute) + 1); + GNUNET_CONTAINER_DLL_insert (handle->request_head, + handle->request_tail, vr); if (NULL != handle->mq) GNUNET_MQ_send_copy (handle->mq, diff --git a/src/credential/credential_misc.c b/src/credential/credential_misc.c index f1be433e0..7849e81e6 100644 --- a/src/credential/credential_misc.c +++ b/src/credential/credential_misc.c @@ -105,6 +105,7 @@ GNUNET_CREDENTIAL_credential_from_string (const char* s) GNUNET_memcpy (&cred[1], name, strlen (name)+1); + cred->issuer_attribute_len = strlen ((char*)&cred[1]); cred->issuer_attribute = (char*)&cred[1]; return cred; } diff --git a/src/credential/credential_serialization.c b/src/credential/credential_serialization.c index 0586e6baa..76bf491c9 100644 --- a/src/credential/credential_serialization.c +++ b/src/credential/credential_serialization.c @@ -138,6 +138,121 @@ GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len, } return GNUNET_OK; } + + +/** + * Calculate how many bytes we will need to serialize + * the credentials + * + * @param c_count number of credential entries + * @param cd a #GNUNET_CREDENTIAL_Credential + * @return the required size to serialize + */ +size_t +GNUNET_CREDENTIAL_credentials_get_size (unsigned int c_count, + const struct GNUNET_CREDENTIAL_Credential *cd) +{ + unsigned int i; + size_t ret; + + ret = sizeof (struct CredentialEntry) * (c_count); + + for (i=0; i= ret); + ret += cd[i].issuer_attribute_len; + } + return ret; +} +/** + * Serizalize the given credentials + * + * @param c_count number of credential entries + * @param cd a #GNUNET_CREDENTIAL_Credential + * @param dest_size size of the destination + * @param dest where to store the result + * @return the size of the data, -1 on failure + */ +ssize_t +GNUNET_CREDENTIAL_credentials_serialize (unsigned int c_count, + const struct GNUNET_CREDENTIAL_Credential *cd, + size_t dest_size, + char *dest) +{ + struct CredentialEntry c_rec; + unsigned int i; + size_t off; + + off = 0; + for (i=0;i dest_size) + return -1; + GNUNET_memcpy (&dest[off], + &c_rec, + sizeof (c_rec)); + off += sizeof (c_rec); + if (off + cd[i].issuer_attribute_len > dest_size) + return -1; + GNUNET_memcpy (&dest[off], + cd[i].issuer_attribute, + cd[i].issuer_attribute_len); + off += cd[i].issuer_attribute_len; + } + + return off; +} + + + +/** + * Deserialize the given destination + * + * @param len size of the serialized creds + * @param src the serialized data + * @param c_count the number of credential entries + * @param cd where to put the credential data + * @return #GNUNET_OK on success, #GNUNET_SYSERR on error + */ +int +GNUNET_CREDENTIAL_credentials_deserialize (size_t len, + const char *src, + unsigned int c_count, + struct GNUNET_CREDENTIAL_Credential *cd) +{ + struct CredentialEntry c_rec; + unsigned int i; + size_t off; + + off = 0; + for (i=0;i len) + return GNUNET_SYSERR; + GNUNET_memcpy (&c_rec, &src[off], sizeof (c_rec)); + cd[i].issuer_attribute_len = ntohl ((uint32_t) c_rec.issuer_attribute_len); + cd[i].issuer_key = c_rec.issuer_key; + cd[i].subject_key = c_rec.subject_key; + cd[i].signature = c_rec.signature; + cd[i].expiration.abs_value_us = ntohl((uint32_t) c_rec.expiration); + off += sizeof (c_rec); + if (off + cd[i].issuer_attribute_len > len) + return GNUNET_SYSERR; + cd[i].issuer_attribute = &src[off]; + off += cd[i].issuer_attribute_len; + } + return GNUNET_OK; +} + + + /** * Calculate how many bytes we will need to serialize * the given delegation chain and credential @@ -158,7 +273,6 @@ GNUNET_CREDENTIAL_delegation_chain_get_size (unsigned int d_count, size_t ret; ret = sizeof (struct ChainEntry) * (d_count); - ret += sizeof (struct CredentialEntry) * (c_count); for (i=0; i= ret); ret += dd[i].issuer_attribute_len + dd[i].subject_attribute_len; } - for (i=0; i= ret); - ret += cd[i].issuer_attribute_len; - } + return ret+GNUNET_CREDENTIAL_credentials_get_size(c_count, cd); return ret; } @@ -195,7 +305,6 @@ GNUNET_CREDENTIAL_delegation_chain_serialize (unsigned int d_count, char *dest) { struct ChainEntry rec; - struct CredentialEntry c_rec; unsigned int i; size_t off; @@ -227,30 +336,10 @@ GNUNET_CREDENTIAL_delegation_chain_serialize (unsigned int d_count, dd[i].subject_attribute_len); off += dd[i].subject_attribute_len; } - for (i=0;i dest_size) - return -1; - GNUNET_memcpy (&dest[off], - &c_rec, - sizeof (c_rec)); - off += sizeof (c_rec); - if (off + cd[i].issuer_attribute_len > dest_size) - return -1; - GNUNET_memcpy (&dest[off], - cd[i].issuer_attribute, - cd[i].issuer_attribute_len); - off += cd[i].issuer_attribute_len; - } - - return off; + return off+GNUNET_CREDENTIAL_credentials_serialize (c_count, + cd, + dest_size-off, + &dest[off]); } @@ -274,7 +363,6 @@ GNUNET_CREDENTIAL_delegation_chain_deserialize (size_t len, struct GNUNET_CREDENTIAL_Credential *cd) { struct ChainEntry rec; - struct CredentialEntry c_rec; unsigned int i; size_t off; @@ -298,26 +386,11 @@ GNUNET_CREDENTIAL_delegation_chain_deserialize (size_t len, dd[i].subject_attribute = &src[off]; off += dd[i].subject_attribute_len; } - for (i=0;i len) - return GNUNET_SYSERR; - GNUNET_memcpy (&c_rec, &src[off], sizeof (c_rec)); - cd[i].issuer_attribute_len = ntohl ((uint32_t) c_rec.issuer_attribute_len); - cd[i].issuer_key = c_rec.issuer_key; - cd[i].subject_key = c_rec.subject_key; - cd[i].signature = c_rec.signature; - cd[i].expiration.abs_value_us = ntohl((uint32_t) c_rec.expiration); - off += sizeof (c_rec); - if (off + cd[i].issuer_attribute_len > len) - return GNUNET_SYSERR; - cd[i].issuer_attribute = &src[off]; - off += cd[i].issuer_attribute_len; - } - return GNUNET_OK; + return GNUNET_CREDENTIAL_credentials_deserialize (len-off, + &src[off], + c_count, + cd); } - - int GNUNET_CREDENTIAL_credential_serialize (struct GNUNET_CREDENTIAL_Credential *cred, char **data) diff --git a/src/credential/credential_serialization.h b/src/credential/credential_serialization.h index eb1327f34..b870d47dc 100644 --- a/src/credential/credential_serialization.h +++ b/src/credential/credential_serialization.h @@ -130,6 +130,23 @@ GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len, struct GNUNET_CREDENTIAL_Delegation *dd, unsigned int c_count, struct GNUNET_CREDENTIAL_Credential *cd); + size_t + GNUNET_CREDENTIAL_credentials_get_size (unsigned int c_count, + const struct GNUNET_CREDENTIAL_Credential *cd); + +ssize_t +GNUNET_CREDENTIAL_credentials_serialize (unsigned int c_count, + const struct GNUNET_CREDENTIAL_Credential *cd, + size_t dest_size, + char *dest); + + +int +GNUNET_CREDENTIAL_credentials_deserialize (size_t len, + const char *src, + unsigned int c_count, + struct GNUNET_CREDENTIAL_Credential *cd); + int GNUNET_CREDENTIAL_credential_serialize (struct GNUNET_CREDENTIAL_Credential *cred, diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index b31c2f66e..fb7bdb7f8 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c @@ -54,6 +54,11 @@ static struct GNUNET_TIME_Relative timeout; */ static struct GNUNET_CREDENTIAL_Request *verify_request; +/** + * Handle to collect request + */ +static struct GNUNET_CREDENTIAL_Request *collect_request; + /** * Task scheduled to handle timeout. */ @@ -91,9 +96,9 @@ struct GNUNET_CRYPTO_EcdsaPublicKey issuer_pkey; static char *issuer_key; /** - * Issuer ego + * ego */ -static char *issuer_ego_name; +static char *ego_name; /** * Issuer attribute @@ -110,6 +115,10 @@ static uint32_t verify; */ static uint32_t create_cred; +/** + * Collect mode + */ +static uint32_t collect; /** * Task run on shutdown. Cleans up everything. @@ -149,6 +158,39 @@ do_timeout (void *cls) GNUNET_SCHEDULER_shutdown (); } +/** + * Function called with the result of a Credential lookup. + * + * @param cls the 'const char *' name that was resolved + * @param cd_count number of records returned + * @param cd array of @a cd_count records with the results + */ +static void +handle_collect_result (void *cls, + unsigned int d_count, + struct GNUNET_CREDENTIAL_Delegation *dc, + unsigned int c_count, + struct GNUNET_CREDENTIAL_Credential *cred) +{ + int i; + char* line; + + verify_request = NULL; + if (NULL != cred) + { + for (i=0;iissuer_attribute); + tok = strtok(NULL, ","); + GNUNET_free (cred); + } verify_request = GNUNET_CREDENTIAL_verify(credential, &issuer_pkey, issuer_attr, //TODO argument &subject_pkey, - subject_credential, + count, + credentials, &handle_verify_result, NULL); + for (i=0;i #include #include #include #include -#include "gnunet_gns_service.h" - - #define GNUNET_CREDENTIAL_MAX_LENGTH 255 @@ -311,6 +307,16 @@ struct VerifyRequestHandle */ uint64_t pending_lookups; + /** + * Credential iterator + */ + struct GNUNET_NAMESTORE_ZoneIterator *cred_collection_iter; + + /** + * Collect task + */ + struct GNUNET_SCHEDULER_Task *collect_next_task; + }; @@ -335,6 +341,11 @@ static struct GNUNET_STATISTICS_Handle *statistics; static struct GNUNET_GNS_Handle *gns; +/** + * Handle to namestore service + */ +static struct GNUNET_NAMESTORE_Handle *namestore; + static void cleanup_delegation_set (struct DelegationSetQueueEntry *ds_entry) { @@ -444,6 +455,11 @@ shutdown_task (void *cls) GNUNET_GNS_disconnect (gns); gns = NULL; } + if (NULL != namestore) + { + GNUNET_NAMESTORE_disconnect (namestore); + namestore = NULL; + } if (NULL != statistics) { GNUNET_STATISTICS_destroy (statistics, @@ -453,42 +469,7 @@ shutdown_task (void *cls) } -/** - * Checks a #GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY message - * - * @param cls client sending the message - * @param v_msg message of type `struct VerifyMessage` - * @return #GNUNET_OK if @a v_msg is well-formed - */ -static int -check_verify (void *cls, - const struct VerifyMessage *v_msg) -{ - size_t msg_size; - const char* attrs; - msg_size = ntohs (v_msg->header.size); - if (msg_size < sizeof (struct VerifyMessage)) - { - GNUNET_break (0); - return GNUNET_SYSERR; - } - if ((ntohs (v_msg->issuer_attribute_len) > GNUNET_CREDENTIAL_MAX_LENGTH) || - (ntohs (v_msg->subject_attribute_len) > GNUNET_CREDENTIAL_MAX_LENGTH)) - { - GNUNET_break (0); - return GNUNET_SYSERR; - } - attrs = (const char *) &v_msg[1]; - - if ( ('\0' != attrs[ntohs(v_msg->header.size) - sizeof (struct VerifyMessage) - 1]) || - (strlen (attrs) > GNUNET_CREDENTIAL_MAX_LENGTH * 2) ) - { - GNUNET_break (0); - return GNUNET_SYSERR; - } - return GNUNET_OK; -} /** * Send. @@ -499,7 +480,7 @@ static void send_lookup_response (struct VerifyRequestHandle *vrh) { struct GNUNET_MQ_Envelope *env; - struct VerifyResultMessage *rmsg; + struct DelegationChainResultMessage *rmsg; struct DelegationChainEntry *dce; struct GNUNET_CREDENTIAL_Delegation dd[vrh->delegation_chain_size]; struct GNUNET_CREDENTIAL_Credential cred[vrh->cred_chain_size]; @@ -792,21 +773,14 @@ backward_resolution (void* cls, * @param rd the record data */ static void -handle_credential_query (void* cls, - uint32_t rd_count, - const struct GNUNET_GNSRECORD_Data *rd) +delegation_chain_resolution_start (void* cls) { struct VerifyRequestHandle *vrh = cls; struct DelegationSetQueueEntry *ds_entry; - struct GNUNET_CREDENTIAL_Credential *crd; struct CredentialRecordEntry *cr_entry; - int cred_record_count; - int i; - vrh->lookup_request = NULL; - cred_record_count = 0; - if (0 == rd_count) + if (0 == vrh->cred_chain_size) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No credentials found\n"); @@ -814,31 +788,13 @@ handle_credential_query (void* cls, return; } - for (i=0; i < rd_count; i++) + for (cr_entry = vrh->cred_chain_head; cr_entry != NULL; cr_entry = cr_entry->next) { - if (GNUNET_GNSRECORD_TYPE_CREDENTIAL != rd[i].record_type) - continue; - cred_record_count++; - crd = GNUNET_CREDENTIAL_credential_deserialize (rd[i].data, - rd[i].data_size); - if (NULL == crd) - { - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - "Invalid credential found\n"); - continue; - } - cr_entry = GNUNET_new (struct CredentialRecordEntry); - cr_entry->credential = crd; - GNUNET_CONTAINER_DLL_insert_tail (vrh->cred_chain_head, - vrh->cred_chain_tail, - cr_entry); - vrh->cred_chain_size++; - - if (0 != memcmp (&crd->issuer_key, + if (0 != memcmp (&cr_entry->credential->issuer_key, &vrh->issuer_key, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) continue; - if (0 != strcmp (crd->issuer_attribute, vrh->issuer_attribute)) + if (0 != strcmp (cr_entry->credential->issuer_attribute, vrh->issuer_attribute)) continue; //Found match prematurely send_lookup_response (vrh); @@ -878,6 +834,40 @@ handle_credential_query (void* cls, ds_entry); } +/** + * Checks a #GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY message + * + * @param cls client sending the message + * @param v_msg message of type `struct VerifyMessage` + * @return #GNUNET_OK if @a v_msg is well-formed + */ +static int +check_verify (void *cls, + const struct VerifyMessage *v_msg) +{ + size_t msg_size; + const char* attr; + + msg_size = ntohs (v_msg->header.size); + if (msg_size < sizeof (struct VerifyMessage)) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + if (ntohs (v_msg->issuer_attribute_len) > GNUNET_CREDENTIAL_MAX_LENGTH) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + attr = (const char *) &v_msg[1]; + + if ( strlen (attr) > GNUNET_CREDENTIAL_MAX_LENGTH) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + return GNUNET_OK; +} /** * Handle Credential verification requests from client @@ -890,12 +880,11 @@ static void handle_verify (void *cls, const struct VerifyMessage *v_msg) { - char attrs[GNUNET_CREDENTIAL_MAX_LENGTH*2 + 1]; + char attr[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; char issuer_attribute[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; - char subject_attribute[GNUNET_CREDENTIAL_MAX_LENGTH + 1 + 4]; struct VerifyRequestHandle *vrh; struct GNUNET_SERVICE_Client *client = cls; - char *attrptr = attrs; + char *attrptr = attr; const char *utf_in; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, @@ -904,12 +893,8 @@ handle_verify (void *cls, utf_in = (const char *) &v_msg[1]; GNUNET_STRINGS_utf8_tolower (utf_in, attrptr); - GNUNET_memcpy (issuer_attribute, attrs, ntohs (v_msg->issuer_attribute_len)); + GNUNET_memcpy (issuer_attribute, attr, ntohs (v_msg->issuer_attribute_len)); issuer_attribute[ntohs (v_msg->issuer_attribute_len)] = '\0'; - GNUNET_memcpy (subject_attribute, attrs+strlen(issuer_attribute), ntohs (v_msg->subject_attribute_len)); - strcpy (subject_attribute+ntohs (v_msg->subject_attribute_len), - ".gnu"); - subject_attribute[ntohs (v_msg->subject_attribute_len)+4] = '\0'; vrh = GNUNET_new (struct VerifyRequestHandle); GNUNET_CONTAINER_DLL_insert (vrh_head, vrh_tail, vrh); vrh->client = client; @@ -917,14 +902,169 @@ handle_verify (void *cls, vrh->issuer_key = v_msg->issuer_key; vrh->subject_key = v_msg->subject_key; vrh->issuer_attribute = GNUNET_strdup (issuer_attribute); - - if (NULL == subject_attribute) + if (NULL == issuer_attribute) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "No subject attribute provided!\n"); + "No issuer attribute provided!\n"); + send_lookup_response (vrh); + return; + } + /** + * First, collect credentials + * TODO: cleanup! + */ + uint32_t credentials_count = ntohl(v_msg->c_count); + int i; + uint32_t credential_data_size = ntohs (v_msg->header.size) + - sizeof (struct VerifyMessage) + - ntohs (v_msg->issuer_attribute_len) + - 1; + struct GNUNET_CREDENTIAL_Credential credentials[credentials_count]; + char *credential_data = (char*)&v_msg[1] + ntohs (v_msg->issuer_attribute_len) + 1; + struct CredentialRecordEntry *cr_entry; + if (GNUNET_OK != GNUNET_CREDENTIAL_credentials_deserialize (credential_data_size, + credential_data, + credentials_count, + credentials)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Cannot deserialize credentials!\n"); send_lookup_response (vrh); return; } + + for (i=0;icredential = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_Credential) + + strlen (credentials[i].issuer_attribute) + 1); + GNUNET_memcpy (cr_entry->credential, + &credentials[i], + sizeof (struct GNUNET_CREDENTIAL_Credential)); + GNUNET_memcpy (&cr_entry->credential[1], + credentials[i].issuer_attribute, + strlen (credentials[i].issuer_attribute)); + cr_entry->credential->issuer_attribute = (char*)&cr_entry->credential[1]; + GNUNET_CONTAINER_DLL_insert_tail (vrh->cred_chain_head, + vrh->cred_chain_tail, + cr_entry); + vrh->cred_chain_size++; + } + + delegation_chain_resolution_start (vrh); + +} + +/** + * We encountered an error while collecting + */ +static void +handle_cred_collection_error_cb (void *cls) +{ + struct VerifyRequestHandle *vrh = cls; + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Got disconnected from namestore database.\n"); + vrh->cred_collection_iter = NULL; + send_lookup_response (vrh); +} + +static void +collect_next (void *cls) +{ + struct VerifyRequestHandle *vrh = cls; + vrh->collect_next_task = NULL; + GNUNET_assert (NULL != vrh->cred_collection_iter); + GNUNET_NAMESTORE_zone_iterator_next (vrh->cred_collection_iter); +} + +/** + * Store credential + */ +static void +handle_cred_collection_cb (void *cls, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, + const char *label, + unsigned int rd_count, + const struct GNUNET_GNSRECORD_Data *rd) +{ + struct VerifyRequestHandle *vrh = cls; + struct GNUNET_CREDENTIAL_Credential *crd; + struct CredentialRecordEntry *cr_entry; + int cred_record_count; + int i; + + cred_record_count = 0; + for (i=0; i < rd_count; i++) + { + if (GNUNET_GNSRECORD_TYPE_CREDENTIAL != rd[i].record_type) + continue; + cred_record_count++; + crd = GNUNET_CREDENTIAL_credential_deserialize (rd[i].data, + rd[i].data_size); + if (NULL == crd) + { + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "Invalid credential found\n"); + continue; + } + cr_entry = GNUNET_new (struct CredentialRecordEntry); + cr_entry->credential = crd; + GNUNET_CONTAINER_DLL_insert_tail (vrh->cred_chain_head, + vrh->cred_chain_tail, + cr_entry); + vrh->cred_chain_size++; + } + vrh->collect_next_task = GNUNET_SCHEDULER_add_now (&collect_next, + vrh); +} + +/** + * We encountered an error while collecting + */ +static void +handle_cred_collection_finished_cb (void *cls) +{ + struct VerifyRequestHandle *vrh = cls; + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Done collecting credentials.\n"); + vrh->cred_collection_iter = NULL; + delegation_chain_resolution_start (vrh); +} + +/** + * Handle Credential collection requests from client + * + * @param cls the closure + * @param client the client + * @param message the message + */ +static void +handle_collect (void *cls, + const struct CollectMessage *c_msg) +{ + char attr[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; + char issuer_attribute[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; + struct VerifyRequestHandle *vrh; + struct GNUNET_SERVICE_Client *client = cls; + char *attrptr = attr; + const char *utf_in; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Received COLLECT message\n"); + + utf_in = (const char *) &c_msg[1]; + GNUNET_STRINGS_utf8_tolower (utf_in, attrptr); + + GNUNET_memcpy (issuer_attribute, attr, ntohs (c_msg->issuer_attribute_len)); + issuer_attribute[ntohs (c_msg->issuer_attribute_len)] = '\0'; + vrh = GNUNET_new (struct VerifyRequestHandle); + GNUNET_CONTAINER_DLL_insert (vrh_head, vrh_tail, vrh); + vrh->client = client; + vrh->request_id = c_msg->id; + vrh->issuer_key = c_msg->issuer_key; + GNUNET_CRYPTO_ecdsa_key_get_public (&c_msg->subject_key, + &vrh->subject_key); + vrh->issuer_attribute = GNUNET_strdup (issuer_attribute); + if (NULL == issuer_attribute) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, @@ -933,22 +1073,57 @@ handle_verify (void *cls, return; } GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Looking up %s\n", - subject_attribute); + "Getting credentials for subject\n"); /** * First, get attribute from subject */ - vrh->lookup_request = GNUNET_GNS_lookup (gns, - subject_attribute, - &v_msg->subject_key, //subject_pkey, - GNUNET_GNSRECORD_TYPE_CREDENTIAL, - GNUNET_GNS_LO_DEFAULT, - NULL, //shorten_key, always NULL - &handle_credential_query, - vrh); + vrh->cred_collection_iter = GNUNET_NAMESTORE_zone_iteration_start (namestore, + &c_msg->subject_key, + &handle_cred_collection_error_cb, + vrh, + &handle_cred_collection_cb, + vrh, + &handle_cred_collection_finished_cb, + vrh); } +/** + * Checks a #GNUNET_MESSAGE_TYPE_CREDENTIAL_COLLECT message + * + * @param cls client sending the message + * @param v_msg message of type `struct CollectMessage` + * @return #GNUNET_OK if @a v_msg is well-formed + */ +static int +check_collect (void *cls, + const struct CollectMessage *c_msg) +{ + size_t msg_size; + const char* attr; + + msg_size = ntohs (c_msg->header.size); + if (msg_size < sizeof (struct CollectMessage)) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + if (ntohs (c_msg->issuer_attribute_len) > GNUNET_CREDENTIAL_MAX_LENGTH) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + attr = (const char *) &c_msg[1]; + + if ( ('\0' != attr[ntohs(c_msg->header.size) - sizeof (struct CollectMessage) - 1]) || + (strlen (attr) > GNUNET_CREDENTIAL_MAX_LENGTH) ) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + return GNUNET_OK; +} + /** * One of our clients disconnected, clean up after it. * @@ -1003,6 +1178,12 @@ run (void *cls, fprintf (stderr, _("Failed to connect to GNS\n")); } + namestore = GNUNET_NAMESTORE_connect (c); + if (NULL == namestore) + { + fprintf (stderr, + _("Failed to connect to namestore\n")); + } statistics = GNUNET_STATISTICS_create ("credential", c); GNUNET_SCHEDULER_add_shutdown (&shutdown_task, NULL); @@ -1023,6 +1204,10 @@ GNUNET_SERVICE_MAIN GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY, struct VerifyMessage, NULL), + GNUNET_MQ_hd_var_size (collect, + GNUNET_MESSAGE_TYPE_CREDENTIAL_COLLECT, + struct CollectMessage, + NULL), GNUNET_MQ_handler_end()); /* end of gnunet-service-credential.c */ diff --git a/src/credential/plugin_rest_credential.c b/src/credential/plugin_rest_credential.c index 651de0075..f13e26cd4 100644 --- a/src/credential/plugin_rest_credential.c +++ b/src/credential/plugin_rest_credential.c @@ -492,7 +492,8 @@ verify_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle, &handle->issuer_key, handle->issuer_attr, &handle->subject_key, - handle->subject_attr, + 0, + NULL,//TODOhandle->subject_attr, &handle_verify_response, handle); diff --git a/src/credential/test_credential_collect.sh b/src/credential/test_credential_collect.sh new file mode 100755 index 000000000..6c713063f --- /dev/null +++ b/src/credential/test_credential_collect.sh @@ -0,0 +1,47 @@ +#!/bin/bash +trap "gnunet-arm -e -c test_credential_lookup.conf" SIGINT + +LOCATION=$(which gnunet-config) +if [ -z $LOCATION ] +then + LOCATION="gnunet-config" +fi +$LOCATION --version 1> /dev/null +if test $? != 0 +then + echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" + exit 77 +fi + +rm -rf `gnunet-config -c test_credential_lookup.conf -s PATHS -o GNUNET_HOME -f` + +# (1) PKEY1.user -> PKEY2.resu.user +# (2) PKEY2.resu -> PKEY3 +# (3) PKEY3.user -> PKEY4 + + +which timeout &> /dev/null && DO_TIMEOUT="timeout 30" + +TEST_ATTR="test" +TEST_ATTR2="test2" +gnunet-arm -s -c test_credential_lookup.conf +gnunet-identity -C testissuer -c test_credential_lookup.conf +gnunet-identity -C testsubject -c test_credential_lookup.conf +SUBJECT_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testsubject | awk '{print $3}') +ISSUER_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testissuer | awk '{print $3}') +#TODO1 Get credential and store it with subject (3) +CRED=`$DO_TIMEOUT gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR --ttl=5m -c test_credential_lookup.conf` +$DO_TIMEOUT gnunet-namestore -a -z testsubject -n c1 -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf +CRED=`$DO_TIMEOUT gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR2 --ttl=5m -c test_credential_lookup.conf` +$DO_TIMEOUT gnunet-namestore -a -z testsubject -n c2 -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf +CREDS=`$DO_TIMEOUT gnunet-credential --collect --issuer=$ISSUER_KEY --attribute=$TEST_ATTR --ego=testsubject -c test_credential_lookup.conf | paste -d, -s` +echo $CREDS +RES=$? +gnunet-arm -e -c test_credential_lookup.conf + +if test $? != 0 +then + echo "Error collecting..." + exit 1 +fi + diff --git a/src/credential/test_credential_lookup.conf b/src/credential/test_credential_lookup.conf index 7aa193abd..93b4864d9 100644 --- a/src/credential/test_credential_lookup.conf +++ b/src/credential/test_credential_lookup.conf @@ -11,7 +11,7 @@ PLUGINS = [credential] AUTOSTART = YES -#PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/credlog +PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/credlog [rest] #PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/restlog diff --git a/src/credential/test_credential_verify.sh b/src/credential/test_credential_verify.sh index 6d69e337b..d042bcfe6 100755 --- a/src/credential/test_credential_verify.sh +++ b/src/credential/test_credential_verify.sh @@ -57,8 +57,11 @@ CRED=`$DO_TIMEOUT gnunet-credential --issue --ego=gnunet --subject=$ALICE_KEY -- # Alice stores the credential under "mygnunetcreds" gnunet-namestore -p -z alice -a -n $TEST_CREDENTIAL -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf +CREDS=`$DO_TIMEOUT gnunet-credential --collect --issuer=$SERVICE_KEY --attribute=$USER_ATTR --ego=alice -c test_credential_lookup.conf | paste -d, -s` + +echo gnunet-credential --verify --issuer=$SERVICE_KEY --attribute=$USER_ATTR --subject=$ALICE_KEY --credential=\'$CREDS\' -c test_credential_lookup.conf #TODO2 Add -z swich like in gnunet-gns -RES_CRED=`gnunet-credential --verify --issuer=$SERVICE_KEY --attribute=$USER_ATTR --subject=$ALICE_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf` +gnunet-credential --verify --issuer=$SERVICE_KEY --attribute=$USER_ATTR --subject=$ALICE_KEY --credential="$CREDS" -c test_credential_lookup.conf #TODO cleanup properly diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h index 906163c14..d04c0a253 100644 --- a/src/include/gnunet_credential_service.h +++ b/src/include/gnunet_credential_service.h @@ -235,7 +235,7 @@ GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle); * @param c_count the number of credentials found * @param credential the credentials */ -typedef void (*GNUNET_CREDENTIAL_VerifyResultProcessor) (void *cls, +typedef void (*GNUNET_CREDENTIAL_CredentialResultProcessor) (void *cls, unsigned int d_count, struct GNUNET_CREDENTIAL_Delegation *delegation_chain, unsigned int c_count, @@ -286,10 +286,19 @@ GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, const char *issuer_attribute, const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key, - const char *subject_attribute, - GNUNET_CREDENTIAL_VerifyResultProcessor proc, + uint32_t credential_count, + const struct GNUNET_CREDENTIAL_Credential *credentials, + GNUNET_CREDENTIAL_CredentialResultProcessor proc, void *proc_cls); +struct GNUNET_CREDENTIAL_Request* +GNUNET_CREDENTIAL_collect (struct GNUNET_CREDENTIAL_Handle *handle, + const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, + const char *issuer_attribute, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *subject_key, + GNUNET_CREDENTIAL_CredentialResultProcessor proc, + void *proc_cls); + /** * Delegate an attribute * diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h index 596196311..cf26f1727 100644 --- a/src/include/gnunet_protocols.h +++ b/src/include/gnunet_protocols.h @@ -2616,6 +2616,10 @@ extern "C" #define GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT 972 +#define GNUNET_MESSAGE_TYPE_CREDENTIAL_COLLECT 973 + +#define GNUNET_MESSAGE_TYPE_CREDENTIAL_COLLECT_RESULT 974 + /******************************************************************************/ -- cgit v1.2.3 From d833a55288cc8e5dc8a028b85f1ec4d4803f1e6b Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Wed, 28 Dec 2016 20:50:33 +0100 Subject: -update rest --- src/credential/gnunet-service-credential.c | 19 ++-- src/credential/plugin_rest_credential.c | 154 ++++++++++++++++++++++++++--- 2 files changed, 153 insertions(+), 20 deletions(-) diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index 4841370b3..ec89da323 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -880,19 +880,22 @@ static void handle_verify (void *cls, const struct VerifyMessage *v_msg) { - char attr[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; - char issuer_attribute[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; struct VerifyRequestHandle *vrh; struct GNUNET_SERVICE_Client *client = cls; + struct CredentialRecordEntry *cr_entry; + uint32_t credentials_count; + uint32_t credential_data_size; + int i; + char attr[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; + char issuer_attribute[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; char *attrptr = attr; + char *credential_data; const char *utf_in; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received VERIFY message\n"); - utf_in = (const char *) &v_msg[1]; GNUNET_STRINGS_utf8_tolower (utf_in, attrptr); - GNUNET_memcpy (issuer_attribute, attr, ntohs (v_msg->issuer_attribute_len)); issuer_attribute[ntohs (v_msg->issuer_attribute_len)] = '\0'; vrh = GNUNET_new (struct VerifyRequestHandle); @@ -913,15 +916,13 @@ handle_verify (void *cls, * First, collect credentials * TODO: cleanup! */ - uint32_t credentials_count = ntohl(v_msg->c_count); - int i; - uint32_t credential_data_size = ntohs (v_msg->header.size) + credentials_count = ntohl(v_msg->c_count); + credential_data_size = ntohs (v_msg->header.size) - sizeof (struct VerifyMessage) - ntohs (v_msg->issuer_attribute_len) - 1; struct GNUNET_CREDENTIAL_Credential credentials[credentials_count]; - char *credential_data = (char*)&v_msg[1] + ntohs (v_msg->issuer_attribute_len) + 1; - struct CredentialRecordEntry *cr_entry; + credential_data = (char*)&v_msg[1] + ntohs (v_msg->issuer_attribute_len) + 1; if (GNUNET_OK != GNUNET_CREDENTIAL_credentials_deserialize (credential_data_size, credential_data, credentials_count, diff --git a/src/credential/plugin_rest_credential.c b/src/credential/plugin_rest_credential.c index f13e26cd4..0d469f5de 100644 --- a/src/credential/plugin_rest_credential.c +++ b/src/credential/plugin_rest_credential.c @@ -244,6 +244,76 @@ attribute_delegation_to_json (struct GNUNET_CREDENTIAL_Delegation *delegation_ch return attr_obj; } +/** + * JSONAPI resource to Credential + * @param res the JSONAPI resource + * @return the resulting credential, NULL if failed + */ +static struct GNUNET_CREDENTIAL_Credential* +json_to_credential (json_t *res) +{ + struct GNUNET_CREDENTIAL_Credential *cred; + json_t *tmp; + const char *attribute; + const char *signature; + char *sig; + + tmp = json_object_get (res, "attribute"); + if (0 == json_is_string (tmp)) + { + return NULL; + } + attribute = json_string_value (tmp); + cred = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_Credential) + + strlen (attribute)); + cred->issuer_attribute = attribute; + cred->issuer_attribute_len = strlen (attribute); + tmp = json_object_get (res, "issuer"); + if (0 == json_is_string (tmp)) + { + GNUNET_free (cred); + return NULL; + } + + GNUNET_CRYPTO_ecdsa_public_key_from_string (json_string_value(tmp), + strlen (json_string_value(tmp)), + &cred->issuer_key); + tmp = json_object_get (res, "subject"); + if (0 == json_is_string (tmp)) + { + GNUNET_free (cred); + return NULL; + } + GNUNET_CRYPTO_ecdsa_public_key_from_string (json_string_value(tmp), + strlen (json_string_value(tmp)), + &cred->subject_key); + + tmp = json_object_get (res, "signature"); + if (0 == json_is_string (tmp)) + { + GNUNET_free (cred); + return NULL; + } + signature = json_string_value (tmp); + GNUNET_STRINGS_base64_decode (signature, + strlen (signature), + (char**)&sig); + GNUNET_memcpy (&cred->signature, + sig, + sizeof (struct GNUNET_CRYPTO_EcdsaSignature)); + GNUNET_free (sig); + + tmp = json_object_get (res, "expiration"); + if (0 == json_is_integer (tmp)) + { + GNUNET_free (cred); + return NULL; + } + cred->expiration.abs_value_us = json_integer_value (tmp); + return cred; +} + + /** * Credential to JSON * @param cred the credential @@ -254,6 +324,7 @@ credential_to_json (struct GNUNET_CREDENTIAL_Credential *cred) { char *issuer; char *subject; + char *signature; char attribute[cred->issuer_attribute_len + 1]; json_t *cred_obj; @@ -272,6 +343,9 @@ credential_to_json (struct GNUNET_CREDENTIAL_Credential *cred) GNUNET_free (issuer); return NULL; } + GNUNET_STRINGS_base64_encode ((char*)&cred->signature, + sizeof (struct GNUNET_CRYPTO_EcdsaSignature), + &signature); memcpy (attribute, cred->issuer_attribute, cred->issuer_attribute_len); @@ -280,8 +354,11 @@ credential_to_json (struct GNUNET_CREDENTIAL_Credential *cred) json_object_set_new (cred_obj, "issuer", json_string (issuer)); json_object_set_new (cred_obj, "subject", json_string (subject)); json_object_set_new (cred_obj, "attribute", json_string (attribute)); + json_object_set_new (cred_obj, "signature", json_string (signature)); + json_object_set_new (cred_obj, "expiration", json_integer (cred->expiration.abs_value_us)); GNUNET_free (issuer); GNUNET_free (subject); + GNUNET_free (signature); return cred_obj; } @@ -377,8 +454,17 @@ verify_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle, { struct RequestHandle *handle = cls; struct GNUNET_HashCode key; + struct GNUNET_JSONAPI_Document *json_obj; + struct GNUNET_JSONAPI_Resource *res; + struct GNUNET_CREDENTIAL_Credential *cred; char *tmp; char *entity_attr; + int i; + uint32_t credential_count; + uint32_t resource_count; + json_t *cred_json; + json_t *data_js; + json_error_t err; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connecting...\n"); @@ -456,8 +542,6 @@ verify_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle, } tmp = GNUNET_CONTAINER_multihashmap_get (conndata_handle->url_param_map, &key); - entity_attr = GNUNET_strdup (tmp); - tmp = strtok(entity_attr, "."); if (NULL == tmp) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, @@ -476,26 +560,74 @@ verify_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle, GNUNET_SCHEDULER_add_now (&do_error, handle); return; } - tmp = strtok (NULL, "."); - if (NULL == tmp) + GNUNET_free (entity_attr); + + if (0 >= handle->rest_handle->data_size) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Malformed subject attribute\n"); - GNUNET_free (entity_attr); - GNUNET_SCHEDULER_add_now (&do_error, handle); + "Missing credentials\n"); + GNUNET_SCHEDULER_add_now (&do_error, handle); return; } - handle->subject_attr = GNUNET_strdup (tmp); - GNUNET_free (entity_attr); + + struct GNUNET_JSON_Specification docspec[] = { + GNUNET_JSON_spec_jsonapi_document (&json_obj), + GNUNET_JSON_spec_end() + }; + char term_data[handle->rest_handle->data_size+1]; + term_data[handle->rest_handle->data_size] = '\0'; + credential_count = 0; + GNUNET_memcpy (term_data, + handle->rest_handle->data, + handle->rest_handle->data_size); + data_js = json_loads (term_data, + JSON_DECODE_ANY, + &err); + GNUNET_assert (GNUNET_OK == GNUNET_JSON_parse (data_js, docspec, + NULL, NULL)); + json_decref (data_js); + if (NULL == json_obj) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unable to parse JSONAPI Object from %s\n", + term_data); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + + resource_count = GNUNET_JSONAPI_document_resource_count(json_obj); + struct GNUNET_CREDENTIAL_Credential credentials[credential_count]; + for (i=0;iissuer_attribute); + GNUNET_free (cred); + } handle->verify_request = GNUNET_CREDENTIAL_verify (handle->credential, &handle->issuer_key, handle->issuer_attr, &handle->subject_key, - 0, - NULL,//TODOhandle->subject_attr, + credential_count, + credentials, &handle_verify_response, handle); + for (i=0;i Date: Thu, 29 Dec 2016 11:28:10 +0100 Subject: -add collect rest; fixes --- src/credential/plugin_rest_credential.c | 255 +++++++++++++++++++++++-- src/credential/test_credential_collect_rest.sh | 90 +++++++++ src/credential/test_credential_issue_rest.sh | 53 +++++ src/credential/test_credential_lookup.conf | 2 +- src/credential/test_credential_verify_rest.sh | 9 +- src/jsonapi/jsonapi_document.c | 2 +- 6 files changed, 391 insertions(+), 20 deletions(-) create mode 100755 src/credential/test_credential_collect_rest.sh create mode 100755 src/credential/test_credential_issue_rest.sh diff --git a/src/credential/plugin_rest_credential.c b/src/credential/plugin_rest_credential.c index 0d469f5de..59022e794 100644 --- a/src/credential/plugin_rest_credential.c +++ b/src/credential/plugin_rest_credential.c @@ -41,10 +41,14 @@ #define GNUNET_REST_API_NS_CREDENTIAL_VERIFY "/credential/verify" +#define GNUNET_REST_API_NS_CREDENTIAL_COLLECT "/credential/collect" + #define GNUNET_REST_JSONAPI_CREDENTIAL_EXPIRATION "expiration" #define GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_KEY "subject_key" +#define GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_EGO "subject" + #define GNUNET_REST_JSONAPI_CREDENTIAL "credential" #define GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO "credential" @@ -92,6 +96,11 @@ struct RequestHandle */ struct GNUNET_IDENTITY_Operation *id_op; + /** + * Handle to ego lookup + */ + struct GNUNET_IDENTITY_EgoLookup *ego_lookup; + /** * Handle to rest request */ @@ -173,6 +182,8 @@ cleanup_handle (struct RequestHandle *handle) GNUNET_CREDENTIAL_disconnect (handle->credential); if (NULL != handle->id_op) GNUNET_IDENTITY_cancel (handle->id_op); + if (NULL != handle->ego_lookup) + GNUNET_IDENTITY_ego_lookup_cancel (handle->ego_lookup); if (NULL != handle->identity) GNUNET_IDENTITY_disconnect (handle->identity); if (NULL != handle->timeout_task) @@ -362,6 +373,103 @@ credential_to_json (struct GNUNET_CREDENTIAL_Credential *cred) return cred_obj; } +/** + * Function called with the result of a Credential lookup. + * + * @param cls the 'const char *' name that was resolved + * @param cd_count number of records returned + * @param cd array of @a cd_count records with the results + */ +static void +handle_collect_response (void *cls, + unsigned int d_count, + struct GNUNET_CREDENTIAL_Delegation *delegation_chain, + unsigned int c_count, + struct GNUNET_CREDENTIAL_Credential *cred) +{ + struct RequestHandle *handle = cls; + struct MHD_Response *resp; + struct GNUNET_JSONAPI_Document *json_document; + struct GNUNET_JSONAPI_Resource *json_resource; + json_t *cred_obj; + json_t *cred_array; + char *result; + char *issuer; + char *id; + uint32_t i; + + handle->verify_request = NULL; + if (NULL == cred) { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Verify failed.\n"); + handle->response_code = MHD_HTTP_NOT_FOUND; + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string (&handle->issuer_key); + if (NULL == issuer) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Issuer in delegation malformed\n"); + return; + } + GNUNET_asprintf (&id, + "%s.%s", + issuer, + handle->issuer_attr); + GNUNET_free (issuer); + json_document = GNUNET_JSONAPI_document_new (); + json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO, + id); + GNUNET_free (id); + cred_array = json_array (); + for (i=0;iproc (handle->proc_cls, resp, MHD_HTTP_OK); + cleanup_handle (handle); +} + +static void +subject_ego_lookup (void *cls, + const struct GNUNET_IDENTITY_Ego *ego) +{ + struct RequestHandle *handle = cls; + const struct GNUNET_CRYPTO_EcdsaPrivateKey *sub_key; + handle->ego_lookup = NULL; + + if (NULL == ego) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Subject not found\n"); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + sub_key = GNUNET_IDENTITY_ego_get_private_key (ego); + handle->verify_request = GNUNET_CREDENTIAL_collect (handle->credential, + &handle->issuer_key, + handle->issuer_attr, + sub_key, + &handle_collect_response, + handle); +} + + + /** * Function called with the result of a Credential lookup. * @@ -446,6 +554,107 @@ handle_verify_response (void *cls, cleanup_handle (handle); } +static void +collect_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle, + const char* url, + void *cls) +{ + struct RequestHandle *handle = cls; + struct GNUNET_HashCode key; + char *tmp; + char *entity_attr; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Connecting...\n"); + handle->credential = GNUNET_CREDENTIAL_connect (cfg); + handle->timeout_task = GNUNET_SCHEDULER_add_delayed (handle->timeout, + &do_error, handle); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Connected\n"); + if (NULL == handle->credential) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Connecting to CREDENTIAL failed\n"); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_CREDENTIAL_ISSUER_ATTR, + strlen (GNUNET_REST_JSONAPI_CREDENTIAL_ISSUER_ATTR), + &key); + if ( GNUNET_NO == + GNUNET_CONTAINER_multihashmap_contains (conndata_handle->url_param_map, + &key) ) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Missing issuer attribute\n"); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + tmp = GNUNET_CONTAINER_multihashmap_get (conndata_handle->url_param_map, + &key); + entity_attr = GNUNET_strdup (tmp); + tmp = strtok(entity_attr, "."); + if (NULL == tmp) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Malformed issuer or attribute\n"); + GNUNET_free (entity_attr); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + if (GNUNET_OK != + GNUNET_CRYPTO_ecdsa_public_key_from_string (tmp, + strlen (tmp), + &handle->issuer_key)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Malformed issuer key\n"); + GNUNET_free (entity_attr); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + tmp = strtok (NULL, "."); //Issuer attribute + if (NULL == tmp) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Malformed attribute\n"); + GNUNET_free (entity_attr); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + handle->issuer_attr = GNUNET_strdup (tmp); + GNUNET_free (entity_attr); + + GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_EGO, + strlen (GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_EGO), + &key); + if ( GNUNET_NO == + GNUNET_CONTAINER_multihashmap_contains (conndata_handle->url_param_map, + &key) ) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Missing subject\n"); + GNUNET_free (entity_attr); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + tmp = GNUNET_CONTAINER_multihashmap_get (conndata_handle->url_param_map, + &key); + if (NULL == tmp) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Malformed subject\n"); + GNUNET_free (entity_attr); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + handle->ego_lookup = GNUNET_IDENTITY_ego_lookup (cfg, + tmp, + &subject_ego_lookup, + handle); +} + + static void verify_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle, @@ -527,15 +736,15 @@ verify_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle, handle->issuer_attr = GNUNET_strdup (tmp); GNUNET_free (entity_attr); - GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_ATTR, - strlen (GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_ATTR), + GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_KEY, + strlen (GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_KEY), &key); if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (conndata_handle->url_param_map, &key) ) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Missing subject or attribute\n"); + "Missing subject key\n"); GNUNET_free (entity_attr); GNUNET_SCHEDULER_add_now (&do_error, handle); return; @@ -560,7 +769,6 @@ verify_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle, GNUNET_SCHEDULER_add_now (&do_error, handle); return; } - GNUNET_free (entity_attr); if (0 >= handle->rest_handle->data_size) { @@ -596,28 +804,44 @@ verify_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle, } resource_count = GNUNET_JSONAPI_document_resource_count(json_obj); + GNUNET_assert (1 == resource_count); + res = (GNUNET_JSONAPI_document_get_resource(json_obj, 0)); + if (GNUNET_NO == GNUNET_JSONAPI_resource_check_type(res, + GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Resource not a credential!\n"); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unable to parse JSONAPI Object from %s\n", + term_data); + GNUNET_JSONAPI_document_delete (json_obj); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + cred_json = GNUNET_JSONAPI_resource_read_attr (res, + GNUNET_REST_JSONAPI_CREDENTIAL); + + GNUNET_assert (json_is_array (cred_json)); + + credential_count = json_array_size(cred_json); + struct GNUNET_CREDENTIAL_Credential credentials[credential_count]; - for (i=0;iissuer_attribute); GNUNET_free (cred); } - + GNUNET_JSONAPI_document_delete(json_obj); handle->verify_request = GNUNET_CREDENTIAL_verify (handle->credential, &handle->issuer_key, handle->issuer_attr, @@ -888,7 +1112,8 @@ rest_credential_process_request(struct GNUNET_REST_RequestHandle *conndata_handl handle->rest_handle = conndata_handle; static const struct GNUNET_REST_RequestHandler handlers[] = { - {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_CREDENTIAL_VERIFY, &verify_cred_cont}, + {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_CREDENTIAL_VERIFY, &verify_cred_cont}, + {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_CREDENTIAL_COLLECT, &collect_cred_cont}, {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_CREDENTIAL_ISSUE, &issue_cred_cont}, {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_CREDENTIAL, &options_cont}, GNUNET_REST_HANDLER_END diff --git a/src/credential/test_credential_collect_rest.sh b/src/credential/test_credential_collect_rest.sh new file mode 100755 index 000000000..0b31f85bc --- /dev/null +++ b/src/credential/test_credential_collect_rest.sh @@ -0,0 +1,90 @@ +#!/bin/bash +trap "gnunet-arm -e -c test_credential_lookup.conf" SIGINT + +LOCATION=$(which gnunet-config) +if [ -z $LOCATION ] +then + LOCATION="gnunet-config" +fi +$LOCATION --version 1> /dev/null +if test $? != 0 +then + echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" + exit 77 +fi + +rm -rf `gnunet-config -c test_credential_lookup.conf -s PATHS -o GNUNET_HOME -f` + +# (1) Service.user -> GNU.project.member +# (2) GNU.project -> GNUnet +# (3) GNUnet.member -> GNUnet.developer +# (4) GNUnet.member -> GNUnet.user +# (5) GNUnet.developer -> Alice + + +which timeout &> /dev/null && DO_TIMEOUT="timeout 30" +gnunet-arm -s -c test_credential_lookup.conf +gnunet-identity -C service -c test_credential_lookup.conf +gnunet-identity -C alice -c test_credential_lookup.conf +gnunet-identity -C gnu -c test_credential_lookup.conf +gnunet-identity -C gnunet -c test_credential_lookup.conf + +GNU_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep gnu | grep -v gnunet | awk '{print $3}') +ALICE_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep alice | awk '{print $3}') +GNUNET_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep gnunet | awk '{print $3}') +SERVICE_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep service | awk '{print $3}') + +USER_ATTR="user" +GNU_PROJECT_ATTR="project" +MEMBER_ATTR="member" +DEVELOPER_ATTR="developer" +DEV_ATTR="developer" +TEST_CREDENTIAL="mygnunetcreds" + +# (1) A service assigns the attribute "user" to all entities that have been assigned "member" by entities that werde assigned "project" from GNU +gnunet-namestore -p -z service -a -n $USER_ATTR -t ATTR -V "$GNU_KEY $GNU_PROJECT_ATTR.$MEMBER_ATTR" -e 5m -c test_credential_lookup.conf + +# (2) GNU recognized GNUnet as a GNU project and delegates the "project" attribute +gnunet-namestore -p -z gnu -a -n $GNU_PROJECT_ATTR -t ATTR -V "$GNUNET_KEY" -e 5m -c test_credential_lookup.conf + +# (3+4) GNUnet assigns the attribute "member" to all entities gnunet has also assigned "developer" or "user" +gnunet-namestore -p -z gnunet -a -n $MEMBER_ATTR -t ATTR -V "$GNUNET_KEY $DEVELOPER_ATTR" -e 5m -c test_credential_lookup.conf +gnunet-namestore -p -z gnunet -a -n $MEMBER_ATTR -t ATTR -V "$GNUNET_KEY $USER_ATTR" -e 5m -c test_credential_lookup.conf + +# (5) GNUnet issues Alice the credential "developer" +CRED=`$DO_TIMEOUT gnunet-credential --issue --ego=gnunet --subject=$ALICE_KEY --attribute=$DEV_ATTR --ttl=5m -c test_credential_lookup.conf` + +# Alice stores the credential under "mygnunetcreds" +gnunet-namestore -p -z alice -a -n $TEST_CREDENTIAL -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf + +# (5) GNUnet issues Alice the credential "developer" +CRED=`$DO_TIMEOUT gnunet-credential --issue --ego=gnunet --subject=$ALICE_KEY --attribute=$USER_ATTR --ttl=5m -c test_credential_lookup.conf` + +# Alice stores the credential under "mygnunetcreds" +gnunet-namestore -p -z alice -a -n $TEST_CREDENTIAL -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf + +#TODO2 Add -z swich like in gnunet-gns +#RES_CRED=`gnunet-credential --collect --issuer=$SERVICE_KEY --attribute=$USER_ATTR --subject=$ALICE_KEY -c test_credential_lookup.conf` + +gnunet-arm -i rest -c test_credential_lookup.conf + +sleep 5 + +curl -v "localhost:7776/credential/collect?attribute=$SERVICE_KEY.$USER_ATTR&subject=alice" + +#TODO cleanup properly +gnunet-namestore -z alice -d -n $TEST_CREDENTIAL -t CRED -e never -c test_credential_lookup.conf +gnunet-namestore -z gnu -d -n $GNU_PROJECT_ATTR -t ATTR -c test_credential_lookup.conf +gnunet-namestore -z gnunet -d -n $MEMBER_ATTR -t ATTR -c test_credential_lookup.conf +gnunet-namestore -z service -d -n $USER_ATTR -t ATTR -c test_credential_lookup.conf +echo "Stopping arm..." +gnunet-arm -e -c test_credential_lookup.conf +echo "Done" +if [ "$RES_CRED" != "Failed." ] +then + echo -e "${RES_CRED}" + exit 0 +else + echo "FAIL: Failed to verify credential $RES_CRED." + exit 1 +fi diff --git a/src/credential/test_credential_issue_rest.sh b/src/credential/test_credential_issue_rest.sh new file mode 100755 index 000000000..15cd55083 --- /dev/null +++ b/src/credential/test_credential_issue_rest.sh @@ -0,0 +1,53 @@ +#!/bin/bash +trap "gnunet-arm -e -c test_credential_lookup.conf" SIGINT + +LOCATION=$(which gnunet-config) +if [ -z $LOCATION ] +then + LOCATION="gnunet-config" +fi +$LOCATION --version 1> /dev/null +if test $? != 0 +then + echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" + exit 77 +fi + +rm -rf `gnunet-config -c test_credential_lookup.conf -s PATHS -o GNUNET_HOME -f` + +# (1) PKEY1.user -> PKEY2.resu.user +# (2) PKEY2.resu -> PKEY3 +# (3) PKEY3.user -> PKEY4 + + +which timeout &> /dev/null && DO_TIMEOUT="timeout 30" + +TEST_ATTR="test" +gnunet-arm -s -c test_credential_lookup.conf +gnunet-arm -i gns +gnunet-arm -i credential +gnunet-arm -i identity +gnunet-arm -i rest -c test_credential_lookup.conf + +gnunet-arm -I -c test_credential_lookup.conf +gnunet-identity -C testissuer -c test_credential_lookup.conf +gnunet-identity -C testsubject -c test_credential_lookup.conf +gnunet-identity -s credential-issuer -e testissuer +SUBJECT_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testsubject | awk '{print $3}') +ISSUER_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testissuer | awk '{print $3}') +#TODO1 Get credential and store it with subject (3) +sleep 5 +curl "localhost:7776/credential/issue?subject_key=$SUBJECT_KEY&attribute=$TEST_ATTR&expiration=1d" +#CRED=`$DO_TIMEOUT gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR --ttl=5m -c test_credential_lookup.conf` +STATUS=$? + +if test $? != 0 +then + echo "Error issuing..." + exit 1 +fi +#Try import +#$DO_TIMEOUT gnunet-namestore -a -z testsubject -n c1 -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf +RES=$? +gnunet-arm -e -c test_credential_lookup.conf +exit $RES diff --git a/src/credential/test_credential_lookup.conf b/src/credential/test_credential_lookup.conf index 93b4864d9..3684063b1 100644 --- a/src/credential/test_credential_lookup.conf +++ b/src/credential/test_credential_lookup.conf @@ -14,7 +14,7 @@ AUTOSTART = YES PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/credlog [rest] -#PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/restlog +PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/restlog [gns] #PREFIX = valgrind --leak-check=full --track-origins=yes diff --git a/src/credential/test_credential_verify_rest.sh b/src/credential/test_credential_verify_rest.sh index 092737df7..6133ea25e 100755 --- a/src/credential/test_credential_verify_rest.sh +++ b/src/credential/test_credential_verify_rest.sh @@ -58,14 +58,17 @@ CRED=`$DO_TIMEOUT gnunet-credential --issue --ego=gnunet --subject=$ALICE_KEY -- gnunet-namestore -p -z alice -a -n $TEST_CREDENTIAL -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf #TODO2 Add -z swich like in gnunet-gns -RES_CRED=`gnunet-credential --verify --issuer=$SERVICE_KEY --attribute=$USER_ATTR --subject=$ALICE_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf` +#RES_CRED=`gnunet-credential --verify --issuer=$SERVICE_KEY --attribute=$USER_ATTR --subject=$ALICE_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf` gnunet-arm -i rest -c test_credential_lookup.conf sleep 5 -echo "localhost:7776/credential?attribute=$SERVICE_KEY.$USER_ATTR&credential=$ALICE_KEY.$TEST_CREDENTIAL" -curl -v "localhost:7776/credential?attribute=$SERVICE_KEY.$USER_ATTR&credential=$ALICE_KEY.$TEST_CREDENTIAL" +CREDS=`curl "localhost:7776/credential/collect?attribute=$SERVICE_KEY.$USER_ATTR&subject=alice"` + +echo $CREDS + +curl -v "localhost:7776/credential/verify?attribute=$SERVICE_KEY.$USER_ATTR&subject_key=$ALICE_KEY" --data "$CREDS" #TODO cleanup properly gnunet-namestore -z alice -d -n $TEST_CREDENTIAL -t CRED -e never -c test_credential_lookup.conf diff --git a/src/jsonapi/jsonapi_document.c b/src/jsonapi/jsonapi_document.c index 8022a9f6e..3a60940f6 100644 --- a/src/jsonapi/jsonapi_document.c +++ b/src/jsonapi/jsonapi_document.c @@ -344,7 +344,7 @@ GNUNET_JSONAPI_document_to_json (const struct GNUNET_JSONAPI_Document *doc, GNUNET_assert (GNUNET_OK == GNUNET_JSONAPI_resource_to_json (res, &res_json_tmp)); - json_array_append (res_json, res_json_tmp); + json_array_append_new (res_json, res_json_tmp); } } json_object_set_new (*root_json, -- cgit v1.2.3 From baf9b5d76c4b40d6bd2869525656ad298ead7726 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Thu, 29 Dec 2016 15:48:43 +0100 Subject: -add tokens for credentials --- src/credential/credential_serialization.c | 4 +- src/credential/gnunet-service-credential.c | 30 +++- src/identity-provider/Makefile.am | 1 + .../gnunet-service-identity-provider.c | 182 ++++++++++++++++++++- src/identity-provider/identity_provider.h | 5 + src/identity-provider/identity_provider_api.c | 10 +- src/identity-provider/identity_token.c | 56 ++++++- src/identity-provider/identity_token.h | 47 +++--- .../plugin_rest_identity_provider.c | 45 +++-- src/include/gnunet_identity_provider_service.h | 1 + 10 files changed, 333 insertions(+), 48 deletions(-) diff --git a/src/credential/credential_serialization.c b/src/credential/credential_serialization.c index 76bf491c9..1fc72c203 100644 --- a/src/credential/credential_serialization.c +++ b/src/credential/credential_serialization.c @@ -192,7 +192,7 @@ GNUNET_CREDENTIAL_credentials_serialize (unsigned int c_count, c_rec.signature = cd[i].signature; c_rec.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); c_rec.purpose.size = htonl ((sizeof (struct CredentialEntry) + cd[i].issuer_attribute_len) - sizeof (struct GNUNET_CRYPTO_EcdsaSignature)); - c_rec.expiration = htonl ((uint32_t) cd[i].expiration.abs_value_us); + c_rec.expiration = GNUNET_htonll (cd[i].expiration.abs_value_us); if (off + sizeof (c_rec) > dest_size) return -1; GNUNET_memcpy (&dest[off], @@ -241,7 +241,7 @@ GNUNET_CREDENTIAL_credentials_deserialize (size_t len, cd[i].issuer_key = c_rec.issuer_key; cd[i].subject_key = c_rec.subject_key; cd[i].signature = c_rec.signature; - cd[i].expiration.abs_value_us = ntohl((uint32_t) c_rec.expiration); + cd[i].expiration.abs_value_us = GNUNET_ntohll(c_rec.expiration); off += sizeof (c_rec); if (off + cd[i].issuer_attribute_len > len) return GNUNET_SYSERR; diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index ec89da323..75ed6d5da 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -92,7 +92,11 @@ struct CredentialRecordEntry * DLL */ struct CredentialRecordEntry *prev; - + + /** + * Number of references in delegation chains + */ + uint32_t refcount; /** * Payload @@ -485,6 +489,7 @@ send_lookup_response (struct VerifyRequestHandle *vrh) struct GNUNET_CREDENTIAL_Delegation dd[vrh->delegation_chain_size]; struct GNUNET_CREDENTIAL_Credential cred[vrh->cred_chain_size]; struct CredentialRecordEntry *cd; + struct CredentialRecordEntry *tmp; size_t size; int i; @@ -507,6 +512,26 @@ send_lookup_response (struct VerifyRequestHandle *vrh) dce = dce->next; } + /** + * Remove all credentials not needed + */ + for (cd = vrh->cred_chain_head; NULL != cd;) + { + if (cd->refcount > 0) + { + cd = cd->next; + continue; + } + tmp = cd; + cd = cd->next; + GNUNET_CONTAINER_DLL_remove (vrh->cred_chain_head, + vrh->cred_chain_tail, + tmp); + GNUNET_free (tmp->credential); + GNUNET_free (tmp); + vrh->cred_chain_size--; + } + /** * Get serialized record data * Append at the end of rmsg @@ -681,7 +706,7 @@ backward_resolution (void* cls, GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found issuer\n"); - + cred_pointer->refcount++; //Backtrack for (tmp_set = ds_entry; NULL != tmp_set->parent_queue_entry; @@ -796,6 +821,7 @@ delegation_chain_resolution_start (void* cls) continue; if (0 != strcmp (cr_entry->credential->issuer_attribute, vrh->issuer_attribute)) continue; + cr_entry->refcount++; //Found match prematurely send_lookup_response (vrh); return; diff --git a/src/identity-provider/Makefile.am b/src/identity-provider/Makefile.am index 7c2bb9646..cc9692a9a 100644 --- a/src/identity-provider/Makefile.am +++ b/src/identity-provider/Makefile.am @@ -39,6 +39,7 @@ gnunet_service_identity_provider_LDADD = \ $(top_builddir)/src/namestore/libgnunetnamestore.la \ $(top_builddir)/src/identity/libgnunetidentity.la \ $(top_builddir)/src/statistics/libgnunetstatistics.la \ + $(top_builddir)/src/credential/libgnunetcredential.la \ $(top_builddir)/src/gns/libgnunetgns.la \ $(GN_LIBINTL) \ -ljansson diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index d72b92c0f..e8ea487f4 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -30,6 +30,7 @@ #include "gnunet_identity_service.h" #include "gnunet_gnsrecord_lib.h" #include "gnunet_namestore_service.h" +#include "gnunet_credential_service.h" #include "gnunet_statistics_service.h" #include "gnunet_gns_service.h" #include "gnunet_signatures.h" @@ -92,6 +93,11 @@ static struct GNUNET_NAMESTORE_Handle *ns_handle; */ static struct GNUNET_GNS_Handle *gns_handle; +/** + * Credential handle + */ +static struct GNUNET_CREDENTIAL_Handle *credential_handle; + /** * Namestore qe */ @@ -153,6 +159,23 @@ static struct GNUNET_STATISTICS_Handle *stats; */ static const struct GNUNET_CONFIGURATION_Handle *cfg; +struct VerifiedAttributeEntry +{ + /** + * DLL + */ + struct VerifiedAttributeEntry *prev; + + /** + * DLL + */ + struct VerifiedAttributeEntry *next; + + /** + * Attribute Name + */ + char* name; +}; struct ExchangeHandle { @@ -226,6 +249,16 @@ struct IssueHandle */ char *scopes; + /** + * DLL + */ + struct VerifiedAttributeEntry *v_attr_head; + + /** + * DLL + */ + struct VerifiedAttributeEntry *v_attr_tail; + /** * nonce */ @@ -236,6 +269,11 @@ struct IssueHandle */ struct GNUNET_NAMESTORE_ZoneIterator *ns_it; + /** + * Cred request + */ + struct GNUNET_CREDENTIAL_Request *credential_request; + /** * Attribute map */ @@ -876,6 +914,8 @@ cleanup() GNUNET_IDENTITY_disconnect (identity_handle); if (NULL != gns_handle) GNUNET_GNS_disconnect (gns_handle); + if (NULL != credential_handle) + GNUNET_CREDENTIAL_disconnect (credential_handle); if (NULL != ns_it) GNUNET_NAMESTORE_zone_iteration_stop (ns_it); if (NULL != ns_qe) @@ -1114,6 +1154,108 @@ sign_and_return_token (void *cls) GNUNET_free (token_metadata); } +/** + * Credential to JSON + * @param cred the credential + * @return the resulting json, NULL if failed + */ +static json_t* +credential_to_json (struct GNUNET_CREDENTIAL_Credential *cred) +{ + char *issuer; + char *subject; + char *signature; + char attribute[cred->issuer_attribute_len + 1]; + json_t *cred_obj; + + issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->issuer_key); + if (NULL == issuer) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Issuer in credential malformed\n"); + return NULL; + } + subject = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->subject_key); + if (NULL == subject) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Subject in credential malformed\n"); + GNUNET_free (issuer); + return NULL; + } + GNUNET_STRINGS_base64_encode ((char*)&cred->signature, + sizeof (struct GNUNET_CRYPTO_EcdsaSignature), + &signature); + memcpy (attribute, + cred->issuer_attribute, + cred->issuer_attribute_len); + attribute[cred->issuer_attribute_len] = '\0'; + cred_obj = json_object (); + json_object_set_new (cred_obj, "issuer", json_string (issuer)); + json_object_set_new (cred_obj, "subject", json_string (subject)); + json_object_set_new (cred_obj, "attribute", json_string (attribute)); + json_object_set_new (cred_obj, "signature", json_string (signature)); + json_object_set_new (cred_obj, "expiration", json_integer (cred->expiration.abs_value_us)); + GNUNET_free (issuer); + GNUNET_free (subject); + GNUNET_free (signature); + return cred_obj; +} + + +static void +handle_vattr_collection (void* cls, + unsigned int d_count, + struct GNUNET_CREDENTIAL_Delegation *dc, + unsigned int c_count, + struct GNUNET_CREDENTIAL_Credential *cred) +{ + struct IssueHandle *handle = cls; + struct VerifiedAttributeEntry *vattr; + json_t *cred_json; + json_t *cred_array; + int i; + handle->credential_request = NULL; + + if (NULL == cred) + { + GNUNET_SCHEDULER_add_now (&sign_and_return_token, handle); + return; + } + cred_array = json_array(); + for (i=0;itoken, + handle->v_attr_head->name, + cred_array); + } + json_decref (cred_array); + vattr = handle->v_attr_head; + + GNUNET_CONTAINER_DLL_remove (handle->v_attr_head, + handle->v_attr_tail, + vattr); + GNUNET_free (vattr->name); + GNUNET_free (vattr); + + if (NULL == handle->v_attr_head) + { + GNUNET_SCHEDULER_add_now (&sign_and_return_token, handle); + return; + } + handle->credential_request = GNUNET_CREDENTIAL_collect (credential_handle, + &handle->aud_key, + handle->v_attr_head->name, + &handle->iss_key, + &handle_vattr_collection, + handle); + +} + static void attr_collect_error (void *cls) @@ -1133,10 +1275,19 @@ attr_collect_finished (void *cls) GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute END: \n"); handle->ns_it = NULL; - GNUNET_SCHEDULER_add_now (&sign_and_return_token, handle); -} - + if (NULL == handle->v_attr_head) + { + GNUNET_SCHEDULER_add_now (&sign_and_return_token, handle); + return; + } + handle->credential_request = GNUNET_CREDENTIAL_collect (credential_handle, + &handle->aud_key, + handle->v_attr_head->name, + &handle->iss_key, + &handle_vattr_collection, + handle); +} /** * Collect attributes for token */ @@ -1532,11 +1683,14 @@ handle_issue_message (void *cls, const char *scopes; char *scopes_tmp; char *scope; + const char *v_attrs; struct GNUNET_HashCode key; struct IssueHandle *issue_handle; + struct VerifiedAttributeEntry *vattr_entry; struct GNUNET_SERVICE_Client *client = cls; scopes = (const char *) &im[1]; + v_attrs = (const char *) &im[1] + ntohl(im->scope_len); issue_handle = GNUNET_malloc (sizeof (struct IssueHandle)); issue_handle->attr_map = GNUNET_CONTAINER_multihashmap_create (5, GNUNET_NO); @@ -1553,6 +1707,22 @@ handle_issue_message (void *cls, GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); } GNUNET_free (scopes_tmp); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "VATTRS: %s\n", v_attrs); + scopes_tmp = GNUNET_strdup (v_attrs); + + for (scope = strtok (scopes_tmp, ","); NULL != scope; scope = strtok (NULL, ",")) + { + vattr_entry = GNUNET_new (struct VerifiedAttributeEntry); + vattr_entry->name = GNUNET_strdup (scope); + GNUNET_CONTAINER_DLL_insert (issue_handle->v_attr_head, + issue_handle->v_attr_tail, + vattr_entry); + } + GNUNET_free (scopes_tmp); + + + issue_handle->r_id = im->id; issue_handle->aud_key = im->aud_key; issue_handle->iss_key = im->iss_key; @@ -1606,7 +1776,11 @@ run (void *cls, { GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "error connecting to gns"); } - + credential_handle = GNUNET_CREDENTIAL_connect (cfg); + if (NULL == credential_handle) + { + GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "error connecting to credential"); + } identity_handle = GNUNET_IDENTITY_connect (cfg, &list_ego, NULL); diff --git a/src/identity-provider/identity_provider.h b/src/identity-provider/identity_provider.h index 6fe6102c8..9d2675c35 100644 --- a/src/identity-provider/identity_provider.h +++ b/src/identity-provider/identity_provider.h @@ -133,6 +133,11 @@ struct IssueMessage */ uint64_t nonce; + /** + * Length of scopes + */ + uint64_t scope_len; + /** * Expiration of token in NBO. */ diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c index 1d242f66a..abee41d17 100644 --- a/src/identity-provider/identity_provider_api.c +++ b/src/identity-provider/identity_provider_api.c @@ -430,6 +430,7 @@ GNUNET_IDENTITY_PROVIDER_issue_token (struct GNUNET_IDENTITY_PROVIDER_Handle *id const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss_key, const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, const char* scopes, + const char* vattr, struct GNUNET_TIME_Absolute expiration, uint64_t nonce, GNUNET_IDENTITY_PROVIDER_IssueCallback cb, @@ -440,6 +441,8 @@ GNUNET_IDENTITY_PROVIDER_issue_token (struct GNUNET_IDENTITY_PROVIDER_Handle *id size_t slen; slen = strlen (scopes) + 1; + if (NULL != vattr) + slen += strlen (vattr) + 1; if (slen >= GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (struct IssueMessage)) { GNUNET_break (0); @@ -456,9 +459,14 @@ GNUNET_IDENTITY_PROVIDER_issue_token (struct GNUNET_IDENTITY_PROVIDER_Handle *id im->id = op->r_id; im->iss_key = *iss_key; im->aud_key = *aud_key; + im->scope_len = htonl (strlen(scopes)+1); im->nonce = htonl (nonce); im->expiration = GNUNET_TIME_absolute_hton (expiration); - GNUNET_memcpy (&im[1], scopes, slen); + GNUNET_memcpy (&im[1], scopes, strlen(scopes)); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "VATTRAPI: %s\n", vattr); + if (NULL != vattr) + GNUNET_memcpy ((char*)&im[1]+strlen(scopes)+1, vattr, strlen(vattr)); GNUNET_CONTAINER_DLL_insert_tail (id->op_head, id->op_tail, op); diff --git a/src/identity-provider/identity_token.c b/src/identity-provider/identity_token.c index 31249840b..6794e373c 100644 --- a/src/identity-provider/identity_token.c +++ b/src/identity-provider/identity_token.c @@ -256,6 +256,38 @@ token_destroy (struct IdentityToken *token) GNUNET_free (token); } +void +token_add_attr_json (struct IdentityToken *token, + const char* key, + json_t* value) +{ + struct TokenAttr *attr; + struct TokenAttrValue *new_val; + GNUNET_assert (NULL != token); + + new_val = GNUNET_malloc (sizeof (struct TokenAttrValue)); + new_val->json_value = value; + json_incref(value); + for (attr = token->attr_head; NULL != attr; attr = attr->next) + { + if (0 == strcmp (key, attr->name)) + break; + } + + if (NULL == attr) + { + attr = GNUNET_malloc (sizeof (struct TokenAttr)); + attr->name = GNUNET_strdup (key); + GNUNET_CONTAINER_DLL_insert (token->attr_head, + token->attr_tail, + attr); + } + + GNUNET_CONTAINER_DLL_insert (attr->val_head, + attr->val_tail, + new_val); +} + void token_add_attr (struct IdentityToken *token, const char* key, @@ -345,17 +377,23 @@ parse_json_payload(const char* payload_base64, if (json_is_integer (arr_value)) token_add_attr_int (token, key, json_integer_value (arr_value)); - else + else if (json_is_string (arr_value)) token_add_attr (token, key, json_string_value (arr_value)); + else + token_add_attr_json (token, + key, + (json_t*)arr_value); } } else { if (json_is_integer (value)) token_add_attr_int (token, key, json_integer_value (value)); - else + else if (json_is_string (value)) token_add_attr (token, key, json_string_value (value)); + else + token_add_attr_json (token, key, (json_t*)value); } } @@ -424,7 +462,7 @@ token_parse (const char* raw_data, GNUNET_asprintf (&tmp_buf, "%s", raw_data); ecdh_pubkey_str = strtok (tmp_buf, ","); enc_token_str = strtok (NULL, ","); - + GNUNET_assert (NULL != ecdh_pubkey_str); GNUNET_assert (NULL != enc_token_str); @@ -476,7 +514,11 @@ create_json_payload (const struct IdentityToken *token) json_object_set_new (root, attr->name, json_string (val->value)); - } else { + } else if (NULL != val->json_value) { + json_object_set (root, + attr->name, + val->json_value); + }else { json_object_set_new (root, attr->name, json_integer (val->int_value)); @@ -715,8 +757,8 @@ ticket_serialize (struct TokenTicket *ticket, purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET); write_ptr = (char*) &purpose[1]; GNUNET_memcpy (write_ptr, - &ticket->ecdh_pubkey, - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); + &ticket->ecdh_pubkey, + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); write_ptr += sizeof (struct GNUNET_CRYPTO_EcdhePublicKey); GNUNET_memcpy (write_ptr, enc_ticket_payload, strlen (code_payload_str)); GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdsa_sign (priv_key, @@ -825,7 +867,7 @@ ticket_payload_parse(const char *raw_data, nonce_str = json_string_value (nonce_json); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found nonce: %s\n", nonce_str); - + GNUNET_assert (0 != sscanf (nonce_str, "%"SCNu64, &nonce)); *result = ticket_payload_create (nonce, diff --git a/src/identity-provider/identity_token.h b/src/identity-provider/identity_token.h index 7ded6662e..5988bc668 100644 --- a/src/identity-provider/identity_token.h +++ b/src/identity-provider/identity_token.h @@ -103,6 +103,11 @@ struct TokenAttrValue * used if NULL == value */ uint64_t int_value; + + /** + * Json value + */ + json_t *json_value; }; struct TokenTicketPayload @@ -213,10 +218,10 @@ token_add_attr_int (struct IdentityToken *token, * @param value the value * */ - void - token_add_json (const struct IdentityToken *token, - const char* key, - json_t* value); +void +token_add_attr_json (struct IdentityToken *token, + const char* key, + json_t* value); /** * Serialize a token. The token will be signed and base64 according to the @@ -234,11 +239,11 @@ token_add_attr_int (struct IdentityToken *token, * * @return GNUNET_OK on success */ - int - token_serialize (const struct IdentityToken*token, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, - struct GNUNET_CRYPTO_EcdhePrivateKey **ecdhe_privkey, - char **result); +int +token_serialize (const struct IdentityToken*token, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, + struct GNUNET_CRYPTO_EcdhePrivateKey **ecdhe_privkey, + char **result); /** * Parses the serialized token and returns a token @@ -249,10 +254,10 @@ token_add_attr_int (struct IdentityToken *token, * * @return GNUNET_OK on success */ - int - token_parse (const char* data, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, - struct IdentityToken **result); +int +token_parse (const char* data, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, + struct IdentityToken **result); /** * Parses the serialized token and returns a token @@ -283,10 +288,10 @@ token_parse2 (const char* data, * * @return GNUNET_OK on success */ - int - token_to_string (const struct IdentityToken *token, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, - char **result); +int +token_to_string (const struct IdentityToken *token, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, + char **result); /** * @@ -316,10 +321,10 @@ ticket_create (uint64_t nonce, * * @return GNUNET_OK on success */ - int - ticket_serialize (struct TokenTicket *ticket, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, - char **result); +int +ticket_serialize (struct TokenTicket *ticket, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, + char **result); /** * Destroys a ticket diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index e03f502ad..cd0c76989 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c @@ -109,6 +109,12 @@ */ #define GNUNET_IDENTITY_TOKEN_ATTR_LIST "requested_attrs" +/** + * Attributes passed to issue request + */ +#define GNUNET_IDENTITY_TOKEN_V_ATTR_LIST "requested_verified_attrs" + + /** * Token expiration string */ @@ -460,6 +466,7 @@ issue_token_cont (struct GNUNET_REST_RequestHandle *con, char *exp_str; char *nonce_str; char *scopes; + char *vattrs; uint64_t time; uint64_t nonce; @@ -536,6 +543,21 @@ issue_token_cont (struct GNUNET_REST_RequestHandle *con, scopes = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, &key); + //vattrs + GNUNET_CRYPTO_hash (GNUNET_IDENTITY_TOKEN_V_ATTR_LIST, + strlen (GNUNET_IDENTITY_TOKEN_V_ATTR_LIST), + &key); + + vattrs = NULL; + if ( GNUNET_YES == + GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, + &key) ) + { + vattrs = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, + &key); + } + + //Token audience GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_AUD_REQUEST, @@ -547,15 +569,15 @@ issue_token_cont (struct GNUNET_REST_RequestHandle *con, &key) ) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Audience missing!\n"); + "Audience missing!\n"); GNUNET_SCHEDULER_add_now (&do_error, handle); return; } audience = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, &key); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Audience to issue token for: %s\n", - audience); + "Audience to issue token for: %s\n", + audience); priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, @@ -581,8 +603,8 @@ issue_token_cont (struct GNUNET_REST_RequestHandle *con, nonce_str = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, &key); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Request nonce: %s\n", - nonce_str); + "Request nonce: %s\n", + nonce_str); GNUNET_assert (1 == sscanf (nonce_str, "%"SCNu64, &nonce)); //Get expiration for token from URL parameter @@ -619,6 +641,7 @@ issue_token_cont (struct GNUNET_REST_RequestHandle *con, priv_key, &aud_key, scopes, + vattrs, exp_time, nonce, &token_creat_cont, @@ -739,16 +762,16 @@ token_collect (void *cls, rd[i].data_size); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding token: %s\n", data); json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_TOKEN, - label); + label); issuer = json_string (handle->ego_head->identifier); GNUNET_JSONAPI_resource_add_attr (json_resource, - GNUNET_REST_JSONAPI_IDENTITY_ISS_REQUEST, - issuer); + GNUNET_REST_JSONAPI_IDENTITY_ISS_REQUEST, + issuer); json_decref (issuer); token = json_string (data); GNUNET_JSONAPI_resource_add_attr (json_resource, - GNUNET_REST_JSONAPI_IDENTITY_TOKEN, - token); + GNUNET_REST_JSONAPI_IDENTITY_TOKEN, + token); json_decref (token); GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource); @@ -865,7 +888,7 @@ exchange_cont (void *cls, return; } nonce_str = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, - &key); + &key); GNUNET_assert (1 == sscanf (nonce_str, "%"SCNu64, &expected_nonce)); if (ticket_nonce != expected_nonce) diff --git a/src/include/gnunet_identity_provider_service.h b/src/include/gnunet_identity_provider_service.h index e533f6f8c..ba727eb92 100644 --- a/src/include/gnunet_identity_provider_service.h +++ b/src/include/gnunet_identity_provider_service.h @@ -126,6 +126,7 @@ GNUNET_IDENTITY_PROVIDER_issue_token (struct GNUNET_IDENTITY_PROVIDER_Handle *id const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss_key, const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, const char* scope, + const char* vattr, struct GNUNET_TIME_Absolute expiration, uint64_t nonce, GNUNET_IDENTITY_PROVIDER_IssueCallback cb, -- cgit v1.2.3 From 3c1b722a8778b9f1f2b7564d3d2709f220e96547 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Thu, 29 Dec 2016 15:49:56 +0100 Subject: -fix --- src/identity-provider/gnunet-service-identity-provider.c | 2 -- src/identity-provider/identity_provider_api.c | 2 -- 2 files changed, 4 deletions(-) diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index e8ea487f4..e97be55d1 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -1707,8 +1707,6 @@ handle_issue_message (void *cls, GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); } GNUNET_free (scopes_tmp); - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "VATTRS: %s\n", v_attrs); scopes_tmp = GNUNET_strdup (v_attrs); for (scope = strtok (scopes_tmp, ","); NULL != scope; scope = strtok (NULL, ",")) diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c index abee41d17..220c36656 100644 --- a/src/identity-provider/identity_provider_api.c +++ b/src/identity-provider/identity_provider_api.c @@ -463,8 +463,6 @@ GNUNET_IDENTITY_PROVIDER_issue_token (struct GNUNET_IDENTITY_PROVIDER_Handle *id im->nonce = htonl (nonce); im->expiration = GNUNET_TIME_absolute_hton (expiration); GNUNET_memcpy (&im[1], scopes, strlen(scopes)); - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "VATTRAPI: %s\n", vattr); if (NULL != vattr) GNUNET_memcpy ((char*)&im[1]+strlen(scopes)+1, vattr, strlen(vattr)); GNUNET_CONTAINER_DLL_insert_tail (id->op_head, -- cgit v1.2.3 From 324650a2a05cd38c896162dd8dd7aebd3ddfd25f Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Fri, 21 Apr 2017 13:51:04 +0200 Subject: -fix API changes --- src/credential/credential_api.c | 4 +- src/credential/gnunet-credential.c | 77 ++++++++++++++++----------- src/credential/gnunet-service-credential.c | 2 - src/identity-provider/identity_provider_api.c | 2 +- 4 files changed, 49 insertions(+), 36 deletions(-) diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index f90bf9630..fd0c9e3d5 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c @@ -399,7 +399,7 @@ GNUNET_CREDENTIAL_collect (struct GNUNET_CREDENTIAL_Handle *handle, "Trying to collect `%s' in CREDENTIAL\n", issuer_attribute); nlen = strlen (issuer_attribute) + 1; - if (nlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (*vr)) + if (nlen >= GNUNET_MAX_MESSAGE_SIZE - sizeof (*vr)) { GNUNET_break (0); return NULL; @@ -475,7 +475,7 @@ GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, "Trying to verify `%s' in CREDENTIAL\n", issuer_attribute); nlen = strlen (issuer_attribute) + 1 + clen; - if (nlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (*vr)) + if (nlen >= GNUNET_MAX_MESSAGE_SIZE - sizeof (*vr)) { GNUNET_break (0); return NULL; diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index fb7bdb7f8..92804c97a 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c @@ -108,17 +108,17 @@ static char *issuer_attr; /** * Verify mode */ -static uint32_t verify; +static int verify; /** * Issue mode */ -static uint32_t create_cred; +static int create_cred; /** * Collect mode */ -static uint32_t collect; +static int collect; /** * Task run on shutdown. Cleans up everything. @@ -537,34 +537,49 @@ run (void *cls, int main (int argc, char *const *argv) { - static const struct GNUNET_GETOPT_CommandLineOption options[] = { - {'I', "issue", NULL, - gettext_noop ("create credential"), 0, - &GNUNET_GETOPT_set_one, &create_cred}, - {'V', "verify", NULL, - gettext_noop ("verify credential against attribute"), 0, - &GNUNET_GETOPT_set_one, &verify}, - {'s', "subject", "PKEY", - gettext_noop ("The public key of the subject to lookup the credential for"), 1, - &GNUNET_GETOPT_set_string, &subject_key}, - {'b', "credential", "CRED", - gettext_noop ("The name of the credential presented by the subject"), 1, - &GNUNET_GETOPT_set_string, &subject_credential}, - {'i', "issuer", "PKEY", - gettext_noop ("The public key of the authority to verify the credential against"), 1, - &GNUNET_GETOPT_set_string, &issuer_key}, - {'e', "ego", "EGO", - gettext_noop ("The ego to use"), 1, - &GNUNET_GETOPT_set_string, &ego_name}, - {'a', "attribute", "ATTR", - gettext_noop ("The issuer attribute to verify against or to issue"), 1, - &GNUNET_GETOPT_set_string, &issuer_attr}, - {'T', "ttl", "EXP", - gettext_noop ("The time to live for the credential"), 1, - &GNUNET_GETOPT_set_string, &expiration}, - {'g', "collect", NULL, - gettext_noop ("collect credentials"), 0, - &GNUNET_GETOPT_set_one, &collect}, + struct GNUNET_GETOPT_CommandLineOption options[] = { + GNUNET_GETOPT_option_flag ('I', + "issue", + gettext_noop ("create credential"), + &create_cred), + GNUNET_GETOPT_option_flag ('V', + "verify", + gettext_noop ("verify credential against attribute"), + &verify), + GNUNET_GETOPT_option_string ('s', + "subject", + "PKEY", + gettext_noop ("The public key of the subject to lookup the credential for"), + &subject_key), + GNUNET_GETOPT_option_string ('b', + "credential", + "CRED", + gettext_noop ("The name of the credential presented by the subject"), + &subject_credential), + GNUNET_GETOPT_option_string ('i', + "issuer", + "PKEY", + gettext_noop ("The public key of the authority to verify the credential against"), + &issuer_key), + GNUNET_GETOPT_option_string ('e', + "ego", + "EGO", + gettext_noop ("The ego to use"), + &ego_name), + GNUNET_GETOPT_option_string ('a', + "attribute", + "ATTR", + gettext_noop ("The issuer attribute to verify against or to issue"), + &issuer_attr), + GNUNET_GETOPT_option_string ('T', + "ttl", + "EXP", + gettext_noop ("The time to live for the credential"), + &expiration), + GNUNET_GETOPT_option_flag ('g', + "collect", + gettext_noop ("collect credentials"), + &collect), GNUNET_GETOPT_OPTION_END }; int ret; diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index 75ed6d5da..3178b133e 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -772,7 +772,6 @@ backward_resolution (void* cls, ds_entry->issuer_key, //issuer_key, GNUNET_GNSRECORD_TYPE_ATTRIBUTE, GNUNET_GNS_LO_DEFAULT, - NULL, //shorten_key, always NULL &backward_resolution, ds_entry); GNUNET_free (lookup_attribute); @@ -855,7 +854,6 @@ delegation_chain_resolution_start (void* cls) &vrh->issuer_key, //issuer_key, GNUNET_GNSRECORD_TYPE_ATTRIBUTE, GNUNET_GNS_LO_DEFAULT, - NULL, //shorten_key, always NULL &backward_resolution, ds_entry); } diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c index 04e3a54f9..9a3304334 100644 --- a/src/identity-provider/identity_provider_api.c +++ b/src/identity-provider/identity_provider_api.c @@ -443,7 +443,7 @@ GNUNET_IDENTITY_PROVIDER_issue_token (struct GNUNET_IDENTITY_PROVIDER_Handle *id slen = strlen (scopes) + 1; if (NULL != vattr) slen += strlen (vattr) + 1; - if (slen >= GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (struct IssueMessage)) + if (slen >= GNUNET_MAX_MESSAGE_SIZE - sizeof (struct IssueMessage)) { GNUNET_break (0); return NULL; -- cgit v1.2.3 From 80a88ff17fd8e37f0ce27fe6a5d6c5dfa1dcfdf7 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 24 Apr 2017 17:50:33 +0200 Subject: -fix --- src/credential/gnunet-service-credential.c | 4 ++-- src/credential/test_credential_verify_and.sh | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index 3178b133e..be75e485e 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -961,13 +961,13 @@ handle_verify (void *cls, for (i=0;icredential = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_Credential) + - strlen (credentials[i].issuer_attribute) + 1); + credentials[i].issuer_attribute_len); GNUNET_memcpy (cr_entry->credential, &credentials[i], sizeof (struct GNUNET_CREDENTIAL_Credential)); GNUNET_memcpy (&cr_entry->credential[1], credentials[i].issuer_attribute, - strlen (credentials[i].issuer_attribute)); + credentials[i].issuer_attribute_len); cr_entry->credential->issuer_attribute = (char*)&cr_entry->credential[1]; GNUNET_CONTAINER_DLL_insert_tail (vrh->cred_chain_head, vrh->cred_chain_tail, diff --git a/src/credential/test_credential_verify_and.sh b/src/credential/test_credential_verify_and.sh index 833d36f95..9d5c1962e 100755 --- a/src/credential/test_credential_verify_and.sh +++ b/src/credential/test_credential_verify_and.sh @@ -54,14 +54,14 @@ gnunet-namestore -p -z gnunet -a -n $MEMBER_ATTR -t ATTR -V "$GNUNET_KEY $DEVELO CRED1=`$DO_TIMEOUT gnunet-credential --issue --ego=gnunet --subject=$ALICE_KEY --attribute=$DEV_ATTR --ttl=5m -c test_credential_lookup.conf` # (5) GNUnet issues Alice the credential "user" CRED2=`$DO_TIMEOUT gnunet-credential --issue --ego=gnunet --subject=$ALICE_KEY --attribute=$USER_ATTR --ttl=5m -c test_credential_lookup.conf` - - # Alice stores the credential under "mygnunetcreds" gnunet-namestore -p -z alice -a -n $TEST_CREDENTIAL -t CRED -V "$CRED1" -e 5m -c test_credential_lookup.conf gnunet-namestore -p -z alice -a -n $TEST_CREDENTIAL -t CRED -V "$CRED2" -e 5m -c test_credential_lookup.conf +CREDS=`$DO_TIMEOUT gnunet-credential --collect --issuer=$SERVICE_KEY --attribute=$USER_ATTR --ego=alice -c test_credential_lookup.conf | paste -d, -s` + #TODO2 Add -z swich like in gnunet-gns -RES_CRED=`gnunet-credential --verify --issuer=$SERVICE_KEY --attribute=$USER_ATTR --subject=$ALICE_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf` +RES_CRED=`gnunet-credential --verify --issuer=$SERVICE_KEY --attribute=$USER_ATTR --subject=$ALICE_KEY --credential="$CREDS" -c test_credential_lookup.conf` #TODO cleanup properly -- cgit v1.2.3 From 56e4af789bcffac72eecacbec7156597a4b1c5b7 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Fri, 12 May 2017 19:20:53 +0200 Subject: -fix --- src/namestore/plugin_rest_namestore.c | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/src/namestore/plugin_rest_namestore.c b/src/namestore/plugin_rest_namestore.c index 50957a5b4..05776801b 100644 --- a/src/namestore/plugin_rest_namestore.c +++ b/src/namestore/plugin_rest_namestore.c @@ -401,11 +401,16 @@ namestore_list_finished (void *cls) struct MHD_Response *resp; handle->list_it = NULL; + if (NULL == handle->resp_object) + handle->resp_object = GNUNET_JSONAPI_document_new (); + if (GNUNET_SYSERR == GNUNET_JSONAPI_document_serialize (handle->resp_object, &result)) { - do_error (handle); + handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; + GNUNET_SCHEDULER_add_now (&do_error, + handle); return; } resp = GNUNET_REST_create_response (result); @@ -467,10 +472,10 @@ namestore_list_response (void *cls, if (0 < json_array_size(result_array)) { json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_NAMESTORE_TYPEINFO, - rname); + rname); GNUNET_JSONAPI_resource_add_attr (json_resource, - GNUNET_REST_JSONAPI_NAMESTORE_RECORD, - result_array); + GNUNET_REST_JSONAPI_NAMESTORE_RECORD, + result_array); GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource); } @@ -767,8 +772,8 @@ namestore_create_cont (struct GNUNET_REST_RequestHandle *con, } term_data[handle->rest_handle->data_size] = '\0'; GNUNET_memcpy (term_data, - handle->rest_handle->data, - handle->rest_handle->data_size); + handle->rest_handle->data, + handle->rest_handle->data_size); data_js = json_loads (term_data, JSON_DECODE_ANY, &err); @@ -902,7 +907,7 @@ namestore_zkey_cont (struct GNUNET_REST_RequestHandle *con, if ((NULL == handle->zkey_str) || (GNUNET_OK != GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->zkey_str, - strlen (handle->zkey_str), + strlen (handle->zkey_str), &pubkey))) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, @@ -1021,13 +1026,13 @@ identity_cb (void *cls, if (GNUNET_OK != GNUNET_JSONAPI_handle_request (handle->rest_handle, - handlers, - &err, - handle)) + handlers, + &err, + handle)) { handle->response_code = err.error_code; GNUNET_SCHEDULER_add_now (&do_error, - (void *) handle); + (void *) handle); } } -- cgit v1.2.3 From 315cdad26814aa1d5e35ee7c75cfa32058a04bf2 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Thu, 18 May 2017 13:12:49 +0200 Subject: -add policy record type --- src/credential/plugin_gnsrecord_credential.c | 11 +++++++++++ src/include/gnunet_gnsrecord_lib.h | 4 ++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index 5c3c03832..1011664cd 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c @@ -125,6 +125,10 @@ credential_value_to_string (void *cls, GNUNET_free (cred); return cred_str; } + case GNUNET_GNSRECORD_TYPE_POLICY: + { + return GNUNET_strdup (data); + } default: return NULL; } @@ -242,6 +246,12 @@ credential_string_to_value (void *cls, (char**)data); return GNUNET_OK; } + case GNUNET_GNSRECORD_TYPE_POLICY: + { + *data_size = strlen (s); + *data = GNUNET_strdup (s); + return GNUNET_OK; + } default: return GNUNET_SYSERR; } @@ -258,6 +268,7 @@ static struct { } name_map[] = { { "CRED", GNUNET_GNSRECORD_TYPE_CREDENTIAL }, { "ATTR", GNUNET_GNSRECORD_TYPE_ATTRIBUTE }, + { "POLICY", GNUNET_GNSRECORD_TYPE_POLICY }, { NULL, UINT32_MAX } }; diff --git a/src/include/gnunet_gnsrecord_lib.h b/src/include/gnunet_gnsrecord_lib.h index 4f96d50d5..e33d52819 100644 --- a/src/include/gnunet_gnsrecord_lib.h +++ b/src/include/gnunet_gnsrecord_lib.h @@ -114,9 +114,9 @@ extern "C" #define GNUNET_GNSRECORD_TYPE_CREDENTIAL 65547 /** - * Record type for reverse lookups + * Record type for policies */ -#define GNUNET_GNSRECORD_TYPE_REVERSE 65548 +#define GNUNET_GNSRECORD_TYPE_POLICY 65548 /** * Record type for reverse lookups -- cgit v1.2.3 From dfe45df6f05c770db78922dc352c4d88de15e56e Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 22 May 2017 12:08:59 +0200 Subject: -remove reverse record --- src/gns/plugin_gnsrecord_gns.c | 67 ------------------------------------------ 1 file changed, 67 deletions(-) diff --git a/src/gns/plugin_gnsrecord_gns.c b/src/gns/plugin_gnsrecord_gns.c index 5d611e19e..6adad0f34 100644 --- a/src/gns/plugin_gnsrecord_gns.c +++ b/src/gns/plugin_gnsrecord_gns.c @@ -140,30 +140,6 @@ gns_value_to_string (void *cls, GNUNET_free (ival); return box_str; } - case GNUNET_GNSRECORD_TYPE_REVERSE: - { - struct GNUNET_GNSRECORD_ReverseRecord rev; - char *rev_str; - char *pkey_str; - - if (data_size < sizeof (struct GNUNET_GNSRECORD_ReverseRecord)) - return NULL; /* malformed */ - - memcpy (&rev, - data, - sizeof (rev)); - cdata = data; - pkey_str = GNUNET_CRYPTO_ecdsa_public_key_to_string (&rev.pkey); - - GNUNET_asprintf (&rev_str, - "%s %s %"SCNu64, - &cdata[sizeof (rev)], - pkey_str, - rev.expiration.abs_value_us); - GNUNET_free (pkey_str); - return rev_str; - - } default: return NULL; } @@ -335,48 +311,6 @@ gns_string_to_value (void *cls, GNUNET_free (bval); return GNUNET_OK; } - case GNUNET_GNSRECORD_TYPE_REVERSE: - { - struct GNUNET_GNSRECORD_ReverseRecord *rev; - char known_by[253 + 1]; - struct GNUNET_TIME_Absolute expiration; - - /* TODO: From crypto_ecc.c - * Why is this not a constant??? - */ - size_t enclen = (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8; - if (enclen % 5 > 0) - enclen += 5 - enclen % 5; - enclen /= 5; /* 260/5 = 52 */ - char pkey_str[enclen + 1]; - - if (3 != SSCANF (s, - "%253s %52s %"SCNu64, - known_by, - pkey_str, - &expiration.abs_value_us)) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - _("Unable to parse REVERSE record string `%s'\n"), - s); - return GNUNET_SYSERR; - } - *data_size = sizeof (struct GNUNET_GNSRECORD_ReverseRecord) + strlen (known_by) + 1; - *data = rev = GNUNET_malloc (*data_size); - if (GNUNET_OK != - GNUNET_CRYPTO_ecdsa_public_key_from_string (pkey_str, - strlen (pkey_str), - &rev->pkey)) - { - GNUNET_free (rev); - return GNUNET_SYSERR; - } - rev->expiration = expiration; - GNUNET_memcpy (&rev[1], - known_by, - strlen (known_by)); - return GNUNET_OK; - } default: return GNUNET_SYSERR; } @@ -397,7 +331,6 @@ static struct { { "VPN", GNUNET_GNSRECORD_TYPE_VPN }, { "GNS2DNS", GNUNET_GNSRECORD_TYPE_GNS2DNS }, { "BOX", GNUNET_GNSRECORD_TYPE_BOX }, - { "REVERSE", GNUNET_GNSRECORD_TYPE_REVERSE }, { NULL, UINT32_MAX } }; -- cgit v1.2.3 From 5747257471e9b66208836799bced6df3d32c50f4 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Tue, 30 May 2017 13:50:07 +0200 Subject: -fix idp --- src/credential/credential_api.c | 2 +- src/credential/gnunet-credential.c | 2 +- src/credential/plugin_rest_credential.c | 2 +- .../gnunet-service-identity-provider.c | 173 ++------------------- .../plugin_rest_identity_provider.c | 2 + src/include/gnunet_credential_service.h | 2 +- 6 files changed, 21 insertions(+), 162 deletions(-) diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index fd0c9e3d5..ca54137ad 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c @@ -348,7 +348,7 @@ GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle) * @param lr the verify request to cancel */ void -GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_Request *vr) +GNUNET_CREDENTIAL_request_cancel (struct GNUNET_CREDENTIAL_Request *vr) { struct GNUNET_CREDENTIAL_Handle *handle = vr->credential_handle; diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index 92804c97a..4a6dc5ccd 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c @@ -130,7 +130,7 @@ do_shutdown (void *cls) { if (NULL != verify_request) { - GNUNET_CREDENTIAL_verify_cancel (verify_request); + GNUNET_CREDENTIAL_request_cancel (verify_request); verify_request = NULL; } if (NULL != credential) diff --git a/src/credential/plugin_rest_credential.c b/src/credential/plugin_rest_credential.c index 59022e794..48d48fba0 100644 --- a/src/credential/plugin_rest_credential.c +++ b/src/credential/plugin_rest_credential.c @@ -177,7 +177,7 @@ cleanup_handle (struct RequestHandle *handle) if (NULL != handle->subject_attr) GNUNET_free (handle->subject_attr); if (NULL != handle->verify_request) - GNUNET_CREDENTIAL_verify_cancel (handle->verify_request); + GNUNET_CREDENTIAL_request_cancel (handle->verify_request); if (NULL != handle->credential) GNUNET_CREDENTIAL_disconnect (handle->credential); if (NULL != handle->id_op) diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index f9e06fef9..f4ea352d4 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -1015,6 +1015,10 @@ cleanup_issue_handle (struct IssueHandle *handle) ticket_destroy (handle->ticket); if (NULL != handle->label) GNUNET_free (handle->label); + if (NULL != handle->ns_it) + GNUNET_NAMESTORE_zone_iteration_stop (handle->ns_it); + if (NULL != handle->credential_request) + GNUNET_CREDENTIAL_request_cancel (handle->credential_request); GNUNET_free (handle); } @@ -1484,160 +1488,6 @@ handle_exchange_message (void *cls, } - -static void -find_existing_token_error (void *cls) -{ - struct IssueHandle *handle = cls; - cleanup_issue_handle (handle); - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error looking for existing token\n"); - GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); -} - - -static void -find_existing_token_finished (void *cls) -{ - struct IssueHandle *handle = cls; - uint64_t rnd_key; - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - ">>> No existing token found\n"); - rnd_key = - GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG, - UINT64_MAX); - GNUNET_STRINGS_base64_encode ((char*)&rnd_key, - sizeof (uint64_t), - &handle->label); - handle->ns_it = NULL; - handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, - &handle->iss_key, - &attr_collect_error, - handle, - &attr_collect, - handle, - &attr_collect_finished, - handle); -} - - -/** - * - * Look for existing token - * - * @param cls the identity entry - * @param zone the identity - * @param lbl the name of the record - * @param rd_count number of records - * @param rd record data - * - */ -static void -find_existing_token (void *cls, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, - const char *lbl, - unsigned int rd_count, - const struct GNUNET_GNSRECORD_Data *rd) -{ - struct IssueHandle *handle = cls; - const struct GNUNET_GNSRECORD_Data *token_metadata_record; - struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key; - struct GNUNET_HashCode key; - int scope_count_token; - char *scope; - char *tmp_scopes; - - //There should be only a single record for a token under a label - if (2 != rd_count) - { - GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); - return; - } - - if (rd[0].record_type == GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA) - { - token_metadata_record = &rd[0]; - } - else - { - token_metadata_record = &rd[1]; - } - if (token_metadata_record->record_type != GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA) - { - GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); - return; - } - ecdhe_privkey = *((struct GNUNET_CRYPTO_EcdhePrivateKey *)token_metadata_record->data); - aud_key = - (struct GNUNET_CRYPTO_EcdsaPublicKey *)(token_metadata_record->data+sizeof(struct GNUNET_CRYPTO_EcdhePrivateKey)); - tmp_scopes = GNUNET_strdup ((char*) aud_key+sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - - if (0 != memcmp (aud_key, &handle->aud_key, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) - { - char *tmp2 = GNUNET_STRINGS_data_to_string_alloc (aud_key, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - //Audience does not match! - char *tmp = GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA, - token_metadata_record->data, - token_metadata_record->data_size); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Token does not match audience %s vs %s. Moving on\n", - tmp2, - tmp); - GNUNET_free (tmp_scopes); - GNUNET_free (tmp2); - GNUNET_free (tmp); - GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); - return; - } - - scope = strtok (tmp_scopes, ","); - scope_count_token = 0; - while (NULL != scope) - { - GNUNET_CRYPTO_hash (scope, - strlen (scope), - &key); - - if ((NULL != handle->attr_map) && - (GNUNET_YES != GNUNET_CONTAINER_multihashmap_contains (handle->attr_map, &key))) - { - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Issued token does not include `%s'. Moving on\n", scope); - GNUNET_free (tmp_scopes); - GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); - return; - } - scope_count_token++; - scope = strtok (NULL, ","); - } - GNUNET_free (tmp_scopes); - //All scopes in token are also in request. Now - //Check length - if ((NULL != handle->attr_map) && - (GNUNET_CONTAINER_multihashmap_size (handle->attr_map) == scope_count_token)) - { - //We have an existing token - handle->label = GNUNET_strdup (lbl); - handle->ns_it = NULL; - handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, - &handle->iss_key, - &attr_collect_error, - handle, - &attr_collect, - handle, - &attr_collect_finished, - handle); - - return; - } - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Nuber of attributes in token do not match request\n"); - //No luck - GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); -} - /** * Checks an issue message * @@ -1684,6 +1534,7 @@ handle_issue_message (void *cls, char *scopes_tmp; char *scope; const char *v_attrs; + uint64_t rnd_key; struct GNUNET_HashCode key; struct IssueHandle *issue_handle; struct VerifiedAttributeEntry *vattr_entry; @@ -1733,14 +1584,20 @@ handle_issue_message (void *cls, issue_handle->scopes = GNUNET_strdup (scopes); issue_handle->token = token_create (&issue_handle->iss_pkey, &issue_handle->aud_key); + rnd_key = + GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG, + UINT64_MAX); + GNUNET_STRINGS_base64_encode ((char*)&rnd_key, + sizeof (uint64_t), + &issue_handle->label); issue_handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, - &im->iss_key, - &find_existing_token_error, + &issue_handle->iss_key, + &attr_collect_error, issue_handle, - &find_existing_token, + &attr_collect, issue_handle, - &find_existing_token_finished, + &attr_collect_finished, issue_handle); } diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index 5ea7b2821..dfb935f5b 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c @@ -402,6 +402,8 @@ token_creat_cont (void *cls, char *ticket_str; char *token_str; char *result_str; + + handle->idp_op = NULL; if (NULL == ticket) { diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h index 6c9b477ea..67c2f2b4c 100644 --- a/src/include/gnunet_credential_service.h +++ b/src/include/gnunet_credential_service.h @@ -377,7 +377,7 @@ GNUNET_CREDENTIAL_credential_issue ( * @param lr the lookup request to cancel */ void -GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_Request *vr); +GNUNET_CREDENTIAL_request_cancel (struct GNUNET_CREDENTIAL_Request *vr); #if 0 /* keep Emacsens' auto-indent happy */ -- cgit v1.2.3 From d80df28d5f4814f93b8aa536a1064c77e3d659cc Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Fri, 23 Jun 2017 20:43:16 +0200 Subject: -fix 0-term --- src/credential/plugin_gnsrecord_credential.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index 1011664cd..daecc1bd4 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c @@ -127,7 +127,7 @@ credential_value_to_string (void *cls, } case GNUNET_GNSRECORD_TYPE_POLICY: { - return GNUNET_strdup (data); + return GNUNET_strndup (data,data_size); } default: return NULL; -- cgit v1.2.3 From 531a89e0a41838105121d1ded1ee87973e60587e Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 3 Jul 2017 10:35:07 +0200 Subject: -fix DEBUG output --- src/credential/plugin_gnsrecord_credential.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index daecc1bd4..72d6b53f5 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c @@ -76,7 +76,7 @@ credential_value_to_string (void *cls, for (i=0;i Date: Sat, 8 Jul 2017 18:30:01 +0200 Subject: -add ABE crypto module --- configure.ac | 12 ++ src/include/gnunet_crypto_lib.h | 63 +++++++++ src/util/Makefile.am | 15 ++ src/util/crypto_abe.c | 305 ++++++++++++++++++++++++++++++++++++++++ src/util/test_crypto_abe.c | 86 +++++++++++ 5 files changed, 481 insertions(+) create mode 100644 src/util/crypto_abe.c create mode 100644 src/util/test_crypto_abe.c diff --git a/configure.ac b/configure.ac index c16fbdcba..30f5a823c 100644 --- a/configure.ac +++ b/configure.ac @@ -440,6 +440,18 @@ AC_CHECK_LIB(ogg, ogg_stream_flush_fill, AM_CONDITIONAL(HAVE_OGG, false) ogg=0) +PKG_CHECK_MODULES([ABE], [glib-2.0]) +# check for pbc library +pbc=0 +AC_CHECK_HEADER([pbc/pbc.h],pbc=1) +AM_CONDITIONAL(HAVE_PBC, [test "$pbc" = 1]) +if test "x$pbc" = x1 +then + AC_DEFINE([HAVE_PBC],[1],[Have pbc library]) +else + AC_DEFINE([HAVE_PBC],[0],[Lacking pbc library]) +fi + gst=0 diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 07cade0e3..6f2870c37 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h @@ -395,6 +395,11 @@ struct GNUNET_CRYPTO_PaillierCiphertext unsigned char bits[GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8]; }; +/** + * @brief type for ABE master keys + */ +struct GNUNET_CRYPTO_AbeMasterKey; + /* **************** Functions and Macros ************* */ @@ -2125,6 +2130,64 @@ GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash, const struct GNUNET_CRYPTO_RsaPublicKey *public_key); +/** + * @ingroup crypto + * Create a new CP-ABE master key. Caller must free return value. + * + * @return fresh private key; free using #GNUNET_free + */ +struct GNUNET_CRYPTO_AbeMasterKey * +GNUNET_CRYPTO_cpabe_create_master_key (void); + +/** + * @ingroup crypto + * Create a new CP-ABE key. Caller must free return value. + * + * @return fresh private key; free using #GNUNET_free + */ +struct GNUNET_CRYPTO_AbeKey * +GNUNET_CRYPTO_cpabe_create_key (struct GNUNET_CRYPTO_AbeMasterKey *msk, + char **attrs); + + +/** + * @ingroup crypto + * Encrypt a block using sessionkey. + * + * @param block the block to encrypt + * @param size the size of the @a block + * @param sessionkey the key used to encrypt + * @param iv the initialization vector to use, use INITVALUE + * for streams. + * @return the size of the encrypted block, -1 for errors + */ +ssize_t +GNUNET_CRYPTO_cpabe_encrypt (const void *block, + size_t size, + char *policy, + const struct GNUNET_CRYPTO_AbeMasterKey *key, + void **result); + +/** + * @ingroup crypto + * Encrypt a block using sessionkey. + * + * @param block the block to encrypt + * @param size the size of the @a block + * @param sessionkey the key used to encrypt + * @param iv the initialization vector to use, use INITVALUE + * for streams. + * @return the size of the encrypted block, -1 for errors + */ +ssize_t +GNUNET_CRYPTO_cpabe_decrypt (const void *block, + size_t size, + const struct GNUNET_CRYPTO_AbeKey *key, + void **result); + + + + #if 0 /* keep Emacsens' auto-indent happy */ { #endif diff --git a/src/util/Makefile.am b/src/util/Makefile.am index 9be572bb6..4b1e44503 100644 --- a/src/util/Makefile.am +++ b/src/util/Makefile.am @@ -87,6 +87,7 @@ libgnunetutil_la_SOURCES = \ crypto_paillier.c \ crypto_random.c \ crypto_rsa.c \ + crypto_abe.c \ disk.c \ disk.h \ getopt.c \ @@ -117,12 +118,20 @@ libgnunetutil_la_LIBADD = \ $(LIBGCRYPT_LIBS) \ $(LTLIBICONV) \ $(LTLIBINTL) \ + $(ABE_LIBADD) \ + -lbswabe \ + -lssl \ + -lpbc \ + -lglib-2.0 \ -lltdl $(Z_LIBS) -lunistring $(XLIB) libgnunetutil_la_LDFLAGS = \ $(GN_LIB_LDFLAGS) \ + $(ABE_LDADD) \ -version-info 13:0:0 +libgnunetutil_la_CFLAGS = \ + $(ABE_CFLAGS) libgnunetutil_taler_wallet_la_SOURCES = \ common_allocation.c \ @@ -274,6 +283,7 @@ check_PROGRAMS = \ test_container_multipeermap \ test_container_heap \ test_crypto_symmetric \ + test_crypto_abe \ test_crypto_crc \ test_crypto_ecdsa \ test_crypto_eddsa \ @@ -406,6 +416,11 @@ test_crypto_symmetric_SOURCES = \ test_crypto_symmetric_LDADD = \ libgnunetutil.la +test_crypto_abe_SOURCES = \ + test_crypto_abe.c +test_crypto_abe_LDADD = \ + libgnunetutil.la + test_crypto_crc_SOURCES = \ test_crypto_crc.c test_crypto_crc_LDADD = \ diff --git a/src/util/crypto_abe.c b/src/util/crypto_abe.c new file mode 100644 index 000000000..d004220d1 --- /dev/null +++ b/src/util/crypto_abe.c @@ -0,0 +1,305 @@ +/* + This file is part of GNUnet. Copyright (C) 2001-2014 Christian Grothoff + (and other contributing authors) + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. + +*/ + +/** + * @file util/crypto_random.c + * @brief functions to gather random numbers + * @author Christian Grothoff + */ + + +#include "platform.h" +#include +#include +#include +#include +#include + +#include "gnunet_crypto_lib.h" + +struct GNUNET_CRYPTO_AbeMasterKey +{ + GByteArray* pub; + + GByteArray* msk; +}; + +struct GNUNET_CRYPTO_AbeKey +{ + GByteArray* pub; + GByteArray* prv; +}; + +static void +init_aes( element_t k, int enc, AES_KEY* key, unsigned char* iv ) +{ + int key_len; + unsigned char* key_buf; + + key_len = element_length_in_bytes(k) < 17 ? 17 : element_length_in_bytes(k); + key_buf = (unsigned char*) malloc(key_len); + element_to_bytes(key_buf, k); + + if( enc ) + AES_set_encrypt_key(key_buf + 1, 128, key); + else + AES_set_decrypt_key(key_buf + 1, 128, key); + free(key_buf); + + memset(iv, 0, 16); +} + +static GByteArray* +aes_128_cbc_encrypt( GByteArray* pt, element_t k ) +{ + AES_KEY key; + unsigned char iv[16]; + GByteArray* ct; + guint8 len[4]; + guint8 zero; + + init_aes(k, 1, &key, iv); + + /* TODO make less crufty */ + + /* stuff in real length (big endian) before padding */ + len[0] = (pt->len & 0xff000000)>>24; + len[1] = (pt->len & 0xff0000)>>16; + len[2] = (pt->len & 0xff00)>>8; + len[3] = (pt->len & 0xff)>>0; + g_byte_array_prepend(pt, len, 4); + + /* pad out to multiple of 128 bit (16 byte) blocks */ + zero = 0; + while( pt->len % 16 ) + g_byte_array_append(pt, &zero, 1); + + ct = g_byte_array_new(); + g_byte_array_set_size(ct, pt->len); + + AES_cbc_encrypt(pt->data, ct->data, pt->len, &key, iv, AES_ENCRYPT); + + return ct; +} + +static GByteArray* +aes_128_cbc_decrypt( GByteArray* ct, element_t k ) +{ + AES_KEY key; + unsigned char iv[16]; + GByteArray* pt; + unsigned int len; + + init_aes(k, 0, &key, iv); + + pt = g_byte_array_new(); + g_byte_array_set_size(pt, ct->len); + + AES_cbc_encrypt(ct->data, pt->data, ct->len, &key, iv, AES_DECRYPT); + + /* TODO make less crufty */ + + /* get real length */ + len = 0; + len = len + | ((pt->data[0])<<24) | ((pt->data[1])<<16) + | ((pt->data[2])<<8) | ((pt->data[3])<<0); + g_byte_array_remove_index(pt, 0); + g_byte_array_remove_index(pt, 0); + g_byte_array_remove_index(pt, 0); + g_byte_array_remove_index(pt, 0); + + /* truncate any garbage from the padding */ + g_byte_array_set_size(pt, len); + + return pt; +} + +struct GNUNET_CRYPTO_AbeMasterKey* +GNUNET_CRYPTO_cpabe_create_master_key (void) +{ + struct GNUNET_CRYPTO_AbeMasterKey* key; + bswabe_msk_t* msk; + bswabe_pub_t* pub; + bswabe_setup(&pub, &msk); + key = GNUNET_new (struct GNUNET_CRYPTO_AbeMasterKey); + key->pub = bswabe_pub_serialize(pub); + key->msk = bswabe_msk_serialize(msk); + GNUNET_assert (NULL != key->pub); + GNUNET_assert (NULL != key->msk); + return key; +} + +struct GNUNET_CRYPTO_AbeKey* +GNUNET_CRYPTO_cpabe_create_key (struct GNUNET_CRYPTO_AbeMasterKey *key, + char **attrs) +{ + struct GNUNET_CRYPTO_AbeKey *prv_key; + bswabe_pub_t* pub; + bswabe_msk_t* msk; + bswabe_prv_t* prv; + gchar* pub_data; + gsize len; + + pub = bswabe_pub_unserialize(key->pub, 0); + msk = bswabe_msk_unserialize(pub, key->msk, 0); + prv = bswabe_keygen(pub, msk, attrs); + prv_key = GNUNET_new (struct GNUNET_CRYPTO_AbeKey); + prv_key->prv = bswabe_prv_serialize(prv); + pub_data = g_strndup ((gchar*)key->pub->data, + key->pub->len); + len = key->pub->len; + prv_key->pub = g_byte_array_new_take ((guint8*)pub_data, len); + GNUNET_assert (NULL != prv_key->prv); + return prv_key; +} + +ssize_t +write_cpabe (void **result, GByteArray* cph_buf, + int file_len, GByteArray* aes_buf) +{ + char *ptr; + int i; + ssize_t size; + size = aes_buf->len + cph_buf->len + 12; + *result = GNUNET_malloc (size); + ptr = *result; + for(i=3; i >= 0; i--) { + *ptr = (file_len & 0xff<<(i*8))>>(i*8); + ptr++; + } + for(i=3; i >= 0; i--) { + *ptr = (aes_buf->len & 0xff<<(i*8))>>(i*8); + ptr++; + } + memcpy (ptr, aes_buf->data, aes_buf->len); + ptr += aes_buf->len; + for(i=3; i >= 0; i--) { + *ptr = (cph_buf->len & 0xff<<(i*8))>>(i*8); + ptr++; + } + memcpy (ptr, cph_buf->data, cph_buf->len); + return size; +} + +ssize_t +read_cpabe (const void *data, GByteArray** cph_buf, GByteArray** aes_buf) +{ + int i; + ssize_t buf_len; + ssize_t tmp_len; + char *ptr; + + *cph_buf = g_byte_array_new(); + *aes_buf = g_byte_array_new(); + ptr = (char*)data; + + buf_len = 0; + for(i=3; i >= 0; i--) { + buf_len |= *ptr<<(i*8); + ptr++; + } + + tmp_len = 0; + for(i=3; i >= 0; i--) { + tmp_len |= *ptr<<(i*8); + ptr++; + } + g_byte_array_set_size(*aes_buf, tmp_len); + memcpy((*aes_buf)->data, ptr, tmp_len); + ptr += tmp_len; + tmp_len = 0; + for(i=3; i >= 0; i--) { + tmp_len |= *ptr<<(i*8); + ptr++; + } + g_byte_array_set_size(*cph_buf, tmp_len); + memcpy((*cph_buf)->data, ptr, tmp_len); + + return buf_len; +} + +ssize_t +GNUNET_CRYPTO_cpabe_encrypt (const void *block, + size_t size, + char *policy, + const struct GNUNET_CRYPTO_AbeMasterKey *key, + void **result) +{ + bswabe_pub_t* pub; + bswabe_cph_t* cph; + GByteArray* plt; + GByteArray* cph_buf; + GByteArray* aes_buf; + guint8 *data; + element_t m; + size_t payload_len; + ssize_t result_len; + pub = bswabe_pub_unserialize(key->pub, 0); + if( !(cph = bswabe_enc(pub, m, policy)) ) + return GNUNET_SYSERR; + cph_buf = bswabe_cph_serialize(cph); + bswabe_cph_free(cph); + data = g_memdup (block, size); + plt = g_byte_array_new_take (data, size); + payload_len = plt->len; + aes_buf = aes_128_cbc_encrypt(plt, m); + g_byte_array_free(plt, 1); + element_clear(m); + result_len = write_cpabe(result, cph_buf, payload_len, aes_buf); + g_byte_array_free(cph_buf, 1); + g_byte_array_free(aes_buf, 1); + return result_len; +} + +ssize_t +GNUNET_CRYPTO_cpabe_decrypt (const void *block, + size_t size, + const struct GNUNET_CRYPTO_AbeKey *key, + void **result) +{ + bswabe_pub_t* pub; + bswabe_prv_t* prv; + GByteArray* aes_buf; + GByteArray* plt; + GByteArray* cph_buf; + bswabe_cph_t* cph; + element_t m; + ssize_t pt_size; + + pub = bswabe_pub_unserialize(key->pub, 0); + prv = bswabe_prv_unserialize(pub, key->prv, 0); + pt_size = read_cpabe(block, &cph_buf, &aes_buf); + cph = bswabe_cph_unserialize(pub, cph_buf, 0); + if( !bswabe_dec(pub, prv, cph, m) ) { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "%s\n", bswabe_error()); + return GNUNET_SYSERR; + } + bswabe_cph_free(cph); + plt = aes_128_cbc_decrypt(aes_buf, m); + g_byte_array_set_size(plt, size); + g_byte_array_free(aes_buf, 1); + *result = GNUNET_malloc (plt->len); + GNUNET_memcpy (*result, plt->data, plt->len); + + return pt_size; +} diff --git a/src/util/test_crypto_abe.c b/src/util/test_crypto_abe.c new file mode 100644 index 000000000..cb36dccae --- /dev/null +++ b/src/util/test_crypto_abe.c @@ -0,0 +1,86 @@ +/* + This file is part of GNUnet. + Copyright (C) 2002, 2003, 2004, 2006 GNUnet e.V. + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. + +*/ +/** + * @author Martin Schanzenbach + * @file util/test_crypto_abe.c + * @brief test for ABE ciphers + */ +#include "platform.h" +#include "gnunet_util_lib.h" + +#define TESTSTRING "Hello World!" + +static int +testAbecipher () +{ + struct GNUNET_CRYPTO_AbeMasterKey *msk; + struct GNUNET_CRYPTO_AbeKey *key; + char *result; + char **attrs; + int size; + char *res; + msk = GNUNET_CRYPTO_cpabe_create_master_key (); + size = GNUNET_CRYPTO_cpabe_encrypt (TESTSTRING, strlen (TESTSTRING) + 1, + "testattr", //Policy + msk, + (void*)&result); + GNUNET_assert (-1 != size); + attrs = GNUNET_malloc (2 * sizeof (char*)); + attrs[0] = "testattr"; + attrs[1] = NULL; + key = GNUNET_CRYPTO_cpabe_create_key (msk, + attrs); + + size = GNUNET_CRYPTO_cpabe_decrypt (result, size, + key, + (void*)&res); + if (strlen (TESTSTRING) + 1 != size) + { + printf ("abeciphertest failed: decryptBlock returned %d\n", size); + return 1; + } + if (0 != strcmp (res, TESTSTRING)) + { + printf ("abeciphertest failed: %s != %s\n", res, TESTSTRING); + return 1; + } + else + return 0; +} + + +int +main (int argc, char *argv[]) +{ + int failureCount = 0; + + GNUNET_log_setup ("test-crypto-abe", "WARNING", NULL); + failureCount += testAbecipher (); + + if (failureCount != 0) + { + printf ("%d TESTS FAILED!\n", failureCount); + return -1; + } + return 0; +} + +/* end of test_crypto_aes.c */ -- cgit v1.2.3 From d43a25d25ad68fcc1508e8fcf092c5014a6bdba8 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sat, 8 Jul 2017 20:02:12 +0200 Subject: -towards IdP2 --- .../gnunet-service-identity-provider.c | 768 ++++----------------- src/include/gnunet_gnsrecord_lib.h | 4 + 2 files changed, 123 insertions(+), 649 deletions(-) diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index f4ea352d4..3a7a6eeb9 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -58,21 +58,6 @@ */ #define DEFAULT_TOKEN_EXPIRATION_INTERVAL GNUNET_TIME_UNIT_HOURS -/** - * Service state (to detect initial update pass) - */ -static int state; - -/** - * Head of ego entry DLL - */ -static struct EgoEntry *ego_head; - -/** - * Tail of ego entry DLL - */ -static struct EgoEntry *ego_tail; - /** * Identity handle */ @@ -118,11 +103,6 @@ static struct GNUNET_SCHEDULER_Task *timeout_task; */ static struct GNUNET_SCHEDULER_Task *update_task; -/** - * Timeout for next update pass - */ -static struct GNUNET_TIME_Relative min_rel_exp; - /** * Currently processed token @@ -139,16 +119,6 @@ static char* label; */ static char* scopes; -/** - * Expiration for processed token - */ -static uint64_t rd_exp; - -/** - * ECDHE Privkey for processed token metadata - */ -static struct GNUNET_CRYPTO_EcdhePrivateKey ecdhe_privkey; - /** * Handle to the statistics service. */ @@ -239,6 +209,11 @@ struct IssueHandle */ struct GNUNET_CRYPTO_EcdsaPublicKey aud_key; + /** + * The issuer egos ABE master key + */ + struct GNUNET_CRYPTO_AbeMasterKey *abe_key; + /** * Expiration */ @@ -331,574 +306,14 @@ struct EgoEntry */ struct GNUNET_CONTAINER_MultiHashMap *attr_map; - /** - * Attributes are old and should be updated if GNUNET_YES - */ - int attributes_dirty; }; -/** - * Continuation for token store call - * - * @param cls NULL - * @param success error code - * @param emsg error message - */ -static void -store_token_cont (void *cls, - int32_t success, - const char *emsg) -{ - ns_qe = NULL; - if (GNUNET_SYSERR == success) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Failed to update token: %s\n", - emsg); - return; - } - GNUNET_NAMESTORE_zone_iterator_next (ns_it); -} - - -/** - * This function updates the old token with new attributes, - * removes deleted attributes and expiration times. - * - * @param cls the ego entry - */ -static void -handle_token_update (void *cls) -{ - char *token_metadata; - char *write_ptr; - char *enc_token_str; - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; - struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; - struct GNUNET_CRYPTO_EcdhePrivateKey *new_ecdhe_privkey; - struct EgoEntry *ego_entry = cls; - struct GNUNET_GNSRECORD_Data token_record[2]; - struct GNUNET_HashCode key_hash; - struct GNUNET_TIME_Relative token_rel_exp; - struct GNUNET_TIME_Relative token_ttl; - struct GNUNET_TIME_Absolute token_exp; - struct GNUNET_TIME_Absolute token_nbf; - struct GNUNET_TIME_Absolute new_exp; - struct GNUNET_TIME_Absolute new_iat; - struct GNUNET_TIME_Absolute new_nbf; - struct IdentityToken *new_token; - struct TokenAttr *cur_value; - struct TokenAttr *attr; - size_t token_metadata_len; - - priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); - GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, - &pub_key); - - //Note: We need the token expiration time here. Not the record expiration - //time. - //There are two types of tokens: Token that expire on GNS level with - //an absolute expiration time. Those are basically tokens that will - //be automatically revoked on (record)expiration. - //Tokens stored with relative expiration times will expire on the token level (token expiration) - //but this service will reissue new tokens that can be retrieved from GNS - //automatically. - - for (attr = token->attr_head; NULL != attr; attr = attr->next) - { - if (0 == strcmp (attr->name, "exp")) - { - GNUNET_assert (1 == sscanf (attr->val_head->value, - "%"SCNu64, - &token_exp.abs_value_us)); - } else if (0 == strcmp (attr->name, "nbf")) { - GNUNET_assert (1 == sscanf (attr->val_head->value, - "%"SCNu64, - &token_nbf.abs_value_us)); - } - } - token_rel_exp = GNUNET_TIME_absolute_get_difference (token_nbf, token_exp); - - token_ttl = GNUNET_TIME_absolute_get_remaining (token_exp); - if (0 != GNUNET_TIME_absolute_get_remaining (token_exp).rel_value_us) - { - //This token is not yet expired! Save and skip - if (min_rel_exp.rel_value_us > token_ttl.rel_value_us) - { - min_rel_exp = token_ttl; - } - GNUNET_free (token); - token = NULL; - GNUNET_free (label); - label = NULL; - GNUNET_free (scopes); - scopes = NULL; - GNUNET_NAMESTORE_zone_iterator_next (ns_it); - return; - } - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Token is expired. Create a new one\n"); - new_token = token_create (&pub_key, - &token->aud_key); - new_exp = GNUNET_TIME_relative_to_absolute (token_rel_exp); - new_nbf = GNUNET_TIME_absolute_get (); - new_iat = new_nbf; - for (attr = token->attr_head; NULL != attr; attr = attr->next) - { - if (0 == strcmp (attr->name, "exp")) - { - token_add_attr_int (new_token, attr->name, new_exp.abs_value_us); - } - else if (0 == strcmp (attr->name, "nbf")) - { - token_add_attr_int (new_token, attr->name, new_nbf.abs_value_us); - } - else if (0 == strcmp (attr->name, "iat")) - { - token_add_attr_int (new_token, attr->name, new_iat.abs_value_us); - } - else if ((0 == strcmp (attr->name, "iss")) - || (0 == strcmp (attr->name, "aud"))) - { - //Omit - } - else if (0 == strcmp (attr->name, "sub")) - { - token_add_attr (new_token, - attr->name, - attr->val_head->value); - } - else - { - GNUNET_CRYPTO_hash (attr->name, - strlen (attr->name), - &key_hash); - //Check if attr still exists. omit of not - if (GNUNET_NO != - GNUNET_CONTAINER_multihashmap_contains (ego_entry->attr_map, - &key_hash)) - { - cur_value = GNUNET_CONTAINER_multihashmap_get (ego_entry->attr_map, - &key_hash); - GNUNET_assert (NULL != cur_value); - GNUNET_CONTAINER_DLL_insert (new_token->attr_head, - new_token->attr_tail, - cur_value); - } - } - } - - // reassemble and set - GNUNET_assert (token_serialize (new_token, - priv_key, - &new_ecdhe_privkey, - &enc_token_str)); - - token_record[0].data = enc_token_str; - token_record[0].data_size = strlen (enc_token_str) + 1; - token_record[0].expiration_time = rd_exp; //Old expiration time - token_record[0].record_type = GNUNET_GNSRECORD_TYPE_ID_TOKEN; - token_record[0].flags = GNUNET_GNSRECORD_RF_NONE; - - //Meta - token_metadata_len = sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey) - + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) - + strlen (scopes) + 1; //With 0-Terminator - token_metadata = GNUNET_malloc (token_metadata_len); - write_ptr = token_metadata; - GNUNET_memcpy (token_metadata, new_ecdhe_privkey, sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)); - write_ptr += sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey); - GNUNET_memcpy (write_ptr, &token->aud_key, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - write_ptr += sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey); - GNUNET_memcpy (write_ptr, scopes, strlen (scopes) + 1); //with 0-Terminator; - - token_record[1].data = token_metadata; - token_record[1].data_size = token_metadata_len; - token_record[1].expiration_time = rd_exp; - token_record[1].record_type = GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA; - token_record[1].flags = GNUNET_GNSRECORD_RF_PRIVATE; - - ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, - priv_key, - label, - 2, - token_record, - &store_token_cont, - ego_entry); - token_destroy (new_token); - token_destroy (token); - GNUNET_free (new_ecdhe_privkey); - GNUNET_free (enc_token_str); - token = NULL; - GNUNET_free (label); - label = NULL; - GNUNET_free (scopes); - scopes = NULL; -} - - -static void -update_identities(void *cls); - - -/** - * - * Cleanup attr_map - * - * @param cls NULL - * @param key the key - * @param value the json_t attribute value - * @return #GNUNET_YES - */ -static int -clear_ego_attrs (void *cls, - const struct GNUNET_HashCode *key, - void *value) -{ - struct TokenAttr *attr = value; - struct TokenAttrValue *val; - struct TokenAttrValue *tmp_val; - for (val = attr->val_head; NULL != val;) - { - tmp_val = val->next; - GNUNET_CONTAINER_DLL_remove (attr->val_head, - attr->val_tail, - val); - GNUNET_free (val->value); - GNUNET_free (val); - val = tmp_val; - } - GNUNET_free (attr->name); - GNUNET_free (attr); - - return GNUNET_YES; -} - - -static void -token_collect_error_cb (void *cls) -{ - struct EgoEntry *ego_entry = cls; - - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - ">>> Updating Ego failed!\n"); - //Clear attribute map for ego - GNUNET_CONTAINER_multihashmap_iterate (ego_entry->attr_map, - &clear_ego_attrs, - ego_entry); - GNUNET_CONTAINER_multihashmap_clear (ego_entry->attr_map); - update_task = GNUNET_SCHEDULER_add_now (&update_identities, - ego_entry->next); - -} - - -static void -token_collect_finished_cb (void *cls) -{ - struct EgoEntry *ego_entry = cls; - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - ">>> Updating Ego finished\n"); - //Clear attribute map for ego - GNUNET_CONTAINER_multihashmap_iterate (ego_entry->attr_map, - &clear_ego_attrs, - ego_entry); - GNUNET_CONTAINER_multihashmap_clear (ego_entry->attr_map); - update_task = GNUNET_SCHEDULER_add_now (&update_identities, - ego_entry->next); -} - - -/** - * - * Update all ID_TOKEN records for an identity and store them - * - * @param cls the identity entry - * @param zone the identity - * @param lbl the name of the record - * @param rd_count number of records - * @param rd record data - */ -static void -token_collect (void *cls, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, - const char *lbl, - unsigned int rd_count, - const struct GNUNET_GNSRECORD_Data *rd) -{ - struct EgoEntry *ego_entry = cls; - const struct GNUNET_GNSRECORD_Data *token_record; - const struct GNUNET_GNSRECORD_Data *token_metadata_record; - struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key; - struct GNUNET_CRYPTO_EcdhePrivateKey *priv_key; - - //There should be only a single record for a token under a label - if (2 != rd_count) - { - GNUNET_NAMESTORE_zone_iterator_next (ns_it); - return; - } - - if (rd[0].record_type == GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA) - { - token_metadata_record = &rd[0]; - token_record = &rd[1]; - } - else - { - token_record = &rd[0]; - token_metadata_record = &rd[1]; - } - if (token_metadata_record->record_type != GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA) - { - GNUNET_NAMESTORE_zone_iterator_next (ns_it); - return; - } - if (token_record->record_type == GNUNET_GNSRECORD_TYPE_ID_TOKEN) - { - GNUNET_NAMESTORE_zone_iterator_next (ns_it); - return; - } - - //Get metadata and decrypt token - priv_key = (struct GNUNET_CRYPTO_EcdhePrivateKey *)token_metadata_record->data; - ecdhe_privkey = *priv_key; - aud_key = (struct GNUNET_CRYPTO_EcdsaPublicKey *)&priv_key[1]; - scopes = GNUNET_strdup ((char*) aud_key+sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - - token_parse2 (token_record->data, - &ecdhe_privkey, - aud_key, - &token); - - label = GNUNET_strdup (lbl); - rd_exp = token_record->expiration_time; - - GNUNET_SCHEDULER_add_now (&handle_token_update, - ego_entry); -} - - -static void -attribute_collect_error_cb (void *cls) -{ - struct EgoEntry *ego_entry = cls; - - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - ">>> Updating Attributes failed!\n"); - ego_entry->attributes_dirty = GNUNET_NO; - update_task = GNUNET_SCHEDULER_add_now (&update_identities, - ego_entry); -} - - -static void -attribute_collect_finished_cb (void *cls) -{ - struct EgoEntry *ego_entry = cls; - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - ">>> Updating Attributes finished\n"); - ego_entry->attributes_dirty = GNUNET_NO; - update_task = GNUNET_SCHEDULER_add_now (&update_identities, - ego_entry); -} - - -/** - * - * Collect all ID_ATTR records for an identity and store them - * - * @param cls the identity entry - * @param zone the identity - * @param lbl the name of the record - * @param rd_count number of records - * @param rd record data - * - */ -static void -attribute_collect (void *cls, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, - const char *lbl, - unsigned int rd_count, - const struct GNUNET_GNSRECORD_Data *rd) -{ - struct EgoEntry *ego_entry = cls; - struct GNUNET_HashCode key; - struct TokenAttr *attr; - struct TokenAttrValue *val; - char *val_str; - int i; - - if (0 == rd_count) - { - GNUNET_NAMESTORE_zone_iterator_next (ns_it); - return; - } - GNUNET_CRYPTO_hash (lbl, - strlen (lbl), - &key); - if (1 == rd_count) - { - if (rd->record_type == GNUNET_GNSRECORD_TYPE_ID_ATTR) - { - val_str = GNUNET_GNSRECORD_value_to_string (rd->record_type, - rd->data, - rd->data_size); - attr = GNUNET_malloc (sizeof (struct TokenAttr)); - attr->name = GNUNET_strdup (lbl); - val = GNUNET_malloc (sizeof (struct TokenAttrValue)); - val->value = val_str; - GNUNET_CONTAINER_DLL_insert (attr->val_head, - attr->val_tail, - val); - GNUNET_assert (GNUNET_OK == - GNUNET_CONTAINER_multihashmap_put (ego_entry->attr_map, - &key, - attr, - GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)); - } - - GNUNET_NAMESTORE_zone_iterator_next (ns_it); - return; - } - - attr = GNUNET_malloc (sizeof (struct TokenAttr)); - attr->name = GNUNET_strdup (lbl); - for (i = 0; i < rd_count; i++) - { - if (rd[i].record_type == GNUNET_GNSRECORD_TYPE_ID_ATTR) - { - val_str = GNUNET_GNSRECORD_value_to_string (rd[i].record_type, - rd[i].data, - rd[i].data_size); - val = GNUNET_malloc (sizeof (struct TokenAttrValue)); - val->value = val_str; - GNUNET_CONTAINER_DLL_insert (attr->val_head, - attr->val_tail, - val); - } - } - GNUNET_assert (GNUNET_OK == GNUNET_CONTAINER_multihashmap_put (ego_entry->attr_map, - &key, - attr, - GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)); - GNUNET_NAMESTORE_zone_iterator_next (ns_it); -} - -/** - * - * Update identity information for ego. If attribute map is - * dirty, first update the attributes. - * - * @param cls the ego to update - */ -static void -update_identities(void *cls) -{ - struct EgoEntry *next_ego = cls; - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; - - update_task = NULL; - if (NULL == next_ego) - { - if (min_rel_exp.rel_value_us < MIN_WAIT_TIME.rel_value_us) - min_rel_exp = MIN_WAIT_TIME; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - ">>> Finished. Rescheduling in %"SCNu64"\n", - min_rel_exp.rel_value_us); - ns_it = NULL; - //finished -> reschedule - update_task = GNUNET_SCHEDULER_add_delayed (min_rel_exp, - &update_identities, - ego_head); - min_rel_exp.rel_value_us = 0; - return; - } - priv_key = GNUNET_IDENTITY_ego_get_private_key (next_ego->ego); - if (GNUNET_YES == next_ego->attributes_dirty) - { - //Starting over. We must update the Attributes for they might have changed. - ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, - priv_key, - &attribute_collect_error_cb, - next_ego, - &attribute_collect, - next_ego, - &attribute_collect_finished_cb, - next_ego); - - } - else - { - //Ego will be dirty next time - next_ego->attributes_dirty = GNUNET_YES; - ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, - priv_key, - &token_collect_error_cb, - next_ego, - &token_collect, - next_ego, - &token_collect_finished_cb, - next_ego); - } -} - - -/** - * Function called initially to start update task - */ -static void -init_cont () -{ - GNUNET_log (GNUNET_ERROR_TYPE_INFO, ">>> Starting Service\n"); - //Initially iterate all itenties and refresh all tokens - update_task = GNUNET_SCHEDULER_add_now (&update_identities, - ego_head); -} - - -/** - * Initial ego collection function. - * - * @param cls NULL - * @param ego ego - * @param ctx context - * @param identifier ego name - */ -static void -list_ego (void *cls, - struct GNUNET_IDENTITY_Ego *ego, - void **ctx, - const char *identifier) -{ - struct EgoEntry *new_entry; - if ((NULL == ego) && (STATE_INIT == state)) - { - state = STATE_POST_INIT; - init_cont (); - return; - } - if (STATE_INIT == state) { - new_entry = GNUNET_malloc (sizeof (struct EgoEntry)); - new_entry->ego = ego; - new_entry->attr_map = GNUNET_CONTAINER_multihashmap_create (5, - GNUNET_NO); - new_entry->attributes_dirty = GNUNET_YES; - GNUNET_CONTAINER_DLL_insert_tail(ego_head, ego_tail, new_entry); - } -} - /** * Cleanup task */ static void cleanup() { - struct EgoEntry *ego_entry; - struct EgoEntry *ego_tmp; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Cleaning up\n"); if (NULL != stats) @@ -928,21 +343,6 @@ cleanup() if (NULL != label) GNUNET_free (label); - for (ego_entry = ego_head; - NULL != ego_entry;) - { - ego_tmp = ego_entry; - if (0 != GNUNET_CONTAINER_multihashmap_size (ego_tmp->attr_map)) - { - GNUNET_CONTAINER_multihashmap_iterate (ego_tmp->attr_map, - &clear_ego_attrs, - ego_tmp); - - } - GNUNET_CONTAINER_multihashmap_destroy (ego_tmp->attr_map); - ego_entry = ego_entry->next; - GNUNET_free (ego_tmp); - } } /** @@ -1023,7 +423,7 @@ cleanup_issue_handle (struct IssueHandle *handle) } static void -store_token_issue_cont (void *cls, +store_record_issue_cont (void *cls, int32_t success, const char *emsg) { @@ -1073,6 +473,82 @@ store_token_issue_cont (void *cls, GNUNET_free (token_str); } +static int +create_sym_key_from_ecdh(const struct GNUNET_HashCode *new_key_hash, + struct GNUNET_CRYPTO_SymmetricSessionKey *skey, + struct GNUNET_CRYPTO_SymmetricInitializationVector *iv) +{ + struct GNUNET_CRYPTO_HashAsciiEncoded new_key_hash_str; + + GNUNET_CRYPTO_hash_to_enc (new_key_hash, + &new_key_hash_str); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Creating symmetric rsa key from %s\n", (char*)&new_key_hash_str); + static const char ctx_key[] = "gnuid-aes-ctx-key"; + GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey), + new_key_hash, sizeof (struct GNUNET_HashCode), + ctx_key, strlen (ctx_key), + NULL, 0); + static const char ctx_iv[] = "gnuid-aes-ctx-iv"; + GNUNET_CRYPTO_kdf (iv, sizeof (struct GNUNET_CRYPTO_SymmetricInitializationVector), + new_key_hash, sizeof (struct GNUNET_HashCode), + ctx_iv, strlen (ctx_iv), + NULL, 0); + return GNUNET_OK; +} + +int +serialize_abe_keyinfo (const struct IssueHandle *handle, + const struct GNUNET_CRYPTO_AbeKey *rp_key, + struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey, + char **result) +{ + char *enc_keyinfo; + char *serialized_key; + char *buf; + struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_pubkey; + ssize_t size; + + struct GNUNET_CRYPTO_SymmetricSessionKey skey; + struct GNUNET_CRYPTO_SymmetricInitializationVector iv; + struct GNUNET_HashCode new_key_hash; + ssize_t enc_size; + + size = GNUNET_CRYPTO_cpabe_serialize_key (rp_key, + &serialized_key); + buf = GNUNET_malloc (strlen (handle->scopes) + 1 + size); + GNUNET_memcpy (buf, + handle->scopes, + strlen (handle->scopes) + 1); + GNUNET_memcpy (buf + strlen (handle->scopes) + 1, + serialized_key, + size); + // ECDH keypair E = eG + *ecdh_privkey = GNUNET_CRYPTO_ecdhe_key_create(); + GNUNET_CRYPTO_ecdhe_key_get_public (*ecdh_privkey, + ecdh_pubkey); + enc_keyinfo = GNUNET_malloc (size); + // Derived key K = H(eB) + GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdh_ecdsa (*ecdh_privkey, + &handle->aud_key, + &new_key_hash)); + create_sym_key_from_ecdh(&new_key_hash, &skey, &iv); + enc_size = GNUNET_CRYPTO_symmetric_encrypt (buf, + size + strlen (handle->scopes) + 1, + &skey, &iv, + enc_keyinfo); + *result = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)+ + enc_size); + GNUNET_memcpy (*result, + ecdh_pubkey, + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); + GNUNET_memcpy (*result + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey), + enc_keyinfo, + enc_size); + GNUNET_free (enc_keyinfo); + return GNUNET_OK; +} + + /** * Build a token and store it @@ -1085,14 +561,18 @@ sign_and_return_token (void *cls) struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; struct IssueHandle *handle = cls; - struct GNUNET_GNSRECORD_Data token_record[2]; + struct GNUNET_GNSRECORD_Data code_record[1]; + struct GNUNET_CRYPTO_AbeKey *rp_key; char *nonce_str; - char *enc_token_str; - char *token_metadata; - char* write_ptr; + char *code_record_data; + char **attrs; + char *scope; + char *scopes_tmp; + int attrs_len; + int i; uint64_t time; uint64_t exp_time; - size_t token_metadata_len; + size_t code_record_len; //Remote nonce nonce_str = NULL; @@ -1114,49 +594,39 @@ sign_and_return_token (void *cls) token_add_attr_int (handle->token, "exp", exp_time); token_add_attr (handle->token, "nonce", nonce_str); - //Token in a serialized encrypted format - GNUNET_assert (token_serialize (handle->token, - &handle->iss_key, - &ecdhe_privkey, - &enc_token_str)); - - //Token record E,E_K (Token) - token_record[0].data = enc_token_str; - token_record[0].data_size = strlen (enc_token_str) + 1; - token_record[0].expiration_time = exp_time; - token_record[0].record_type = GNUNET_GNSRECORD_TYPE_ID_TOKEN; - token_record[0].flags = GNUNET_GNSRECORD_RF_NONE; - - - token_metadata_len = sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey) - + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) - + strlen (handle->scopes) + 1; //With 0-Terminator - token_metadata = GNUNET_malloc (token_metadata_len); - write_ptr = token_metadata; - GNUNET_memcpy (token_metadata, ecdhe_privkey, sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)); - write_ptr += sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey); - GNUNET_memcpy (write_ptr, &handle->aud_key, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - write_ptr += sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey); - GNUNET_memcpy (write_ptr, handle->scopes, strlen (handle->scopes) + 1); //with 0-Terminator; - - token_record[1].data = token_metadata; - token_record[1].data_size = token_metadata_len; - token_record[1].expiration_time = exp_time; - token_record[1].record_type = GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA; - token_record[1].flags = GNUNET_GNSRECORD_RF_PRIVATE; - - //Persist token + //Create new ABE key for RP + attrs_len = (GNUNET_CONTAINER_multihashmap_size (handle->attr_map) + 1) * sizeof (char*); + attrs = GNUNET_malloc (attrs_len); + i = 0; + scopes_tmp = GNUNET_strdup (handle->scopes); + for (scope = strtok (scopes_tmp, ","); NULL != scope; scope = strtok (NULL, ",")) { + attrs[i] = scope; + i++; + } + rp_key = GNUNET_CRYPTO_cpabe_create_key (handle->abe_key, + attrs); + code_record_len = serialize_abe_keyinfo (handle, + rp_key, + &ecdhe_privkey, + &code_record_data); + code_record[0].data = code_record_data; + code_record[0].data_size = code_record_len; + code_record[0].expiration_time = exp_time; + code_record[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_KEY; + code_record[0].flags = GNUNET_GNSRECORD_RF_NONE; + + + //Publish record handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, &handle->iss_key, handle->label, - 2, - token_record, - &store_token_issue_cont, + 1, + code_record, + &store_record_issue_cont, handle); GNUNET_free (ecdhe_privkey); GNUNET_free (nonce_str); - GNUNET_free (enc_token_str); - GNUNET_free (token_metadata); + GNUNET_free (code_record_data); } /** @@ -1637,7 +1107,7 @@ run (void *cls, GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "error connecting to credential"); } identity_handle = GNUNET_IDENTITY_connect (cfg, - &list_ego, + NULL, NULL); if (GNUNET_OK == diff --git a/src/include/gnunet_gnsrecord_lib.h b/src/include/gnunet_gnsrecord_lib.h index e33d52819..aa0c6721f 100644 --- a/src/include/gnunet_gnsrecord_lib.h +++ b/src/include/gnunet_gnsrecord_lib.h @@ -123,6 +123,10 @@ extern "C" */ #define GNUNET_GNSRECORD_TYPE_ATTRIBUTE 65549 +/** + * Record type for ABE records + */ +#define GNUNET_GNSRECORD_TYPE_ABE_KEY 65550 /** * Flags that can be set for a record. -- cgit v1.2.3 From f3a84ebcd657b369792667bb1c1bd5ca2e53ee35 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sat, 8 Jul 2017 20:14:49 +0200 Subject: -add serialization --- src/include/gnunet_crypto_lib.h | 14 ++++++++++++ src/util/crypto_abe.c | 48 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 6f2870c37..8a2763894 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h @@ -2185,7 +2185,21 @@ GNUNET_CRYPTO_cpabe_decrypt (const void *block, const struct GNUNET_CRYPTO_AbeKey *key, void **result); +ssize_t +GNUNET_CRYPTO_cpabe_serialize_key (struct GNUNET_CRYPTO_AbeKey *key, + void **result); + +struct GNUNET_CRYPTO_AbeKey* +GNUNET_CRYPTO_cpabe_deserialize_key (void *data, + size_t len); + +ssize_t +GNUNET_CRYPTO_cpabe_serialize_master_key (struct GNUNET_CRYPTO_AbeMasterKey *key, + void **result); +struct GNUNET_CRYPTO_AbeMasterKey* +GNUNET_CRYPTO_cpabe_deserialize_master_key (void *data, + size_t len); #if 0 /* keep Emacsens' auto-indent happy */ diff --git a/src/util/crypto_abe.c b/src/util/crypto_abe.c index d004220d1..62b9b7108 100644 --- a/src/util/crypto_abe.c +++ b/src/util/crypto_abe.c @@ -303,3 +303,51 @@ GNUNET_CRYPTO_cpabe_decrypt (const void *block, return pt_size; } + +ssize_t +GNUNET_CRYPTO_cpabe_serialize_key (struct GNUNET_CRYPTO_AbeKey *key, + void **result) +{ + ssize_t len; + + len = key->pub->len + key->prv->len + 12; + write_cpabe (result, key->pub, len, key->prv); + + return len; +} + +struct GNUNET_CRYPTO_AbeKey* +GNUNET_CRYPTO_cpabe_deserialize_key (void *data, + size_t len) +{ + struct GNUNET_CRYPTO_AbeKey *key; + + key = GNUNET_new (struct GNUNET_CRYPTO_AbeKey); + read_cpabe (data, &key->pub, &key->prv); + + return key; +} + +ssize_t +GNUNET_CRYPTO_cpabe_serialize_master_key (struct GNUNET_CRYPTO_AbeMasterKey *key, + void **result) +{ + ssize_t len; + + len = key->pub->len + key->msk->len + 12; + write_cpabe (result, key->pub, len, key->msk); + + return len; +} + +struct GNUNET_CRYPTO_AbeMasterKey* +GNUNET_CRYPTO_cpabe_deserialize_master_key (void *data, + size_t len) +{ + struct GNUNET_CRYPTO_AbeMasterKey *key; + + key = GNUNET_new (struct GNUNET_CRYPTO_AbeMasterKey); + read_cpabe (data, &key->pub, &key->msk); + + return key; +} -- cgit v1.2.3 From de6c96ec6b0893346987ca4edc9abb89705dcfe6 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sat, 8 Jul 2017 20:19:12 +0200 Subject: -fix --- src/identity-provider/gnunet-service-identity-provider.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 3a7a6eeb9..4194aabc4 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -514,7 +514,7 @@ serialize_abe_keyinfo (const struct IssueHandle *handle, ssize_t enc_size; size = GNUNET_CRYPTO_cpabe_serialize_key (rp_key, - &serialized_key); + (void**)&serialized_key); buf = GNUNET_malloc (strlen (handle->scopes) + 1 + size); GNUNET_memcpy (buf, handle->scopes, @@ -523,6 +523,7 @@ serialize_abe_keyinfo (const struct IssueHandle *handle, serialized_key, size); // ECDH keypair E = eG + ecdh_pubkey = NULL; *ecdh_privkey = GNUNET_CRYPTO_ecdhe_key_create(); GNUNET_CRYPTO_ecdhe_key_get_public (*ecdh_privkey, ecdh_pubkey); -- cgit v1.2.3 From dabca343dadda1f4977c3e7fd1c9967a7bbbea4c Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sat, 8 Jul 2017 20:21:04 +0200 Subject: -fix api --- src/include/gnunet_crypto_lib.h | 4 ++-- src/util/crypto_abe.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 8a2763894..d5891bb04 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h @@ -2186,7 +2186,7 @@ GNUNET_CRYPTO_cpabe_decrypt (const void *block, void **result); ssize_t -GNUNET_CRYPTO_cpabe_serialize_key (struct GNUNET_CRYPTO_AbeKey *key, +GNUNET_CRYPTO_cpabe_serialize_key (const struct GNUNET_CRYPTO_AbeKey *key, void **result); struct GNUNET_CRYPTO_AbeKey* @@ -2194,7 +2194,7 @@ GNUNET_CRYPTO_cpabe_deserialize_key (void *data, size_t len); ssize_t -GNUNET_CRYPTO_cpabe_serialize_master_key (struct GNUNET_CRYPTO_AbeMasterKey *key, +GNUNET_CRYPTO_cpabe_serialize_master_key (const struct GNUNET_CRYPTO_AbeMasterKey *key, void **result); struct GNUNET_CRYPTO_AbeMasterKey* diff --git a/src/util/crypto_abe.c b/src/util/crypto_abe.c index 62b9b7108..61d448577 100644 --- a/src/util/crypto_abe.c +++ b/src/util/crypto_abe.c @@ -305,7 +305,7 @@ GNUNET_CRYPTO_cpabe_decrypt (const void *block, } ssize_t -GNUNET_CRYPTO_cpabe_serialize_key (struct GNUNET_CRYPTO_AbeKey *key, +GNUNET_CRYPTO_cpabe_serialize_key (const struct GNUNET_CRYPTO_AbeKey *key, void **result) { ssize_t len; @@ -329,7 +329,7 @@ GNUNET_CRYPTO_cpabe_deserialize_key (void *data, } ssize_t -GNUNET_CRYPTO_cpabe_serialize_master_key (struct GNUNET_CRYPTO_AbeMasterKey *key, +GNUNET_CRYPTO_cpabe_serialize_master_key (const struct GNUNET_CRYPTO_AbeMasterKey *key, void **result) { ssize_t len; -- cgit v1.2.3 From 44a176dc92570bc586edade1a8b5fc2ace1b0849 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sun, 9 Jul 2017 00:08:07 +0200 Subject: -more towards idp2 --- .../gnunet-service-identity-provider.c | 345 ++++++++++++++++++--- src/include/gnunet_gnsrecord_lib.h | 5 + 2 files changed, 300 insertions(+), 50 deletions(-) diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 4194aabc4..0aaee93e5 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -147,6 +147,8 @@ struct VerifiedAttributeEntry char* name; }; +struct ParallelLookups; + struct ExchangeHandle { @@ -174,6 +176,15 @@ struct ExchangeHandle * Audience Key */ struct GNUNET_CRYPTO_EcdsaPrivateKey aud_privkey; + + /** + * ParallelLookups DLL + */ + struct ParallelLookup *parallel_lookups_head; + struct ParallelLookup *parallel_lookups_tail; + + struct GNUNET_SCHEDULER_Task *kill_task; + struct GNUNET_CRYPTO_AbeKey *key; /** * Label to return @@ -186,6 +197,17 @@ struct ExchangeHandle uint32_t r_id; }; +struct ParallelLookup +{ + struct ParallelLookup *next; + + struct ParallelLookup *prev; + + struct GNUNET_GNS_LookupRequest *lookup_request; + + struct ExchangeHandle *handle; +}; + struct IssueHandle { @@ -549,6 +571,15 @@ serialize_abe_keyinfo (const struct IssueHandle *handle, return GNUNET_OK; } +static void +cleanup_exchange_handle (struct ExchangeHandle *handle) +{ + if (NULL != handle->ticket) + ticket_destroy (handle->ticket); + if (NULL != handle->token) + token_destroy (handle->token); + GNUNET_free (handle); +} /** @@ -558,6 +589,43 @@ serialize_abe_keyinfo (const struct IssueHandle *handle, */ static void sign_and_return_token (void *cls) +{ + struct ExchangeHandle *handle = cls; + struct GNUNET_MQ_Envelope *env; + char *token_str; + uint64_t time; + uint64_t exp_time; + + time = GNUNET_TIME_absolute_get().abs_value_us; + exp_time = time + token_expiration_interval.rel_value_us; + + token_add_attr_int (handle->token, "nbf", time); + token_add_attr_int (handle->token, "iat", time); + token_add_attr_int (handle->token, "exp", exp_time); + + //Readable + GNUNET_assert (GNUNET_OK == token_to_string (handle->token, + &handle->aud_privkey, + &token_str)); + + env = create_exchange_result_message (token_str, + handle->label, + handle->ticket->payload->nonce, + handle->r_id); + GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(handle->client), + env); + cleanup_exchange_handle (handle); + GNUNET_free (token_str); + +} + +/** + * Build an ABE key and store it + * + * @param cls the IssueHandle + */ +static void +issue_ticket (void *cls) { struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; @@ -695,7 +763,7 @@ handle_vattr_collection (void* cls, if (NULL == cred) { - GNUNET_SCHEDULER_add_now (&sign_and_return_token, handle); + GNUNET_SCHEDULER_add_now (&issue_ticket, handle); return; } cred_array = json_array(); @@ -706,8 +774,8 @@ handle_vattr_collection (void* cls, continue; json_array_append (cred_array, cred_json); token_add_attr_json (handle->token, - handle->v_attr_head->name, - cred_array); + handle->v_attr_head->name, + cred_array); } json_decref (cred_array); vattr = handle->v_attr_head; @@ -717,10 +785,10 @@ handle_vattr_collection (void* cls, vattr); GNUNET_free (vattr->name); GNUNET_free (vattr); - + if (NULL == handle->v_attr_head) { - GNUNET_SCHEDULER_add_now (&sign_and_return_token, handle); + GNUNET_SCHEDULER_add_now (&issue_ticket, handle); return; } handle->credential_request = GNUNET_CREDENTIAL_collect (credential_handle, @@ -740,7 +808,7 @@ attr_collect_error (void *cls) GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Adding attribute Error!\n"); handle->ns_it = NULL; - GNUNET_SCHEDULER_add_now (&sign_and_return_token, handle); + GNUNET_SCHEDULER_add_now (&issue_ticket, handle); } @@ -754,7 +822,7 @@ attr_collect_finished (void *cls) if (NULL == handle->v_attr_head) { - GNUNET_SCHEDULER_add_now (&sign_and_return_token, handle); + GNUNET_SCHEDULER_add_now (&issue_ticket, handle); return; } handle->credential_request = GNUNET_CREDENTIAL_collect (credential_handle, @@ -831,13 +899,75 @@ attr_collect (void *cls, } static void -cleanup_exchange_handle (struct ExchangeHandle *handle) +process_parallel_lookup (void *cls, uint32_t rd_count, + const struct GNUNET_GNSRECORD_Data *rd) { - if (NULL != handle->ticket) - ticket_destroy (handle->ticket); - if (NULL != handle->token) - token_destroy (handle->token); - GNUNET_free (handle); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Parallel lookup finished\n"); + struct ParallelLookup *parallel_lookup = cls; + struct ExchangeHandle *handle = parallel_lookup->handle; + char *data; + int i; + + GNUNET_CONTAINER_DLL_remove (handle->parallel_lookups_head, + handle->parallel_lookups_tail, + parallel_lookup); + GNUNET_free (parallel_lookup); + if (1 == rd_count) + { + if (rd->record_type == GNUNET_GNSRECORD_TYPE_ID_ATTR) + { + GNUNET_CRYPTO_cpabe_decrypt (rd->data, + rd->data_size, + handle->key, + (void**)&data); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding value: %s\n", data); + token_add_attr (handle->token, + label, + data); + GNUNET_free (data); + } + } else { + i = 0; + for (; i < rd_count; i++) + { + if (rd->record_type == GNUNET_GNSRECORD_TYPE_ID_ATTR) + { + data = GNUNET_GNSRECORD_value_to_string (rd[i].record_type, + rd[i].data, + rd[i].data_size); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding value: %s\n", data); + token_add_attr (handle->token, label, data); + GNUNET_free (data); + } + } + } + if (NULL != handle->parallel_lookups_head) + return; //Wait for more + //Else we are done + GNUNET_SCHEDULER_cancel (handle->kill_task); + GNUNET_SCHEDULER_add_now (&sign_and_return_token, handle); +} + +void +abort_parallel_lookups (void *cls) +{ + struct ExchangeHandle *handle = cls; + struct ParallelLookup *lu; + struct ParallelLookup *tmp; + + for (lu = handle->parallel_lookups_head; + NULL != lu;) { + GNUNET_GNS_lookup_cancel (lu->lookup_request); + tmp = lu->next; + GNUNET_CONTAINER_DLL_remove (handle->parallel_lookups_head, + handle->parallel_lookups_tail, + lu); + GNUNET_free (lu); + lu = tmp; + } + GNUNET_SCHEDULER_add_now (&sign_and_return_token, handle); + } static void @@ -845,45 +975,79 @@ process_lookup_result (void *cls, uint32_t rd_count, const struct GNUNET_GNSRECORD_Data *rd) { struct ExchangeHandle *handle = cls; - struct GNUNET_MQ_Envelope *env; - char* token_str; - char* record_str; + struct GNUNET_HashCode new_key_hash; + struct GNUNET_CRYPTO_SymmetricSessionKey enc_key; + struct GNUNET_CRYPTO_SymmetricInitializationVector enc_iv; + struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_key; + struct ParallelLookup *parallel_lookup; + size_t size; + char *buf; + char *scope; + char *lookup_query; handle->lookup_request = NULL; - if (2 != rd_count) + if (1 != rd_count) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Number of tokens %d != 2.", + "Number of keys %d != 1.", rd_count); cleanup_exchange_handle (handle); GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); return; } - record_str = - GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_ID_TOKEN, - rd->data, - rd->data_size); + //Decrypt + ecdh_key = (struct GNUNET_CRYPTO_EcdhePublicKey *)rd->data; + + buf = GNUNET_malloc (rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); + + //Calculate symmetric key from ecdh parameters + GNUNET_assert (GNUNET_OK == + GNUNET_CRYPTO_ecdsa_ecdh (&handle->aud_privkey, + ecdh_key, + &new_key_hash)); + create_sym_key_from_ecdh (&new_key_hash, + &enc_key, + &enc_iv); + size = GNUNET_CRYPTO_symmetric_decrypt (rd->data + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey), + rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey), + &enc_key, + &enc_iv, + buf); - //Decrypt and parse - GNUNET_assert (GNUNET_OK == token_parse (record_str, - &handle->aud_privkey, - &handle->token)); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Decrypted bytes: %zd Expected bytes: %zd\n", + size, rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); - //Readable - GNUNET_assert (GNUNET_OK == token_to_string (handle->token, - &handle->aud_privkey, - &token_str)); + scopes = GNUNET_strdup (buf); - env = create_exchange_result_message (token_str, - handle->label, - handle->ticket->payload->nonce, - handle->r_id); - GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(handle->client), - env); - cleanup_exchange_handle (handle); - GNUNET_free (record_str); - GNUNET_free (token_str); + handle->key = GNUNET_CRYPTO_cpabe_deserialize_key ((void*)(buf + strlen (scopes) + 1), + rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + - strlen (scopes) - 1); + + for (scope = strtok (scopes, ","); NULL != scope; scope = strtok (NULL, ",")) + { + GNUNET_asprintf (&lookup_query, + "%s.%s.gnu", + scope, + GNUNET_CRYPTO_ecdsa_public_key_to_string (&handle->ticket->payload->identity_key)); + parallel_lookup = GNUNET_new (struct ParallelLookup); + parallel_lookup->handle = handle; + parallel_lookup->lookup_request + = GNUNET_GNS_lookup (gns_handle, + lookup_query, + &handle->ticket->aud_key, + GNUNET_GNSRECORD_TYPE_ID_ATTR, + GNUNET_GNS_LO_LOCAL_MASTER, + &process_parallel_lookup, + parallel_lookup); + GNUNET_CONTAINER_DLL_insert (handle->parallel_lookups_head, + handle->parallel_lookups_tail, + parallel_lookup); + } + handle->kill_task = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_MINUTES,3), + &abort_parallel_lookups, + handle); } /** @@ -940,18 +1104,20 @@ handle_exchange_message (void *cls, GNUNET_SERVICE_client_drop (client); return; } - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Looking for token under %s\n", + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Looking for ABE key under %s\n", xchange_handle->ticket->payload->label); GNUNET_asprintf (&lookup_query, "%s.gnu", xchange_handle->ticket->payload->label); GNUNET_SERVICE_client_continue (client); xchange_handle->client = client; + xchange_handle->token = token_create (&xchange_handle->ticket->payload->identity_key, + &xchange_handle->ticket->payload->identity_key); xchange_handle->lookup_request = GNUNET_GNS_lookup (gns_handle, lookup_query, &xchange_handle->ticket->payload->identity_key, - GNUNET_GNSRECORD_TYPE_ID_TOKEN, + GNUNET_GNSRECORD_TYPE_ABE_KEY, GNUNET_GNS_LO_LOCAL_MASTER, &process_lookup_result, xchange_handle); @@ -989,6 +1155,87 @@ check_issue_message(void *cls, return GNUNET_OK; } +void +attr_collect_task (void *cls) +{ + struct IssueHandle *issue_handle = cls; + + issue_handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, + &issue_handle->iss_key, + &attr_collect_error, + issue_handle, + &attr_collect, + issue_handle, + &attr_collect_finished, + issue_handle); +} + +void +store_bootstrap_cont (void *cls, + int32_t success, + const char *emsg) +{ + if (GNUNET_SYSERR == success) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to bootstrap ABE master %s\n", + emsg); + GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); + return; + } + GNUNET_SCHEDULER_add_now (&attr_collect_task, cls); +} + +void +store_bootstrap_task (void *cls) +{ + struct IssueHandle *issue_handle = cls; + struct GNUNET_GNSRECORD_Data rd[1]; + + rd[0].data_size = GNUNET_CRYPTO_cpabe_serialize_master_key (issue_handle->abe_key, + (void**)&rd[0].data); + rd[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_MASTER; + rd[0].flags = GNUNET_GNSRECORD_RF_NONE | GNUNET_GNSRECORD_RF_PRIVATE; + rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane? + issue_handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, + &issue_handle->iss_key, + "+", + 1, + rd, + &store_bootstrap_cont, + issue_handle); +} + +void +abe_key_lookup_error (void *cls) +{ + GNUNET_SCHEDULER_add_now (&do_shutdown, cls); +} + +void +abe_key_lookup_result (void *cls, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, + const char *label, + unsigned int rd_count, + const struct GNUNET_GNSRECORD_Data *rd) +{ + struct IssueHandle *handle = cls; + int i; + + for (i=0;iabe_key = GNUNET_CRYPTO_cpabe_deserialize_master_key ((void**)rd[i].data, + rd[i].data_size); + GNUNET_SCHEDULER_add_now (&attr_collect_task, handle); + return; + } + + //No ABE master found, bootstrapping... + handle->abe_key = GNUNET_CRYPTO_cpabe_create_master_key (); + GNUNET_SCHEDULER_add_now (&store_bootstrap_task, handle); +} + /** * * Handler for issue message @@ -1061,15 +1308,13 @@ handle_issue_message (void *cls, GNUNET_STRINGS_base64_encode ((char*)&rnd_key, sizeof (uint64_t), &issue_handle->label); - - issue_handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, - &issue_handle->iss_key, - &attr_collect_error, - issue_handle, - &attr_collect, - issue_handle, - &attr_collect_finished, - issue_handle); + issue_handle->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle, + &issue_handle->iss_key, + "+", + &abe_key_lookup_error, + issue_handle, + &abe_key_lookup_result, + issue_handle); } diff --git a/src/include/gnunet_gnsrecord_lib.h b/src/include/gnunet_gnsrecord_lib.h index aa0c6721f..d03b4db3b 100644 --- a/src/include/gnunet_gnsrecord_lib.h +++ b/src/include/gnunet_gnsrecord_lib.h @@ -128,6 +128,11 @@ extern "C" */ #define GNUNET_GNSRECORD_TYPE_ABE_KEY 65550 +/** + * Record type for ABE master keys + */ +#define GNUNET_GNSRECORD_TYPE_ABE_MASTER 65551 + /** * Flags that can be set for a record. */ -- cgit v1.2.3 From 271f13592c0c5213c7056b252882c467a791a1e5 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sun, 9 Jul 2017 15:32:55 +0200 Subject: -add CLI --- src/identity-provider/Makefile.am | 11 +- src/identity-provider/gnunet-idp.c | 220 +++++++++++++++++++++++++++++++++++++ 2 files changed, 230 insertions(+), 1 deletion(-) create mode 100644 src/identity-provider/gnunet-idp.c diff --git a/src/identity-provider/Makefile.am b/src/identity-provider/Makefile.am index cc9692a9a..5355b1221 100644 --- a/src/identity-provider/Makefile.am +++ b/src/identity-provider/Makefile.am @@ -25,7 +25,8 @@ plugin_LTLIBRARIES = \ libgnunet_plugin_rest_identity_provider.la bin_PROGRAMS = \ - gnunet-identity-token + gnunet-identity-token \ + gnunet-idp libexec_PROGRAMS = \ gnunet-service-identity-provider @@ -68,6 +69,14 @@ libgnunet_plugin_rest_identity_provider_la_LDFLAGS = \ $(GN_PLUGIN_LDFLAGS) +gnunet_idp_SOURCES = \ + gnunet-idp.c +gnunet_idp_LDADD = \ + $(top_builddir)/src/util/libgnunetutil.la \ + $(top_builddir)/src/namestore/libgnunetnamestore.la \ + $(top_builddir)/src/identity/libgnunetidentity.la \ + $(GN_LIBINTL) + gnunet_identity_token_SOURCES = \ gnunet-identity-token.c gnunet_identity_token_LDADD = \ diff --git a/src/identity-provider/gnunet-idp.c b/src/identity-provider/gnunet-idp.c new file mode 100644 index 000000000..0dd565da6 --- /dev/null +++ b/src/identity-provider/gnunet-idp.c @@ -0,0 +1,220 @@ +/* + This file is part of GNUnet. + Copyright (C) 2012-2015 GNUnet e.V. + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. + */ +/** + * @author Martin Schanzenbach + * @file src/identity-provider/gnunet-idp.c + * @brief Identity Provider utility + * + */ + +#include "platform.h" +#include "gnunet_util_lib.h" +#include "gnunet_namestore_service.h" +#include "gnunet_identity_service.h" +#include "gnunet_signatures.h" + +/** + * The attribute + */ +static char* attr_name; + +/** + * Attribute value + */ +static char* attr_value; + +/** + * Ego name + */ +static char* ego_name; + +/** + * Identity handle + */ +static struct GNUNET_IDENTITY_Handle *identity_handle; + +/** + * Namestore handle + */ +static struct GNUNET_NAMESTORE_Handle *namestore_handle; + +/** + * Namestore queue + */ +static struct GNUNET_NAMESTORE_QueueEntry *ns_qe; + +/** + * Master ABE key + */ +static struct GNUNET_CRYPTO_AbeMasterKey *abe_key; + +static void +do_cleanup(void *cls) +{ + if (NULL != ns_qe) + GNUNET_NAMESTORE_cancel (ns_qe); + if (NULL != namestore_handle) + GNUNET_NAMESTORE_disconnect (namestore_handle); + if (NULL != identity_handle) + GNUNET_IDENTITY_disconnect (identity_handle); + if (NULL != abe_key) + GNUNET_free (abe_key); +} + +static void +ns_error_cb (void *cls) +{ + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "Failed."); + do_cleanup(NULL); + return; +} + +static void +store_attr_cont (void *cls, + int32_t success, + const char*emsg) +{ + if (GNUNET_SYSERR == success) { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "%s\n", emsg); + } else { + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "Sucessfully added identity attribute %s=%s\n", + attr_name, attr_value); + } + GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); +} + +static void +abe_lookup_cb (void *cls, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, + const char *label, + unsigned int rd_count, + const struct GNUNET_GNSRECORD_Data *rd) +{ + struct GNUNET_GNSRECORD_Data new_record; + int i; + ssize_t size; + + for (i=0;i Date: Sun, 9 Jul 2017 15:34:46 +0200 Subject: -fix --- src/include/gnunet_crypto_lib.h | 4 ++-- src/util/crypto_abe.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index d5891bb04..4d00103ab 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h @@ -2190,7 +2190,7 @@ GNUNET_CRYPTO_cpabe_serialize_key (const struct GNUNET_CRYPTO_AbeKey *key, void **result); struct GNUNET_CRYPTO_AbeKey* -GNUNET_CRYPTO_cpabe_deserialize_key (void *data, +GNUNET_CRYPTO_cpabe_deserialize_key (const void *data, size_t len); ssize_t @@ -2198,7 +2198,7 @@ GNUNET_CRYPTO_cpabe_serialize_master_key (const struct GNUNET_CRYPTO_AbeMasterKe void **result); struct GNUNET_CRYPTO_AbeMasterKey* -GNUNET_CRYPTO_cpabe_deserialize_master_key (void *data, +GNUNET_CRYPTO_cpabe_deserialize_master_key (const void *data, size_t len); diff --git a/src/util/crypto_abe.c b/src/util/crypto_abe.c index 61d448577..38812b412 100644 --- a/src/util/crypto_abe.c +++ b/src/util/crypto_abe.c @@ -317,7 +317,7 @@ GNUNET_CRYPTO_cpabe_serialize_key (const struct GNUNET_CRYPTO_AbeKey *key, } struct GNUNET_CRYPTO_AbeKey* -GNUNET_CRYPTO_cpabe_deserialize_key (void *data, +GNUNET_CRYPTO_cpabe_deserialize_key (const void *data, size_t len) { struct GNUNET_CRYPTO_AbeKey *key; @@ -341,7 +341,7 @@ GNUNET_CRYPTO_cpabe_serialize_master_key (const struct GNUNET_CRYPTO_AbeMasterKe } struct GNUNET_CRYPTO_AbeMasterKey* -GNUNET_CRYPTO_cpabe_deserialize_master_key (void *data, +GNUNET_CRYPTO_cpabe_deserialize_master_key (const void *data, size_t len) { struct GNUNET_CRYPTO_AbeMasterKey *key; -- cgit v1.2.3 From ed42d471aa6b5bf42bfc8e9186e69ab4c0ebc6ff Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sun, 9 Jul 2017 16:15:09 +0200 Subject: -add attr list --- src/identity-provider/gnunet-idp.c | 138 ++++++++++++++++++++++++++++++++----- 1 file changed, 120 insertions(+), 18 deletions(-) diff --git a/src/identity-provider/gnunet-idp.c b/src/identity-provider/gnunet-idp.c index 0dd565da6..017e0dbb5 100644 --- a/src/identity-provider/gnunet-idp.c +++ b/src/identity-provider/gnunet-idp.c @@ -30,6 +30,11 @@ #include "gnunet_identity_service.h" #include "gnunet_signatures.h" +/** + * List attribute flag + */ +static int list; + /** * The attribute */ @@ -55,6 +60,11 @@ static struct GNUNET_IDENTITY_Handle *identity_handle; */ static struct GNUNET_NAMESTORE_Handle *namestore_handle; +/** + * Namestore iterator + */ +static struct GNUNET_NAMESTORE_ZoneIterator *ns_iterator; + /** * Namestore queue */ @@ -70,6 +80,8 @@ do_cleanup(void *cls) { if (NULL != ns_qe) GNUNET_NAMESTORE_cancel (ns_qe); + if (NULL != ns_iterator) + GNUNET_NAMESTORE_zone_iteration_stop (ns_iterator); if (NULL != namestore_handle) GNUNET_NAMESTORE_disconnect (namestore_handle); if (NULL != identity_handle) @@ -103,6 +115,58 @@ store_attr_cont (void *cls, GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); } +static void +store_abe_cont (void *cls, + int32_t success, + const char*emsg) +{ + if (GNUNET_SYSERR == success) { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "%s\n", emsg); + } else { + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "Bootstrapped ABE master key. Please run command again.\n"); + } + GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); +} + +static void +iter_error (void *cls) +{ + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to iterate over attributes\n"); + GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); +} + +static void +iter_finished (void *cls) +{ + GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); +} + +static void +iter_cb (void *cls, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, + const char *label, + unsigned int rd_count, + const struct GNUNET_GNSRECORD_Data *rd) +{ + int i; + char *attr_value; + + for (i=0;i Date: Sun, 9 Jul 2017 19:16:46 +0200 Subject: -add cli --- src/identity-provider/gnunet-idp.c | 47 ++++++++++++++----- src/identity-provider/test_idp.conf | 25 ++++++++++ src/identity-provider/test_idp.sh | 41 +++++++++++++++++ src/identity-provider/test_idp_defaults.conf | 24 ++++++++++ src/util/crypto_abe.c | 68 ++++++++++++---------------- 5 files changed, 154 insertions(+), 51 deletions(-) create mode 100644 src/identity-provider/test_idp.conf create mode 100755 src/identity-provider/test_idp.sh create mode 100644 src/identity-provider/test_idp_defaults.conf diff --git a/src/identity-provider/gnunet-idp.c b/src/identity-provider/gnunet-idp.c index 017e0dbb5..77bb0a433 100644 --- a/src/identity-provider/gnunet-idp.c +++ b/src/identity-provider/gnunet-idp.c @@ -30,6 +30,11 @@ #include "gnunet_identity_service.h" #include "gnunet_signatures.h" +/** + * Init flag + */ +static int init; + /** * List attribute flag */ @@ -93,6 +98,7 @@ do_cleanup(void *cls) static void ns_error_cb (void *cls) { + ns_qe = NULL; GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, "Failed."); do_cleanup(NULL); @@ -104,6 +110,7 @@ store_attr_cont (void *cls, int32_t success, const char*emsg) { + ns_qe = NULL; if (GNUNET_SYSERR == success) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", emsg); @@ -120,6 +127,7 @@ store_abe_cont (void *cls, int32_t success, const char*emsg) { + ns_qe = NULL; if (GNUNET_SYSERR == success) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", emsg); @@ -133,6 +141,7 @@ store_abe_cont (void *cls, static void iter_error (void *cls) { + ns_iterator = NULL; GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to iterate over attributes\n"); GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); @@ -141,6 +150,7 @@ iter_error (void *cls) static void iter_finished (void *cls) { + ns_iterator = NULL; GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); } @@ -151,16 +161,22 @@ iter_cb (void *cls, unsigned int rd_count, const struct GNUNET_GNSRECORD_Data *rd) { + struct GNUNET_CRYPTO_AbeKey *key; int i; char *attr_value; - + char* attrs[2]; for (i=0;i /dev/null +if test $? != 0 +then + echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" + exit 77 +fi + +rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f` + +# (1) PKEY1.user -> PKEY2.resu.user +# (2) PKEY2.resu -> PKEY3 +# (3) PKEY3.user -> PKEY4 + + +which timeout &> /dev/null && DO_TIMEOUT="timeout 30" + +TEST_ATTR="test" +gnunet-arm -s -c test_idp.conf +gnunet-identity -C testego -c test_idp.conf +$DO_TIMEOUT valgrind gnunet-idp -e testego --init -c test_idp.conf +$DO_TIMEOUT valgrind gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf +STATUS=$? +gnunet-namestore -z testego -D -c test_idp.conf +$DO_TIMEOUT valgrind --leak-check=full gnunet-idp -e testego -D -c test_idp.conf + +if test $? != 0 +then + echo "Error issuing..." + exit 1 +fi +#Try import +gnunet-arm -e -c test_idp_lookup.conf +exit $RES diff --git a/src/identity-provider/test_idp_defaults.conf b/src/identity-provider/test_idp_defaults.conf new file mode 100644 index 000000000..10d89c2fb --- /dev/null +++ b/src/identity-provider/test_idp_defaults.conf @@ -0,0 +1,24 @@ +@INLINE@ ../../contrib/no_forcestart.conf + +[PATHS] +GNUNET_TEST_HOME = /tmp/test-gnunet-idp-testing/ + +[namestore-sqlite] +FILENAME = $GNUNET_TEST_HOME/namestore/sqlite_test.db + +[namecache-sqlite] +FILENAME=$GNUNET_TEST_HOME/namecache/namecache.db + +[identity] +# Directory where we store information about our egos +EGODIR = $GNUNET_TEST_HOME/identity/egos/ + +[dhtcache] +DATABASE = heap + +[transport] +PLUGINS = tcp + +[transport-tcp] +BINDTO = 127.0.0.1 + diff --git a/src/util/crypto_abe.c b/src/util/crypto_abe.c index 38812b412..f835a38dd 100644 --- a/src/util/crypto_abe.c +++ b/src/util/crypto_abe.c @@ -156,7 +156,6 @@ GNUNET_CRYPTO_cpabe_create_key (struct GNUNET_CRYPTO_AbeMasterKey *key, bswabe_pub_t* pub; bswabe_msk_t* msk; bswabe_prv_t* prv; - gchar* pub_data; gsize len; pub = bswabe_pub_unserialize(key->pub, 0); @@ -164,73 +163,62 @@ GNUNET_CRYPTO_cpabe_create_key (struct GNUNET_CRYPTO_AbeMasterKey *key, prv = bswabe_keygen(pub, msk, attrs); prv_key = GNUNET_new (struct GNUNET_CRYPTO_AbeKey); prv_key->prv = bswabe_prv_serialize(prv); - pub_data = g_strndup ((gchar*)key->pub->data, - key->pub->len); + len = key->pub->len; - prv_key->pub = g_byte_array_new_take ((guint8*)pub_data, len); + printf ("Keylen %lu\n", len); + prv_key->pub = bswabe_pub_serialize (pub); GNUNET_assert (NULL != prv_key->prv); return prv_key; } ssize_t write_cpabe (void **result, GByteArray* cph_buf, - int file_len, GByteArray* aes_buf) + uint32_t file_len, GByteArray* aes_buf) { char *ptr; + uint32_t *len; int i; - ssize_t size; - size = aes_buf->len + cph_buf->len + 12; - *result = GNUNET_malloc (size); + *result = GNUNET_malloc (12 + cph_buf->len + aes_buf->len); ptr = *result; - for(i=3; i >= 0; i--) { - *ptr = (file_len & 0xff<<(i*8))>>(i*8); - ptr++; - } - for(i=3; i >= 0; i--) { - *ptr = (aes_buf->len & 0xff<<(i*8))>>(i*8); - ptr++; - } + len = (uint32_t*) ptr; + *len = htonl (file_len); + ptr += 4; + len = (uint32_t*) ptr; + *len = htonl (aes_buf->len); + ptr += 4; memcpy (ptr, aes_buf->data, aes_buf->len); ptr += aes_buf->len; - for(i=3; i >= 0; i--) { - *ptr = (cph_buf->len & 0xff<<(i*8))>>(i*8); - ptr++; - } + len = (uint32_t*) ptr; + *len = htonl (cph_buf->len); + ptr += 4; memcpy (ptr, cph_buf->data, cph_buf->len); - return size; + return 12 + cph_buf->len + aes_buf->len; } ssize_t read_cpabe (const void *data, GByteArray** cph_buf, GByteArray** aes_buf) { int i; - ssize_t buf_len; - ssize_t tmp_len; + int buf_len; + int tmp_len; char *ptr; + uint32_t *len; *cph_buf = g_byte_array_new(); *aes_buf = g_byte_array_new(); ptr = (char*)data; - - buf_len = 0; - for(i=3; i >= 0; i--) { - buf_len |= *ptr<<(i*8); - ptr++; - } - - tmp_len = 0; - for(i=3; i >= 0; i--) { - tmp_len |= *ptr<<(i*8); - ptr++; - } + len = (uint32_t*)ptr; + buf_len = ntohl (*len); + ptr += 4; + len = (uint32_t*)ptr; + tmp_len = ntohl (*len); + ptr += 4; g_byte_array_set_size(*aes_buf, tmp_len); memcpy((*aes_buf)->data, ptr, tmp_len); ptr += tmp_len; - tmp_len = 0; - for(i=3; i >= 0; i--) { - tmp_len |= *ptr<<(i*8); - ptr++; - } + len = (uint32_t*)ptr; + tmp_len = ntohl (*len); + ptr += 4; g_byte_array_set_size(*cph_buf, tmp_len); memcpy((*cph_buf)->data, ptr, tmp_len); -- cgit v1.2.3 From cfc492f5d6c7c5786bd5d033892238a6889b5d7d Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sun, 9 Jul 2017 19:23:26 +0200 Subject: -add free ABE functions --- src/include/gnunet_crypto_lib.h | 4 ++ src/util/crypto_abe.c | 87 +++++++++++++++++++++-------------------- 2 files changed, 49 insertions(+), 42 deletions(-) diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 4d00103ab..69f6ce5d4 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h @@ -2138,6 +2138,8 @@ GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash, */ struct GNUNET_CRYPTO_AbeMasterKey * GNUNET_CRYPTO_cpabe_create_master_key (void); +void +GNUNET_CRYPTO_cpabe_delete_master_key (struct GNUNET_CRYPTO_AbeMasterKey *key); /** * @ingroup crypto @@ -2148,6 +2150,8 @@ GNUNET_CRYPTO_cpabe_create_master_key (void); struct GNUNET_CRYPTO_AbeKey * GNUNET_CRYPTO_cpabe_create_key (struct GNUNET_CRYPTO_AbeMasterKey *msk, char **attrs); +void +GNUNET_CRYPTO_cpabe_delete_key (struct GNUNET_CRYPTO_AbeKey *key); /** diff --git a/src/util/crypto_abe.c b/src/util/crypto_abe.c index 38812b412..ddaec83eb 100644 --- a/src/util/crypto_abe.c +++ b/src/util/crypto_abe.c @@ -148,6 +148,14 @@ GNUNET_CRYPTO_cpabe_create_master_key (void) return key; } +void +GNUNET_CRYPTO_cpabe_delete_master_key (struct GNUNET_CRYPTO_AbeMasterKey *key) +{ + g_byte_array_unref (key->msk); + g_byte_array_unref (key->pub); + GNUNET_free (key); +} + struct GNUNET_CRYPTO_AbeKey* GNUNET_CRYPTO_cpabe_create_key (struct GNUNET_CRYPTO_AbeMasterKey *key, char **attrs) @@ -156,7 +164,6 @@ GNUNET_CRYPTO_cpabe_create_key (struct GNUNET_CRYPTO_AbeMasterKey *key, bswabe_pub_t* pub; bswabe_msk_t* msk; bswabe_prv_t* prv; - gchar* pub_data; gsize len; pub = bswabe_pub_unserialize(key->pub, 0); @@ -164,73 +171,69 @@ GNUNET_CRYPTO_cpabe_create_key (struct GNUNET_CRYPTO_AbeMasterKey *key, prv = bswabe_keygen(pub, msk, attrs); prv_key = GNUNET_new (struct GNUNET_CRYPTO_AbeKey); prv_key->prv = bswabe_prv_serialize(prv); - pub_data = g_strndup ((gchar*)key->pub->data, - key->pub->len); + len = key->pub->len; - prv_key->pub = g_byte_array_new_take ((guint8*)pub_data, len); + printf ("Keylen %lu\n", len); + prv_key->pub = bswabe_pub_serialize (pub); GNUNET_assert (NULL != prv_key->prv); return prv_key; } +void +GNUNET_CRYPTO_cpabe_delete_key (struct GNUNET_CRYPTO_AbeKey *key) +{ + g_byte_array_unref (key->prv); + g_byte_array_unref (key->pub); + GNUNET_free (key); +} + ssize_t write_cpabe (void **result, GByteArray* cph_buf, - int file_len, GByteArray* aes_buf) + uint32_t file_len, GByteArray* aes_buf) { char *ptr; - int i; - ssize_t size; - size = aes_buf->len + cph_buf->len + 12; - *result = GNUNET_malloc (size); + uint32_t *len; + + *result = GNUNET_malloc (12 + cph_buf->len + aes_buf->len); ptr = *result; - for(i=3; i >= 0; i--) { - *ptr = (file_len & 0xff<<(i*8))>>(i*8); - ptr++; - } - for(i=3; i >= 0; i--) { - *ptr = (aes_buf->len & 0xff<<(i*8))>>(i*8); - ptr++; - } + len = (uint32_t*) ptr; + *len = htonl (file_len); + ptr += 4; + len = (uint32_t*) ptr; + *len = htonl (aes_buf->len); + ptr += 4; memcpy (ptr, aes_buf->data, aes_buf->len); ptr += aes_buf->len; - for(i=3; i >= 0; i--) { - *ptr = (cph_buf->len & 0xff<<(i*8))>>(i*8); - ptr++; - } + len = (uint32_t*) ptr; + *len = htonl (cph_buf->len); + ptr += 4; memcpy (ptr, cph_buf->data, cph_buf->len); - return size; + return 12 + cph_buf->len + aes_buf->len; } ssize_t read_cpabe (const void *data, GByteArray** cph_buf, GByteArray** aes_buf) { - int i; - ssize_t buf_len; - ssize_t tmp_len; + int buf_len; + int tmp_len; char *ptr; + uint32_t *len; *cph_buf = g_byte_array_new(); *aes_buf = g_byte_array_new(); ptr = (char*)data; - - buf_len = 0; - for(i=3; i >= 0; i--) { - buf_len |= *ptr<<(i*8); - ptr++; - } - - tmp_len = 0; - for(i=3; i >= 0; i--) { - tmp_len |= *ptr<<(i*8); - ptr++; - } + len = (uint32_t*)ptr; + buf_len = ntohl (*len); + ptr += 4; + len = (uint32_t*)ptr; + tmp_len = ntohl (*len); + ptr += 4; g_byte_array_set_size(*aes_buf, tmp_len); memcpy((*aes_buf)->data, ptr, tmp_len); ptr += tmp_len; - tmp_len = 0; - for(i=3; i >= 0; i--) { - tmp_len |= *ptr<<(i*8); - ptr++; - } + len = (uint32_t*)ptr; + tmp_len = ntohl (*len); + ptr += 4; g_byte_array_set_size(*cph_buf, tmp_len); memcpy((*cph_buf)->data, ptr, tmp_len); -- cgit v1.2.3 From 5f8b246a194edb5ac6c9f836d3ac171ccfae8878 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sun, 9 Jul 2017 19:30:07 +0200 Subject: -fix --- src/identity-provider/gnunet-idp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/identity-provider/gnunet-idp.c b/src/identity-provider/gnunet-idp.c index 77bb0a433..2d7a1777f 100644 --- a/src/identity-provider/gnunet-idp.c +++ b/src/identity-provider/gnunet-idp.c @@ -176,7 +176,7 @@ iter_cb (void *cls, rd[i].data_size, key, (void**)&attr_value); - GNUNET_free (key); + GNUNET_CRYPTO_cpabe_delete_key (key); GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, "%s: %s\n", label, attr_value); } -- cgit v1.2.3 From 075494d7b52eeab8c9e7a064edf55aa9f7fb0895 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sun, 9 Jul 2017 19:36:04 +0200 Subject: -fix leaks --- src/util/crypto_abe.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/util/crypto_abe.c b/src/util/crypto_abe.c index ddaec83eb..62b8d5231 100644 --- a/src/util/crypto_abe.c +++ b/src/util/crypto_abe.c @@ -145,6 +145,8 @@ GNUNET_CRYPTO_cpabe_create_master_key (void) key->msk = bswabe_msk_serialize(msk); GNUNET_assert (NULL != key->pub); GNUNET_assert (NULL != key->msk); + bswabe_pub_free (pub); + bswabe_msk_free (msk); return key; } @@ -171,11 +173,13 @@ GNUNET_CRYPTO_cpabe_create_key (struct GNUNET_CRYPTO_AbeMasterKey *key, prv = bswabe_keygen(pub, msk, attrs); prv_key = GNUNET_new (struct GNUNET_CRYPTO_AbeKey); prv_key->prv = bswabe_prv_serialize(prv); - len = key->pub->len; printf ("Keylen %lu\n", len); prv_key->pub = bswabe_pub_serialize (pub); GNUNET_assert (NULL != prv_key->prv); + bswabe_prv_free (prv); + bswabe_pub_free (pub); + bswabe_msk_free (msk); return prv_key; } @@ -256,6 +260,7 @@ GNUNET_CRYPTO_cpabe_encrypt (const void *block, element_t m; size_t payload_len; ssize_t result_len; + pub = bswabe_pub_unserialize(key->pub, 0); if( !(cph = bswabe_enc(pub, m, policy)) ) return GNUNET_SYSERR; @@ -270,6 +275,7 @@ GNUNET_CRYPTO_cpabe_encrypt (const void *block, result_len = write_cpabe(result, cph_buf, payload_len, aes_buf); g_byte_array_free(cph_buf, 1); g_byte_array_free(aes_buf, 1); + bswabe_pub_free (pub); return result_len; } @@ -303,7 +309,8 @@ GNUNET_CRYPTO_cpabe_decrypt (const void *block, g_byte_array_free(aes_buf, 1); *result = GNUNET_malloc (plt->len); GNUNET_memcpy (*result, plt->data, plt->len); - + bswabe_prv_free (prv); + bswabe_pub_free (pub); return pt_size; } -- cgit v1.2.3 From 3e167b60b7b5961b9aeb5d17bb019f32b16fdfa2 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sun, 9 Jul 2017 19:52:26 +0200 Subject: -fix --- src/util/crypto_abe.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/src/util/crypto_abe.c b/src/util/crypto_abe.c index 62b8d5231..798a74f87 100644 --- a/src/util/crypto_abe.c +++ b/src/util/crypto_abe.c @@ -166,19 +166,14 @@ GNUNET_CRYPTO_cpabe_create_key (struct GNUNET_CRYPTO_AbeMasterKey *key, bswabe_pub_t* pub; bswabe_msk_t* msk; bswabe_prv_t* prv; - gsize len; pub = bswabe_pub_unserialize(key->pub, 0); msk = bswabe_msk_unserialize(pub, key->msk, 0); prv = bswabe_keygen(pub, msk, attrs); prv_key = GNUNET_new (struct GNUNET_CRYPTO_AbeKey); prv_key->prv = bswabe_prv_serialize(prv); - len = key->pub->len; - printf ("Keylen %lu\n", len); prv_key->pub = bswabe_pub_serialize (pub); GNUNET_assert (NULL != prv_key->prv); - bswabe_prv_free (prv); - bswabe_pub_free (pub); bswabe_msk_free (msk); return prv_key; } -- cgit v1.2.3 From 811155110e1d22345f13ac6c7c85ebba92226132 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sun, 9 Jul 2017 20:14:16 +0200 Subject: -fixes --- src/identity-provider/test_idp.sh | 18 ++++-------------- src/util/crypto_abe.c | 7 +++++-- 2 files changed, 9 insertions(+), 16 deletions(-) diff --git a/src/identity-provider/test_idp.sh b/src/identity-provider/test_idp.sh index 9947dfe30..2eeb27ce9 100755 --- a/src/identity-provider/test_idp.sh +++ b/src/identity-provider/test_idp.sh @@ -25,17 +25,7 @@ which timeout &> /dev/null && DO_TIMEOUT="timeout 30" TEST_ATTR="test" gnunet-arm -s -c test_idp.conf gnunet-identity -C testego -c test_idp.conf -$DO_TIMEOUT valgrind gnunet-idp -e testego --init -c test_idp.conf -$DO_TIMEOUT valgrind gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf -STATUS=$? -gnunet-namestore -z testego -D -c test_idp.conf -$DO_TIMEOUT valgrind --leak-check=full gnunet-idp -e testego -D -c test_idp.conf - -if test $? != 0 -then - echo "Error issuing..." - exit 1 -fi -#Try import -gnunet-arm -e -c test_idp_lookup.conf -exit $RES +gnunet-idp -e testego --init -c test_idp.conf +gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf +gnunet-idp -e testego -D -c test_idp.conf +gnunet-arm -e -c test_idp.conf diff --git a/src/util/crypto_abe.c b/src/util/crypto_abe.c index 798a74f87..f84aaf9f9 100644 --- a/src/util/crypto_abe.c +++ b/src/util/crypto_abe.c @@ -145,7 +145,6 @@ GNUNET_CRYPTO_cpabe_create_master_key (void) key->msk = bswabe_msk_serialize(msk); GNUNET_assert (NULL != key->pub); GNUNET_assert (NULL != key->msk); - bswabe_pub_free (pub); bswabe_msk_free (msk); return key; } @@ -174,6 +173,8 @@ GNUNET_CRYPTO_cpabe_create_key (struct GNUNET_CRYPTO_AbeMasterKey *key, prv_key->prv = bswabe_prv_serialize(prv); prv_key->pub = bswabe_pub_serialize (pub); GNUNET_assert (NULL != prv_key->prv); + //Memory management in bswabe is buggy + //bswabe_prv_free (prv); bswabe_msk_free (msk); return prv_key; } @@ -296,6 +297,7 @@ GNUNET_CRYPTO_cpabe_decrypt (const void *block, if( !bswabe_dec(pub, prv, cph, m) ) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", bswabe_error()); + bswabe_cph_free(cph); return GNUNET_SYSERR; } bswabe_cph_free(cph); @@ -304,7 +306,8 @@ GNUNET_CRYPTO_cpabe_decrypt (const void *block, g_byte_array_free(aes_buf, 1); *result = GNUNET_malloc (plt->len); GNUNET_memcpy (*result, plt->data, plt->len); - bswabe_prv_free (prv); + //freeing is buggy in bswabe + //bswabe_prv_free (prv); bswabe_pub_free (pub); return pt_size; } -- cgit v1.2.3 From e2e3e29545fe739ed9b3fa46f114c64e52a8924b Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sun, 9 Jul 2017 21:20:49 +0200 Subject: -fix --- src/identity-provider/gnunet-service-identity-provider.c | 13 ++++++------- src/identity-provider/test_idp.conf | 4 ++++ 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 0aaee93e5..1a6619227 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -527,7 +527,7 @@ serialize_abe_keyinfo (const struct IssueHandle *handle, char *enc_keyinfo; char *serialized_key; char *buf; - struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_pubkey; + struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey; ssize_t size; struct GNUNET_CRYPTO_SymmetricSessionKey skey; @@ -545,11 +545,10 @@ serialize_abe_keyinfo (const struct IssueHandle *handle, serialized_key, size); // ECDH keypair E = eG - ecdh_pubkey = NULL; *ecdh_privkey = GNUNET_CRYPTO_ecdhe_key_create(); GNUNET_CRYPTO_ecdhe_key_get_public (*ecdh_privkey, - ecdh_pubkey); - enc_keyinfo = GNUNET_malloc (size); + &ecdh_pubkey); + enc_keyinfo = GNUNET_malloc (size + strlen (handle->scopes) + 1); // Derived key K = H(eB) GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdh_ecdsa (*ecdh_privkey, &handle->aud_key, @@ -562,7 +561,7 @@ serialize_abe_keyinfo (const struct IssueHandle *handle, *result = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)+ enc_size); GNUNET_memcpy (*result, - ecdh_pubkey, + &ecdh_pubkey, sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); GNUNET_memcpy (*result + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey), enc_keyinfo, @@ -1276,7 +1275,7 @@ handle_issue_message (void *cls, GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); } GNUNET_free (scopes_tmp); - scopes_tmp = GNUNET_strdup (v_attrs); + /*scopes_tmp = GNUNET_strdup (v_attrs); for (scope = strtok (scopes_tmp, ","); NULL != scope; scope = strtok (NULL, ",")) { @@ -1286,7 +1285,7 @@ handle_issue_message (void *cls, issue_handle->v_attr_tail, vattr_entry); } - GNUNET_free (scopes_tmp); + GNUNET_free (scopes_tmp);*/ diff --git a/src/identity-provider/test_idp.conf b/src/identity-provider/test_idp.conf index b0b2c4826..a457bbe8f 100644 --- a/src/identity-provider/test_idp.conf +++ b/src/identity-provider/test_idp.conf @@ -6,6 +6,10 @@ GNUNET_TEST_HOME = /tmp/test-gnunet-idp-peer-1/ [dht] AUTOSTART = YES +[rest] +AUTOSTART = YES +PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/restlog + [transport] PLUGINS = -- cgit v1.2.3 From 8cb2e0da6845a2edad4be52a2c785715a91f4658 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sun, 9 Jul 2017 22:37:00 +0200 Subject: -fixes --- src/identity-provider/gnunet-idp.c | 6 ++-- .../gnunet-service-identity-provider.c | 32 +++++++++++++--------- 2 files changed, 22 insertions(+), 16 deletions(-) diff --git a/src/identity-provider/gnunet-idp.c b/src/identity-provider/gnunet-idp.c index 2d7a1777f..6b2bdcc96 100644 --- a/src/identity-provider/gnunet-idp.c +++ b/src/identity-provider/gnunet-idp.c @@ -207,8 +207,8 @@ abe_lookup_cb (void *cls, (void**)&new_record.data); new_record.data_size = size; new_record.record_type = GNUNET_GNSRECORD_TYPE_ABE_MASTER; - new_record.expiration_time = GNUNET_TIME_UNIT_FOREVER_REL.rel_value_us; - new_record.flags = GNUNET_GNSRECORD_RF_PRIVATE; + new_record.expiration_time = GNUNET_TIME_UNIT_DAYS.rel_value_us; + new_record.flags = GNUNET_GNSRECORD_RF_PRIVATE | GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; ns_qe = GNUNET_NAMESTORE_records_store (namestore_handle, zone, "+", @@ -243,7 +243,7 @@ abe_lookup_cb (void *cls, new_record.data_size = size; new_record.record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR; new_record.expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; - new_record.flags = GNUNET_GNSRECORD_RF_NONE; + new_record.flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; ns_qe = GNUNET_NAMESTORE_records_store (namestore_handle, zone, diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 1a6619227..8746e39f7 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -206,6 +206,8 @@ struct ParallelLookup struct GNUNET_GNS_LookupRequest *lookup_request; struct ExchangeHandle *handle; + + char *label; }; struct IssueHandle @@ -567,7 +569,7 @@ serialize_abe_keyinfo (const struct IssueHandle *handle, enc_keyinfo, enc_size); GNUNET_free (enc_keyinfo); - return GNUNET_OK; + return sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)+enc_size; } static void @@ -901,8 +903,8 @@ static void process_parallel_lookup (void *cls, uint32_t rd_count, const struct GNUNET_GNSRECORD_Data *rd) { - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Parallel lookup finished\n"); + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "Parallel lookup finished (count=%u)\n", rd_count); struct ParallelLookup *parallel_lookup = cls; struct ExchangeHandle *handle = parallel_lookup->handle; char *data; @@ -920,9 +922,9 @@ process_parallel_lookup (void *cls, uint32_t rd_count, rd->data_size, handle->key, (void**)&data); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding value: %s\n", data); + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, "Adding value: %s\n", data); token_add_attr (handle->token, - label, + parallel_lookup->label, data); GNUNET_free (data); } @@ -930,13 +932,13 @@ process_parallel_lookup (void *cls, uint32_t rd_count, i = 0; for (; i < rd_count; i++) { - if (rd->record_type == GNUNET_GNSRECORD_TYPE_ID_ATTR) + if (rd[i].record_type == GNUNET_GNSRECORD_TYPE_ID_ATTR) { data = GNUNET_GNSRECORD_value_to_string (rd[i].record_type, rd[i].data, rd[i].data_size); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding value: %s\n", data); - token_add_attr (handle->token, label, data); + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, "Adding value: %s\n", data); + token_add_attr (handle->token, parallel_lookup->label, data); GNUNET_free (data); } } @@ -958,6 +960,7 @@ abort_parallel_lookups (void *cls) for (lu = handle->parallel_lookups_head; NULL != lu;) { GNUNET_GNS_lookup_cancel (lu->lookup_request); + GNUNET_free (lu->label); tmp = lu->next; GNUNET_CONTAINER_DLL_remove (handle->parallel_lookups_head, handle->parallel_lookups_tail, @@ -1019,7 +1022,8 @@ process_lookup_result (void *cls, uint32_t rd_count, size, rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); scopes = GNUNET_strdup (buf); - + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "Scopes %s\n", scopes); handle->key = GNUNET_CRYPTO_cpabe_deserialize_key ((void*)(buf + strlen (scopes) + 1), rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) - strlen (scopes) - 1); @@ -1027,15 +1031,17 @@ process_lookup_result (void *cls, uint32_t rd_count, for (scope = strtok (scopes, ","); NULL != scope; scope = strtok (NULL, ",")) { GNUNET_asprintf (&lookup_query, - "%s.%s.gnu", - scope, - GNUNET_CRYPTO_ecdsa_public_key_to_string (&handle->ticket->payload->identity_key)); + "%s.gnu", + scope); + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "Looking up %s\n", lookup_query); parallel_lookup = GNUNET_new (struct ParallelLookup); parallel_lookup->handle = handle; + parallel_lookup->label = GNUNET_strdup (scope); parallel_lookup->lookup_request = GNUNET_GNS_lookup (gns_handle, lookup_query, - &handle->ticket->aud_key, + &handle->ticket->payload->identity_key, GNUNET_GNSRECORD_TYPE_ID_ATTR, GNUNET_GNS_LO_LOCAL_MASTER, &process_parallel_lookup, -- cgit v1.2.3 From b6755fe23d258a4dc971d8fabc3fae1873e31271 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Fri, 14 Jul 2017 13:57:51 +0200 Subject: -change to gabe bswabe fork --- configure.ac | 11 +- po/POTFILES.in | 5 + src/util/Makefile.am | 39 +++--- src/util/crypto_abe.c | 362 ++++++++++++++++++++++++++++---------------------- 4 files changed, 239 insertions(+), 178 deletions(-) diff --git a/configure.ac b/configure.ac index bbae6edff..bfde625d2 100644 --- a/configure.ac +++ b/configure.ac @@ -440,17 +440,26 @@ AC_CHECK_LIB(ogg, ogg_stream_flush_fill, AM_CONDITIONAL(HAVE_OGG, false) ogg=0) -PKG_CHECK_MODULES([ABE], [glib-2.0]) + +PKG_CHECK_MODULES([GLIB], [glib-2.0]) # check for pbc library pbc=0 AC_CHECK_HEADER([pbc/pbc.h],pbc=1) +AC_CHECK_HEADER([gabe.h],abe=1) AM_CONDITIONAL(HAVE_PBC, [test "$pbc" = 1]) +AM_CONDITIONAL(HAVE_ABE, [test "$abe" = 1]) if test "x$pbc" = x1 then AC_DEFINE([HAVE_PBC],[1],[Have pbc library]) else AC_DEFINE([HAVE_PBC],[0],[Lacking pbc library]) fi +if test "x$abe" = x1 +then + AC_DEFINE([HAVE_ABE],[1],[Have ABE library]) +else + AC_DEFINE([HAVE_ABE],[0],[Lacking ABE library]) +fi diff --git a/po/POTFILES.in b/po/POTFILES.in index 50c182833..a0b222eea 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -76,9 +76,12 @@ src/core/gnunet-service-core_kx.c src/core/gnunet-service-core_sessions.c src/core/gnunet-service-core_typemap.c src/credential/credential_api.c +src/credential/credential_misc.c +src/credential/credential_serialization.c src/credential/gnunet-credential.c src/credential/gnunet-service-credential.c src/credential/plugin_gnsrecord_credential.c +src/credential/plugin_rest_credential.c src/curl/curl.c src/curl/curl_reschedule.c src/datacache/datacache.c @@ -200,6 +203,7 @@ src/identity/identity_api_lookup.c src/identity/plugin_gnsrecord_identity.c src/identity/plugin_rest_identity.c src/identity-provider/gnunet-identity-token.c +src/identity-provider/gnunet-idp.c src/identity-provider/gnunet-service-identity-provider.c src/identity-provider/identity_provider_api.c src/identity-provider/identity_token.c @@ -443,6 +447,7 @@ src/util/container_multihashmap32.c src/util/container_multihashmap.c src/util/container_multipeermap.c src/util/container_multishortmap.c +src/util/crypto_abe.c src/util/crypto_crc.c src/util/crypto_ecc.c src/util/crypto_ecc_dlog.c diff --git a/src/util/Makefile.am b/src/util/Makefile.am index 4b1e44503..62cf03684 100644 --- a/src/util/Makefile.am +++ b/src/util/Makefile.am @@ -87,7 +87,6 @@ libgnunetutil_la_SOURCES = \ crypto_paillier.c \ crypto_random.c \ crypto_rsa.c \ - crypto_abe.c \ disk.c \ disk.h \ getopt.c \ @@ -118,21 +117,24 @@ libgnunetutil_la_LIBADD = \ $(LIBGCRYPT_LIBS) \ $(LTLIBICONV) \ $(LTLIBINTL) \ - $(ABE_LIBADD) \ - -lbswabe \ - -lssl \ - -lpbc \ - -lglib-2.0 \ -lltdl $(Z_LIBS) -lunistring $(XLIB) +if HAVE_PBC +if HAVE_ABE +libgnunetutil_la_SOURCES += \ + crypto_abe.c +libgnunetutil_la_LIBADD += \ + $(ABE_LIBADD) \ + -lgabe \ + -lpbc \ + -lglib-2.0 +endif +endif + libgnunetutil_la_LDFLAGS = \ $(GN_LIB_LDFLAGS) \ - $(ABE_LDADD) \ -version-info 13:0:0 -libgnunetutil_la_CFLAGS = \ - $(ABE_CFLAGS) - libgnunetutil_taler_wallet_la_SOURCES = \ common_allocation.c \ common_endian.c \ @@ -283,7 +285,6 @@ check_PROGRAMS = \ test_container_multipeermap \ test_container_heap \ test_crypto_symmetric \ - test_crypto_abe \ test_crypto_crc \ test_crypto_ecdsa \ test_crypto_eddsa \ @@ -416,11 +417,6 @@ test_crypto_symmetric_SOURCES = \ test_crypto_symmetric_LDADD = \ libgnunetutil.la -test_crypto_abe_SOURCES = \ - test_crypto_abe.c -test_crypto_abe_LDADD = \ - libgnunetutil.la - test_crypto_crc_SOURCES = \ test_crypto_crc.c test_crypto_crc_LDADD = \ @@ -568,6 +564,17 @@ test_speedup_SOURCES = \ test_speedup_LDADD = \ libgnunetutil.la +if HAVE_PBC +if HAVE_ABE +test_crypto_abe_SOURCES = \ + test_crypto_abe.c +test_crypto_abe_LDADD = \ + libgnunetutil.la +check_PROGRAMS += \ + test_crypto_abe +endif +endif + perf_crypto_hash_SOURCES = \ perf_crypto_hash.c perf_crypto_hash_LDADD = \ diff --git a/src/util/crypto_abe.c b/src/util/crypto_abe.c index f84aaf9f9..25d04fba6 100644 --- a/src/util/crypto_abe.c +++ b/src/util/crypto_abe.c @@ -27,133 +27,139 @@ #include "platform.h" -#include -#include -#include #include -#include +#include #include "gnunet_crypto_lib.h" struct GNUNET_CRYPTO_AbeMasterKey { - GByteArray* pub; - - GByteArray* msk; + gabe_pub_t* pub; + gabe_msk_t* msk; }; struct GNUNET_CRYPTO_AbeKey { - GByteArray* pub; - GByteArray* prv; + gabe_pub_t* pub; + gabe_prv_t* prv; }; -static void -init_aes( element_t k, int enc, AES_KEY* key, unsigned char* iv ) +static int +init_aes( element_t k, int enc, + gcry_cipher_hd_t* handle, + struct GNUNET_CRYPTO_SymmetricSessionKey *key, + unsigned char* iv) { + int rc; int key_len; unsigned char* key_buf; - - key_len = element_length_in_bytes(k) < 17 ? 17 : element_length_in_bytes(k); + + key_len = element_length_in_bytes(k) < 33 ? 3 : element_length_in_bytes(k); key_buf = (unsigned char*) malloc(key_len); element_to_bytes(key_buf, k); - if( enc ) - AES_set_encrypt_key(key_buf + 1, 128, key); - else - AES_set_decrypt_key(key_buf + 1, 128, key); - free(key_buf); + memcpy (key->aes_key, key_buf, GNUNET_CRYPTO_AES_KEY_LENGTH); + GNUNET_assert (0 == + gcry_cipher_open (handle, GCRY_CIPHER_AES256, + GCRY_CIPHER_MODE_CFB, 0)); + rc = gcry_cipher_setkey (*handle, + key->aes_key, + sizeof (key->aes_key)); + GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY)); + memset (iv, 0, 16); //TODO make reasonable + rc = gcry_cipher_setiv (*handle, + iv, + 16); + GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY)); - memset(iv, 0, 16); + free(key_buf); + return rc; } -static GByteArray* -aes_128_cbc_encrypt( GByteArray* pt, element_t k ) +static int +aes_128_cbc_encrypt( char* pt, + int size, + element_t k, + char **ct ) { - AES_KEY key; + gcry_cipher_hd_t handle; + struct GNUNET_CRYPTO_SymmetricSessionKey skey; unsigned char iv[16]; - GByteArray* ct; - guint8 len[4]; - guint8 zero; - - init_aes(k, 1, &key, iv); + char* buf; + int padding; + int buf_size; + uint8_t len[4]; + init_aes(k, 1, &handle, &skey, iv); /* TODO make less crufty */ /* stuff in real length (big endian) before padding */ - len[0] = (pt->len & 0xff000000)>>24; - len[1] = (pt->len & 0xff0000)>>16; - len[2] = (pt->len & 0xff00)>>8; - len[3] = (pt->len & 0xff)>>0; - g_byte_array_prepend(pt, len, 4); - - /* pad out to multiple of 128 bit (16 byte) blocks */ - zero = 0; - while( pt->len % 16 ) - g_byte_array_append(pt, &zero, 1); - - ct = g_byte_array_new(); - g_byte_array_set_size(ct, pt->len); - - AES_cbc_encrypt(pt->data, ct->data, pt->len, &key, iv, AES_ENCRYPT); - - return ct; + len[0] = (size & 0xff000000)>>24; + len[1] = (size & 0xff0000)>>16; + len[2] = (size & 0xff00)>>8; + len[3] = (size & 0xff)>>0; + padding = 16 - ((4+size) % 16); + buf_size = 4 + size + padding; + buf = GNUNET_malloc (buf_size); + GNUNET_memcpy (buf, len, 4); + GNUNET_memcpy (buf+4, pt, size); + *ct = GNUNET_malloc (buf_size); + + GNUNET_assert (0 == gcry_cipher_encrypt (handle, *ct, buf_size, buf, buf_size)); + gcry_cipher_close (handle); + //AES_cbc_encrypt(pt->data, ct->data, pt->len, &key, iv, AES_ENCRYPT); + + return buf_size; } -static GByteArray* -aes_128_cbc_decrypt( GByteArray* ct, element_t k ) +static int +aes_128_cbc_decrypt( char* ct, + int size, + element_t k, + char **pt ) { - AES_KEY key; + struct GNUNET_CRYPTO_SymmetricSessionKey skey; + gcry_cipher_hd_t handle; unsigned char iv[16]; - GByteArray* pt; - unsigned int len; - - init_aes(k, 0, &key, iv); - - pt = g_byte_array_new(); - g_byte_array_set_size(pt, ct->len); + char* tmp; + uint32_t len; + + init_aes(k, 1, &handle, &skey, iv); - AES_cbc_encrypt(ct->data, pt->data, ct->len, &key, iv, AES_DECRYPT); + tmp = GNUNET_malloc (size); + //AES_cbc_encrypt(ct->data, pt->data, ct->len, &key, iv, AES_DECRYPT); + GNUNET_assert (0 == gcry_cipher_decrypt (handle, tmp, size, ct, size)); + gcry_cipher_close (handle); /* TODO make less crufty */ /* get real length */ len = 0; len = len - | ((pt->data[0])<<24) | ((pt->data[1])<<16) - | ((pt->data[2])<<8) | ((pt->data[3])<<0); - g_byte_array_remove_index(pt, 0); - g_byte_array_remove_index(pt, 0); - g_byte_array_remove_index(pt, 0); - g_byte_array_remove_index(pt, 0); - + | ((tmp[0])<<24) | ((tmp[1])<<16) + | ((tmp[2])<<8) | ((tmp[3])<<0); /* truncate any garbage from the padding */ - g_byte_array_set_size(pt, len); - - return pt; + *pt = GNUNET_malloc (len); + GNUNET_memcpy (*pt, tmp+4, len); + GNUNET_free (tmp); + return len; } struct GNUNET_CRYPTO_AbeMasterKey* GNUNET_CRYPTO_cpabe_create_master_key (void) { struct GNUNET_CRYPTO_AbeMasterKey* key; - bswabe_msk_t* msk; - bswabe_pub_t* pub; - bswabe_setup(&pub, &msk); key = GNUNET_new (struct GNUNET_CRYPTO_AbeMasterKey); - key->pub = bswabe_pub_serialize(pub); - key->msk = bswabe_msk_serialize(msk); + gabe_setup(&key->pub, &key->msk); GNUNET_assert (NULL != key->pub); GNUNET_assert (NULL != key->msk); - bswabe_msk_free (msk); return key; } void GNUNET_CRYPTO_cpabe_delete_master_key (struct GNUNET_CRYPTO_AbeMasterKey *key) { - g_byte_array_unref (key->msk); - g_byte_array_unref (key->pub); + gabe_msk_free (key->msk); //For some reason free of pub implicit? GNUNET_free (key); } @@ -162,80 +168,80 @@ GNUNET_CRYPTO_cpabe_create_key (struct GNUNET_CRYPTO_AbeMasterKey *key, char **attrs) { struct GNUNET_CRYPTO_AbeKey *prv_key; - bswabe_pub_t* pub; - bswabe_msk_t* msk; - bswabe_prv_t* prv; - - pub = bswabe_pub_unserialize(key->pub, 0); - msk = bswabe_msk_unserialize(pub, key->msk, 0); - prv = bswabe_keygen(pub, msk, attrs); prv_key = GNUNET_new (struct GNUNET_CRYPTO_AbeKey); - prv_key->prv = bswabe_prv_serialize(prv); - prv_key->pub = bswabe_pub_serialize (pub); + int size; + char *tmp; + + prv_key = GNUNET_new (struct GNUNET_CRYPTO_AbeKey); + prv_key->prv = gabe_keygen(key->pub, key->msk, attrs); + size = gabe_pub_serialize(key->pub, &tmp); + prv_key->pub = gabe_pub_unserialize(tmp, size); GNUNET_assert (NULL != prv_key->prv); - //Memory management in bswabe is buggy - //bswabe_prv_free (prv); - bswabe_msk_free (msk); return prv_key; } void GNUNET_CRYPTO_cpabe_delete_key (struct GNUNET_CRYPTO_AbeKey *key) { - g_byte_array_unref (key->prv); - g_byte_array_unref (key->pub); + //Memory management in gabe is buggy + //gabe_prv_free (prv); GNUNET_free (key); } ssize_t -write_cpabe (void **result, GByteArray* cph_buf, - uint32_t file_len, GByteArray* aes_buf) +write_cpabe (void **result, + uint32_t file_len, + char* cph_buf, + int cph_buf_len, + char* aes_buf, + int aes_buf_len) { char *ptr; uint32_t *len; - *result = GNUNET_malloc (12 + cph_buf->len + aes_buf->len); + *result = GNUNET_malloc (12 + cph_buf_len + aes_buf_len); ptr = *result; len = (uint32_t*) ptr; *len = htonl (file_len); ptr += 4; len = (uint32_t*) ptr; - *len = htonl (aes_buf->len); + *len = htonl (aes_buf_len); ptr += 4; - memcpy (ptr, aes_buf->data, aes_buf->len); - ptr += aes_buf->len; + memcpy (ptr, aes_buf, aes_buf_len); + ptr += aes_buf_len; len = (uint32_t*) ptr; - *len = htonl (cph_buf->len); + *len = htonl (cph_buf_len); ptr += 4; - memcpy (ptr, cph_buf->data, cph_buf->len); - return 12 + cph_buf->len + aes_buf->len; + memcpy (ptr, cph_buf, cph_buf_len); + return 12 + cph_buf_len + aes_buf_len; } ssize_t -read_cpabe (const void *data, GByteArray** cph_buf, GByteArray** aes_buf) +read_cpabe (const void *data, + char** cph_buf, + int *cph_buf_len, + char** aes_buf, + int *aes_buf_len) { int buf_len; - int tmp_len; char *ptr; uint32_t *len; - *cph_buf = g_byte_array_new(); - *aes_buf = g_byte_array_new(); ptr = (char*)data; len = (uint32_t*)ptr; buf_len = ntohl (*len); ptr += 4; len = (uint32_t*)ptr; - tmp_len = ntohl (*len); + *aes_buf_len = ntohl (*len); ptr += 4; - g_byte_array_set_size(*aes_buf, tmp_len); - memcpy((*aes_buf)->data, ptr, tmp_len); - ptr += tmp_len; + *aes_buf = GNUNET_malloc (*aes_buf_len); + memcpy(*aes_buf, ptr, *aes_buf_len); + ptr += *aes_buf_len; len = (uint32_t*)ptr; - tmp_len = ntohl (*len); + *cph_buf_len = ntohl (*len); ptr += 4; - g_byte_array_set_size(*cph_buf, tmp_len); - memcpy((*cph_buf)->data, ptr, tmp_len); + *cph_buf = GNUNET_malloc (*cph_buf_len); + memcpy(*cph_buf, ptr, *cph_buf_len); return buf_len; } @@ -247,69 +253,58 @@ GNUNET_CRYPTO_cpabe_encrypt (const void *block, const struct GNUNET_CRYPTO_AbeMasterKey *key, void **result) { - bswabe_pub_t* pub; - bswabe_cph_t* cph; - GByteArray* plt; - GByteArray* cph_buf; - GByteArray* aes_buf; - guint8 *data; + gabe_cph_t* cph; + char* plt; + char* cph_buf; + char* aes_buf; element_t m; - size_t payload_len; + int cph_buf_len; + int aes_buf_len; ssize_t result_len; - pub = bswabe_pub_unserialize(key->pub, 0); - if( !(cph = bswabe_enc(pub, m, policy)) ) + if( !(cph = gabe_enc(key->pub, m, policy)) ) return GNUNET_SYSERR; - cph_buf = bswabe_cph_serialize(cph); - bswabe_cph_free(cph); - data = g_memdup (block, size); - plt = g_byte_array_new_take (data, size); - payload_len = plt->len; - aes_buf = aes_128_cbc_encrypt(plt, m); - g_byte_array_free(plt, 1); + cph_buf_len = gabe_cph_serialize(cph, + &cph_buf); + gabe_cph_free(cph); + plt = GNUNET_memdup (block, size); + aes_buf_len = aes_128_cbc_encrypt(plt, size, m, &aes_buf); + GNUNET_free (plt); element_clear(m); - result_len = write_cpabe(result, cph_buf, payload_len, aes_buf); - g_byte_array_free(cph_buf, 1); - g_byte_array_free(aes_buf, 1); - bswabe_pub_free (pub); + result_len = write_cpabe(result, size, cph_buf, cph_buf_len, aes_buf, aes_buf_len); + GNUNET_free(cph_buf); + GNUNET_free(aes_buf); return result_len; } ssize_t GNUNET_CRYPTO_cpabe_decrypt (const void *block, - size_t size, - const struct GNUNET_CRYPTO_AbeKey *key, - void **result) + size_t size, + const struct GNUNET_CRYPTO_AbeKey *key, + void **result) { - bswabe_pub_t* pub; - bswabe_prv_t* prv; - GByteArray* aes_buf; - GByteArray* plt; - GByteArray* cph_buf; - bswabe_cph_t* cph; + char* aes_buf; + char* cph_buf; + gabe_cph_t* cph; element_t m; - ssize_t pt_size; + int cph_buf_size; + int aes_buf_size; + int plt_len; - pub = bswabe_pub_unserialize(key->pub, 0); - prv = bswabe_prv_unserialize(pub, key->prv, 0); - pt_size = read_cpabe(block, &cph_buf, &aes_buf); - cph = bswabe_cph_unserialize(pub, cph_buf, 0); - if( !bswabe_dec(pub, prv, cph, m) ) { + read_cpabe(block, &cph_buf, &cph_buf_size, &aes_buf, &aes_buf_size); + cph = gabe_cph_unserialize(key->pub, cph_buf, cph_buf_size); + if( !gabe_dec(key->pub, key->prv, cph, m) ) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "%s\n", bswabe_error()); - bswabe_cph_free(cph); + "%s\n", gabe_error()); + gabe_cph_free(cph); return GNUNET_SYSERR; } - bswabe_cph_free(cph); - plt = aes_128_cbc_decrypt(aes_buf, m); - g_byte_array_set_size(plt, size); - g_byte_array_free(aes_buf, 1); - *result = GNUNET_malloc (plt->len); - GNUNET_memcpy (*result, plt->data, plt->len); - //freeing is buggy in bswabe - //bswabe_prv_free (prv); - bswabe_pub_free (pub); - return pt_size; + gabe_cph_free(cph); + plt_len = aes_128_cbc_decrypt(aes_buf, aes_buf_size, m, (char**)result); + //freeing is buggy in gabe + //gabe_prv_free (prv); + //gabe_pub_free (pub); + return plt_len; } ssize_t @@ -317,9 +312,19 @@ GNUNET_CRYPTO_cpabe_serialize_key (const struct GNUNET_CRYPTO_AbeKey *key, void **result) { ssize_t len; + char *pub; + char *prv; + int pub_len; + int prv_len; - len = key->pub->len + key->prv->len + 12; - write_cpabe (result, key->pub, len, key->prv); + pub_len = gabe_pub_serialize (key->pub, &pub); + prv_len = gabe_prv_serialize (key->prv, &prv); + + len = pub_len + prv_len + 12; + write_cpabe (result, len, pub, pub_len, prv, prv_len); + + GNUNET_free (pub); + GNUNET_free (prv); return len; } @@ -329,10 +334,22 @@ GNUNET_CRYPTO_cpabe_deserialize_key (const void *data, size_t len) { struct GNUNET_CRYPTO_AbeKey *key; + char *pub; + char *prv; + int prv_len; + int pub_len; key = GNUNET_new (struct GNUNET_CRYPTO_AbeKey); - read_cpabe (data, &key->pub, &key->prv); - + read_cpabe (data, + &pub, + &pub_len, + &prv, + &prv_len); + key->pub = gabe_pub_unserialize (pub, pub_len); + key->prv = gabe_prv_unserialize (key->pub, prv, prv_len); + + GNUNET_free (pub); + GNUNET_free (prv); return key; } @@ -341,9 +358,19 @@ GNUNET_CRYPTO_cpabe_serialize_master_key (const struct GNUNET_CRYPTO_AbeMasterKe void **result) { ssize_t len; + char *pub; + char *msk; + int pub_len; + int msk_len; - len = key->pub->len + key->msk->len + 12; - write_cpabe (result, key->pub, len, key->msk); + pub_len = gabe_pub_serialize (key->pub, &pub); + msk_len = gabe_msk_serialize (key->msk, &msk); + + len = pub_len + msk_len + 12; + write_cpabe (result, len, pub, pub_len, msk, msk_len); + + GNUNET_free (pub); + GNUNET_free (msk); return len; } @@ -353,9 +380,22 @@ GNUNET_CRYPTO_cpabe_deserialize_master_key (const void *data, size_t len) { struct GNUNET_CRYPTO_AbeMasterKey *key; + char *msk; + char *pub; + int msk_len; + int pub_len; key = GNUNET_new (struct GNUNET_CRYPTO_AbeMasterKey); - read_cpabe (data, &key->pub, &key->msk); + read_cpabe (data, + &pub, + &pub_len, + &msk, + &msk_len); + key->pub = gabe_pub_unserialize (pub, pub_len); + key->msk = gabe_msk_unserialize (key->pub, msk, msk_len); + + GNUNET_free (pub); + GNUNET_free (msk); return key; } -- cgit v1.2.3 From 9e6994a55e64aaf7b45fdad7277c27bf30e3c0f3 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Fri, 15 Sep 2017 18:53:10 +0200 Subject: - Add attribute store API to IdP service --- src/identity-provider/Makefile.am | 1 + src/identity-provider/gnunet-idp.c | 28 +- .../gnunet-service-identity-provider.c | 325 ++++++++++++++++++--- src/identity-provider/identity_provider.h | 60 ++++ src/identity-provider/identity_provider_api.c | 116 ++++++++ src/include/gnunet_identity_provider_service.h | 109 ++++++- src/include/gnunet_protocols.h | 4 + 7 files changed, 583 insertions(+), 60 deletions(-) diff --git a/src/identity-provider/Makefile.am b/src/identity-provider/Makefile.am index 5355b1221..4f5738692 100644 --- a/src/identity-provider/Makefile.am +++ b/src/identity-provider/Makefile.am @@ -74,6 +74,7 @@ gnunet_idp_SOURCES = \ gnunet_idp_LDADD = \ $(top_builddir)/src/util/libgnunetutil.la \ $(top_builddir)/src/namestore/libgnunetnamestore.la \ + $(top_builddir)/src/identity-provider/libgnunetidentityprovider.la \ $(top_builddir)/src/identity/libgnunetidentity.la \ $(GN_LIBINTL) diff --git a/src/identity-provider/gnunet-idp.c b/src/identity-provider/gnunet-idp.c index 6b2bdcc96..b4785580a 100644 --- a/src/identity-provider/gnunet-idp.c +++ b/src/identity-provider/gnunet-idp.c @@ -27,6 +27,7 @@ #include "platform.h" #include "gnunet_util_lib.h" #include "gnunet_namestore_service.h" +#include "gnunet_identity_provider_service.h" #include "gnunet_identity_service.h" #include "gnunet_signatures.h" @@ -60,6 +61,16 @@ static char* ego_name; */ static struct GNUNET_IDENTITY_Handle *identity_handle; +/** + * IdP handle + */ +static struct GNUNET_IDENTITY_PROVIDER_Handle *idp_handle; + +/** + * IdP operation + */ +static struct GNUNET_IDENTITY_PROVIDER_Operation *idp_op; + /** * Namestore handle */ @@ -235,7 +246,19 @@ abe_lookup_cb (void *cls, return; } - size = GNUNET_CRYPTO_cpabe_encrypt (attr_value, + struct GNUNET_IDENTITY_PROVIDER_Attribute *attr; + attr = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_Attribute) + strlen (attr_value) + 1); + attr->attribute_type = GNUNET_IDENTITY_PROVIDER_AT_STRING; + attr->data = &attr[1]; + attr->data_size = strlen (attr_value) + 1; + idp_op = GNUNET_IDENTITY_PROVIDER_attribute_store (idp_handle, + zone, + attr_name, + attr, + &store_attr_cont, + NULL); + + /*size = GNUNET_CRYPTO_cpabe_encrypt (attr_value, strlen (attr_value) + 1, attr_name, abe_key, @@ -251,7 +274,7 @@ abe_lookup_cb (void *cls, 1, &new_record, &store_attr_cont, - NULL); + NULL);*/ } static void @@ -301,6 +324,7 @@ run (void *cls, } namestore_handle = GNUNET_NAMESTORE_connect (c); + idp_handle = GNUNET_IDENTITY_PROVIDER_connect (c); //Get Ego identity_handle = GNUNET_IDENTITY_connect (c, &ego_cb, diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 8746e39f7..5663a7681 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -129,6 +129,57 @@ static struct GNUNET_STATISTICS_Handle *stats; */ static const struct GNUNET_CONFIGURATION_Handle *cfg; +struct AttributeStoreHandle +{ + + /** + * Client connection + */ + struct GNUNET_SERVICE_Client *client; + + /** + * Identity + */ + struct GNUNET_CRYPTO_EcdsaPrivateKey identity; + + /** + * Identity pubkey + */ + struct GNUNET_CRYPTO_EcdsaPublicKey identity_pkey; + + /** + * The issuer egos ABE master key + */ + struct GNUNET_CRYPTO_AbeMasterKey *abe_key; + + /** + * QueueEntry + */ + struct GNUNET_NAMESTORE_QueueEntry *ns_qe; + + /** + * The attribute name + */ + char *name; + + /** + * The attribute value + */ + char *attribute_value; + + /** + * Size of the attribute value + */ + size_t attribute_value_len; + + /** + * request id + */ + uint32_t r_id; +}; + + + struct VerifiedAttributeEntry { /** @@ -1175,45 +1226,13 @@ attr_collect_task (void *cls) issue_handle); } -void -store_bootstrap_cont (void *cls, - int32_t success, - const char *emsg) -{ - if (GNUNET_SYSERR == success) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Failed to bootstrap ABE master %s\n", - emsg); - GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); - return; - } - GNUNET_SCHEDULER_add_now (&attr_collect_task, cls); -} - -void -store_bootstrap_task (void *cls) -{ - struct IssueHandle *issue_handle = cls; - struct GNUNET_GNSRECORD_Data rd[1]; - rd[0].data_size = GNUNET_CRYPTO_cpabe_serialize_master_key (issue_handle->abe_key, - (void**)&rd[0].data); - rd[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_MASTER; - rd[0].flags = GNUNET_GNSRECORD_RF_NONE | GNUNET_GNSRECORD_RF_PRIVATE; - rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane? - issue_handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, - &issue_handle->iss_key, - "+", - 1, - rd, - &store_bootstrap_cont, - issue_handle); -} void abe_key_lookup_error (void *cls) { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Error looking for ABE master!\n"); GNUNET_SCHEDULER_add_now (&do_shutdown, cls); } @@ -1235,10 +1254,10 @@ abe_key_lookup_result (void *cls, GNUNET_SCHEDULER_add_now (&attr_collect_task, handle); return; } + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "No ABE master found!\n"); + GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); - //No ABE master found, bootstrapping... - handle->abe_key = GNUNET_CRYPTO_cpabe_create_master_key (); - GNUNET_SCHEDULER_add_now (&store_bootstrap_task, handle); } /** @@ -1256,15 +1275,13 @@ handle_issue_message (void *cls, const char *scopes; char *scopes_tmp; char *scope; - const char *v_attrs; uint64_t rnd_key; struct GNUNET_HashCode key; struct IssueHandle *issue_handle; - struct VerifiedAttributeEntry *vattr_entry; struct GNUNET_SERVICE_Client *client = cls; scopes = (const char *) &im[1]; - v_attrs = (const char *) &im[1] + ntohl(im->scope_len); + //v_attrs = (const char *) &im[1] + ntohl(im->scope_len); issue_handle = GNUNET_malloc (sizeof (struct IssueHandle)); issue_handle->attr_map = GNUNET_CONTAINER_multihashmap_create (5, GNUNET_NO); @@ -1283,15 +1300,15 @@ handle_issue_message (void *cls, GNUNET_free (scopes_tmp); /*scopes_tmp = GNUNET_strdup (v_attrs); - for (scope = strtok (scopes_tmp, ","); NULL != scope; scope = strtok (NULL, ",")) - { + for (scope = strtok (scopes_tmp, ","); NULL != scope; scope = strtok (NULL, ",")) + { vattr_entry = GNUNET_new (struct VerifiedAttributeEntry); vattr_entry->name = GNUNET_strdup (scope); GNUNET_CONTAINER_DLL_insert (issue_handle->v_attr_head, - issue_handle->v_attr_tail, - vattr_entry); - } - GNUNET_free (scopes_tmp);*/ + issue_handle->v_attr_tail, + vattr_entry); + } + GNUNET_free (scopes_tmp);*/ @@ -1322,6 +1339,218 @@ handle_issue_message (void *cls, issue_handle); } +static void +cleanup_as_handle (struct AttributeStoreHandle *handle) +{ + if (NULL != handle->name) + GNUNET_free (handle->name); + if (NULL != handle->attribute_value) + GNUNET_free (handle->attribute_value); + GNUNET_free (handle); +} + + + +void +attr_store_cont (void *cls, + int32_t success, + const char *emsg) +{ + struct AttributeStoreHandle *as_handle = cls; + struct GNUNET_MQ_Envelope *env; + struct AttributeStoreResponseMessage *acr_msg; + + if (GNUNET_SYSERR == success) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to store attribute %s\n", + emsg); + GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); + return; + } + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Sending ATTRIBUTE_STORE_RESPONSE message\n"); + env = GNUNET_MQ_msg (acr_msg, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE); + acr_msg->id = htonl (as_handle->r_id); + acr_msg->op_result = htonl (GNUNET_OK); + GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(as_handle->client), + env); + cleanup_as_handle (as_handle); +} + +void +attr_store_task (void *cls) +{ + struct AttributeStoreHandle *as_handle = cls; + struct GNUNET_GNSRECORD_Data rd[1]; + + /** + * Encrypt the attribute value and store in namestore + */ + rd[0].data_size = GNUNET_CRYPTO_cpabe_encrypt (as_handle->attribute_value, + as_handle->attribute_value_len, + as_handle->name, //Policy + as_handle->abe_key, + (void**)&rd[0].data); + rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR; + rd[0].flags = GNUNET_GNSRECORD_RF_NONE; + rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane? + as_handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, + &as_handle->identity, + as_handle->name, + 1, + rd, + &attr_store_cont, + as_handle); + +} + +void +store_bootstrap_cont (void *cls, + int32_t success, + const char *emsg) +{ + if (GNUNET_SYSERR == success) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to bootstrap ABE master %s\n", + emsg); + GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); + return; + } + GNUNET_SCHEDULER_add_now (&attr_store_task, cls); +} + +void +store_bootstrap_task (void *cls) +{ + struct AttributeStoreHandle *as_handle = cls; + struct GNUNET_GNSRECORD_Data rd[1]; + + rd[0].data_size = GNUNET_CRYPTO_cpabe_serialize_master_key (as_handle->abe_key, + (void**)&rd[0].data); + rd[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_MASTER; + rd[0].flags = GNUNET_GNSRECORD_RF_NONE | GNUNET_GNSRECORD_RF_PRIVATE; + rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane? + as_handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, + &as_handle->identity, + "+", + 1, + rd, + &store_bootstrap_cont, + as_handle); +} + +void +store_cont_abe_error (void *cls) +{ + GNUNET_SCHEDULER_add_now (&do_shutdown, cls); +} + +void +store_cont_abe_result (void *cls, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, + const char *label, + unsigned int rd_count, + const struct GNUNET_GNSRECORD_Data *rd) +{ + struct AttributeStoreHandle *handle = cls; + int i; + + for (i=0;iabe_key = GNUNET_CRYPTO_cpabe_deserialize_master_key ((void**)rd[i].data, + rd[i].data_size); + GNUNET_SCHEDULER_add_now (&attr_collect_task, handle); + return; + } + + //No ABE master found, bootstrapping... + handle->abe_key = GNUNET_CRYPTO_cpabe_create_master_key (); + GNUNET_SCHEDULER_add_now (&store_bootstrap_task, handle); +} + + +/** + * Checks a store message + * + * @param cls client sending the message + * @param sam message of type `struct AttributeStoreMessage` + * @return #GNUNET_OK if @a im is well-formed + */ +static int +check_attribute_store_message(void *cls, + const struct AttributeStoreMessage *sam) +{ + uint16_t size; + uint32_t name_len; + + size = ntohs (sam->header.size); + if (size <= sizeof (struct AttributeStoreMessage)) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + name_len = ntohs (sam->name_len); + if (0 <= name_len) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Malformed store message received!\n"); + GNUNET_break (0); + return GNUNET_SYSERR; + } + return GNUNET_OK; +} + +/** + * + * Handler for store message + * + * @param cls unused + * @param client who sent the message + * @param message the message + */ +static void +handle_attribute_store_message (void *cls, + const struct AttributeStoreMessage *sam) +{ + struct AttributeStoreHandle *as_handle; + struct GNUNET_SERVICE_Client *client = cls; + size_t name_len; + size_t data_len; + char *attribute_value; + + name_len = ntohs (sam->name_len); + data_len = ntohs (sam->attr_value_len); + + as_handle = GNUNET_new (struct AttributeStoreHandle); + as_handle->name = GNUNET_strndup ((char*)&sam[1], name_len); + attribute_value = (char*)&sam[1] + name_len; + + as_handle->r_id = sam->id; + as_handle->identity = sam->identity; + GNUNET_CRYPTO_ecdsa_key_get_public (&sam->identity, + &as_handle->identity_pkey); + as_handle->attribute_value = GNUNET_malloc (data_len); + GNUNET_memcpy (as_handle->attribute_value, + attribute_value, + data_len); + as_handle->attribute_value_len = data_len; + + GNUNET_SERVICE_client_continue (client); + as_handle->client = client; + as_handle->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle, + &as_handle->identity, + "+", + &store_cont_abe_error, + as_handle, + &store_cont_abe_result, + as_handle); +} + /** * Main function that will be run @@ -1435,5 +1664,9 @@ GNUNET_SERVICE_MAIN GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_EXCHANGE, struct ExchangeMessage, NULL), + GNUNET_MQ_hd_var_size (attribute_store_message, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE, + struct AttributeStoreMessage, + NULL), GNUNET_MQ_handler_end()); /* end of gnunet-service-identity-provider.c */ diff --git a/src/identity-provider/identity_provider.h b/src/identity-provider/identity_provider.h index 9d2675c35..47d3f0945 100644 --- a/src/identity-provider/identity_provider.h +++ b/src/identity-provider/identity_provider.h @@ -173,6 +173,66 @@ struct ExchangeMessage }; +/** + * Use to store an identity attribute + */ +struct AttributeStoreMessage +{ + /** + * Type: #GNUNET_MESSAGE_TYPE_IDENTITY_SET_DEFAULT + */ + struct GNUNET_MessageHeader header; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + + /** + * The attribute type + */ + uint32_t attribute_type GNUNET_PACKED; + + /** + * The length of the attribute name + */ + uint32_t name_len GNUNET_PACKED; + + /** + * The length of the attribute value + */ + uint32_t attr_value_len GNUNET_PACKED; + + /** + * Identity + */ + struct GNUNET_CRYPTO_EcdsaPrivateKey identity; + + /* followed by the name of attribute as string and value data */ + +}; + +/** + * Attribute store response message + */ +struct AttributeStoreResponseMessage +{ + /** + * Message header + */ + struct GNUNET_MessageHeader header; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + + /** + * #GNUNET_SYSERR on failure, #GNUNET_OK on success + */ + int32_t op_result GNUNET_PACKED; + +}; GNUNET_NETWORK_STRUCT_END diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c index 9a3304334..bbc2bb70a 100644 --- a/src/identity-provider/identity_provider_api.c +++ b/src/identity-provider/identity_provider_api.c @@ -74,6 +74,11 @@ struct GNUNET_IDENTITY_PROVIDER_Operation */ GNUNET_IDENTITY_PROVIDER_IssueCallback iss_cb; + /** + * Continuation to invoke after attribute store call + */ + GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus as_cb; + /** * Envelope with the message for this queue entry. */ @@ -355,6 +360,53 @@ handle_result (void *cls, } + + +/** + * Handle an incoming message of type + * #GNUNET_MESSAGE_TYPE_NAMESTORE_RECORD_STORE_RESPONSE + * + * @param cls + * @param msg the message we received + */ +static void +handle_attribute_store_response (void *cls, + const struct AttributeStoreResponseMessage *msg) +{ + struct GNUNET_IDENTITY_PROVIDER_Handle *h = cls; + struct GNUNET_IDENTITY_PROVIDER_Operation *op; + uint32_t r_id = ntohl (msg->id); + int res; + const char *emsg; + + for (op = h->op_head; NULL != op; op = op->next) + if (op->r_id == r_id) + break; + if (NULL == op) + return; + + res = ntohl (msg->op_result); + LOG (GNUNET_ERROR_TYPE_DEBUG, + "Received ATTRIBUTE_STORE_RESPONSE with result %d\n", + res); + + /* TODO: add actual error message to response... */ + if (GNUNET_SYSERR == res) + emsg = _("failed to store record\n"); + else + emsg = NULL; + if (NULL != op->as_cb) + op->as_cb (op->cls, + res, + emsg); + GNUNET_CONTAINER_DLL_remove (h->op_head, + h->op_tail, + op); + GNUNET_free (op); + +} + + /** * Try again to connect to the service. * @@ -364,6 +416,10 @@ static void reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h) { struct GNUNET_MQ_MessageHandler handlers[] = { + GNUNET_MQ_hd_fixed_size (attribute_store_response, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE, + struct AttributeStoreResponseMessage, + h), GNUNET_MQ_hd_var_size (result, GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_RESULT, struct IssueResultMessage, @@ -372,6 +428,7 @@ reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h) GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_EXCHANGE_RESULT, struct ExchangeResultMessage, h), + GNUNET_MQ_handler_end () }; struct GNUNET_IDENTITY_PROVIDER_Operation *op; @@ -645,6 +702,65 @@ GNUNET_IDENTITY_PROVIDER_ticket_destroy(struct GNUNET_IDENTITY_PROVIDER_Ticket * GNUNET_free (ticket); } +/** + * Store an attribute. If the attribute is already present, + * it is replaced with the new attribute. + * + * @param h handle to the identity provider + * @param pkey private key of the identity + * @param name the attribute name + * @param value the attribute value + * @param cont continuation to call when done + * @param cont_cls closure for @a cont + * @return handle to abort the request + */ +struct GNUNET_IDENTITY_PROVIDER_Operation * +GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle *h, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey, + const char* name, + const struct GNUNET_IDENTITY_PROVIDER_Attribute *value, + GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cont, + void *cont_cls) +{ + struct GNUNET_IDENTITY_PROVIDER_Operation *op; + struct AttributeStoreMessage *sam; + size_t name_len; + char *name_tmp; + char *attr_ser; + + + name_len = strlen (name) + 1; + if (name_len >= GNUNET_MAX_MESSAGE_SIZE - sizeof (struct AttributeStoreMessage)) + { + GNUNET_break (0); + return NULL; + } + op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation); + op->h = h; + op->as_cb = cont; + op->cls = cont_cls; + op->r_id = h->r_id_gen++; + GNUNET_CONTAINER_DLL_insert_tail (h->op_head, + h->op_tail, + op); + op->env = GNUNET_MQ_msg_extra (sam, + name_len + value->data_size, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE); + sam->identity = *pkey; + sam->id = htonl (op->r_id); + sam->attr_value_len = htons (value->data_size); + sam->name_len = htons (name_len); + name_tmp = (char *) &sam[1]; + GNUNET_memcpy (name_tmp, name, name_len); + attr_ser = &name_tmp[name_len]; + GNUNET_memcpy (attr_ser, value->data, value->data_size); + if (NULL != h->mq) + GNUNET_MQ_send_copy (h->mq, + op->env); + return op; + +} + diff --git a/src/include/gnunet_identity_provider_service.h b/src/include/gnunet_identity_provider_service.h index ba727eb92..2349e7012 100644 --- a/src/include/gnunet_identity_provider_service.h +++ b/src/include/gnunet_identity_provider_service.h @@ -66,6 +66,53 @@ struct GNUNET_IDENTITY_PROVIDER_Ticket; */ struct GNUNET_IDENTITY_PROVIDER_Operation; +/** + * Flags that can be set for an attribute. + */ +enum GNUNET_IDENTITY_PROVIDER_AttributeType +{ + + /** + * No value attribute. + */ + GNUNET_IDENTITY_PROVIDER_AT_NULL = 0, + + /** + * String attribute. + */ + GNUNET_IDENTITY_PROVIDER_AT_STRING = 1, + +}; + + + +/** + * An attribute. + */ +struct GNUNET_IDENTITY_PROVIDER_Attribute +{ + + /** + * Binary value stored as attribute value. Note: "data" must never + * be individually 'malloc'ed, but instead always points into some + * existing data area. + */ + const void *data; + + /** + * Number of bytes in @e data. + */ + size_t data_size; + + /** + * Type of Attribute. + */ + uint32_t attribute_type; + +}; + + + /** * Method called when a token has been exchanged for a ticket. * On success returns a token @@ -107,6 +154,44 @@ typedef void struct GNUNET_IDENTITY_PROVIDER_Handle * GNUNET_IDENTITY_PROVIDER_connect (const struct GNUNET_CONFIGURATION_Handle *cfg); +/** + * Continuation called to notify client about result of the + * operation. + * + * @param cls closure + * @param success #GNUNET_SYSERR on failure (including timeout/queue drop/failure to validate) + * #GNUNET_NO if content was already there or not found + * #GNUNET_YES (or other positive value) on success + * @param emsg NULL on success, otherwise an error message + */ +typedef void +(*GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus) (void *cls, + int32_t success, + const char *emsg); + + +/** + * Store an attribute. If the attribute is already present, + * it is replaced with the new attribute. + * + * @param h handle to the identity provider + * @param pkey private key of the identity + * @param name the attribute name + * @param value the attribute value + * @param cont continuation to call when done + * @param cont_cls closure for @a cont + * @return handle to abort the request + */ +struct GNUNET_IDENTITY_PROVIDER_Operation * +GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle *h, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey, + const char* name, + const struct GNUNET_IDENTITY_PROVIDER_Attribute *value, + GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cont, + void *cont_cls); + + + /** * Issue a token for a specific audience. @@ -123,14 +208,14 @@ GNUNET_IDENTITY_PROVIDER_connect (const struct GNUNET_CONFIGURATION_Handle *cfg) */ struct GNUNET_IDENTITY_PROVIDER_Operation * GNUNET_IDENTITY_PROVIDER_issue_token (struct GNUNET_IDENTITY_PROVIDER_Handle *id, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss_key, - const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, - const char* scope, - const char* vattr, - struct GNUNET_TIME_Absolute expiration, - uint64_t nonce, - GNUNET_IDENTITY_PROVIDER_IssueCallback cb, - void *cb_cls); + const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss_key, + const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, + const char* scope, + const char* vattr, + struct GNUNET_TIME_Absolute expiration, + uint64_t nonce, + GNUNET_IDENTITY_PROVIDER_IssueCallback cb, + void *cb_cls); /** @@ -146,10 +231,10 @@ GNUNET_IDENTITY_PROVIDER_issue_token (struct GNUNET_IDENTITY_PROVIDER_Handle *id */ struct GNUNET_IDENTITY_PROVIDER_Operation * GNUNET_IDENTITY_PROVIDER_exchange_ticket (struct GNUNET_IDENTITY_PROVIDER_Handle *id, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *aud_privkey, - GNUNET_IDENTITY_PROVIDER_ExchangeCallback cont, - void *cont_cls); + const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *aud_privkey, + GNUNET_IDENTITY_PROVIDER_ExchangeCallback cont, + void *cont_cls); /** diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h index 455a8292b..5841bd4f8 100644 --- a/src/include/gnunet_protocols.h +++ b/src/include/gnunet_protocols.h @@ -2628,6 +2628,10 @@ extern "C" #define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_EXCHANGE_RESULT 964 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE 965 + +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE 966 + /************************************************** * -- cgit v1.2.3 From d5ec12fdbc288f376ee2ee18aceb00e338191f28 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sat, 16 Sep 2017 09:44:32 +0200 Subject: -move idp gns record handling to identity-provider --- src/identity-provider/Makefile.am | 13 +- .../plugin_gnsrecord_identity_provider.c | 251 +++++++++++++++++++++ src/identity/Makefile.am | 11 +- src/identity/plugin_gnsrecord_identity.c | 251 --------------------- 4 files changed, 263 insertions(+), 263 deletions(-) create mode 100644 src/identity-provider/plugin_gnsrecord_identity_provider.c delete mode 100644 src/identity/plugin_gnsrecord_identity.c diff --git a/src/identity-provider/Makefile.am b/src/identity-provider/Makefile.am index 4f5738692..ab0c2f67e 100644 --- a/src/identity-provider/Makefile.am +++ b/src/identity-provider/Makefile.am @@ -22,7 +22,8 @@ pkgcfg_DATA = \ lib_LTLIBRARIES = \ libgnunetidentityprovider.la plugin_LTLIBRARIES = \ - libgnunet_plugin_rest_identity_provider.la + libgnunet_plugin_rest_identity_provider.la \ + libgnunet_plugin_gnsrecord_identity_provider.la bin_PROGRAMS = \ gnunet-identity-token \ @@ -31,6 +32,15 @@ bin_PROGRAMS = \ libexec_PROGRAMS = \ gnunet-service-identity-provider +libgnunet_plugin_gnsrecord_identity_provider_la_SOURCES = \ + plugin_gnsrecord_identity_provider.c +libgnunet_plugin_gnsrecord_identity_provider_la_LIBADD = \ + $(top_builddir)/src/util/libgnunetutil.la \ + $(LTLIBINTL) +libgnunet_plugin_gnsrecord_identity_provider_la_LDFLAGS = \ + $(GN_PLUGIN_LDFLAGS) + + gnunet_service_identity_provider_SOURCES = \ gnunet-service-identity-provider.c \ identity_token.c @@ -68,7 +78,6 @@ libgnunet_plugin_rest_identity_provider_la_LIBADD = \ libgnunet_plugin_rest_identity_provider_la_LDFLAGS = \ $(GN_PLUGIN_LDFLAGS) - gnunet_idp_SOURCES = \ gnunet-idp.c gnunet_idp_LDADD = \ diff --git a/src/identity-provider/plugin_gnsrecord_identity_provider.c b/src/identity-provider/plugin_gnsrecord_identity_provider.c new file mode 100644 index 000000000..c26c04074 --- /dev/null +++ b/src/identity-provider/plugin_gnsrecord_identity_provider.c @@ -0,0 +1,251 @@ +/* + This file is part of GNUnet + Copyright (C) 2013, 2014 GNUnet e.V. + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. +*/ + +/** + * @file identity/plugin_gnsrecord_identity.c + * @brief gnsrecord plugin to provide the API for identity records + * @author Christian Grothoff + */ +#include "platform.h" +#include "gnunet_util_lib.h" +#include "gnunet_gnsrecord_lib.h" +#include "gnunet_gnsrecord_plugin.h" + + +/** + * Convert the 'value' of a record to a string. + * + * @param cls closure, unused + * @param type type of the record + * @param data value in binary encoding + * @param data_size number of bytes in @a data + * @return NULL on error, otherwise human-readable representation of the value + */ +static char * +value_to_string (void *cls, + uint32_t type, + const void *data, + size_t data_size) +{ + const struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; + const struct GNUNET_CRYPTO_EcdsaPublicKey *audience_pubkey; + const char *scopes; + char *ecdhe_str; + char *aud_str; + char *result; + + switch (type) + { + case GNUNET_GNSRECORD_TYPE_ID_ATTR: + case GNUNET_GNSRECORD_TYPE_ID_TOKEN: + return GNUNET_strndup (data, data_size); + case GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA: + ecdhe_privkey = data; + audience_pubkey = data+sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey); + scopes = (char*) audience_pubkey+(sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + ecdhe_str = GNUNET_STRINGS_data_to_string_alloc (ecdhe_privkey, + sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)); + aud_str = GNUNET_STRINGS_data_to_string_alloc (audience_pubkey, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + GNUNET_asprintf (&result, + "%s;%s;%s", + ecdhe_str, aud_str, scopes); + GNUNET_free (aud_str); + GNUNET_free (ecdhe_str); + return result; + + default: + return NULL; + } +} + + +/** + * Convert human-readable version of a 'value' of a record to the binary + * representation. + * + * @param cls closure, unused + * @param type type of the record + * @param s human-readable string + * @param data set to value in binary encoding (will be allocated) + * @param data_size set to number of bytes in @a data + * @return #GNUNET_OK on success + */ +static int +string_to_value (void *cls, + uint32_t type, + const char *s, + void **data, + size_t *data_size) +{ + char* ecdhe_str; + char* aud_keystr; + char* write_ptr; + char* tmp_tok; + char* str; + + if (NULL == s) + return GNUNET_SYSERR; + switch (type) + { + case GNUNET_GNSRECORD_TYPE_ID_ATTR: + case GNUNET_GNSRECORD_TYPE_ID_TOKEN: + *data = GNUNET_strdup (s); + *data_size = strlen (s); + return GNUNET_OK; + case GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA: + tmp_tok = GNUNET_strdup (s); + ecdhe_str = strtok (tmp_tok, ";"); + if (NULL == ecdhe_str) + { + GNUNET_free (tmp_tok); + return GNUNET_SYSERR; + } + aud_keystr = strtok (NULL, ";"); + if (NULL == aud_keystr) + { + GNUNET_free (tmp_tok); + return GNUNET_SYSERR; + } + str = strtok (NULL, ";"); + if (NULL == str) + { + GNUNET_free (tmp_tok); + return GNUNET_SYSERR; + } + *data_size = strlen (str) + 1 + +sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey) + +sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey); + *data = GNUNET_malloc (*data_size); + + write_ptr = *data; + GNUNET_STRINGS_string_to_data (ecdhe_str, + strlen (ecdhe_str), + write_ptr, + sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)); + write_ptr += sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey); + GNUNET_STRINGS_string_to_data (aud_keystr, + strlen (aud_keystr), + write_ptr, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + write_ptr += sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey); + GNUNET_memcpy (write_ptr, str, strlen (str) + 1); //with 0-Terminator + GNUNET_free (tmp_tok); + return GNUNET_OK; + + default: + return GNUNET_SYSERR; + } +} + + +/** + * Mapping of record type numbers to human-readable + * record type names. + */ + static struct { + const char *name; + uint32_t number; + } name_map[] = { + { "ID_ATTR", GNUNET_GNSRECORD_TYPE_ID_ATTR }, + { "ID_TOKEN", GNUNET_GNSRECORD_TYPE_ID_TOKEN }, + { "ID_TOKEN_METADATA", GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA }, + { NULL, UINT32_MAX } + }; + + +/** + * Convert a type name (i.e. "AAAA") to the corresponding number. + * + * @param cls closure, unused + * @param dns_typename name to convert + * @return corresponding number, UINT32_MAX on error + */ +static uint32_t +typename_to_number (void *cls, + const char *dns_typename) +{ + unsigned int i; + + i=0; + while ( (NULL != name_map[i].name) && + (0 != strcasecmp (dns_typename, name_map[i].name)) ) + i++; + return name_map[i].number; +} + + +/** + * Convert a type number (i.e. 1) to the corresponding type string (i.e. "A") + * + * @param cls closure, unused + * @param type number of a type to convert + * @return corresponding typestring, NULL on error + */ +static const char * +number_to_typename (void *cls, + uint32_t type) +{ + unsigned int i; + + i=0; + while ( (NULL != name_map[i].name) && + (type != name_map[i].number) ) + i++; + return name_map[i].name; +} + + +/** + * Entry point for the plugin. + * + * @param cls NULL + * @return the exported block API + */ +void * +libgnunet_plugin_gnsrecord_identity_init (void *cls) +{ + struct GNUNET_GNSRECORD_PluginFunctions *api; + + api = GNUNET_new (struct GNUNET_GNSRECORD_PluginFunctions); + api->value_to_string = &value_to_string; + api->string_to_value = &string_to_value; + api->typename_to_number = &typename_to_number; + api->number_to_typename = &number_to_typename; + return api; +} + + +/** + * Exit point from the plugin. + * + * @param cls the return value from #libgnunet_plugin_block_test_init + * @return NULL + */ +void * +libgnunet_plugin_gnsrecord_identity_done (void *cls) +{ + struct GNUNET_GNSRECORD_PluginFunctions *api = cls; + + GNUNET_free (api); + return NULL; +} + +/* end of plugin_gnsrecord_dns.c */ diff --git a/src/identity/Makefile.am b/src/identity/Makefile.am index 94e8c5e94..b8e70fffb 100644 --- a/src/identity/Makefile.am +++ b/src/identity/Makefile.am @@ -42,8 +42,7 @@ libexec_PROGRAMS = \ if HAVE_MHD if HAVE_JSON plugin_LTLIBRARIES = \ - libgnunet_plugin_rest_identity.la \ - libgnunet_plugin_gnsrecord_identity.la + libgnunet_plugin_rest_identity.la endif endif @@ -55,14 +54,6 @@ gnunet_service_identity_LDADD = \ $(top_builddir)/src/util/libgnunetutil.la \ $(GN_LIBINTL) -libgnunet_plugin_gnsrecord_identity_la_SOURCES = \ - plugin_gnsrecord_identity.c -libgnunet_plugin_gnsrecord_identity_la_LIBADD = \ - $(top_builddir)/src/util/libgnunetutil.la \ - $(LTLIBINTL) -libgnunet_plugin_gnsrecord_identity_la_LDFLAGS = \ - $(GN_PLUGIN_LDFLAGS) - libgnunet_plugin_rest_identity_la_SOURCES = \ plugin_rest_identity.c diff --git a/src/identity/plugin_gnsrecord_identity.c b/src/identity/plugin_gnsrecord_identity.c deleted file mode 100644 index c26c04074..000000000 --- a/src/identity/plugin_gnsrecord_identity.c +++ /dev/null @@ -1,251 +0,0 @@ -/* - This file is part of GNUnet - Copyright (C) 2013, 2014 GNUnet e.V. - - GNUnet is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published - by the Free Software Foundation; either version 3, or (at your - option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received a copy of the GNU General Public License - along with GNUnet; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. -*/ - -/** - * @file identity/plugin_gnsrecord_identity.c - * @brief gnsrecord plugin to provide the API for identity records - * @author Christian Grothoff - */ -#include "platform.h" -#include "gnunet_util_lib.h" -#include "gnunet_gnsrecord_lib.h" -#include "gnunet_gnsrecord_plugin.h" - - -/** - * Convert the 'value' of a record to a string. - * - * @param cls closure, unused - * @param type type of the record - * @param data value in binary encoding - * @param data_size number of bytes in @a data - * @return NULL on error, otherwise human-readable representation of the value - */ -static char * -value_to_string (void *cls, - uint32_t type, - const void *data, - size_t data_size) -{ - const struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; - const struct GNUNET_CRYPTO_EcdsaPublicKey *audience_pubkey; - const char *scopes; - char *ecdhe_str; - char *aud_str; - char *result; - - switch (type) - { - case GNUNET_GNSRECORD_TYPE_ID_ATTR: - case GNUNET_GNSRECORD_TYPE_ID_TOKEN: - return GNUNET_strndup (data, data_size); - case GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA: - ecdhe_privkey = data; - audience_pubkey = data+sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey); - scopes = (char*) audience_pubkey+(sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - ecdhe_str = GNUNET_STRINGS_data_to_string_alloc (ecdhe_privkey, - sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)); - aud_str = GNUNET_STRINGS_data_to_string_alloc (audience_pubkey, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - GNUNET_asprintf (&result, - "%s;%s;%s", - ecdhe_str, aud_str, scopes); - GNUNET_free (aud_str); - GNUNET_free (ecdhe_str); - return result; - - default: - return NULL; - } -} - - -/** - * Convert human-readable version of a 'value' of a record to the binary - * representation. - * - * @param cls closure, unused - * @param type type of the record - * @param s human-readable string - * @param data set to value in binary encoding (will be allocated) - * @param data_size set to number of bytes in @a data - * @return #GNUNET_OK on success - */ -static int -string_to_value (void *cls, - uint32_t type, - const char *s, - void **data, - size_t *data_size) -{ - char* ecdhe_str; - char* aud_keystr; - char* write_ptr; - char* tmp_tok; - char* str; - - if (NULL == s) - return GNUNET_SYSERR; - switch (type) - { - case GNUNET_GNSRECORD_TYPE_ID_ATTR: - case GNUNET_GNSRECORD_TYPE_ID_TOKEN: - *data = GNUNET_strdup (s); - *data_size = strlen (s); - return GNUNET_OK; - case GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA: - tmp_tok = GNUNET_strdup (s); - ecdhe_str = strtok (tmp_tok, ";"); - if (NULL == ecdhe_str) - { - GNUNET_free (tmp_tok); - return GNUNET_SYSERR; - } - aud_keystr = strtok (NULL, ";"); - if (NULL == aud_keystr) - { - GNUNET_free (tmp_tok); - return GNUNET_SYSERR; - } - str = strtok (NULL, ";"); - if (NULL == str) - { - GNUNET_free (tmp_tok); - return GNUNET_SYSERR; - } - *data_size = strlen (str) + 1 - +sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey) - +sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey); - *data = GNUNET_malloc (*data_size); - - write_ptr = *data; - GNUNET_STRINGS_string_to_data (ecdhe_str, - strlen (ecdhe_str), - write_ptr, - sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)); - write_ptr += sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey); - GNUNET_STRINGS_string_to_data (aud_keystr, - strlen (aud_keystr), - write_ptr, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - write_ptr += sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey); - GNUNET_memcpy (write_ptr, str, strlen (str) + 1); //with 0-Terminator - GNUNET_free (tmp_tok); - return GNUNET_OK; - - default: - return GNUNET_SYSERR; - } -} - - -/** - * Mapping of record type numbers to human-readable - * record type names. - */ - static struct { - const char *name; - uint32_t number; - } name_map[] = { - { "ID_ATTR", GNUNET_GNSRECORD_TYPE_ID_ATTR }, - { "ID_TOKEN", GNUNET_GNSRECORD_TYPE_ID_TOKEN }, - { "ID_TOKEN_METADATA", GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA }, - { NULL, UINT32_MAX } - }; - - -/** - * Convert a type name (i.e. "AAAA") to the corresponding number. - * - * @param cls closure, unused - * @param dns_typename name to convert - * @return corresponding number, UINT32_MAX on error - */ -static uint32_t -typename_to_number (void *cls, - const char *dns_typename) -{ - unsigned int i; - - i=0; - while ( (NULL != name_map[i].name) && - (0 != strcasecmp (dns_typename, name_map[i].name)) ) - i++; - return name_map[i].number; -} - - -/** - * Convert a type number (i.e. 1) to the corresponding type string (i.e. "A") - * - * @param cls closure, unused - * @param type number of a type to convert - * @return corresponding typestring, NULL on error - */ -static const char * -number_to_typename (void *cls, - uint32_t type) -{ - unsigned int i; - - i=0; - while ( (NULL != name_map[i].name) && - (type != name_map[i].number) ) - i++; - return name_map[i].name; -} - - -/** - * Entry point for the plugin. - * - * @param cls NULL - * @return the exported block API - */ -void * -libgnunet_plugin_gnsrecord_identity_init (void *cls) -{ - struct GNUNET_GNSRECORD_PluginFunctions *api; - - api = GNUNET_new (struct GNUNET_GNSRECORD_PluginFunctions); - api->value_to_string = &value_to_string; - api->string_to_value = &string_to_value; - api->typename_to_number = &typename_to_number; - api->number_to_typename = &number_to_typename; - return api; -} - - -/** - * Exit point from the plugin. - * - * @param cls the return value from #libgnunet_plugin_block_test_init - * @return NULL - */ -void * -libgnunet_plugin_gnsrecord_identity_done (void *cls) -{ - struct GNUNET_GNSRECORD_PluginFunctions *api = cls; - - GNUNET_free (api); - return NULL; -} - -/* end of plugin_gnsrecord_dns.c */ -- cgit v1.2.3 From 67e0d73709ef557b52ba0527291d68c17fd6c60a Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sat, 16 Sep 2017 22:39:15 +0200 Subject: -various fixes; add attribute list API --- src/identity-provider/Makefile.am | 7 +- src/identity-provider/gnunet-idp.c | 70 +-- .../gnunet-service-identity-provider.c | 562 +++++++++++++++++---- src/identity-provider/identity_attribute.c | 140 +++++ src/identity-provider/identity_attribute.h | 103 ++++ src/identity-provider/identity_provider.h | 111 +++- src/identity-provider/identity_provider_api.c | 352 ++++++++++++- .../plugin_gnsrecord_identity_provider.c | 29 +- src/identity-provider/test_idp.sh | 1 + src/include/gnunet_crypto_lib.h | 2 +- src/include/gnunet_identity_provider_service.h | 108 +++- src/include/gnunet_protocols.h | 7 + src/util/crypto_abe.c | 5 +- 13 files changed, 1296 insertions(+), 201 deletions(-) create mode 100644 src/identity-provider/identity_attribute.c create mode 100644 src/identity-provider/identity_attribute.h diff --git a/src/identity-provider/Makefile.am b/src/identity-provider/Makefile.am index ab0c2f67e..106c8a92b 100644 --- a/src/identity-provider/Makefile.am +++ b/src/identity-provider/Makefile.am @@ -43,7 +43,8 @@ libgnunet_plugin_gnsrecord_identity_provider_la_LDFLAGS = \ gnunet_service_identity_provider_SOURCES = \ gnunet-service-identity-provider.c \ - identity_token.c + identity_token.c \ + identity_attribute.h gnunet_service_identity_provider_LDADD = \ $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \ $(top_builddir)/src/util/libgnunetutil.la \ @@ -51,13 +52,15 @@ gnunet_service_identity_provider_LDADD = \ $(top_builddir)/src/identity/libgnunetidentity.la \ $(top_builddir)/src/statistics/libgnunetstatistics.la \ $(top_builddir)/src/credential/libgnunetcredential.la \ + $(top_builddir)/src/identity-provider/libgnunetidentityprovider.la \ $(top_builddir)/src/gns/libgnunetgns.la \ $(GN_LIBINTL) \ -ljansson libgnunetidentityprovider_la_SOURCES = \ identity_provider_api.c \ - identity_provider.h + identity_provider.h \ + identity_attribute.c libgnunetidentityprovider_la_LIBADD = \ $(top_builddir)/src/util/libgnunetutil.la \ $(GN_LIBINTL) $(XLIB) diff --git a/src/identity-provider/gnunet-idp.c b/src/identity-provider/gnunet-idp.c index b4785580a..264d77ba2 100644 --- a/src/identity-provider/gnunet-idp.c +++ b/src/identity-provider/gnunet-idp.c @@ -77,9 +77,9 @@ static struct GNUNET_IDENTITY_PROVIDER_Operation *idp_op; static struct GNUNET_NAMESTORE_Handle *namestore_handle; /** - * Namestore iterator + * Attribute iterator */ -static struct GNUNET_NAMESTORE_ZoneIterator *ns_iterator; +static struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *attr_iterator; /** * Namestore queue @@ -96,8 +96,10 @@ do_cleanup(void *cls) { if (NULL != ns_qe) GNUNET_NAMESTORE_cancel (ns_qe); - if (NULL != ns_iterator) - GNUNET_NAMESTORE_zone_iteration_stop (ns_iterator); + if (NULL != attr_iterator) + GNUNET_IDENTITY_PROVIDER_get_attributes_stop (attr_iterator); + if (NULL != idp_handle) + GNUNET_IDENTITY_PROVIDER_disconnect (idp_handle); if (NULL != namestore_handle) GNUNET_NAMESTORE_disconnect (namestore_handle); if (NULL != identity_handle) @@ -152,7 +154,7 @@ store_abe_cont (void *cls, static void iter_error (void *cls) { - ns_iterator = NULL; + attr_iterator = NULL; GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to iterate over attributes\n"); GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); @@ -161,37 +163,19 @@ iter_error (void *cls) static void iter_finished (void *cls) { - ns_iterator = NULL; + attr_iterator = NULL; GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); } static void iter_cb (void *cls, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, - const char *label, - unsigned int rd_count, - const struct GNUNET_GNSRECORD_Data *rd) + const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, + const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr) { - struct GNUNET_CRYPTO_AbeKey *key; - int i; - char *attr_value; - char* attrs[2]; - for (i=0;iname, (char*)attr->data); + GNUNET_IDENTITY_PROVIDER_get_attributes_next (attr_iterator); } static void @@ -235,25 +219,23 @@ abe_lookup_cb (void *cls, } if (list) { - ns_iterator = GNUNET_NAMESTORE_zone_iteration_start (namestore_handle, - zone, - &iter_error, - NULL, - &iter_cb, - NULL, - &iter_finished, - NULL); + attr_iterator = GNUNET_IDENTITY_PROVIDER_get_attributes_start (idp_handle, + zone, + &iter_error, + NULL, + &iter_cb, + NULL, + &iter_finished, + NULL); return; } - struct GNUNET_IDENTITY_PROVIDER_Attribute *attr; - attr = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_Attribute) + strlen (attr_value) + 1); - attr->attribute_type = GNUNET_IDENTITY_PROVIDER_AT_STRING; - attr->data = &attr[1]; - attr->data_size = strlen (attr_value) + 1; + struct GNUNET_IDENTITY_PROVIDER_Attribute *attr = GNUNET_IDENTITY_PROVIDER_attribute_new (attr_name, + GNUNET_IDENTITY_PROVIDER_AT_STRING, + attr_value, + strlen (attr_value)); idp_op = GNUNET_IDENTITY_PROVIDER_attribute_store (idp_handle, zone, - attr_name, attr, &store_attr_cont, NULL); diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 5663a7681..0ce70aed3 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -36,6 +36,7 @@ #include "gnunet_signatures.h" #include "identity_provider.h" #include "identity_token.h" +#include "identity_attribute.h" #include /** @@ -129,13 +130,134 @@ static struct GNUNET_STATISTICS_Handle *stats; */ static const struct GNUNET_CONFIGURATION_Handle *cfg; +/** + * An idp client + */ +struct IdpClient; + +/** + * Callback after an ABE bootstrap + * + * @param cls closure + * @param abe_key the ABE key that exists or was created + */ +typedef void +(*AbeBootstrapResult) (void *cls, + struct GNUNET_CRYPTO_AbeMasterKey *abe_key); + + +struct AbeBootstrapHandle +{ + /** + * Function to call when finished + */ + AbeBootstrapResult proc; + + /** + * Callback closure + */ + char *proc_cls; + + /** + * Key of the zone we are iterating over. + */ + struct GNUNET_CRYPTO_EcdsaPrivateKey identity; + + /** + * Namestore Queue Entry + */ + struct GNUNET_NAMESTORE_QueueEntry *ns_qe; + + /** + * The issuer egos ABE master key + */ + struct GNUNET_CRYPTO_AbeMasterKey *abe_key; +}; + +/** + * An attribute iteration operation. + */ +struct AttributeIterator +{ + /** + * Next element in the DLL + */ + struct AttributeIterator *next; + + /** + * Previous element in the DLL + */ + struct AttributeIterator *prev; + + /** + * IDP client which intiated this zone iteration + */ + struct IdpClient *client; + + /** + * Key of the zone we are iterating over. + */ + struct GNUNET_CRYPTO_EcdsaPrivateKey identity; + + /** + * The issuer egos ABE master key + */ + struct GNUNET_CRYPTO_AbeMasterKey *abe_key; + + /** + * Namestore iterator + */ + struct GNUNET_NAMESTORE_ZoneIterator *ns_it; + + /** + * The operation id fot the zone iteration in the response for the client + */ + uint32_t request_id; + +}; + + + +/** + * An idp client + */ +struct IdpClient +{ + + /** + * The client + */ + struct GNUNET_SERVICE_Client *client; + + /** + * Message queue for transmission to @e client + */ + struct GNUNET_MQ_Handle *mq; + + /** + * Head of the DLL of + * Attribute iteration operations in + * progress initiated by this client + */ + struct AttributeIterator *op_head; + + /** + * Tail of the DLL of + * Attribute iteration operations + * in progress initiated by this client + */ + struct AttributeIterator *op_tail; +}; + + + struct AttributeStoreHandle { /** * Client connection */ - struct GNUNET_SERVICE_Client *client; + struct IdpClient *client; /** * Identity @@ -158,19 +280,9 @@ struct AttributeStoreHandle struct GNUNET_NAMESTORE_QueueEntry *ns_qe; /** - * The attribute name + * The attribute to store */ - char *name; - - /** - * The attribute value - */ - char *attribute_value; - - /** - * Size of the attribute value - */ - size_t attribute_value_len; + struct GNUNET_IDENTITY_PROVIDER_Attribute *attribute; /** * request id @@ -206,7 +318,7 @@ struct ExchangeHandle /** * Client connection */ - struct GNUNET_SERVICE_Client *client; + struct IdpClient *client; /** * Ticket @@ -267,7 +379,7 @@ struct IssueHandle /** * Client connection */ - struct GNUNET_SERVICE_Client *client; + struct IdpClient *client; /** * Issuer Key @@ -541,7 +653,7 @@ store_record_issue_cont (void *cls, ticket_str, token_str, handle->r_id); - GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(handle->client), + GNUNET_MQ_send (handle->client->mq, env); cleanup_issue_handle (handle); GNUNET_free (ticket_str); @@ -664,7 +776,7 @@ sign_and_return_token (void *cls) handle->label, handle->ticket->payload->nonce, handle->r_id); - GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(handle->client), + GNUNET_MQ_send (handle->client->mq, env); cleanup_exchange_handle (handle); GNUNET_free (token_str); @@ -1141,7 +1253,7 @@ handle_exchange_message (void *cls, const struct ExchangeMessage *xm) { struct ExchangeHandle *xchange_handle; - struct GNUNET_SERVICE_Client *client = cls; + struct IdpClient *idp = cls; const char *ticket; char *lookup_query; @@ -1157,7 +1269,7 @@ handle_exchange_message (void *cls, &xchange_handle->ticket)) { GNUNET_free (xchange_handle); - GNUNET_SERVICE_client_drop (client); + GNUNET_SERVICE_client_drop (idp->client); return; } GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Looking for ABE key under %s\n", @@ -1165,8 +1277,8 @@ handle_exchange_message (void *cls, GNUNET_asprintf (&lookup_query, "%s.gnu", xchange_handle->ticket->payload->label); - GNUNET_SERVICE_client_continue (client); - xchange_handle->client = client; + GNUNET_SERVICE_client_continue (idp->client); + xchange_handle->client = idp; xchange_handle->token = token_create (&xchange_handle->ticket->payload->identity_key, &xchange_handle->ticket->payload->identity_key); xchange_handle->lookup_request @@ -1278,7 +1390,7 @@ handle_issue_message (void *cls, uint64_t rnd_key; struct GNUNET_HashCode key; struct IssueHandle *issue_handle; - struct GNUNET_SERVICE_Client *client = cls; + struct IdpClient *idp = cls; scopes = (const char *) &im[1]; //v_attrs = (const char *) &im[1] + ntohl(im->scope_len); @@ -1319,8 +1431,8 @@ handle_issue_message (void *cls, &issue_handle->iss_pkey); issue_handle->expiration = GNUNET_TIME_absolute_ntoh (im->expiration); issue_handle->nonce = ntohl (im->nonce); - GNUNET_SERVICE_client_continue (client); - issue_handle->client = client; + GNUNET_SERVICE_client_continue (idp->client); + issue_handle->client = idp; issue_handle->scopes = GNUNET_strdup (scopes); issue_handle->token = token_create (&issue_handle->iss_pkey, &issue_handle->aud_key); @@ -1342,10 +1454,10 @@ handle_issue_message (void *cls, static void cleanup_as_handle (struct AttributeStoreHandle *handle) { - if (NULL != handle->name) - GNUNET_free (handle->name); - if (NULL != handle->attribute_value) - GNUNET_free (handle->attribute_value); + if (NULL != handle->attribute) + GNUNET_free (handle->attribute); + if (NULL != handle->abe_key) + GNUNET_free (handle->abe_key); GNUNET_free (handle); } @@ -1375,104 +1487,154 @@ attr_store_cont (void *cls, GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE); acr_msg->id = htonl (as_handle->r_id); acr_msg->op_result = htonl (GNUNET_OK); - GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(as_handle->client), + GNUNET_MQ_send (as_handle->client->mq, env); cleanup_as_handle (as_handle); } -void +static void attr_store_task (void *cls) { struct AttributeStoreHandle *as_handle = cls; struct GNUNET_GNSRECORD_Data rd[1]; + char* buf; + size_t buf_size; + + buf_size = attribute_serialize_get_size (as_handle->attribute); + buf = GNUNET_malloc (buf_size); + + attribute_serialize (as_handle->attribute, + buf); /** * Encrypt the attribute value and store in namestore */ - rd[0].data_size = GNUNET_CRYPTO_cpabe_encrypt (as_handle->attribute_value, - as_handle->attribute_value_len, - as_handle->name, //Policy + rd[0].data_size = GNUNET_CRYPTO_cpabe_encrypt (buf, + buf_size, + as_handle->attribute->name, //Policy as_handle->abe_key, (void**)&rd[0].data); + GNUNET_free (buf); rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR; - rd[0].flags = GNUNET_GNSRECORD_RF_NONE; + rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane? as_handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, &as_handle->identity, - as_handle->name, + as_handle->attribute->name, 1, rd, &attr_store_cont, as_handle); + GNUNET_free ((void*)rd[0].data); } -void -store_bootstrap_cont (void *cls, +static void +bootstrap_store_cont (void *cls, int32_t success, const char *emsg) { + struct AbeBootstrapHandle *abh = cls; if (GNUNET_SYSERR == success) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to bootstrap ABE master %s\n", emsg); - GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); + abh->proc (abh->proc_cls, NULL); + GNUNET_free (abh->abe_key); + GNUNET_free (abh); return; } - GNUNET_SCHEDULER_add_now (&attr_store_task, cls); + abh->proc (abh->proc_cls, abh->abe_key); + GNUNET_free (abh); } -void -store_bootstrap_task (void *cls) +static void +bootstrap_store_task (void *cls) { - struct AttributeStoreHandle *as_handle = cls; + struct AbeBootstrapHandle *abh = cls; struct GNUNET_GNSRECORD_Data rd[1]; - rd[0].data_size = GNUNET_CRYPTO_cpabe_serialize_master_key (as_handle->abe_key, + rd[0].data_size = GNUNET_CRYPTO_cpabe_serialize_master_key (abh->abe_key, (void**)&rd[0].data); rd[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_MASTER; rd[0].flags = GNUNET_GNSRECORD_RF_NONE | GNUNET_GNSRECORD_RF_PRIVATE; rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane? - as_handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, - &as_handle->identity, - "+", - 1, - rd, - &store_bootstrap_cont, - as_handle); + abh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, + &abh->identity, + "+", + 1, + rd, + &bootstrap_store_cont, + abh); } -void -store_cont_abe_error (void *cls) +static void +bootstrap_abe_error (void *cls) { - GNUNET_SCHEDULER_add_now (&do_shutdown, cls); + struct AbeBootstrapHandle *abh = cls; + GNUNET_free (abh); + abh->proc (abh->proc_cls, NULL); + GNUNET_free (abh); } -void -store_cont_abe_result (void *cls, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, - const char *label, - unsigned int rd_count, - const struct GNUNET_GNSRECORD_Data *rd) + + +static void +bootstrap_abe_result (void *cls, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, + const char *label, + unsigned int rd_count, + const struct GNUNET_GNSRECORD_Data *rd) { - struct AttributeStoreHandle *handle = cls; + struct AbeBootstrapHandle *abh = cls; + struct GNUNET_CRYPTO_AbeMasterKey *abe_key; int i; for (i=0;iabe_key = GNUNET_CRYPTO_cpabe_deserialize_master_key ((void**)rd[i].data, - rd[i].data_size); - GNUNET_SCHEDULER_add_now (&attr_collect_task, handle); + abe_key = GNUNET_CRYPTO_cpabe_deserialize_master_key ((void**)rd[i].data, + rd[i].data_size); + abh->proc (abh->proc_cls, abe_key); + GNUNET_free (abh); return; } //No ABE master found, bootstrapping... - handle->abe_key = GNUNET_CRYPTO_cpabe_create_master_key (); - GNUNET_SCHEDULER_add_now (&store_bootstrap_task, handle); + abh->abe_key = GNUNET_CRYPTO_cpabe_create_master_key (); + GNUNET_SCHEDULER_add_now (&bootstrap_store_task, abh); +} + +static void +bootstrap_abe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, + AbeBootstrapResult proc, + void* cls) +{ + struct AbeBootstrapHandle *abh; + + abh = GNUNET_new (struct AbeBootstrapHandle); + abh->proc = proc; + abh->proc_cls = cls; + abh->identity = *identity; + abh->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle, + identity, + "+", + &bootstrap_abe_error, + abh, + &bootstrap_abe_result, + abh); + } +static void +store_after_abe_bootstrap (void *cls, + struct GNUNET_CRYPTO_AbeMasterKey *abe_key) +{ + struct AttributeStoreHandle *ash = cls; + ash->abe_key = abe_key; + GNUNET_SCHEDULER_add_now (&attr_store_task, ash); +} /** * Checks a store message @@ -1486,7 +1648,6 @@ check_attribute_store_message(void *cls, const struct AttributeStoreMessage *sam) { uint16_t size; - uint32_t name_len; size = ntohs (sam->header.size); if (size <= sizeof (struct AttributeStoreMessage)) @@ -1494,17 +1655,10 @@ check_attribute_store_message(void *cls, GNUNET_break (0); return GNUNET_SYSERR; } - name_len = ntohs (sam->name_len); - if (0 <= name_len) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Malformed store message received!\n"); - GNUNET_break (0); - return GNUNET_SYSERR; - } return GNUNET_OK; } + /** * * Handler for store message @@ -1518,40 +1672,224 @@ handle_attribute_store_message (void *cls, const struct AttributeStoreMessage *sam) { struct AttributeStoreHandle *as_handle; - struct GNUNET_SERVICE_Client *client = cls; - size_t name_len; + struct IdpClient *idp = cls; size_t data_len; - char *attribute_value; - name_len = ntohs (sam->name_len); - data_len = ntohs (sam->attr_value_len); + data_len = ntohs (sam->attr_len); as_handle = GNUNET_new (struct AttributeStoreHandle); - as_handle->name = GNUNET_strndup ((char*)&sam[1], name_len); - attribute_value = (char*)&sam[1] + name_len; + as_handle->attribute = attribute_deserialize ((char*)&sam[1], + data_len); as_handle->r_id = sam->id; as_handle->identity = sam->identity; GNUNET_CRYPTO_ecdsa_key_get_public (&sam->identity, &as_handle->identity_pkey); - as_handle->attribute_value = GNUNET_malloc (data_len); - GNUNET_memcpy (as_handle->attribute_value, - attribute_value, - data_len); - as_handle->attribute_value_len = data_len; - - GNUNET_SERVICE_client_continue (client); - as_handle->client = client; - as_handle->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle, - &as_handle->identity, - "+", - &store_cont_abe_error, - as_handle, - &store_cont_abe_result, - as_handle); + + GNUNET_SERVICE_client_continue (idp->client); + as_handle->client = idp; + + bootstrap_abe (&as_handle->identity, &store_after_abe_bootstrap, as_handle); +} + +static void +cleanup_iter_handle (struct AttributeIterator *ai) +{ + if (NULL != ai->abe_key) + GNUNET_free (ai->abe_key); + GNUNET_free (ai); +} + +static void +attr_iter_error (void *cls) +{ + //struct AttributeIterator *ai = cls; + //TODO + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to iterate over attributes\n"); + GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); +} + +static void +attr_iter_finished (void *cls) +{ + struct AttributeIterator *ai = cls; + struct GNUNET_MQ_Envelope *env; + struct AttributeResultMessage *arm; + + env = GNUNET_MQ_msg (arm, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT); + arm->id = htonl (ai->request_id); + arm->attr_len = htons (0); + GNUNET_MQ_send (ai->client->mq, env); + cleanup_iter_handle (ai); +} + +static void +attr_iter_cb (void *cls, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, + const char *label, + unsigned int rd_count, + const struct GNUNET_GNSRECORD_Data *rd) +{ + struct AttributeIterator *ai = cls; + struct AttributeResultMessage *arm; + struct GNUNET_CRYPTO_AbeKey *key; + struct GNUNET_MQ_Envelope *env; + ssize_t msg_extra_len; + char* attr_ser; + char* attrs[2]; + char* data_tmp; + + if (rd_count != 1) + { + GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it); + return; + } + + if (GNUNET_GNSRECORD_TYPE_ID_ATTR != rd->record_type) { + GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it); + return; + } + attrs[0] = (char*)label; + attrs[1] = 0; + key = GNUNET_CRYPTO_cpabe_create_key (ai->abe_key, + attrs); + msg_extra_len = GNUNET_CRYPTO_cpabe_decrypt (rd->data, + rd->data_size, + key, + (void**)&attr_ser); + GNUNET_CRYPTO_cpabe_delete_key (key); + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "Found attribute: %s\n", label); + env = GNUNET_MQ_msg_extra (arm, + msg_extra_len, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT); + arm->id = htonl (ai->request_id); + arm->attr_len = htons (msg_extra_len); + arm->identity = *zone; + data_tmp = (char *) &arm[1]; + GNUNET_memcpy (data_tmp, + attr_ser, + msg_extra_len); + GNUNET_MQ_send (ai->client->mq, env); + GNUNET_free (attr_ser); +} + + +void +iterate_after_abe_bootstrap (void *cls, + struct GNUNET_CRYPTO_AbeMasterKey *abe_key) +{ + struct AttributeIterator *ai = cls; + ai->abe_key = abe_key; + ai->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, + &ai->identity, + &attr_iter_error, + ai, + &attr_iter_cb, + ai, + &attr_iter_finished, + ai); +} + + +/** + * Handles a #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ITERATION_START message + * + * @param cls the client sending the message + * @param zis_msg message from the client + */ +static void +handle_iteration_start (void *cls, + const struct AttributeIterationStartMessage *ais_msg) +{ + struct IdpClient *idp = cls; + struct AttributeIterator *ai; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Received ATTRIBUTE_ITERATION_START message\n"); + ai = GNUNET_new (struct AttributeIterator); + ai->request_id = ntohl (ais_msg->id); + ai->client = idp; + ai->identity = ais_msg->identity; + + GNUNET_CONTAINER_DLL_insert (idp->op_head, + idp->op_tail, + ai); + bootstrap_abe (&ai->identity, &iterate_after_abe_bootstrap, ai); + GNUNET_SERVICE_client_continue (idp->client); } +/** + * Handles a #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ITERATION_STOP message + * + * @param cls the client sending the message + * @param ais_msg message from the client + */ +static void +handle_iteration_stop (void *cls, + const struct AttributeIterationStopMessage *ais_msg) +{ + struct IdpClient *idp = cls; + struct AttributeIterator *ai; + uint32_t rid; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Received `%s' message\n", + "ATTRIBUTE_ITERATION_STOP"); + rid = ntohl (ais_msg->id); + for (ai = idp->op_head; NULL != ai; ai = ai->next) + if (ai->request_id == rid) + break; + if (NULL == ai) + { + GNUNET_break (0); + GNUNET_SERVICE_client_drop (idp->client); + return; + } + GNUNET_CONTAINER_DLL_remove (idp->op_head, + idp->op_tail, + ai); + GNUNET_free (ai); + GNUNET_SERVICE_client_continue (idp->client); +} + + +/** + * Handles a #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_NEXT message + * + * @param cls the client sending the message + * @param message message from the client + */ +static void +handle_iteration_next (void *cls, + const struct AttributeIterationNextMessage *ais_msg) +{ + struct IdpClient *idp = cls; + struct AttributeIterator *ai; + uint32_t rid; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Received ATTRIBUTE_ITERATION_NEXT message\n"); + rid = ntohl (ais_msg->id); + for (ai = idp->op_head; NULL != ai; ai = ai->next) + if (ai->request_id == rid) + break; + if (NULL == ai) + { + GNUNET_break (0); + GNUNET_SERVICE_client_drop (idp->client); + return; + } + GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it); + GNUNET_SERVICE_client_continue (idp->client); +} + + + + /** * Main function that will be run * @@ -1619,9 +1957,23 @@ client_disconnect_cb (void *cls, struct GNUNET_SERVICE_Client *client, void *app_ctx) { + struct IdpClient *idp = app_ctx; + struct AttributeIterator *ai; + + //TODO other operations + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Client %p disconnected\n", client); + + while (NULL != (ai = idp->op_head)) + { + GNUNET_CONTAINER_DLL_remove (idp->op_head, + idp->op_tail, + ai); + GNUNET_free (ai); + } + GNUNET_free (idp); } @@ -1638,10 +1990,14 @@ client_connect_cb (void *cls, struct GNUNET_SERVICE_Client *client, struct GNUNET_MQ_Handle *mq) { + struct IdpClient *idp; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Client %p connected\n", client); - return client; + idp = GNUNET_new (struct IdpClient); + idp->client = client; + idp->mq = mq; + return idp; } @@ -1668,5 +2024,17 @@ GNUNET_SERVICE_MAIN GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE, struct AttributeStoreMessage, NULL), + GNUNET_MQ_hd_fixed_size (iteration_start, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_START, + struct AttributeIterationStartMessage, + NULL), + GNUNET_MQ_hd_fixed_size (iteration_next, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_NEXT, + struct AttributeIterationNextMessage, + NULL), + GNUNET_MQ_hd_fixed_size (iteration_stop, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP, + struct AttributeIterationStopMessage, + NULL), GNUNET_MQ_handler_end()); /* end of gnunet-service-identity-provider.c */ diff --git a/src/identity-provider/identity_attribute.c b/src/identity-provider/identity_attribute.c new file mode 100644 index 000000000..3794010b2 --- /dev/null +++ b/src/identity-provider/identity_attribute.c @@ -0,0 +1,140 @@ +/* + This file is part of GNUnet + Copyright (C) 2010-2015 GNUnet e.V. + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. + */ + +/** + * @file identity-provider/identity_attribute.c + * @brief helper library to manage identity attributes + * @author Martin Schanzenbach + */ +#include "platform.h" +#include "gnunet_util_lib.h" +#include "identity_attribute.h" + +/** + * Create a new attribute. + * + * @param name the attribute name + * @param type the attribute type + * @param data the attribute value + * @param data_size the attribute value size + * @return the new attribute + */ +struct GNUNET_IDENTITY_PROVIDER_Attribute * +attribute_new (const char* attr_name, + uint32_t attr_type, + const void* data, + size_t data_size) +{ + struct GNUNET_IDENTITY_PROVIDER_Attribute *attr; + char *write_ptr; + + attr = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_Attribute) + + strlen (attr_name) + 1 + + data_size); + attr->attribute_type = attr_type; + attr->data_size = data_size; + write_ptr = (char*)&attr[1]; + GNUNET_memcpy (write_ptr, + attr_name, + strlen (attr_name) + 1); + attr->name = write_ptr; + write_ptr += strlen (attr->name) + 1; + GNUNET_memcpy (write_ptr, + data, + data_size); + attr->data = write_ptr; + return attr; +} + + + +size_t +attribute_serialize_get_size (const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr) +{ + return sizeof (struct Attribute) + + strlen (attr->name) + 1 + + attr->data_size; //TODO get data_size from plugin +} + +int +attribute_serialize (const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr, + char *result) +{ + size_t data_len_ser; + size_t name_len; + struct Attribute *attr_ser; + char* write_ptr; + + attr_ser = (struct Attribute*)result; + attr_ser->attribute_type = htons (attr->attribute_type); + name_len = strlen (attr->name); + attr_ser->name_len = htons (name_len); + write_ptr = (char*)&attr_ser[1]; + GNUNET_memcpy (write_ptr, attr->name, name_len); + write_ptr += name_len; + //TODO plugin-ize + //data_len_ser = plugin->serialize_attribute_value (attr, + // &attr_ser[1]); + data_len_ser = attr->data_size; + GNUNET_memcpy (write_ptr, attr->data, attr->data_size); + attr_ser->data_size = htons (data_len_ser); + + return GNUNET_OK; +} + +struct GNUNET_IDENTITY_PROVIDER_Attribute * +attribute_deserialize (const char* data, + size_t data_size) +{ + struct GNUNET_IDENTITY_PROVIDER_Attribute *attr; + struct Attribute *attr_ser; + size_t data_len; + size_t name_len; + char* write_ptr; + + if (data_size < sizeof (struct Attribute)) + return NULL; + + attr_ser = (struct Attribute*)data; + //TODO use plugin. + data_len = ntohs (attr_ser->data_size); + name_len = ntohs (attr_ser->name_len); + attr = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_Attribute) + + data_len + name_len + 1); + attr->attribute_type = ntohs (attr_ser->attribute_type); + attr->data_size = ntohs (attr_ser->data_size); + + write_ptr = (char*)&attr[1]; + GNUNET_memcpy (write_ptr, + &attr_ser[1], + name_len); + write_ptr[name_len] = '\0'; + attr->name = write_ptr; + + write_ptr += name_len + 1; + GNUNET_memcpy (write_ptr, + (char*)&attr_ser[1] + name_len, + attr->data_size); + attr->data = write_ptr; + return attr; + +} + +/* end of identity_attribute.c */ diff --git a/src/identity-provider/identity_attribute.h b/src/identity-provider/identity_attribute.h new file mode 100644 index 000000000..0d4f2bb76 --- /dev/null +++ b/src/identity-provider/identity_attribute.h @@ -0,0 +1,103 @@ +/* + This file is part of GNUnet. + Copyright (C) 2012-2015 GNUnet e.V. + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. + */ +/** + * @author Martin Schanzenbach + * @file identity-provider/identity_attribute.h + * @brief GNUnet Identity Provider library + * + */ +#ifndef IDENTITY_ATTRIBUTE_H +#define IDENTITY_ATTRIBUTE_H + +#include "gnunet_identity_provider_service.h" + +struct Attribute +{ + /** + * Attribute type + */ + uint32_t attribute_type; + + /** + * Name length + */ + uint32_t name_len; + + /** + * Data size + */ + uint32_t data_size; + + //followed by data_size Attribute value data +}; + +/** + * Get required size for serialization buffer + * + * @param attr the attribute to serialize + * + * @return the required buffer size + */ +size_t +attribute_serialize_get_size (const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr); + + + +/** + * Serialize an attribute + * + * @param attr the attribute to serialize + * @param result the serialized attribute + * + * @return GNUNET_OK on success + */ +int +attribute_serialize (const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr, + char *result); + +/** + * Deserialize an attribute + * + * @param data the serialized attribute + * @param data_size the length of the serialized data + * + * @return a GNUNET_IDENTITY_PROVIDER_Attribute, must be free'd by caller + */ +struct GNUNET_IDENTITY_PROVIDER_Attribute * +attribute_deserialize (const char* data, + size_t data_size); + +/** + * Create a new attribute. + * + * @param name the attribute name + * @param type the attribute type + * @param data the attribute value + * @param data_size the attribute value size + * @return the new attribute + */ +struct GNUNET_IDENTITY_PROVIDER_Attribute * +attribute_new (const char* attr_name, + uint32_t attr_type, + const void* data, + size_t data_size); + + +#endif diff --git a/src/identity-provider/identity_provider.h b/src/identity-provider/identity_provider.h index 47d3f0945..588d6d39a 100644 --- a/src/identity-provider/identity_provider.h +++ b/src/identity-provider/identity_provider.h @@ -189,26 +189,16 @@ struct AttributeStoreMessage uint32_t id GNUNET_PACKED; /** - * The attribute type + * The length of the attribute */ - uint32_t attribute_type GNUNET_PACKED; - - /** - * The length of the attribute name - */ - uint32_t name_len GNUNET_PACKED; - - /** - * The length of the attribute value - */ - uint32_t attr_value_len GNUNET_PACKED; + uint32_t attr_len GNUNET_PACKED; /** * Identity */ struct GNUNET_CRYPTO_EcdsaPrivateKey identity; - /* followed by the name of attribute as string and value data */ + /* followed by the serialized attribute */ }; @@ -234,6 +224,101 @@ struct AttributeStoreResponseMessage }; +/** + * Attribute is returned from the idp. + */ +struct AttributeResultMessage +{ + /** + * Message header + */ + struct GNUNET_MessageHeader header; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + + /** + * Length of serialized attribute data + */ + uint16_t attr_len GNUNET_PACKED; + + /** + * always zero (for alignment) + */ + uint16_t reserved GNUNET_PACKED; + + /** + * The private key of the identity. + */ + struct GNUNET_CRYPTO_EcdsaPrivateKey identity; + + /* followed by: + * serialized attribute data + */ +}; + + +/** + * Start a attribute iteration for the given identity + */ +struct AttributeIterationStartMessage +{ + /** + * Message + */ + struct GNUNET_MessageHeader header; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + + /** + * Identity. + */ + struct GNUNET_CRYPTO_EcdsaPrivateKey identity; + +}; + + +/** + * Ask for next result of attribute iteration for the given operation + */ +struct AttributeIterationNextMessage +{ + /** + * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_NEXT + */ + struct GNUNET_MessageHeader header; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + +}; + + +/** + * Stop attribute iteration for the given operation + */ +struct AttributeIterationStopMessage +{ + /** + * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP + */ + struct GNUNET_MessageHeader header; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + +}; + + GNUNET_NETWORK_STRUCT_END #endif diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c index bbc2bb70a..c806735f6 100644 --- a/src/identity-provider/identity_provider_api.c +++ b/src/identity-provider/identity_provider_api.c @@ -30,6 +30,7 @@ #include "gnunet_mq_lib.h" #include "gnunet_identity_provider_service.h" #include "identity_provider.h" +#include "identity_attribute.h" #define LOG(kind,...) GNUNET_log_from (kind, "identity-api",__VA_ARGS__) @@ -96,6 +97,75 @@ struct GNUNET_IDENTITY_PROVIDER_Operation }; +/** + * Handle for a attribute iterator operation + */ +struct GNUNET_IDENTITY_PROVIDER_AttributeIterator +{ + + /** + * Kept in a DLL. + */ + struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *next; + + /** + * Kept in a DLL. + */ + struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *prev; + + /** + * Main handle to access the idp. + */ + struct GNUNET_IDENTITY_PROVIDER_Handle *h; + + /** + * Function to call on completion. + */ + GNUNET_SCHEDULER_TaskCallback finish_cb; + + /** + * Closure for @e error_cb. + */ + void *finish_cb_cls; + + /** + * The continuation to call with the results + */ + GNUNET_IDENTITY_PROVIDER_AttributeResult proc; + + /** + * Closure for @e proc. + */ + void *proc_cls; + + /** + * Function to call on errors. + */ + GNUNET_SCHEDULER_TaskCallback error_cb; + + /** + * Closure for @e error_cb. + */ + void *error_cb_cls; + + /** + * Envelope of the message to send to the service, if not yet + * sent. + */ + struct GNUNET_MQ_Envelope *env; + + /** + * Private key of the zone. + */ + struct GNUNET_CRYPTO_EcdsaPrivateKey identity; + + /** + * The operation id this zone iteration operation has + */ + uint32_t r_id; + +}; + /** * Handle for the service. @@ -127,6 +197,16 @@ struct GNUNET_IDENTITY_PROVIDER_Handle */ struct GNUNET_IDENTITY_PROVIDER_Operation *op_tail; + /** + * Head of active iterations + */ + struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it_head; + + /** + * Tail of active iterations + */ + struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it_tail; + /** * Currently pending transmission request, or NULL for none. */ @@ -201,6 +281,26 @@ force_reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *handle) handle); } +/** + * Free @a it. + * + * @param it entry to free + */ +static void +free_it (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it) +{ + struct GNUNET_IDENTITY_PROVIDER_Handle *h = it->h; + + GNUNET_CONTAINER_DLL_remove (h->it_head, + h->it_tail, + it); + if (NULL != it->env) + GNUNET_MQ_discard (it->env); + GNUNET_free (it); +} + + + /** * Generic error handler, called with the appropriate error code and * the same closure specified at the creation of the message queue. @@ -406,6 +506,91 @@ handle_attribute_store_response (void *cls, } +/** + * Handle an incoming message of type + * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT + * + * @param cls + * @param msg the message we received + * @return #GNUNET_OK on success, #GNUNET_SYSERR on error + */ +static int +check_attribute_result (void *cls, + const struct AttributeResultMessage *msg) +{ + size_t msg_len; + size_t attr_len; + + msg_len = ntohs (msg->header.size); + attr_len = ntohs (msg->attr_len); + if (msg_len != sizeof (struct AttributeResultMessage) + attr_len) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + return GNUNET_OK; +} + + +/** + * Handle an incoming message of type + * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT + * + * @param cls + * @param msg the message we received + */ +static void +handle_attribute_result (void *cls, + const struct AttributeResultMessage *msg) +{ + static struct GNUNET_CRYPTO_EcdsaPrivateKey identity_dummy; + struct GNUNET_IDENTITY_PROVIDER_Handle *h = cls; + struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it; + size_t attr_len; + uint32_t r_id = ntohl (msg->id); + + attr_len = ntohs (msg->attr_len); + + for (it = h->it_head; NULL != it; it = it->next) + if (it->r_id == r_id) + break; + if (NULL == it) + return; + + if ( (0 == (memcmp (&msg->identity, + &identity_dummy, + sizeof (identity_dummy)))) ) + { + if (NULL == it) + { + GNUNET_break (0); + force_reconnect (h); + return; + } + if (NULL != it->finish_cb) + it->finish_cb (it->finish_cb_cls); + free_it (it); + return; + } + + { + struct GNUNET_IDENTITY_PROVIDER_Attribute *attr; + attr = attribute_deserialize ((char*)&msg[1], + attr_len); + if (NULL != it) + { + if (NULL != it->proc) + it->proc (it->proc_cls, + &msg->identity, + attr); + GNUNET_free (attr); + return; + } + } + GNUNET_assert (0); +} + + /** * Try again to connect to the service. @@ -428,7 +613,10 @@ reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h) GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_EXCHANGE_RESULT, struct ExchangeResultMessage, h), - + GNUNET_MQ_hd_var_size (attribute_result, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT, + struct AttributeResultMessage, + h), GNUNET_MQ_handler_end () }; struct GNUNET_IDENTITY_PROVIDER_Operation *op; @@ -717,24 +905,14 @@ GNUNET_IDENTITY_PROVIDER_ticket_destroy(struct GNUNET_IDENTITY_PROVIDER_Ticket * struct GNUNET_IDENTITY_PROVIDER_Operation * GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle *h, const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey, - const char* name, - const struct GNUNET_IDENTITY_PROVIDER_Attribute *value, + const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr, GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cont, void *cont_cls) { struct GNUNET_IDENTITY_PROVIDER_Operation *op; struct AttributeStoreMessage *sam; - size_t name_len; - char *name_tmp; - char *attr_ser; + size_t attr_len; - - name_len = strlen (name) + 1; - if (name_len >= GNUNET_MAX_MESSAGE_SIZE - sizeof (struct AttributeStoreMessage)) - { - GNUNET_break (0); - return NULL; - } op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation); op->h = h; op->as_cb = cont; @@ -743,17 +921,17 @@ GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle GNUNET_CONTAINER_DLL_insert_tail (h->op_head, h->op_tail, op); + attr_len = attribute_serialize_get_size (attr); op->env = GNUNET_MQ_msg_extra (sam, - name_len + value->data_size, + attr_len, GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE); sam->identity = *pkey; sam->id = htonl (op->r_id); - sam->attr_value_len = htons (value->data_size); - sam->name_len = htons (name_len); - name_tmp = (char *) &sam[1]; - GNUNET_memcpy (name_tmp, name, name_len); - attr_ser = &name_tmp[name_len]; - GNUNET_memcpy (attr_ser, value->data, value->data_size); + + attribute_serialize (attr, + (char*)&sam[1]); + + sam->attr_len = htons (attr_len); if (NULL != h->mq) GNUNET_MQ_send_copy (h->mq, op->env); @@ -762,7 +940,139 @@ GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle } +/** + * Create a new attribute. + * + * @param name the attribute name + * @param type the attribute type + * @param data the attribute value + * @param data_size the attribute value size + * @return the new attribute + */ +struct GNUNET_IDENTITY_PROVIDER_Attribute * +GNUNET_IDENTITY_PROVIDER_attribute_new (const char* attr_name, + uint32_t attr_type, + const void* data, + size_t data_size) +{ + return attribute_new (attr_name, attr_type, data, data_size); +} + +/** + * List all attributes for a local identity. + * This MUST lock the `struct GNUNET_IDENTITY_PROVIDER_Handle` + * for any other calls than #GNUNET_IDENTITY_PROVIDER_get_attributes_next() and + * #GNUNET_IDENTITY_PROVIDER_get_attributes_stop. @a proc will be called once + * immediately, and then again after + * #GNUNET_IDENTITY_PROVIDER_get_attributes_next() is invoked. + * + * On error (disconnect), @a error_cb will be invoked. + * On normal completion, @a finish_cb proc will be + * invoked. + * + * @param h handle to the idp + * @param identity identity to access + * @param error_cb function to call on error (i.e. disconnect), + * the handle is afterwards invalid + * @param error_cb_cls closure for @a error_cb + * @param proc function to call on each attribute; it + * will be called repeatedly with a value (if available) + * @param proc_cls closure for @a proc + * @param finish_cb function to call on completion + * the handle is afterwards invalid + * @param finish_cb_cls closure for @a finish_cb + * @return an iterator handle to use for iteration + */ +struct GNUNET_IDENTITY_PROVIDER_AttributeIterator * +GNUNET_IDENTITY_PROVIDER_get_attributes_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, + GNUNET_SCHEDULER_TaskCallback error_cb, + void *error_cb_cls, + GNUNET_IDENTITY_PROVIDER_AttributeResult proc, + void *proc_cls, + GNUNET_SCHEDULER_TaskCallback finish_cb, + void *finish_cb_cls) +{ + struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it; + struct GNUNET_MQ_Envelope *env; + struct AttributeIterationStartMessage *msg; + uint32_t rid; + + rid = h->r_id_gen++; + it = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator); + it->h = h; + it->error_cb = error_cb; + it->error_cb_cls = error_cb_cls; + it->finish_cb = finish_cb; + it->finish_cb_cls = finish_cb_cls; + it->proc = proc; + it->proc_cls = proc_cls; + it->r_id = rid; + it->identity = *identity; + GNUNET_CONTAINER_DLL_insert_tail (h->it_head, + h->it_tail, + it); + env = GNUNET_MQ_msg (msg, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_START); + msg->id = htonl (rid); + msg->identity = *identity; + if (NULL == h->mq) + it->env = env; + else + GNUNET_MQ_send (h->mq, + env); + return it; +} + + +/** + * Calls the record processor specified in #GNUNET_IDENTITY_PROVIDER_get_attributes_start + * for the next record. + * + * @param it the iterator + */ +void +GNUNET_IDENTITY_PROVIDER_get_attributes_next (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it) +{ + struct GNUNET_IDENTITY_PROVIDER_Handle *h = it->h; + struct AttributeIterationNextMessage *msg; + struct GNUNET_MQ_Envelope *env; + + env = GNUNET_MQ_msg (msg, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_NEXT); + msg->id = htonl (it->r_id); + GNUNET_MQ_send (h->mq, + env); +} + + +/** + * Stops iteration and releases the idp handle for further calls. Must + * be called on any iteration that has not yet completed prior to calling + * #GNUNET_IDENTITY_PROVIDER_disconnect. + * + * @param it the iterator + */ +void +GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it) +{ + struct GNUNET_IDENTITY_PROVIDER_Handle *h = it->h; + struct GNUNET_MQ_Envelope *env; + struct AttributeIterationStopMessage *msg; + + if (NULL != h->mq) + { + env = GNUNET_MQ_msg (msg, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP); + msg->id = htonl (it->r_id); + GNUNET_MQ_send (h->mq, + env); + } + free_it (it); +} + + -/* end of identity_provider_api.c */ + /* end of identity_provider_api.c */ diff --git a/src/identity-provider/plugin_gnsrecord_identity_provider.c b/src/identity-provider/plugin_gnsrecord_identity_provider.c index c26c04074..1f1973783 100644 --- a/src/identity-provider/plugin_gnsrecord_identity_provider.c +++ b/src/identity-provider/plugin_gnsrecord_identity_provider.c @@ -56,6 +56,9 @@ value_to_string (void *cls, case GNUNET_GNSRECORD_TYPE_ID_ATTR: case GNUNET_GNSRECORD_TYPE_ID_TOKEN: return GNUNET_strndup (data, data_size); + case GNUNET_GNSRECORD_TYPE_ABE_KEY: + case GNUNET_GNSRECORD_TYPE_ABE_MASTER: + return GNUNET_STRINGS_data_to_string_alloc (data, data_size); case GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA: ecdhe_privkey = data; audience_pubkey = data+sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey); @@ -110,8 +113,14 @@ string_to_value (void *cls, *data = GNUNET_strdup (s); *data_size = strlen (s); return GNUNET_OK; + case GNUNET_GNSRECORD_TYPE_ABE_KEY: + case GNUNET_GNSRECORD_TYPE_ABE_MASTER: + return GNUNET_STRINGS_string_to_data (s, + strlen (s), + *data, + *data_size); case GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA: - tmp_tok = GNUNET_strdup (s); + tmp_tok = GNUNET_strdup (s); ecdhe_str = strtok (tmp_tok, ";"); if (NULL == ecdhe_str) { @@ -160,15 +169,15 @@ string_to_value (void *cls, * Mapping of record type numbers to human-readable * record type names. */ - static struct { - const char *name; - uint32_t number; - } name_map[] = { - { "ID_ATTR", GNUNET_GNSRECORD_TYPE_ID_ATTR }, - { "ID_TOKEN", GNUNET_GNSRECORD_TYPE_ID_TOKEN }, - { "ID_TOKEN_METADATA", GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA }, - { NULL, UINT32_MAX } - }; +static struct { + const char *name; + uint32_t number; +} name_map[] = { + { "ID_ATTR", GNUNET_GNSRECORD_TYPE_ID_ATTR }, + { "ID_TOKEN", GNUNET_GNSRECORD_TYPE_ID_TOKEN }, + { "ID_TOKEN_METADATA", GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA }, + { NULL, UINT32_MAX } +}; /** diff --git a/src/identity-provider/test_idp.sh b/src/identity-provider/test_idp.sh index 2eeb27ce9..ce5c5ca69 100755 --- a/src/identity-provider/test_idp.sh +++ b/src/identity-provider/test_idp.sh @@ -27,5 +27,6 @@ gnunet-arm -s -c test_idp.conf gnunet-identity -C testego -c test_idp.conf gnunet-idp -e testego --init -c test_idp.conf gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf +gnunet-idp -e testego -a name -V John -c test_idp.conf gnunet-idp -e testego -D -c test_idp.conf gnunet-arm -e -c test_idp.conf diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 69f6ce5d4..78d31a9ec 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h @@ -2168,7 +2168,7 @@ GNUNET_CRYPTO_cpabe_delete_key (struct GNUNET_CRYPTO_AbeKey *key); ssize_t GNUNET_CRYPTO_cpabe_encrypt (const void *block, size_t size, - char *policy, + const char *policy, const struct GNUNET_CRYPTO_AbeMasterKey *key, void **result); diff --git a/src/include/gnunet_identity_provider_service.h b/src/include/gnunet_identity_provider_service.h index 2349e7012..aaa838a03 100644 --- a/src/include/gnunet_identity_provider_service.h +++ b/src/include/gnunet_identity_provider_service.h @@ -93,11 +93,9 @@ struct GNUNET_IDENTITY_PROVIDER_Attribute { /** - * Binary value stored as attribute value. Note: "data" must never - * be individually 'malloc'ed, but instead always points into some - * existing data area. + * Type of Attribute. */ - const void *data; + uint32_t attribute_type; /** * Number of bytes in @e data. @@ -105,9 +103,17 @@ struct GNUNET_IDENTITY_PROVIDER_Attribute size_t data_size; /** - * Type of Attribute. + * The name of the attribute. Note "name" must never be individually + * free'd */ - uint32_t attribute_type; + const char* name; + + /** + * Binary value stored as attribute value. Note: "data" must never + * be individually 'malloc'ed, but instead always points into some + * existing data area. + */ + const void *data; }; @@ -176,8 +182,7 @@ typedef void * * @param h handle to the identity provider * @param pkey private key of the identity - * @param name the attribute name - * @param value the attribute value + * @param attr the attribute * @param cont continuation to call when done * @param cont_cls closure for @a cont * @return handle to abort the request @@ -185,12 +190,95 @@ typedef void struct GNUNET_IDENTITY_PROVIDER_Operation * GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle *h, const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey, - const char* name, - const struct GNUNET_IDENTITY_PROVIDER_Attribute *value, + const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr, GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cont, void *cont_cls); +/** + * Create a new attribute. + * + * @param name the attribute name + * @param type the attribute type + * @param data the attribute value + * @param data_size the attribute value size + * @return the new attribute + */ +struct GNUNET_IDENTITY_PROVIDER_Attribute * +GNUNET_IDENTITY_PROVIDER_attribute_new (const char* attr_name, + uint32_t attr_type, + const void* data, + size_t data_size); + +/** + * Process an attribute that was stored in the idp. + * + * @param cls closure + * @param attr the attribute + */ +typedef void +(*GNUNET_IDENTITY_PROVIDER_AttributeResult) (void *cls, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, + const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr); + + + +/** + * List all attributes for a local identity. + * This MUST lock the `struct GNUNET_IDENTITY_PROVIDER_Handle` + * for any other calls than #GNUNET_IDENTITY_PROVIDER_get_attributes_next() and + * #GNUNET_IDENTITY_PROVIDER_get_attributes_stop. @a proc will be called once + * immediately, and then again after + * #GNUNET_IDENTITY_PROVIDER_get_attributes_next() is invoked. + * + * On error (disconnect), @a error_cb will be invoked. + * On normal completion, @a finish_cb proc will be + * invoked. + * + * @param h handle to the idp + * @param identity identity to access + * @param error_cb function to call on error (i.e. disconnect), + * the handle is afterwards invalid + * @param error_cb_cls closure for @a error_cb + * @param proc function to call on each attribute; it + * will be called repeatedly with a value (if available) + * @param proc_cls closure for @a proc + * @param finish_cb function to call on completion + * the handle is afterwards invalid + * @param finish_cb_cls closure for @a finish_cb + * @return an iterator handle to use for iteration + */ +struct GNUNET_IDENTITY_PROVIDER_AttributeIterator * +GNUNET_IDENTITY_PROVIDER_get_attributes_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, + GNUNET_SCHEDULER_TaskCallback error_cb, + void *error_cb_cls, + GNUNET_IDENTITY_PROVIDER_AttributeResult proc, + void *proc_cls, + GNUNET_SCHEDULER_TaskCallback finish_cb, + void *finish_cb_cls); + + +/** + * Calls the record processor specified in #GNUNET_IDENTITY_PROVIDER_get_attributes_start + * for the next record. + * + * @param it the iterator + */ +void +GNUNET_IDENTITY_PROVIDER_get_attributes_next (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it); + + +/** + * Stops iteration and releases the idp handle for further calls. Must + * be called on any iteration that has not yet completed prior to calling + * #GNUNET_IDENTITY_PROVIDER_disconnect. + * + * @param it the iterator + */ +void +GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it); + /** diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h index 5841bd4f8..e498af1f5 100644 --- a/src/include/gnunet_protocols.h +++ b/src/include/gnunet_protocols.h @@ -2632,6 +2632,13 @@ extern "C" #define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE 966 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_START 967 + +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP 968 + +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_NEXT 969 + +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT 970 /************************************************** * diff --git a/src/util/crypto_abe.c b/src/util/crypto_abe.c index 25d04fba6..899965159 100644 --- a/src/util/crypto_abe.c +++ b/src/util/crypto_abe.c @@ -168,7 +168,6 @@ GNUNET_CRYPTO_cpabe_create_key (struct GNUNET_CRYPTO_AbeMasterKey *key, char **attrs) { struct GNUNET_CRYPTO_AbeKey *prv_key; - prv_key = GNUNET_new (struct GNUNET_CRYPTO_AbeKey); int size; char *tmp; @@ -249,7 +248,7 @@ read_cpabe (const void *data, ssize_t GNUNET_CRYPTO_cpabe_encrypt (const void *block, size_t size, - char *policy, + const char *policy, const struct GNUNET_CRYPTO_AbeMasterKey *key, void **result) { @@ -262,7 +261,7 @@ GNUNET_CRYPTO_cpabe_encrypt (const void *block, int aes_buf_len; ssize_t result_len; - if( !(cph = gabe_enc(key->pub, m, policy)) ) + if( !(cph = gabe_enc(key->pub, m, (char*)policy)) ) return GNUNET_SYSERR; cph_buf_len = gabe_cph_serialize(cph, &cph_buf); -- cgit v1.2.3 From 0469377fd49450c1d7853c5ceecf08be9ce8df75 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sun, 17 Sep 2017 21:06:42 +0200 Subject: - rework issue api --- src/identity-provider/gnunet-idp.c | 274 +++++----- .../gnunet-service-identity-provider.c | 571 ++++++++++++++++----- src/identity-provider/identity_attribute.c | 68 ++- src/identity-provider/identity_attribute.h | 41 +- src/identity-provider/identity_provider.h | 50 +- src/identity-provider/identity_provider_api.c | 118 ++++- src/identity-provider/test_idp.sh | 5 +- src/identity-provider/test_idp_issue.sh | 35 ++ src/include/gnunet_identity_provider_service.h | 160 +++++- src/include/gnunet_protocols.h | 12 +- 10 files changed, 1035 insertions(+), 299 deletions(-) create mode 100755 src/identity-provider/test_idp_issue.sh diff --git a/src/identity-provider/gnunet-idp.c b/src/identity-provider/gnunet-idp.c index 264d77ba2..fdd4720e0 100644 --- a/src/identity-provider/gnunet-idp.c +++ b/src/identity-provider/gnunet-idp.c @@ -32,14 +32,14 @@ #include "gnunet_signatures.h" /** - * Init flag + * List attribute flag */ -static int init; +static int list; /** - * List attribute flag + * Relying party */ -static int list; +static char* rp; /** * The attribute @@ -51,6 +51,11 @@ static char* attr_name; */ static char* attr_value; +/** + * Attributes to issue + */ +static char* issue_attrs; + /** * Ego name */ @@ -72,81 +77,77 @@ static struct GNUNET_IDENTITY_PROVIDER_Handle *idp_handle; static struct GNUNET_IDENTITY_PROVIDER_Operation *idp_op; /** - * Namestore handle + * Attribute iterator */ -static struct GNUNET_NAMESTORE_Handle *namestore_handle; +static struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *attr_iterator; /** - * Attribute iterator + * Master ABE key */ -static struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *attr_iterator; +static struct GNUNET_CRYPTO_AbeMasterKey *abe_key; /** - * Namestore queue + * ego private key */ -static struct GNUNET_NAMESTORE_QueueEntry *ns_qe; +static const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey; /** - * Master ABE key + * rp public key */ -static struct GNUNET_CRYPTO_AbeMasterKey *abe_key; +static struct GNUNET_CRYPTO_EcdsaPublicKey rp_key; + + +/** + * Attribute list + */ +static struct GNUNET_IDENTITY_PROVIDER_AttributeList *attr_list; static void do_cleanup(void *cls) { - if (NULL != ns_qe) - GNUNET_NAMESTORE_cancel (ns_qe); if (NULL != attr_iterator) GNUNET_IDENTITY_PROVIDER_get_attributes_stop (attr_iterator); if (NULL != idp_handle) GNUNET_IDENTITY_PROVIDER_disconnect (idp_handle); - if (NULL != namestore_handle) - GNUNET_NAMESTORE_disconnect (namestore_handle); if (NULL != identity_handle) GNUNET_IDENTITY_disconnect (identity_handle); if (NULL != abe_key) GNUNET_free (abe_key); + if (NULL != attr_list) + GNUNET_free (attr_list); } static void -ns_error_cb (void *cls) -{ - ns_qe = NULL; - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - "Failed."); - do_cleanup(NULL); - return; -} - -static void -store_attr_cont (void *cls, - int32_t success, - const char*emsg) +ticket_issue_cb (void* cls, + const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket) { - ns_qe = NULL; - if (GNUNET_SYSERR == success) { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "%s\n", emsg); - } else { + char* ticket_str; + if (NULL != ticket) { + ticket_str = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd, + sizeof (uint64_t)); GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - "Sucessfully added identity attribute %s=%s\n", - attr_name, attr_value); + "Got ticket, %s\n", + ticket_str); + GNUNET_free (ticket_str); } GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); } static void -store_abe_cont (void *cls, +store_attr_cont (void *cls, int32_t success, const char*emsg) { - ns_qe = NULL; + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "Store continuation\n"); + if (GNUNET_SYSERR == success) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", emsg); } else { GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - "Bootstrapped ABE master key. Please run command again.\n"); + "Sucessfully added identity attribute %s=%s\n", + attr_name, attr_value); } GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); } @@ -163,100 +164,75 @@ iter_error (void *cls) static void iter_finished (void *cls) { - attr_iterator = NULL; - GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); -} + struct GNUNET_IDENTITY_PROVIDER_Attribute *attr; -static void -iter_cb (void *cls, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, - const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr) -{ - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - "%s: %s\n", attr->name, (char*)attr->data); - GNUNET_IDENTITY_PROVIDER_get_attributes_next (attr_iterator); -} - -static void -abe_lookup_cb (void *cls, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, - const char *label, - unsigned int rd_count, - const struct GNUNET_GNSRECORD_Data *rd) -{ - struct GNUNET_GNSRECORD_Data new_record; - struct GNUNET_CRYPTO_AbeMasterKey *new_key; - int i; - ssize_t size; - ns_qe = NULL; - for (i=0;iname)) { + attr_str = strtok (NULL, ","); + continue; + } + le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry); + le->attribute = GNUNET_IDENTITY_PROVIDER_attribute_new (attr->name, + attr->attribute_type, + attr->data, + attr->data_size); + GNUNET_CONTAINER_DLL_insert (attr_list->list_head, + attr_list->list_tail, + le); + break; + } + GNUNET_free (attrs_tmp); + } else { + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "%s: %s\n", attr->name, (char*)attr->data); + } + GNUNET_IDENTITY_PROVIDER_get_attributes_next (attr_iterator); } static void @@ -265,19 +241,29 @@ ego_cb (void *cls, void **ctx, const char *name) { - const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey; if (NULL == name) return; if (0 != strcmp (name, ego_name)) return; pkey = GNUNET_IDENTITY_ego_get_private_key (ego); - ns_qe = GNUNET_NAMESTORE_records_lookup (namestore_handle, - pkey, - "+", - &ns_error_cb, - NULL, - &abe_lookup_cb, - NULL); + + if (NULL != rp) + GNUNET_CRYPTO_ecdsa_public_key_from_string (rp, + strlen (rp), + &rp_key); + + attr_list = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList); + + attr_iterator = GNUNET_IDENTITY_PROVIDER_get_attributes_start (idp_handle, + pkey, + &iter_error, + NULL, + &iter_cb, + NULL, + &iter_finished, + NULL); + + } static void @@ -294,18 +280,6 @@ run (void *cls, return; } - if ((NULL == attr_name) && !list && !init) - { - return; - } - if ((NULL == attr_value) && !list && !init) - { - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - _("Value is required\n")); - return; - } - - namestore_handle = GNUNET_NAMESTORE_connect (c); idp_handle = GNUNET_IDENTITY_PROVIDER_connect (c); //Get Ego identity_handle = GNUNET_IDENTITY_connect (c, @@ -337,14 +311,20 @@ main(int argc, char *const argv[]) NULL, gettext_noop ("Ego"), &ego_name), + GNUNET_GETOPT_option_string ('r', + "rp", + NULL, + gettext_noop ("Audience (relying party)"), + &rp), GNUNET_GETOPT_option_flag ('D', "dump", gettext_noop ("List attributes for Ego"), &list), - GNUNET_GETOPT_option_flag ('i', - "init", - gettext_noop ("Initialize attribute store"), - &init), + GNUNET_GETOPT_option_string ('i', + "issue", + NULL, + gettext_noop ("Issue a ticket"), + &issue_attrs), GNUNET_GETOPT_OPTION_END }; return GNUNET_PROGRAM_run (argc, argv, "ct", diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 0ce70aed3..b481c00c0 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -373,6 +373,45 @@ struct ParallelLookup char *label; }; + +struct TicketIssueHandle +{ + + /** + * Client connection + */ + struct IdpClient *client; + + /** + * Attributes to issue + */ + struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs; + + /** + * Issuer Key + */ + struct GNUNET_CRYPTO_EcdsaPrivateKey identity; + + /** + * Ticket to issue + */ + struct GNUNET_IDENTITY_PROVIDER_Ticket2 ticket; + + /** + * QueueEntry + */ + struct GNUNET_NAMESTORE_QueueEntry *ns_qe; + + /** + * request id + */ + uint32_t r_id; +}; + + +/** + * DEPRECATED + */ struct IssueHandle { @@ -546,6 +585,120 @@ do_shutdown (void *cls) cleanup(); } +/** + * Finished storing newly bootstrapped ABE key + */ +static void +bootstrap_store_cont (void *cls, + int32_t success, + const char *emsg) +{ + struct AbeBootstrapHandle *abh = cls; + if (GNUNET_SYSERR == success) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to bootstrap ABE master %s\n", + emsg); + abh->proc (abh->proc_cls, NULL); + GNUNET_free (abh->abe_key); + GNUNET_free (abh); + return; + } + abh->proc (abh->proc_cls, abh->abe_key); + GNUNET_free (abh); +} + +/** + * Generates and stores a new ABE key + */ +static void +bootstrap_store_task (void *cls) +{ + struct AbeBootstrapHandle *abh = cls; + struct GNUNET_GNSRECORD_Data rd[1]; + + rd[0].data_size = GNUNET_CRYPTO_cpabe_serialize_master_key (abh->abe_key, + (void**)&rd[0].data); + rd[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_MASTER; + rd[0].flags = GNUNET_GNSRECORD_RF_NONE | GNUNET_GNSRECORD_RF_PRIVATE; + rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane? + abh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, + &abh->identity, + "+", + 1, + rd, + &bootstrap_store_cont, + abh); +} + +/** + * Error checking for ABE master + */ +static void +bootstrap_abe_error (void *cls) +{ + struct AbeBootstrapHandle *abh = cls; + GNUNET_free (abh); + abh->proc (abh->proc_cls, NULL); + GNUNET_free (abh); +} + + +/** + * Handle ABE lookup in namestore + */ +static void +bootstrap_abe_result (void *cls, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, + const char *label, + unsigned int rd_count, + const struct GNUNET_GNSRECORD_Data *rd) +{ + struct AbeBootstrapHandle *abh = cls; + struct GNUNET_CRYPTO_AbeMasterKey *abe_key; + int i; + + for (i=0;iproc (abh->proc_cls, abe_key); + GNUNET_free (abh); + return; + } + + //No ABE master found, bootstrapping... + abh->abe_key = GNUNET_CRYPTO_cpabe_create_master_key (); + GNUNET_SCHEDULER_add_now (&bootstrap_store_task, abh); +} + +/** + * Bootstrap ABE master if it does not yet exists. + * Will call the AbeBootstrapResult processor when done. + */ +static void +bootstrap_abe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, + AbeBootstrapResult proc, + void* cls) +{ + struct AbeBootstrapHandle *abh; + + abh = GNUNET_new (struct AbeBootstrapHandle); + abh->proc = proc; + abh->proc_cls = cls; + abh->identity = *identity; + abh->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle, + identity, + "+", + &bootstrap_abe_error, + abh, + &bootstrap_abe_result, + abh); + +} + + static struct GNUNET_MQ_Envelope* create_exchange_result_message (const char* token, @@ -996,6 +1149,7 @@ attr_collect_finished (void *cls) &handle_vattr_collection, handle); } + /** * Collect attributes for token */ @@ -1293,36 +1447,6 @@ handle_exchange_message (void *cls, } -/** - * Checks an issue message - * - * @param cls client sending the message - * @param im message of type `struct IssueMessage` - * @return #GNUNET_OK if @a im is well-formed - */ -static int -check_issue_message(void *cls, - const struct IssueMessage *im) -{ - uint16_t size; - - size = ntohs (im->header.size); - if (size <= sizeof (struct IssueMessage)) - { - GNUNET_break (0); - return GNUNET_SYSERR; - } - scopes = (char *) &im[1]; - if ('\0' != scopes[size - sizeof (struct IssueMessage) - 1]) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Malformed scopes received!\n"); - GNUNET_break (0); - return GNUNET_SYSERR; - } - return GNUNET_OK; -} - void attr_collect_task (void *cls) { @@ -1338,8 +1462,6 @@ attr_collect_task (void *cls) issue_handle); } - - void abe_key_lookup_error (void *cls) { @@ -1372,6 +1494,38 @@ abe_key_lookup_result (void *cls, } + +/** + * Checks an issue message + * + * @param cls client sending the message + * @param im message of type `struct IssueMessage` + * @return #GNUNET_OK if @a im is well-formed + */ +static int +check_issue_message(void *cls, + const struct IssueMessage *im) +{ + uint16_t size; + + size = ntohs (im->header.size); + if (size <= sizeof (struct IssueMessage)) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + scopes = (char *) &im[1]; + if ('\0' != scopes[size - sizeof (struct IssueMessage) - 1]) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Malformed scopes received!\n"); + GNUNET_break (0); + return GNUNET_SYSERR; + } + return GNUNET_OK; +} + + /** * * Handler for issue message @@ -1451,6 +1605,240 @@ handle_issue_message (void *cls, issue_handle); } +static void +cleanup_ticket_issue_handle (struct TicketIssueHandle *handle) +{ + struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; + struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *tmp_le; + + for (le = handle->attrs->list_head; NULL != le;) + { + GNUNET_free (le->attribute); + tmp_le = le; + le = le->next; + GNUNET_free (tmp_le); + } + GNUNET_free (handle->attrs); + if (NULL != handle->ns_qe) + GNUNET_NAMESTORE_cancel (handle->ns_qe); + GNUNET_free (handle); +} + +static void +store_ticket_issue_cont (void *cls, + int32_t success, + const char *emsg) +{ + struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket; + struct TicketIssueHandle *handle = cls; + struct TicketResultMessage *irm; + struct GNUNET_MQ_Envelope *env; + + handle->ns_qe = NULL; + if (GNUNET_SYSERR == success) + { + cleanup_ticket_issue_handle (handle); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", + "Unknown Error\n"); + GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); + return; + } + env = GNUNET_MQ_msg_extra (irm, + sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket2), + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT); + ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket2 *)&irm[1]; + *ticket = handle->ticket; + irm->id = handle->r_id; + + GNUNET_MQ_send (handle->client->mq, + env); + cleanup_ticket_issue_handle (handle); +} + + + +/** + * Checks a ticket issue message + * + * @param cls client sending the message + * @param im message of type `struct TicketIssueMessage` + * @return #GNUNET_OK if @a im is well-formed + */ +static int +check_ticket_issue_message(void *cls, + const struct TicketIssueMessage *im) +{ + uint16_t size; + + size = ntohs (im->header.size); + if (size <= sizeof (struct IssueMessage)) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + return GNUNET_OK; +} + +int +serialize_abe_keyinfo2 (const struct TicketIssueHandle *handle, + const struct GNUNET_CRYPTO_AbeKey *rp_key, + struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey, + char **result) +{ + struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey; + struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; + char *enc_keyinfo; + char *serialized_key; + char *buf; + char *write_ptr; + char attrs_str_len; + ssize_t size; + + struct GNUNET_CRYPTO_SymmetricSessionKey skey; + struct GNUNET_CRYPTO_SymmetricInitializationVector iv; + struct GNUNET_HashCode new_key_hash; + ssize_t enc_size; + + size = GNUNET_CRYPTO_cpabe_serialize_key (rp_key, + (void**)&serialized_key); + attrs_str_len = 0; + for (le = handle->attrs->list_head; NULL != le; le = le->next) { + attrs_str_len += strlen (le->attribute->name) + 1; + } + buf = GNUNET_malloc (attrs_str_len + size); + write_ptr = buf; + for (le = handle->attrs->list_head; NULL != le; le = le->next) { + GNUNET_memcpy (write_ptr, + le->attribute->name, + strlen (le->attribute->name)); + write_ptr[strlen (le->attribute->name)] = ','; + write_ptr += strlen (le->attribute->name) + 1; + } + write_ptr--; + write_ptr[0] = '\0'; //replace last , with a 0-terminator + write_ptr++; + GNUNET_memcpy (write_ptr, + serialized_key, + size); + // ECDH keypair E = eG + *ecdh_privkey = GNUNET_CRYPTO_ecdhe_key_create(); + GNUNET_CRYPTO_ecdhe_key_get_public (*ecdh_privkey, + &ecdh_pubkey); + enc_keyinfo = GNUNET_malloc (size + attrs_str_len); + // Derived key K = H(eB) + GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdh_ecdsa (*ecdh_privkey, + &handle->ticket.audience, + &new_key_hash)); + create_sym_key_from_ecdh(&new_key_hash, &skey, &iv); + enc_size = GNUNET_CRYPTO_symmetric_encrypt (buf, + size + attrs_str_len, + &skey, &iv, + enc_keyinfo); + *result = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)+ + enc_size); + GNUNET_memcpy (*result, + &ecdh_pubkey, + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); + GNUNET_memcpy (*result + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey), + enc_keyinfo, + enc_size); + GNUNET_free (enc_keyinfo); + return sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)+enc_size; +} + + + +static void +issue_ticket_after_abe_bootstrap (void *cls, + struct GNUNET_CRYPTO_AbeMasterKey *abe_key) +{ + struct TicketIssueHandle *ih = cls; + struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; + struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; + struct GNUNET_GNSRECORD_Data code_record[1]; + struct GNUNET_CRYPTO_AbeKey *rp_key; + char *code_record_data; + char **attrs; + char *label; + int attrs_len; + int i; + size_t code_record_len; + + //Create new ABE key for RP + attrs_len = 0; + for (le = ih->attrs->list_head; NULL != le; le = le->next) + attrs_len++; + attrs = GNUNET_malloc (attrs_len); + i = 0; + for (le = ih->attrs->list_head; NULL != le; le = le->next) { + attrs[i] = (char*) le->attribute->name; + i++; + } + rp_key = GNUNET_CRYPTO_cpabe_create_key (abe_key, + attrs); + + //TODO review this wireformat + code_record_len = serialize_abe_keyinfo2 (ih, + rp_key, + &ecdhe_privkey, + &code_record_data); + code_record[0].data = code_record_data; + code_record[0].data_size = code_record_len; + code_record[0].expiration_time = GNUNET_TIME_UNIT_DAYS.rel_value_us; + code_record[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_KEY; + code_record[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; + + label = GNUNET_STRINGS_data_to_string_alloc (&ih->ticket.rnd, + sizeof (uint64_t)); + //Publish record + ih->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, + &ih->identity, + label, + 1, + code_record, + &store_ticket_issue_cont, + ih); + GNUNET_free (ecdhe_privkey); + GNUNET_free (label); + GNUNET_free (code_record_data); +} + + +/** + * + * Handler for ticket issue message + * + * @param cls unused + * @param client who sent the message + * @param message the message + */ +static void +handle_ticket_issue_message (void *cls, + const struct TicketIssueMessage *im) +{ + struct TicketIssueHandle *ih; + struct IdpClient *idp = cls; + size_t attrs_len; + + ih = GNUNET_new (struct TicketIssueHandle); + attrs_len = ntohs (im->attr_len); + ih->attrs = attribute_list_deserialize ((char*)&im[1], attrs_len); + ih->r_id = im->id; + ih->client = idp; + ih->identity = im->identity; + GNUNET_CRYPTO_ecdsa_key_get_public (&ih->identity, + &ih->ticket.identity); + ih->ticket.audience = im->rp; + ih->ticket.rnd = + GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG, + UINT64_MAX); + bootstrap_abe (&ih->identity, &issue_ticket_after_abe_bootstrap, ih); + GNUNET_SERVICE_client_continue (idp->client); + +} + + + static void cleanup_as_handle (struct AttributeStoreHandle *handle) { @@ -1481,10 +1869,10 @@ attr_store_cont (void *cls, return; } - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Sending ATTRIBUTE_STORE_RESPONSE message\n"); + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "Sending ATTRIBUTE_STORE_RESPONSE message\n"); env = GNUNET_MQ_msg (acr_msg, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE); + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE); acr_msg->id = htonl (as_handle->r_id); acr_msg->op_result = htonl (GNUNET_OK); GNUNET_MQ_send (as_handle->client->mq, @@ -1500,6 +1888,8 @@ attr_store_task (void *cls) char* buf; size_t buf_size; + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "Storing attribute\n"); buf_size = attribute_serialize_get_size (as_handle->attribute); buf = GNUNET_malloc (buf_size); @@ -1529,108 +1919,13 @@ attr_store_task (void *cls) } -static void -bootstrap_store_cont (void *cls, - int32_t success, - const char *emsg) -{ - struct AbeBootstrapHandle *abh = cls; - if (GNUNET_SYSERR == success) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Failed to bootstrap ABE master %s\n", - emsg); - abh->proc (abh->proc_cls, NULL); - GNUNET_free (abh->abe_key); - GNUNET_free (abh); - return; - } - abh->proc (abh->proc_cls, abh->abe_key); - GNUNET_free (abh); -} - -static void -bootstrap_store_task (void *cls) -{ - struct AbeBootstrapHandle *abh = cls; - struct GNUNET_GNSRECORD_Data rd[1]; - - rd[0].data_size = GNUNET_CRYPTO_cpabe_serialize_master_key (abh->abe_key, - (void**)&rd[0].data); - rd[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_MASTER; - rd[0].flags = GNUNET_GNSRECORD_RF_NONE | GNUNET_GNSRECORD_RF_PRIVATE; - rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane? - abh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, - &abh->identity, - "+", - 1, - rd, - &bootstrap_store_cont, - abh); -} - -static void -bootstrap_abe_error (void *cls) -{ - struct AbeBootstrapHandle *abh = cls; - GNUNET_free (abh); - abh->proc (abh->proc_cls, NULL); - GNUNET_free (abh); -} - - - -static void -bootstrap_abe_result (void *cls, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, - const char *label, - unsigned int rd_count, - const struct GNUNET_GNSRECORD_Data *rd) -{ - struct AbeBootstrapHandle *abh = cls; - struct GNUNET_CRYPTO_AbeMasterKey *abe_key; - int i; - - for (i=0;iproc (abh->proc_cls, abe_key); - GNUNET_free (abh); - return; - } - - //No ABE master found, bootstrapping... - abh->abe_key = GNUNET_CRYPTO_cpabe_create_master_key (); - GNUNET_SCHEDULER_add_now (&bootstrap_store_task, abh); -} - -static void -bootstrap_abe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, - AbeBootstrapResult proc, - void* cls) -{ - struct AbeBootstrapHandle *abh; - - abh = GNUNET_new (struct AbeBootstrapHandle); - abh->proc = proc; - abh->proc_cls = cls; - abh->identity = *identity; - abh->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle, - identity, - "+", - &bootstrap_abe_error, - abh, - &bootstrap_abe_result, - abh); - -} static void store_after_abe_bootstrap (void *cls, struct GNUNET_CRYPTO_AbeMasterKey *abe_key) { + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "Finished ABE bootstrap\n"); struct AttributeStoreHandle *ash = cls; ash->abe_key = abe_key; GNUNET_SCHEDULER_add_now (&attr_store_task, ash); @@ -1674,6 +1969,8 @@ handle_attribute_store_message (void *cls, struct AttributeStoreHandle *as_handle; struct IdpClient *idp = cls; size_t data_len; + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "Received ATTRIBUTE_STORE message\n"); data_len = ntohs (sam->attr_len); @@ -1681,14 +1978,13 @@ handle_attribute_store_message (void *cls, as_handle->attribute = attribute_deserialize ((char*)&sam[1], data_len); - as_handle->r_id = sam->id; + as_handle->r_id = ntohl (sam->id); as_handle->identity = sam->identity; GNUNET_CRYPTO_ecdsa_key_get_public (&sam->identity, &as_handle->identity_pkey); GNUNET_SERVICE_client_continue (idp->client); as_handle->client = idp; - bootstrap_abe (&as_handle->identity, &store_after_abe_bootstrap, as_handle); } @@ -1697,6 +1993,9 @@ cleanup_iter_handle (struct AttributeIterator *ai) { if (NULL != ai->abe_key) GNUNET_free (ai->abe_key); + GNUNET_CONTAINER_DLL_remove (ai->client->op_head, + ai->client->op_tail, + ai); GNUNET_free (ai); } @@ -2036,5 +2335,9 @@ GNUNET_SERVICE_MAIN GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP, struct AttributeIterationStopMessage, NULL), + GNUNET_MQ_hd_var_size (ticket_issue_message, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ISSUE, + struct TicketIssueMessage, + NULL), GNUNET_MQ_handler_end()); /* end of gnunet-service-identity-provider.c */ diff --git a/src/identity-provider/identity_attribute.c b/src/identity-provider/identity_attribute.c index 3794010b2..8cc94a731 100644 --- a/src/identity-provider/identity_attribute.c +++ b/src/identity-provider/identity_attribute.c @@ -63,17 +63,73 @@ attribute_new (const char* attr_name, return attr; } +size_t +attribute_list_serialize_get_size (const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs) +{ + struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; + size_t len = 0; + for (le = attrs->list_head; NULL != le; le = le->next) + len += attribute_serialize_get_size (le->attribute); + return len; +} + +size_t +attribute_list_serialize (const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs, + char *result) +{ + struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; + size_t len; + size_t total_len; + char* write_ptr; + + write_ptr = result; + total_len = 0; + for (le = attrs->list_head; NULL != le; le = le->next) + { + len = attribute_serialize (le->attribute, + write_ptr); + total_len += len; + write_ptr += len; + } + return total_len; +} + +struct GNUNET_IDENTITY_PROVIDER_AttributeList * +attribute_list_deserialize (const char* data, + size_t data_size) +{ + struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs; + struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; + size_t attr_len; + const char* read_ptr; + + if (data_size < sizeof (struct Attribute)) + return NULL; + + attrs = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList); + read_ptr = data; + while (((data + data_size) - read_ptr) >= sizeof (struct Attribute)) + { + le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry); + le->attribute = attribute_deserialize (read_ptr, + data_size - (read_ptr - data)); + attr_len = attribute_serialize_get_size (le->attribute); + read_ptr += attr_len; + } + return attrs; +} + size_t attribute_serialize_get_size (const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr) { return sizeof (struct Attribute) - + strlen (attr->name) + 1 + + strlen (attr->name) + attr->data_size; //TODO get data_size from plugin } -int +size_t attribute_serialize (const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr, char *result) { @@ -96,7 +152,7 @@ attribute_serialize (const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr, GNUNET_memcpy (write_ptr, attr->data, attr->data_size); attr_ser->data_size = htons (data_len_ser); - return GNUNET_OK; + return sizeof (struct Attribute) + strlen (attr->name) + attr->data_size; } struct GNUNET_IDENTITY_PROVIDER_Attribute * @@ -108,7 +164,7 @@ attribute_deserialize (const char* data, size_t data_len; size_t name_len; char* write_ptr; - + if (data_size < sizeof (struct Attribute)) return NULL; @@ -117,10 +173,10 @@ attribute_deserialize (const char* data, data_len = ntohs (attr_ser->data_size); name_len = ntohs (attr_ser->name_len); attr = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_Attribute) - + data_len + name_len + 1); + + data_len + name_len + 1); attr->attribute_type = ntohs (attr_ser->attribute_type); attr->data_size = ntohs (attr_ser->data_size); - + write_ptr = (char*)&attr[1]; GNUNET_memcpy (write_ptr, &attr_ser[1], diff --git a/src/identity-provider/identity_attribute.h b/src/identity-provider/identity_attribute.h index 0d4f2bb76..00e520a38 100644 --- a/src/identity-provider/identity_attribute.h +++ b/src/identity-provider/identity_attribute.h @@ -48,6 +48,43 @@ struct Attribute //followed by data_size Attribute value data }; +/** + * Get required size for serialization buffer + * + * @param attrs the attribute list to serialize + * + * @return the required buffer size + */ +size_t +attribute_list_serialize_get_size (const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs); + + + +/** + * Serialize an attribute list + * + * @param attrs the attribute list to serialize + * @param result the serialized attribute + * + * @return length of serialized data + */ +size_t +attribute_list_serialize (const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs, + char *result); + +/** + * Deserialize an attribute list + * + * @param data the serialized attribute list + * @param data_size the length of the serialized data + * + * @return a GNUNET_IDENTITY_PROVIDER_AttributeList, must be free'd by caller + */ +struct GNUNET_IDENTITY_PROVIDER_AttributeList * +attribute_list_deserialize (const char* data, + size_t data_size); + + /** * Get required size for serialization buffer * @@ -66,9 +103,9 @@ attribute_serialize_get_size (const struct GNUNET_IDENTITY_PROVIDER_Attribute *a * @param attr the attribute to serialize * @param result the serialized attribute * - * @return GNUNET_OK on success + * @return length of serialized data */ -int +size_t attribute_serialize (const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr, char *result); diff --git a/src/identity-provider/identity_provider.h b/src/identity-provider/identity_provider.h index 588d6d39a..098885e3c 100644 --- a/src/identity-provider/identity_provider.h +++ b/src/identity-provider/identity_provider.h @@ -45,7 +45,7 @@ struct GNUNET_IDENTITY_PROVIDER_Token }; /** - * The ticket + * The ticket DEPRECATED */ struct GNUNET_IDENTITY_PROVIDER_Ticket { @@ -318,7 +318,55 @@ struct AttributeIterationStopMessage }; +/** + * Ticket issue message + */ +struct TicketIssueMessage +{ + /** + * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ISSUE + */ + struct GNUNET_MessageHeader header; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + + /** + * Identity. + */ + struct GNUNET_CRYPTO_EcdsaPrivateKey identity; + + /** + * Requesting party. + */ + struct GNUNET_CRYPTO_EcdsaPublicKey rp; + /** + * length of serialized attribute list + */ + uint32_t attr_len GNUNET_PACKED; + + //Followed by a serialized attribute list +}; + +/** + * Ticket result message + */ +struct TicketResultMessage +{ + /** + * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT + */ + struct GNUNET_MessageHeader header; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + +}; GNUNET_NETWORK_STRUCT_END #endif diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c index c806735f6..74d15bbe0 100644 --- a/src/identity-provider/identity_provider_api.c +++ b/src/identity-provider/identity_provider_api.c @@ -80,6 +80,11 @@ struct GNUNET_IDENTITY_PROVIDER_Operation */ GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus as_cb; + /** + * Ticket result callback + */ + GNUNET_IDENTITY_PROVIDER_TicketCallback tr_cb; + /** * Envelope with the message for this queue entry. */ @@ -590,6 +595,62 @@ handle_attribute_result (void *cls, GNUNET_assert (0); } +/** + * Handle an incoming message of type + * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT + * + * @param cls + * @param msg the message we received + * @return #GNUNET_OK on success, #GNUNET_SYSERR on error + */ +static int +check_ticket_result (void *cls, + const struct TicketResultMessage *msg) +{ + size_t msg_len; + + msg_len = ntohs (msg->header.size); + if (msg_len < sizeof (struct TicketResultMessage)) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + return GNUNET_OK; +} + + + +/** + * Handle an incoming message of type + * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT + * + * @param cls + * @param msg the message we received + */ +static void +handle_ticket_result (void *cls, + const struct TicketResultMessage *msg) +{ + struct GNUNET_IDENTITY_PROVIDER_Handle *handle = cls; + struct GNUNET_IDENTITY_PROVIDER_Operation *op; + const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket; + uint32_t r_id = ntohl (msg->id); + + for (op = handle->op_head; NULL != op; op = op->next) + if (op->r_id == r_id) + break; + if (NULL == op) + return; + GNUNET_CONTAINER_DLL_remove (handle->op_head, + handle->op_tail, + op); + ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket2 *)&msg[1]; + if (NULL != op->tr_cb) + op->tr_cb (op->cls, ticket); + GNUNET_free (op); + +} + /** @@ -617,6 +678,10 @@ reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h) GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT, struct AttributeResultMessage, h), + GNUNET_MQ_hd_var_size (ticket_result, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT, + struct TicketResultMessage, + h), GNUNET_MQ_handler_end () }; struct GNUNET_IDENTITY_PROVIDER_Operation *op; @@ -1072,7 +1137,58 @@ GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_At } +/** TODO + * Issues a ticket to another identity. The identity may use + * @GNUNET_IDENTITY_PROVIDER_authorization_ticket_consume to consume the ticket + * and retrieve the attributes specified in the AttributeList. + * + * @param h the identity provider to use + * @param iss the issuing identity + * @param rp the subject of the ticket (the relying party) + * @param attr the attributes that the relying party is given access to + * @param cb the callback + * @param cb_cls the callback closure + * @return handle to abort the operation + */ +struct GNUNET_IDENTITY_PROVIDER_Operation * +GNUNET_IDENTITY_PROVIDER_idp_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss, + const struct GNUNET_CRYPTO_EcdsaPublicKey *rp, + const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs, + GNUNET_IDENTITY_PROVIDER_TicketCallback cb, + void *cb_cls) +{ + struct GNUNET_IDENTITY_PROVIDER_Operation *op; + struct TicketIssueMessage *tim; + size_t attr_len; + + op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation); + op->h = h; + op->tr_cb = cb; + op->cls = cb_cls; + op->r_id = h->r_id_gen++; + GNUNET_CONTAINER_DLL_insert_tail (h->op_head, + h->op_tail, + op); + attr_len = attribute_list_serialize_get_size (attrs); + op->env = GNUNET_MQ_msg_extra (tim, + attr_len, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ISSUE); + tim->identity = *iss; + tim->rp = *rp; + tim->id = htonl (op->r_id); + + attribute_list_serialize (attrs, + (char*)&tim[1]); + + tim->attr_len = htons (attr_len); + if (NULL != h->mq) + GNUNET_MQ_send_copy (h->mq, + op->env); + return op; +} + - /* end of identity_provider_api.c */ +/* end of identity_provider_api.c */ diff --git a/src/identity-provider/test_idp.sh b/src/identity-provider/test_idp.sh index ce5c5ca69..598d1008c 100755 --- a/src/identity-provider/test_idp.sh +++ b/src/identity-provider/test_idp.sh @@ -1,5 +1,5 @@ #!/bin/bash -trap "gnunet-arm -e -c test_idp_lookup.conf" SIGINT +#trap "gnunet-arm -e -c test_idp_lookup.conf" SIGINT LOCATION=$(which gnunet-config) if [ -z $LOCATION ] @@ -25,8 +25,7 @@ which timeout &> /dev/null && DO_TIMEOUT="timeout 30" TEST_ATTR="test" gnunet-arm -s -c test_idp.conf gnunet-identity -C testego -c test_idp.conf -gnunet-idp -e testego --init -c test_idp.conf -gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf +valgrind gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf gnunet-idp -e testego -a name -V John -c test_idp.conf gnunet-idp -e testego -D -c test_idp.conf gnunet-arm -e -c test_idp.conf diff --git a/src/identity-provider/test_idp_issue.sh b/src/identity-provider/test_idp_issue.sh new file mode 100755 index 000000000..306f238d9 --- /dev/null +++ b/src/identity-provider/test_idp_issue.sh @@ -0,0 +1,35 @@ +#!/bin/bash +trap "gnunet-arm -e -c test_idp_lookup.conf" SIGINT + +LOCATION=$(which gnunet-config) +if [ -z $LOCATION ] +then + LOCATION="gnunet-config" +fi +$LOCATION --version 1> /dev/null +if test $? != 0 +then + echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" + exit 77 +fi + +rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f` + +# (1) PKEY1.user -> PKEY2.resu.user +# (2) PKEY2.resu -> PKEY3 +# (3) PKEY3.user -> PKEY4 + + +which timeout &> /dev/null && DO_TIMEOUT="timeout 30" + +TEST_ATTR="test" +gnunet-arm -s -c test_idp.conf +gnunet-identity -C testego -c test_idp.conf +gnunet-identity -C rpego -c test_idp.conf +SUBJECT_KEY=$(gnunet-identity -d -c test_idp.conf | grep rpego | awk '{print $3}') +gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf +gnunet-idp -e testego -a name -V John -c test_idp.conf +gnunet-idp -e testego -D -c test_idp.conf +gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf +gnunet-namestore -z testego -D -c test_idp.conf +gnunet-arm -e -c test_idp.conf diff --git a/src/include/gnunet_identity_provider_service.h b/src/include/gnunet_identity_provider_service.h index aaa838a03..cc71646bc 100644 --- a/src/include/gnunet_identity_provider_service.h +++ b/src/include/gnunet_identity_provider_service.h @@ -57,10 +57,31 @@ struct GNUNET_IDENTITY_PROVIDER_Handle; struct GNUNET_IDENTITY_PROVIDER_Token; /** - * Handle for a ticket + * Handle for a ticket DEPRECATED */ struct GNUNET_IDENTITY_PROVIDER_Ticket; +/** + * The ticket + */ +struct GNUNET_IDENTITY_PROVIDER_Ticket2 +{ + /** + * The ticket issuer + */ + struct GNUNET_CRYPTO_EcdsaPublicKey identity; + + /** + * The ticket audience + */ + struct GNUNET_CRYPTO_EcdsaPublicKey audience; + + /** + * The ticket random (NBO) + */ + uint64_t rnd; +}; + /** * Handle for an operation with the identity provider service. */ @@ -117,7 +138,36 @@ struct GNUNET_IDENTITY_PROVIDER_Attribute }; +struct GNUNET_IDENTITY_PROVIDER_AttributeList +{ + /** + * List head + */ + struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *list_head; + /** + * List tail + */ + struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *list_tail; +}; + +struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry +{ + /** + * DLL + */ + struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *prev; + + /** + * DLL + */ + struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *next; + + /** + * The attribute + */ + struct GNUNET_IDENTITY_PROVIDER_Attribute *attribute; +}; /** * Method called when a token has been exchanged for a ticket. @@ -280,6 +330,114 @@ void GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it); +/** + * Method called when a token has been issued. + * On success returns a ticket that can be given to the audience to retrive the + * token + * + * @param cls closure + * @param grant the label in GNS pointing to the token + * @param ticket the ticket + * @param token the issued token + * @param name name assigned by the user for this ego, + * NULL if the user just deleted the ego and it + * must thus no longer be used + */ +typedef void +(*GNUNET_IDENTITY_PROVIDER_TicketCallback)(void *cls, + const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket); + + +/** TODO + * Issues a ticket to another identity. The identity may use + * @GNUNET_IDENTITY_PROVIDER_authorization_ticket_consume to consume the ticket + * and retrieve the attributes specified in the AttributeList. + * + * @param id the identity provider to use + * @param iss the issuing identity + * @param rp the subject of the ticket (the relying party) + * @param attr the attributes that the relying party is given access to + * @param cb the callback + * @param cb_cls the callback closure + * @return handle to abort the operation + */ +struct GNUNET_IDENTITY_PROVIDER_Operation * +GNUNET_IDENTITY_PROVIDER_idp_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *id, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss, + const struct GNUNET_CRYPTO_EcdsaPublicKey *rp, + const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs, + GNUNET_IDENTITY_PROVIDER_TicketCallback cb, + void *cb_cls); + +/** TODO + * Revoked an issued ticket. The relying party will be unable to retrieve + * updated attributes. + * + * @param id the identity provider to use + * @param identity the issuing identity + * @param ticket the ticket to revoke + * @param cb the callback + * @param cb_cls the callback closure + * @return handle to abort the operation + */ +struct GNUNET_IDENTITY_PROVIDER_Operation * +GNUNET_IDENTITY_PROVIDER_idp_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle *id, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, + const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, + GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cb, + void *cb_cls); + + + +/** TODO + * Consumes an issued ticket. The ticket is persisted + * and used to retrieve identity information from the issuer + * + * @param id the identity provider to use + * @param identity the identity that is the subject of the issued ticket (the relying party) + * @param ticket the issued ticket to consume + * @param cb the callback to call + * @param cb_cls the callback closure + * @return handle to abort the operation + */ +struct GNUNET_IDENTITY_PROVIDER_Operation * +GNUNET_IDENTITY_PROVIDER_rp_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *id, + const struct GNUNET_CRYPTO_EcdsaPrivateKey * identity, + const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, + GNUNET_IDENTITY_PROVIDER_AttributeResult cb, + void *cb_cls); + +/** TODO + * Lists all tickets that have been issued to remote + * identites (relying parties) + * + * @param id the identity provider to use + * @param identity the issuing identity + * @param cb the callback to use + * @param cb_cls the callback closure + * @return handle to abort the operation + */ +struct GNUNET_IDENTITY_PROVIDER_Operation * +GNUNET_IDENTITY_PROVIDER_idp_tickets_list (struct GNUNET_IDENTITY_PROVIDER_Handle *id, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, + GNUNET_IDENTITY_PROVIDER_TicketCallback *cb, + void *cb_cls); + +/** TODO + * Lists all attributes that are shared with this identity + * by remote parties + * + * @param id identity provider service to use + * @param identity the identity (relying party) + * @param cb the result callback + * @param cb_cls the result callback closure + * @return handle to abort the operation + */ +struct GNUNET_IDENTITY_PROVIDER_Operation * +GNUNET_IDENTITY_PROVIDER_rp_attributes_list (struct GNUNET_IDENTITY_PROVIDER_Handle *id, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, + GNUNET_IDENTITY_PROVIDER_AttributeResult *cb, + void *cb_cls); /** * Issue a token for a specific audience. diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h index e498af1f5..1a7df377c 100644 --- a/src/include/gnunet_protocols.h +++ b/src/include/gnunet_protocols.h @@ -2640,17 +2640,21 @@ extern "C" #define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT 970 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ISSUE 971 + +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT 972 + /************************************************** * * CREDENTIAL MESSAGE TYPES */ -#define GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY 971 +#define GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY 981 -#define GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT 972 +#define GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT 982 -#define GNUNET_MESSAGE_TYPE_CREDENTIAL_COLLECT 973 +#define GNUNET_MESSAGE_TYPE_CREDENTIAL_COLLECT 983 -#define GNUNET_MESSAGE_TYPE_CREDENTIAL_COLLECT_RESULT 974 +#define GNUNET_MESSAGE_TYPE_CREDENTIAL_COLLECT_RESULT 984 /******************************************************************************/ -- cgit v1.2.3 From 7e7ada0b9a26394e20b8562421799370299bff0d Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sun, 17 Sep 2017 21:12:09 +0200 Subject: -add comments --- src/include/gnunet_identity_provider_service.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/include/gnunet_identity_provider_service.h b/src/include/gnunet_identity_provider_service.h index cc71646bc..7aaae2e85 100644 --- a/src/include/gnunet_identity_provider_service.h +++ b/src/include/gnunet_identity_provider_service.h @@ -181,7 +181,7 @@ typedef void const struct GNUNET_IDENTITY_PROVIDER_Token *token, uint64_t ticket_nonce); -/** +/** TODO DEPRECATED * Method called when a token has been issued. * On success returns a ticket that can be given to the audience to retrive the * token @@ -348,7 +348,7 @@ typedef void const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket); -/** TODO +/** * Issues a ticket to another identity. The identity may use * @GNUNET_IDENTITY_PROVIDER_authorization_ticket_consume to consume the ticket * and retrieve the attributes specified in the AttributeList. @@ -439,7 +439,7 @@ GNUNET_IDENTITY_PROVIDER_rp_attributes_list (struct GNUNET_IDENTITY_PROVIDER_Han GNUNET_IDENTITY_PROVIDER_AttributeResult *cb, void *cb_cls); -/** +/** TODO remove DEPRECATED * Issue a token for a specific audience. * * @param id identity provider service to use @@ -464,7 +464,7 @@ GNUNET_IDENTITY_PROVIDER_issue_token (struct GNUNET_IDENTITY_PROVIDER_Handle *id void *cb_cls); -/** +/** TODO remove DEPRECATED * Exchange a ticket for a token. Intended to be used by audience that * received a ticket. * -- cgit v1.2.3 From 3777e05a09dc9f375354bf01542f4fd6807e58c5 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sun, 17 Sep 2017 21:44:35 +0200 Subject: -minor fixed, start consume --- src/identity-provider/gnunet-idp.c | 8 ---- .../gnunet-service-identity-provider.c | 12 ++--- src/identity-provider/identity_provider.h | 25 +++++++++++ src/identity-provider/identity_provider_api.c | 51 ++++++++++++++++++++++ .../plugin_gnsrecord_identity_provider.c | 6 ++- src/include/gnunet_identity_provider_service.h | 2 +- 6 files changed, 87 insertions(+), 17 deletions(-) diff --git a/src/identity-provider/gnunet-idp.c b/src/identity-provider/gnunet-idp.c index fdd4720e0..f85ede7aa 100644 --- a/src/identity-provider/gnunet-idp.c +++ b/src/identity-provider/gnunet-idp.c @@ -138,9 +138,6 @@ store_attr_cont (void *cls, int32_t success, const char*emsg) { - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - "Store continuation\n"); - if (GNUNET_SYSERR == success) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", emsg); @@ -166,8 +163,6 @@ iter_finished (void *cls) { struct GNUNET_IDENTITY_PROVIDER_Attribute *attr; - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - "Attribute collection finished!\n"); attr_iterator = NULL; if (list) { GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); @@ -187,9 +182,6 @@ iter_finished (void *cls) GNUNET_IDENTITY_PROVIDER_AT_STRING, attr_value, strlen (attr_value)); - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - "Adding attribute\n"); - idp_op = GNUNET_IDENTITY_PROVIDER_attribute_store (idp_handle, pkey, attr, diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index b481c00c0..0eb6599e6 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -620,7 +620,7 @@ bootstrap_store_task (void *cls) rd[0].data_size = GNUNET_CRYPTO_cpabe_serialize_master_key (abh->abe_key, (void**)&rd[0].data); rd[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_MASTER; - rd[0].flags = GNUNET_GNSRECORD_RF_NONE | GNUNET_GNSRECORD_RF_PRIVATE; + rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION | GNUNET_GNSRECORD_RF_PRIVATE; rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane? abh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, &abh->identity, @@ -1869,7 +1869,7 @@ attr_store_cont (void *cls, return; } - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Sending ATTRIBUTE_STORE_RESPONSE message\n"); env = GNUNET_MQ_msg (acr_msg, GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE); @@ -1888,7 +1888,7 @@ attr_store_task (void *cls) char* buf; size_t buf_size; - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Storing attribute\n"); buf_size = attribute_serialize_get_size (as_handle->attribute); buf = GNUNET_malloc (buf_size); @@ -1924,7 +1924,7 @@ static void store_after_abe_bootstrap (void *cls, struct GNUNET_CRYPTO_AbeMasterKey *abe_key) { - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Finished ABE bootstrap\n"); struct AttributeStoreHandle *ash = cls; ash->abe_key = abe_key; @@ -1969,7 +1969,7 @@ handle_attribute_store_message (void *cls, struct AttributeStoreHandle *as_handle; struct IdpClient *idp = cls; size_t data_len; - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received ATTRIBUTE_STORE message\n"); data_len = ntohs (sam->attr_len); @@ -2059,7 +2059,7 @@ attr_iter_cb (void *cls, key, (void**)&attr_ser); GNUNET_CRYPTO_cpabe_delete_key (key); - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found attribute: %s\n", label); env = GNUNET_MQ_msg_extra (arm, msg_extra_len, diff --git a/src/identity-provider/identity_provider.h b/src/identity-provider/identity_provider.h index 098885e3c..9b6fe6237 100644 --- a/src/identity-provider/identity_provider.h +++ b/src/identity-provider/identity_provider.h @@ -367,6 +367,31 @@ struct TicketResultMessage uint32_t id GNUNET_PACKED; }; + +/** + * Ticket consume message + */ +struct ConsumeTicketMessage +{ + /** + * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ISSUE + */ + struct GNUNET_MessageHeader header; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + + /** + * Identity. + */ + struct GNUNET_CRYPTO_EcdsaPrivateKey identity; + + //Followed by a serialized ticket +}; + + GNUNET_NETWORK_STRUCT_END #endif diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c index 74d15bbe0..25c14793d 100644 --- a/src/identity-provider/identity_provider_api.c +++ b/src/identity-provider/identity_provider_api.c @@ -80,6 +80,11 @@ struct GNUNET_IDENTITY_PROVIDER_Operation */ GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus as_cb; + /** + * Attribute result callback + */ + GNUNET_IDENTITY_PROVIDER_AttributeResult ar_cb; + /** * Ticket result callback */ @@ -1188,6 +1193,52 @@ GNUNET_IDENTITY_PROVIDER_idp_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handl return op; } +/** + * Consumes an issued ticket. The ticket is persisted + * and used to retrieve identity information from the issuer + * + * @param id the identity provider to use + * @param identity the identity that is the subject of the issued ticket (the relying party) + * @param ticket the issued ticket to consume + * @param cb the callback to call + * @param cb_cls the callback closure + * @return handle to abort the operation + */ +struct GNUNET_IDENTITY_PROVIDER_Operation * +GNUNET_IDENTITY_PROVIDER_rp_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *h, + const struct GNUNET_CRYPTO_EcdsaPrivateKey * identity, + const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket, + GNUNET_IDENTITY_PROVIDER_AttributeResult cb, + void *cb_cls) +{ + struct GNUNET_IDENTITY_PROVIDER_Operation *op; + struct ConsumeTicketMessage *ctm; + + op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation); + op->h = h; + op->ar_cb = cb; + op->cls = cb_cls; + op->r_id = h->r_id_gen++; + GNUNET_CONTAINER_DLL_insert_tail (h->op_head, + h->op_tail, + op); + op->env = GNUNET_MQ_msg_extra (ctm, + sizeof (const struct GNUNET_IDENTITY_PROVIDER_Ticket2), + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ISSUE); + ctm->identity = *identity; + ctm->id = htonl (op->r_id); + + GNUNET_memcpy ((char*)&ctm[1], + ticket, + sizeof (const struct GNUNET_IDENTITY_PROVIDER_Ticket2)); + + if (NULL != h->mq) + GNUNET_MQ_send_copy (h->mq, + op->env); + return op; + +} + diff --git a/src/identity-provider/plugin_gnsrecord_identity_provider.c b/src/identity-provider/plugin_gnsrecord_identity_provider.c index 1f1973783..cee0a9506 100644 --- a/src/identity-provider/plugin_gnsrecord_identity_provider.c +++ b/src/identity-provider/plugin_gnsrecord_identity_provider.c @@ -175,6 +175,8 @@ static struct { } name_map[] = { { "ID_ATTR", GNUNET_GNSRECORD_TYPE_ID_ATTR }, { "ID_TOKEN", GNUNET_GNSRECORD_TYPE_ID_TOKEN }, + { "ABE_KEY", GNUNET_GNSRECORD_TYPE_ABE_KEY }, + { "ABE_MASTER", GNUNET_GNSRECORD_TYPE_ABE_MASTER }, { "ID_TOKEN_METADATA", GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA }, { NULL, UINT32_MAX } }; @@ -229,7 +231,7 @@ number_to_typename (void *cls, * @return the exported block API */ void * -libgnunet_plugin_gnsrecord_identity_init (void *cls) +libgnunet_plugin_gnsrecord_identity_provider_init (void *cls) { struct GNUNET_GNSRECORD_PluginFunctions *api; @@ -249,7 +251,7 @@ libgnunet_plugin_gnsrecord_identity_init (void *cls) * @return NULL */ void * -libgnunet_plugin_gnsrecord_identity_done (void *cls) +libgnunet_plugin_gnsrecord_identity_provider_done (void *cls) { struct GNUNET_GNSRECORD_PluginFunctions *api = cls; diff --git a/src/include/gnunet_identity_provider_service.h b/src/include/gnunet_identity_provider_service.h index 7aaae2e85..4b1dcd641 100644 --- a/src/include/gnunet_identity_provider_service.h +++ b/src/include/gnunet_identity_provider_service.h @@ -403,7 +403,7 @@ GNUNET_IDENTITY_PROVIDER_idp_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Hand struct GNUNET_IDENTITY_PROVIDER_Operation * GNUNET_IDENTITY_PROVIDER_rp_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *id, const struct GNUNET_CRYPTO_EcdsaPrivateKey * identity, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, + const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket, GNUNET_IDENTITY_PROVIDER_AttributeResult cb, void *cb_cls); -- cgit v1.2.3 From ca10195d9af33c557b57f16b8bb93df1066ab0ee Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 18 Sep 2017 00:23:19 +0200 Subject: -add consume API --- src/identity-provider/gnunet-idp.c | 53 ++- .../gnunet-service-identity-provider.c | 360 +++++++++++++++++++-- src/identity-provider/identity_attribute.c | 6 + src/identity-provider/identity_provider.h | 4 +- src/identity-provider/identity_provider_api.c | 63 +++- src/identity-provider/test_idp_issue.sh | 8 +- src/include/gnunet_identity_provider_service.h | 2 +- src/include/gnunet_protocols.h | 2 + 8 files changed, 442 insertions(+), 56 deletions(-) diff --git a/src/identity-provider/gnunet-idp.c b/src/identity-provider/gnunet-idp.c index f85ede7aa..a8739e6f6 100644 --- a/src/identity-provider/gnunet-idp.c +++ b/src/identity-provider/gnunet-idp.c @@ -56,6 +56,11 @@ static char* attr_value; */ static char* issue_attrs; +/** + * Ticket to consume + */ +static char* consume_ticket; + /** * Ego name */ @@ -96,6 +101,10 @@ static const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey; */ static struct GNUNET_CRYPTO_EcdsaPublicKey rp_key; +/** + * Ticket to consume + */ +static struct GNUNET_IDENTITY_PROVIDER_Ticket2 ticket; /** * Attribute list @@ -123,11 +132,10 @@ ticket_issue_cb (void* cls, { char* ticket_str; if (NULL != ticket) { - ticket_str = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd, - sizeof (uint64_t)); - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - "Got ticket, %s\n", - ticket_str); + ticket_str = GNUNET_STRINGS_data_to_string_alloc (ticket, + sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket2)); + printf("%s\n", + ticket_str); GNUNET_free (ticket_str); } GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); @@ -149,6 +157,21 @@ store_attr_cont (void *cls, GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); } +static void +process_attrs (void *cls, + const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, + const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr) +{ + if (NULL == identity) + { + GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); + return; + } + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "%s: %s\n", attr->name, (char*)attr->data); +} + + static void iter_error (void *cls) { @@ -178,6 +201,14 @@ iter_finished (void *cls) NULL); return; } + if (consume_ticket) { + idp_op = GNUNET_IDENTITY_PROVIDER_rp_ticket_consume (idp_handle, + pkey, + &ticket, + &process_attrs, + NULL); + return; + } attr = GNUNET_IDENTITY_PROVIDER_attribute_new (attr_name, GNUNET_IDENTITY_PROVIDER_AT_STRING, attr_value, @@ -193,7 +224,7 @@ iter_finished (void *cls) static void iter_cb (void *cls, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, + const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr) { struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; @@ -243,6 +274,11 @@ ego_cb (void *cls, GNUNET_CRYPTO_ecdsa_public_key_from_string (rp, strlen (rp), &rp_key); + if (NULL != consume_ticket) + GNUNET_STRINGS_string_to_data (consume_ticket, + strlen (consume_ticket), + &ticket, + sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket2)); attr_list = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList); @@ -317,6 +353,11 @@ main(int argc, char *const argv[]) NULL, gettext_noop ("Issue a ticket"), &issue_attrs), + GNUNET_GETOPT_option_string ('C', + "consume", + NULL, + gettext_noop ("Consume a ticket"), + &consume_ticket), GNUNET_GETOPT_OPTION_END }; return GNUNET_PROGRAM_run (argc, argv, "ct", diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 0eb6599e6..9a919102f 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -310,7 +310,65 @@ struct VerifiedAttributeEntry char* name; }; -struct ParallelLookups; +struct ParallelLookup; +struct ParallelLookup2; + +struct ConsumeTicketHandle +{ + + /** + * Client connection + */ + struct IdpClient *client; + + /** + * Ticket + */ + struct GNUNET_IDENTITY_PROVIDER_Ticket2 ticket; + + /** + * LookupRequest + */ + struct GNUNET_GNS_LookupRequest *lookup_request; + + /** + * Audience Key + */ + struct GNUNET_CRYPTO_EcdsaPrivateKey identity; + + /** + * Audience Key + */ + struct GNUNET_CRYPTO_EcdsaPublicKey identity_pub; + + /** + * ParallelLookups DLL + */ + struct ParallelLookup2 *parallel_lookups_head; + struct ParallelLookup2 *parallel_lookups_tail; + + struct GNUNET_SCHEDULER_Task *kill_task; + struct GNUNET_CRYPTO_AbeKey *key; + + /** + * request id + */ + uint32_t r_id; +}; + +struct ParallelLookup2 +{ + struct ParallelLookup2 *next; + + struct ParallelLookup2 *prev; + + struct GNUNET_GNS_LookupRequest *lookup_request; + + struct ConsumeTicketHandle *handle; + + char *label; +}; + struct ExchangeHandle { @@ -1657,28 +1715,6 @@ store_ticket_issue_cont (void *cls, -/** - * Checks a ticket issue message - * - * @param cls client sending the message - * @param im message of type `struct TicketIssueMessage` - * @return #GNUNET_OK if @a im is well-formed - */ -static int -check_ticket_issue_message(void *cls, - const struct TicketIssueMessage *im) -{ - uint16_t size; - - size = ntohs (im->header.size); - if (size <= sizeof (struct IssueMessage)) - { - GNUNET_break (0); - return GNUNET_SYSERR; - } - return GNUNET_OK; -} - int serialize_abe_keyinfo2 (const struct TicketIssueHandle *handle, const struct GNUNET_CRYPTO_AbeKey *rp_key, @@ -1707,7 +1743,13 @@ serialize_abe_keyinfo2 (const struct TicketIssueHandle *handle, } buf = GNUNET_malloc (attrs_str_len + size); write_ptr = buf; + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "Writing attributes\n"); for (le = handle->attrs->list_head; NULL != le; le = le->next) { + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "%s\n", le->attribute->name); + + GNUNET_memcpy (write_ptr, le->attribute->name, strlen (le->attribute->name)); @@ -1750,7 +1792,7 @@ serialize_abe_keyinfo2 (const struct TicketIssueHandle *handle, static void issue_ticket_after_abe_bootstrap (void *cls, - struct GNUNET_CRYPTO_AbeMasterKey *abe_key) + struct GNUNET_CRYPTO_AbeMasterKey *abe_key) { struct TicketIssueHandle *ih = cls; struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; @@ -1768,15 +1810,16 @@ issue_ticket_after_abe_bootstrap (void *cls, attrs_len = 0; for (le = ih->attrs->list_head; NULL != le; le = le->next) attrs_len++; - attrs = GNUNET_malloc (attrs_len); + attrs = GNUNET_malloc ((attrs_len + 1)*sizeof (char*)); i = 0; for (le = ih->attrs->list_head; NULL != le; le = le->next) { attrs[i] = (char*) le->attribute->name; i++; } + attrs[i] = NULL; rp_key = GNUNET_CRYPTO_cpabe_create_key (abe_key, attrs); - + //TODO review this wireformat code_record_len = serialize_abe_keyinfo2 (ih, rp_key, @@ -1804,6 +1847,29 @@ issue_ticket_after_abe_bootstrap (void *cls, } +/** + * Checks a ticket issue message + * + * @param cls client sending the message + * @param im message of type `struct TicketIssueMessage` + * @return #GNUNET_OK if @a im is well-formed + */ +static int +check_ticket_issue_message(void *cls, + const struct TicketIssueMessage *im) +{ + uint16_t size; + + size = ntohs (im->header.size); + if (size <= sizeof (struct TicketIssueMessage)) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + return GNUNET_OK; +} + + /** * * Handler for ticket issue message @@ -1849,7 +1915,242 @@ cleanup_as_handle (struct AttributeStoreHandle *handle) GNUNET_free (handle); } +/** + * Checks a ticket consume message + * + * @param cls client sending the message + * @param im message of type `struct ConsumeTicketMessage` + * @return #GNUNET_OK if @a im is well-formed + */ +static int +check_consume_ticket_message(void *cls, + const struct ConsumeTicketMessage *cm) +{ + uint16_t size; + + size = ntohs (cm->header.size); + if (size <= sizeof (struct ConsumeTicketMessage)) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + return GNUNET_OK; +} +static void +process_parallel_lookup2 (void *cls, uint32_t rd_count, + const struct GNUNET_GNSRECORD_Data *rd) +{ + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "Parallel lookup finished (count=%u)\n", rd_count); + struct ParallelLookup2 *parallel_lookup = cls; + struct ConsumeTicketHandle *handle = parallel_lookup->handle; + struct AttributeResultMessage *arm; + struct GNUNET_MQ_Envelope *env; + char *data; + char *data_tmp; + size_t msg_extra_len; + + GNUNET_CONTAINER_DLL_remove (handle->parallel_lookups_head, + handle->parallel_lookups_tail, + parallel_lookup); + GNUNET_free (parallel_lookup); + if (1 != rd_count) + GNUNET_break(0);//TODO + if (rd->record_type == GNUNET_GNSRECORD_TYPE_ID_ATTR) + { + msg_extra_len = GNUNET_CRYPTO_cpabe_decrypt (rd->data, + rd->data_size, + handle->key, + (void**)&data); + env = GNUNET_MQ_msg_extra (arm, + msg_extra_len, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT); + arm->id = htonl (handle->r_id); + arm->attr_len = htons (msg_extra_len); + arm->identity = handle->ticket.identity; + data_tmp = (char *) &arm[1]; + GNUNET_memcpy (data_tmp, + data, + msg_extra_len); + GNUNET_MQ_send (handle->client->mq, env); + GNUNET_free (data); + } + if (NULL != handle->parallel_lookups_head) + return; //Wait for more + //Else we are done + GNUNET_SCHEDULER_cancel (handle->kill_task); + env = GNUNET_MQ_msg (arm, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT); + arm->id = htonl (handle->r_id); + arm->attr_len = htons (0); + GNUNET_MQ_send (handle->client->mq, env); +} + +void +abort_parallel_lookups2 (void *cls) +{ + struct ConsumeTicketHandle *handle = cls; + struct ParallelLookup2 *lu; + struct ParallelLookup2 *tmp; + struct AttributeResultMessage *arm; + struct GNUNET_MQ_Envelope *env; + + for (lu = handle->parallel_lookups_head; + NULL != lu;) { + GNUNET_GNS_lookup_cancel (lu->lookup_request); + GNUNET_free (lu->label); + tmp = lu->next; + GNUNET_CONTAINER_DLL_remove (handle->parallel_lookups_head, + handle->parallel_lookups_tail, + lu); + GNUNET_free (lu); + lu = tmp; + } + env = GNUNET_MQ_msg (arm, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT); + arm->id = htonl (handle->r_id); + arm->attr_len = htons (0); + GNUNET_MQ_send (handle->client->mq, env); + +} + +static void +cleanup_consume_ticket_handle (struct ConsumeTicketHandle *handle) +{ + if (NULL != handle->key) + GNUNET_free (handle->key); + GNUNET_free (handle); +} + + +static void +process_consume_abe_key (void *cls, uint32_t rd_count, + const struct GNUNET_GNSRECORD_Data *rd) +{ + struct ConsumeTicketHandle *handle = cls; + struct GNUNET_HashCode new_key_hash; + struct GNUNET_CRYPTO_SymmetricSessionKey enc_key; + struct GNUNET_CRYPTO_SymmetricInitializationVector enc_iv; + struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_key; + struct ParallelLookup2 *parallel_lookup; + size_t size; + char *buf; + char *scope; + char *lookup_query; + + handle->lookup_request = NULL; + if (1 != rd_count) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Number of keys %d != 1.", + rd_count); + cleanup_consume_ticket_handle (handle); + GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); + return; + } + + //Decrypt + ecdh_key = (struct GNUNET_CRYPTO_EcdhePublicKey *)rd->data; + + buf = GNUNET_malloc (rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); + + //Calculate symmetric key from ecdh parameters + GNUNET_assert (GNUNET_OK == + GNUNET_CRYPTO_ecdsa_ecdh (&handle->identity, + ecdh_key, + &new_key_hash)); + create_sym_key_from_ecdh (&new_key_hash, + &enc_key, + &enc_iv); + size = GNUNET_CRYPTO_symmetric_decrypt (rd->data + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey), + rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey), + &enc_key, + &enc_iv, + buf); + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Decrypted bytes: %zd Expected bytes: %zd\n", + size, rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); + + scopes = GNUNET_strdup (buf); + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "Scopes %s\n", scopes); + handle->key = GNUNET_CRYPTO_cpabe_deserialize_key ((void*)(buf + strlen (scopes) + 1), + rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + - strlen (scopes) - 1); + + for (scope = strtok (scopes, ","); NULL != scope; scope = strtok (NULL, ",")) + { + GNUNET_asprintf (&lookup_query, + "%s.gnu", + scope); + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "Looking up %s\n", lookup_query); + parallel_lookup = GNUNET_new (struct ParallelLookup2); + parallel_lookup->handle = handle; + parallel_lookup->label = GNUNET_strdup (scope); + parallel_lookup->lookup_request + = GNUNET_GNS_lookup (gns_handle, + lookup_query, + &handle->ticket.identity, + GNUNET_GNSRECORD_TYPE_ID_ATTR, + GNUNET_GNS_LO_LOCAL_MASTER, + &process_parallel_lookup2, + parallel_lookup); + GNUNET_CONTAINER_DLL_insert (handle->parallel_lookups_head, + handle->parallel_lookups_tail, + parallel_lookup); + } + handle->kill_task = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_MINUTES,3), + &abort_parallel_lookups2, + handle); +} + + +/** + * + * Handler for ticket issue message + * + * @param cls unused + * @param client who sent the message + * @param message the message + */ +static void +handle_consume_ticket_message (void *cls, + const struct ConsumeTicketMessage *cm) +{ + struct ConsumeTicketHandle *ch; + struct IdpClient *idp = cls; + char* lookup_query; + char* rnd_label; + + ch = GNUNET_new (struct ConsumeTicketHandle); + ch->r_id = ntohl (cm->id); + ch->client = idp; + ch->identity = cm->identity; + GNUNET_CRYPTO_ecdsa_key_get_public (&ch->identity, + &ch->identity_pub); + ch->ticket = *((struct GNUNET_IDENTITY_PROVIDER_Ticket2*)&cm[1]); + rnd_label = GNUNET_STRINGS_data_to_string_alloc (&ch->ticket.rnd, + sizeof (uint64_t)); + GNUNET_asprintf (&lookup_query, + "%s.gnu", + rnd_label); + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "Looking for ABE key under %s\n", lookup_query); + + ch->lookup_request + = GNUNET_GNS_lookup (gns_handle, + lookup_query, + &ch->ticket.identity, + GNUNET_GNSRECORD_TYPE_ABE_KEY, + GNUNET_GNS_LO_LOCAL_MASTER, + &process_consume_abe_key, + ch); + GNUNET_free (lookup_query); + GNUNET_SERVICE_client_continue (idp->client); +} void attr_store_cont (void *cls, @@ -2066,7 +2367,8 @@ attr_iter_cb (void *cls, GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT); arm->id = htonl (ai->request_id); arm->attr_len = htons (msg_extra_len); - arm->identity = *zone; + GNUNET_CRYPTO_ecdsa_key_get_public (zone, + &arm->identity); data_tmp = (char *) &arm[1]; GNUNET_memcpy (data_tmp, attr_ser, @@ -2339,5 +2641,9 @@ GNUNET_SERVICE_MAIN GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ISSUE, struct TicketIssueMessage, NULL), + GNUNET_MQ_hd_var_size (consume_ticket_message, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET, + struct ConsumeTicketMessage, + NULL), GNUNET_MQ_handler_end()); /* end of gnunet-service-identity-provider.c */ diff --git a/src/identity-provider/identity_attribute.c b/src/identity-provider/identity_attribute.c index 8cc94a731..916386754 100644 --- a/src/identity-provider/identity_attribute.c +++ b/src/identity-provider/identity_attribute.c @@ -110,9 +110,15 @@ attribute_list_deserialize (const char* data, read_ptr = data; while (((data + data_size) - read_ptr) >= sizeof (struct Attribute)) { + le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry); le->attribute = attribute_deserialize (read_ptr, data_size - (read_ptr - data)); + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "Deserialized attribute %s\n", le->attribute->name); + GNUNET_CONTAINER_DLL_insert (attrs->list_head, + attrs->list_tail, + le); attr_len = attribute_serialize_get_size (le->attribute); read_ptr += attr_len; } diff --git a/src/identity-provider/identity_provider.h b/src/identity-provider/identity_provider.h index 9b6fe6237..dcad35118 100644 --- a/src/identity-provider/identity_provider.h +++ b/src/identity-provider/identity_provider.h @@ -250,9 +250,9 @@ struct AttributeResultMessage uint16_t reserved GNUNET_PACKED; /** - * The private key of the identity. + * The public key of the identity. */ - struct GNUNET_CRYPTO_EcdsaPrivateKey identity; + struct GNUNET_CRYPTO_EcdsaPublicKey identity; /* followed by: * serialized attribute data diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c index 25c14793d..7c9576d05 100644 --- a/src/identity-provider/identity_provider_api.c +++ b/src/identity-provider/identity_provider_api.c @@ -556,30 +556,52 @@ handle_attribute_result (void *cls, static struct GNUNET_CRYPTO_EcdsaPrivateKey identity_dummy; struct GNUNET_IDENTITY_PROVIDER_Handle *h = cls; struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it; + struct GNUNET_IDENTITY_PROVIDER_Operation *op; size_t attr_len; uint32_t r_id = ntohl (msg->id); attr_len = ntohs (msg->attr_len); - - for (it = h->it_head; NULL != it; it = it->next) + LOG (GNUNET_ERROR_TYPE_MESSAGE, + "Processing attribute result.\n"); + + + for (it = h->it_head; NULL != it; it = it->next) if (it->r_id == r_id) break; - if (NULL == it) + for (op = h->op_head; NULL != op; op = op->next) + if (op->r_id == r_id) + break; + if ((NULL == it) && (NULL == op)) return; if ( (0 == (memcmp (&msg->identity, - &identity_dummy, - sizeof (identity_dummy)))) ) + &identity_dummy, + sizeof (identity_dummy)))) ) { - if (NULL == it) + if ((NULL == it) && (NULL == op)) { GNUNET_break (0); force_reconnect (h); return; } - if (NULL != it->finish_cb) - it->finish_cb (it->finish_cb_cls); - free_it (it); + if (NULL != it) + { + if (NULL != it->finish_cb) + it->finish_cb (it->finish_cb_cls); + free_it (it); + } + if (NULL != op) + { + if (NULL != op->ar_cb) + op->ar_cb (op->cls, + NULL, + NULL); + GNUNET_CONTAINER_DLL_remove (h->op_head, + h->op_tail, + op); + GNUNET_free (op); + + } return; } @@ -593,9 +615,16 @@ handle_attribute_result (void *cls, it->proc (it->proc_cls, &msg->identity, attr); - GNUNET_free (attr); - return; + } else if (NULL != op) + { + if (NULL != op->ar_cb) + op->ar_cb (op->cls, + &msg->identity, + attr); + } + GNUNET_free (attr); + return; } GNUNET_assert (0); } @@ -610,7 +639,7 @@ handle_attribute_result (void *cls, */ static int check_ticket_result (void *cls, - const struct TicketResultMessage *msg) + const struct TicketResultMessage *msg) { size_t msg_len; @@ -634,7 +663,7 @@ check_ticket_result (void *cls, */ static void handle_ticket_result (void *cls, - const struct TicketResultMessage *msg) + const struct TicketResultMessage *msg) { struct GNUNET_IDENTITY_PROVIDER_Handle *handle = cls; struct GNUNET_IDENTITY_PROVIDER_Operation *op; @@ -684,9 +713,9 @@ reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h) struct AttributeResultMessage, h), GNUNET_MQ_hd_var_size (ticket_result, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT, - struct TicketResultMessage, - h), + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT, + struct TicketResultMessage, + h), GNUNET_MQ_handler_end () }; struct GNUNET_IDENTITY_PROVIDER_Operation *op; @@ -1224,7 +1253,7 @@ GNUNET_IDENTITY_PROVIDER_rp_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Hand op); op->env = GNUNET_MQ_msg_extra (ctm, sizeof (const struct GNUNET_IDENTITY_PROVIDER_Ticket2), - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ISSUE); + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET); ctm->identity = *identity; ctm->id = htonl (op->r_id); diff --git a/src/identity-provider/test_idp_issue.sh b/src/identity-provider/test_idp_issue.sh index 306f238d9..aca98e390 100755 --- a/src/identity-provider/test_idp_issue.sh +++ b/src/identity-provider/test_idp_issue.sh @@ -27,9 +27,11 @@ gnunet-arm -s -c test_idp.conf gnunet-identity -C testego -c test_idp.conf gnunet-identity -C rpego -c test_idp.conf SUBJECT_KEY=$(gnunet-identity -d -c test_idp.conf | grep rpego | awk '{print $3}') +TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}') gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf gnunet-idp -e testego -a name -V John -c test_idp.conf -gnunet-idp -e testego -D -c test_idp.conf -gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf -gnunet-namestore -z testego -D -c test_idp.conf +#gnunet-idp -e testego -D -c test_idp.conf +TICKET=$(gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf | awk '{print $1}') +echo "Consuming $TICKET" +gnunet-idp -e rpego -C $TICKET -c test_idp.conf gnunet-arm -e -c test_idp.conf diff --git a/src/include/gnunet_identity_provider_service.h b/src/include/gnunet_identity_provider_service.h index 4b1dcd641..049f891cc 100644 --- a/src/include/gnunet_identity_provider_service.h +++ b/src/include/gnunet_identity_provider_service.h @@ -268,7 +268,7 @@ GNUNET_IDENTITY_PROVIDER_attribute_new (const char* attr_name, */ typedef void (*GNUNET_IDENTITY_PROVIDER_AttributeResult) (void *cls, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, + const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr); diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h index 1a7df377c..63afeba8d 100644 --- a/src/include/gnunet_protocols.h +++ b/src/include/gnunet_protocols.h @@ -2644,6 +2644,8 @@ extern "C" #define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT 972 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET 973 + /************************************************** * * CREDENTIAL MESSAGE TYPES -- cgit v1.2.3 From 76817ee408cff4aee534d6016423c8a4ecb5555f Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Thu, 5 Oct 2017 19:59:39 +0200 Subject: -add ticket DB for IdP --- src/identity-provider/Makefile.am | 19 +- .../gnunet-service-identity-provider.c | 411 ++++++++++++- src/identity-provider/identity-provider.conf | 3 + src/identity-provider/identity_attribute.c | 15 + src/identity-provider/identity_attribute.h | 2 + src/identity-provider/identity_provider.h | 64 ++ .../plugin_identity_provider_sqlite.c | 669 +++++++++++++++++++++ src/include/gnunet_identity_provider_plugin.h | 123 ++++ src/include/gnunet_identity_provider_service.h | 20 +- src/include/gnunet_protocols.h | 6 + 10 files changed, 1294 insertions(+), 38 deletions(-) create mode 100644 src/identity-provider/plugin_identity_provider_sqlite.c create mode 100644 src/include/gnunet_identity_provider_plugin.h diff --git a/src/identity-provider/Makefile.am b/src/identity-provider/Makefile.am index 106c8a92b..1b35c6c04 100644 --- a/src/identity-provider/Makefile.am +++ b/src/identity-provider/Makefile.am @@ -12,6 +12,10 @@ if USE_COVERAGE XLIB = -lgcov endif +if HAVE_SQLITE +SQLITE_PLUGIN = libgnunet_plugin_identity_provider_sqlite.la +endif + pkgcfgdir= $(pkgdatadir)/config.d/ libexecdir= $(pkglibdir)/libexec/ @@ -23,7 +27,8 @@ lib_LTLIBRARIES = \ libgnunetidentityprovider.la plugin_LTLIBRARIES = \ libgnunet_plugin_rest_identity_provider.la \ - libgnunet_plugin_gnsrecord_identity_provider.la + libgnunet_plugin_gnsrecord_identity_provider.la \ + $(SQLITE_PLUGIN) bin_PROGRAMS = \ gnunet-identity-token \ @@ -40,6 +45,18 @@ libgnunet_plugin_gnsrecord_identity_provider_la_LIBADD = \ libgnunet_plugin_gnsrecord_identity_provider_la_LDFLAGS = \ $(GN_PLUGIN_LDFLAGS) +libgnunet_plugin_identity_provider_sqlite_la_SOURCES = \ + plugin_identity_provider_sqlite.c +libgnunet_plugin_identity_provider_sqlite_la_LIBADD = \ + $(top_builddir)/src/identity-provider/libgnunetidentityprovider.la \ + $(top_builddir)/src/sq/libgnunetsq.la \ + $(top_builddir)/src/statistics/libgnunetstatistics.la \ + $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) -lsqlite3 \ + $(LTLIBINTL) +libgnunet_plugin_identity_provider_sqlite_la_LDFLAGS = \ + $(GN_PLUGIN_LDFLAGS) + + gnunet_service_identity_provider_SOURCES = \ gnunet-service-identity-provider.c \ diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 9a919102f..f77eebd6d 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -33,6 +33,7 @@ #include "gnunet_credential_service.h" #include "gnunet_statistics_service.h" #include "gnunet_gns_service.h" +#include "gnunet_identity_provider_plugin.h" #include "gnunet_signatures.h" #include "identity_provider.h" #include "identity_token.h" @@ -64,6 +65,16 @@ */ static struct GNUNET_IDENTITY_Handle *identity_handle; +/** + * Database handle + */ +static struct GNUNET_IDENTITY_PROVIDER_PluginFunctions *TKT_database; + +/** + * Name of DB plugin + */ +static char *db_lib_name; + /** * Token expiration interval */ @@ -135,6 +146,54 @@ static const struct GNUNET_CONFIGURATION_Handle *cfg; */ struct IdpClient; +/** + * A ticket iteration operation. + */ +struct TicketIteration +{ + /** + * DLL + */ + struct TicketIteration *next; + + /** + * DLL + */ + struct TicketIteration *prev; + + /** + * Client which intiated this zone iteration + */ + struct IdpClient *client; + + /** + * Key of the identity we are iterating over. + */ + struct GNUNET_CRYPTO_EcdsaPublicKey identity; + + /** + * Identity is audience + */ + uint32_t is_audience; + + /** + * The operation id fot the iteration in the response for the client + */ + uint32_t r_id; + + /** + * Offset of the iteration used to address next result of the + * iteration in the store + * + * Initialy set to 0 in handle_iteration_start + * Incremented with by every call to handle_iteration_next + */ + uint32_t offset; + +}; + + + /** * Callback after an ABE bootstrap * @@ -247,6 +306,16 @@ struct IdpClient * in progress initiated by this client */ struct AttributeIterator *op_tail; + + /** + * Head of DLL of ticket iteration ops + */ + struct TicketIteration *ticket_iter_head; + + /** + * Tail of DLL of ticket iteration ops + */ + struct TicketIteration *ticket_iter_tail; }; @@ -605,7 +674,10 @@ cleanup() GNUNET_STATISTICS_destroy (stats, GNUNET_NO); stats = NULL; } - + GNUNET_break (NULL == GNUNET_PLUGIN_unload (db_lib_name, + TKT_database)); + GNUNET_free (db_lib_name); + db_lib_name = NULL; if (NULL != timeout_task) GNUNET_SCHEDULER_cancel (timeout_task); if (NULL != update_task) @@ -1666,31 +1738,48 @@ handle_issue_message (void *cls, static void cleanup_ticket_issue_handle (struct TicketIssueHandle *handle) { - struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; - struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *tmp_le; - - for (le = handle->attrs->list_head; NULL != le;) - { - GNUNET_free (le->attribute); - tmp_le = le; - le = le->next; - GNUNET_free (tmp_le); - } - GNUNET_free (handle->attrs); + if (NULL != handle->attrs) + attribute_list_destroy (handle->attrs); if (NULL != handle->ns_qe) GNUNET_NAMESTORE_cancel (handle->ns_qe); GNUNET_free (handle); } + +static void +send_ticket_result (struct IdpClient *client, + uint32_t r_id, + const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket, + const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs) +{ + struct TicketResultMessage *irm; + struct GNUNET_MQ_Envelope *env; + size_t attrs_size; + struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket_buf; + char *attrs_buf; + + attrs_size = attribute_list_serialize_get_size (attrs); + + env = GNUNET_MQ_msg_extra (irm, + sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket2) + attrs_size, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT); + ticket_buf = (struct GNUNET_IDENTITY_PROVIDER_Ticket2 *)&irm[1]; + *ticket_buf = *ticket; + attrs_buf = (char*)&ticket_buf[1]; + attribute_list_serialize (attrs, + attrs_buf); + irm->id = htonl (r_id); + + GNUNET_MQ_send (client->mq, + env); +} + static void store_ticket_issue_cont (void *cls, int32_t success, const char *emsg) { - struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket; struct TicketIssueHandle *handle = cls; - struct TicketResultMessage *irm; - struct GNUNET_MQ_Envelope *env; handle->ns_qe = NULL; if (GNUNET_SYSERR == success) @@ -1701,15 +1790,10 @@ store_ticket_issue_cont (void *cls, GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); return; } - env = GNUNET_MQ_msg_extra (irm, - sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket2), - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT); - ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket2 *)&irm[1]; - *ticket = handle->ticket; - irm->id = handle->r_id; - - GNUNET_MQ_send (handle->client->mq, - env); + send_ticket_result (handle->client, + handle->r_id, + &handle->ticket, + handle->attrs); cleanup_ticket_issue_handle (handle); } @@ -1717,9 +1801,9 @@ store_ticket_issue_cont (void *cls, int serialize_abe_keyinfo2 (const struct TicketIssueHandle *handle, - const struct GNUNET_CRYPTO_AbeKey *rp_key, - struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey, - char **result) + const struct GNUNET_CRYPTO_AbeKey *rp_key, + struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey, + char **result) { struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey; struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; @@ -1729,12 +1813,12 @@ serialize_abe_keyinfo2 (const struct TicketIssueHandle *handle, char *write_ptr; char attrs_str_len; ssize_t size; - + struct GNUNET_CRYPTO_SymmetricSessionKey skey; struct GNUNET_CRYPTO_SymmetricInitializationVector iv; struct GNUNET_HashCode new_key_hash; ssize_t enc_size; - + size = GNUNET_CRYPTO_cpabe_serialize_key (rp_key, (void**)&serialized_key); attrs_str_len = 0; @@ -1889,7 +1973,7 @@ handle_ticket_issue_message (void *cls, ih = GNUNET_new (struct TicketIssueHandle); attrs_len = ntohs (im->attr_len); ih->attrs = attribute_list_deserialize ((char*)&im[1], attrs_len); - ih->r_id = im->id; + ih->r_id = ntohl (im->id); ih->client = idp; ih->identity = im->identity; GNUNET_CRYPTO_ecdsa_key_get_public (&ih->identity, @@ -2488,6 +2572,234 @@ handle_iteration_next (void *cls, GNUNET_SERVICE_client_continue (idp->client); } +/** + * Ticket iteration processor result + */ +enum ZoneIterationResult +{ + /** + * Iteration start. + */ + IT_START = 0, + + /** + * Found tickets, + * Continue to iterate with next iteration_next call + */ + IT_SUCCESS_MORE_AVAILABLE = 1, + + /** + * Iteration complete + */ + IT_SUCCESS_NOT_MORE_RESULTS_AVAILABLE = 2 +}; + + +/** + * Context for ticket iteration + */ +struct TicketIterationProcResult +{ + /** + * The ticket iteration handle + */ + struct TicketIteration *ti; + + /** + * Iteration result: iteration done? + * #IT_SUCCESS_MORE_AVAILABLE: if there may be more results overall but + * we got one for now and have sent it to the client + * #IT_SUCCESS_NOT_MORE_RESULTS_AVAILABLE: if there are no further results, + * #IT_START: if we are still trying to find a result. + */ + int res_iteration_finished; + +}; + + + +/** + * Process ticket from database + * + * @param cls struct TicketIterationProcResult + * @param ticket the ticket + * @param attrs the attributes + */ +static void +ticket_iterate_proc (void *cls, + const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket, + const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs) +{ + struct TicketIterationProcResult *proc = cls; + + if (NULL == ticket) + { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Iteration done\n"); + proc->res_iteration_finished = IT_SUCCESS_NOT_MORE_RESULTS_AVAILABLE; + return; + } + if ((NULL == ticket) || (NULL == attrs)) + { + /* error */ + proc->res_iteration_finished = IT_START; + GNUNET_break (0); + return; + } + proc->res_iteration_finished = IT_SUCCESS_MORE_AVAILABLE; + send_ticket_result (proc->ti->client, + proc->ti->r_id, + ticket, + attrs); + +} + +/** + * Perform ticket iteration step + * + * @param ti ticket iterator to process + */ +static void +run_ticket_iteration_round (struct TicketIteration *ti) +{ + struct TicketIterationProcResult proc; + struct GNUNET_MQ_Envelope *env; + struct TicketResultMessage *trm; + int ret; + + memset (&proc, 0, sizeof (proc)); + proc.ti = ti; + proc.res_iteration_finished = IT_START; + while (IT_START == proc.res_iteration_finished) + { + if (GNUNET_SYSERR == + (ret = TKT_database->iterate_tickets (TKT_database->cls, + &ti->identity, + ti->is_audience, + ti->offset, + &ticket_iterate_proc, + &proc))) + { + GNUNET_break (0); + break; + } + if (GNUNET_NO == ret) + proc.res_iteration_finished = IT_SUCCESS_NOT_MORE_RESULTS_AVAILABLE; + ti->offset++; + } + if (IT_SUCCESS_MORE_AVAILABLE == proc.res_iteration_finished) + { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "More results available\n"); + return; /* more later */ + } + /* send empty response to indicate end of list */ + env = GNUNET_MQ_msg (trm, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT); + trm->id = htonl (ti->r_id); + GNUNET_MQ_send (ti->client->mq, + env); + GNUNET_CONTAINER_DLL_remove (ti->client->ticket_iter_head, + ti->client->ticket_iter_tail, + ti); + GNUNET_free (ti); +} + +/** + * Handles a #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START message + * + * @param cls the client sending the message + * @param tis_msg message from the client + */ +static void +handle_ticket_iteration_start (void *cls, + const struct TicketIterationStartMessage *tis_msg) +{ + struct IdpClient *client = cls; + struct TicketIteration *ti; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Received TICKET_ITERATION_START message\n"); + ti = GNUNET_new (struct TicketIteration); + ti->r_id = ntohl (tis_msg->id); + ti->offset = 0; + ti->client = client; + ti->identity = tis_msg->identity; + ti->is_audience = ntohl (tis_msg->is_audience); + + GNUNET_CONTAINER_DLL_insert (client->ticket_iter_head, + client->ticket_iter_tail, + ti); + run_ticket_iteration_round (ti); + GNUNET_SERVICE_client_continue (client->client); +} + + +/** + * Handles a #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP message + * + * @param cls the client sending the message + * @param tis_msg message from the client + */ +static void +handle_ticket_iteration_stop (void *cls, + const struct TicketIterationStopMessage *tis_msg) +{ + struct IdpClient *client = cls; + struct TicketIteration *ti; + uint32_t rid; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Received `%s' message\n", + "TICKET_ITERATION_STOP"); + rid = ntohl (tis_msg->id); + for (ti = client->ticket_iter_head; NULL != ti; ti = ti->next) + if (ti->r_id == rid) + break; + if (NULL == ti) + { + GNUNET_break (0); + GNUNET_SERVICE_client_drop (client->client); + return; + } + GNUNET_CONTAINER_DLL_remove (client->ticket_iter_head, + client->ticket_iter_tail, + ti); + GNUNET_free (ti); + GNUNET_SERVICE_client_continue (client->client); +} + + +/** + * Handles a #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT message + * + * @param cls the client sending the message + * @param message message from the client + */ +static void +handle_ticket_iteration_next (void *cls, + const struct TicketIterationNextMessage *tis_msg) +{ + struct IdpClient *client = cls; + struct TicketIteration *ti; + uint32_t rid; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Received TICKET_ITERATION_NEXT message\n"); + rid = ntohl (tis_msg->id); + for (ti = client->ticket_iter_head; NULL != ti; ti = ti->next) + if (ti->r_id == rid) + break; + if (NULL == ti) + { + GNUNET_break (0); + GNUNET_SERVICE_client_drop (client->client); + return; + } + run_ticket_iteration_round (ti); + GNUNET_SERVICE_client_continue (client->client); +} + @@ -2504,6 +2816,7 @@ run (void *cls, const struct GNUNET_CONFIGURATION_Handle *c, struct GNUNET_SERVICE_Handle *server) { + char *database; cfg = c; stats = GNUNET_STATISTICS_create ("identity-provider", cfg); @@ -2529,6 +2842,29 @@ run (void *cls, NULL, NULL); + /* Loading DB plugin */ + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_string (cfg, + "identity-provider", + "database", + &database)) + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "No database backend configured\n"); + GNUNET_asprintf (&db_lib_name, + "libgnunet_plugin_identity_provider_%s", + database); + TKT_database = GNUNET_PLUGIN_load (db_lib_name, + (void *) cfg); + GNUNET_free (database); + if (NULL == TKT_database) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Could not load database backend `%s'\n", + db_lib_name); + GNUNET_SCHEDULER_shutdown (); + return; + } + if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_time (cfg, "identity-provider", @@ -2645,5 +2981,18 @@ GNUNET_SERVICE_MAIN GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET, struct ConsumeTicketMessage, NULL), + GNUNET_MQ_hd_fixed_size (ticket_iteration_start, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START, + struct TicketIterationStartMessage, + NULL), + GNUNET_MQ_hd_fixed_size (ticket_iteration_next, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT, + struct TicketIterationNextMessage, + NULL), + GNUNET_MQ_hd_fixed_size (ticket_iteration_stop, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP, + struct TicketIterationStopMessage, + NULL), + GNUNET_MQ_handler_end()); -/* end of gnunet-service-identity-provider.c */ + /* end of gnunet-service-identity-provider.c */ diff --git a/src/identity-provider/identity-provider.conf b/src/identity-provider/identity-provider.conf index bac8e69ed..826b2419e 100644 --- a/src/identity-provider/identity-provider.conf +++ b/src/identity-provider/identity-provider.conf @@ -10,3 +10,6 @@ UNIXPATH = $GNUNET_USER_RUNTIME_DIR/gnunet-service-identity-provider.sock UNIX_MATCH_UID = NO UNIX_MATCH_GID = YES TOKEN_EXPIRATION_INTERVAL = 30 m + +[identity-provider-sqlite] +FILENAME = $GNUNET_DATA_HOME/identity-provider/sqlite.db diff --git a/src/identity-provider/identity_attribute.c b/src/identity-provider/identity_attribute.c index 916386754..1c5654946 100644 --- a/src/identity-provider/identity_attribute.c +++ b/src/identity-provider/identity_attribute.c @@ -125,7 +125,22 @@ attribute_list_deserialize (const char* data, return attrs; } +void +attribute_list_destroy (struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs) +{ + struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; + struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *tmp_le; + + for (le = attrs->list_head; NULL != le;) + { + GNUNET_free (le->attribute); + tmp_le = le; + le = le->next; + GNUNET_free (tmp_le); + } + GNUNET_free (attrs); +} size_t attribute_serialize_get_size (const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr) diff --git a/src/identity-provider/identity_attribute.h b/src/identity-provider/identity_attribute.h index 00e520a38..d44f4c17f 100644 --- a/src/identity-provider/identity_attribute.h +++ b/src/identity-provider/identity_attribute.h @@ -58,6 +58,8 @@ struct Attribute size_t attribute_list_serialize_get_size (const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs); +void +attribute_list_destroy (struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs); /** diff --git a/src/identity-provider/identity_provider.h b/src/identity-provider/identity_provider.h index dcad35118..434af4d8c 100644 --- a/src/identity-provider/identity_provider.h +++ b/src/identity-provider/identity_provider.h @@ -318,6 +318,70 @@ struct AttributeIterationStopMessage }; +/** + * Start a ticket iteration for the given identity + */ +struct TicketIterationStartMessage +{ + /** + * Message + */ + struct GNUNET_MessageHeader header; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + + /** + * Identity. + */ + struct GNUNET_CRYPTO_EcdsaPublicKey identity; + + /** + * Identity is audience or issuer + */ + uint32_t is_audience GNUNET_PACKED; +}; + + +/** + * Ask for next result of ticket iteration for the given operation + */ +struct TicketIterationNextMessage +{ + /** + * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT + */ + struct GNUNET_MessageHeader header; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + +}; + + +/** + * Stop ticket iteration for the given operation + */ +struct TicketIterationStopMessage +{ + /** + * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP + */ + struct GNUNET_MessageHeader header; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + +}; + + + /** * Ticket issue message */ diff --git a/src/identity-provider/plugin_identity_provider_sqlite.c b/src/identity-provider/plugin_identity_provider_sqlite.c new file mode 100644 index 000000000..d05baa79d --- /dev/null +++ b/src/identity-provider/plugin_identity_provider_sqlite.c @@ -0,0 +1,669 @@ + /* + * This file is part of GNUnet + * Copyright (C) 2009-2017 GNUnet e.V. + * + * GNUnet is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published + * by the Free Software Foundation; either version 3, or (at your + * option) any later version. + * + * GNUnet is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GNUnet; see the file COPYING. If not, write to the + * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301, USA. + */ + +/** + * @file identity-provider/plugin_identity_provider_sqlite.c + * @brief sqlite-based idp backend + * @author Martin Schanzenbach + */ + +#include "platform.h" +#include "gnunet_identity_provider_service.h" +#include "gnunet_identity_provider_plugin.h" +#include "identity_attribute.h" +#include "gnunet_sq_lib.h" +#include + +/** + * After how many ms "busy" should a DB operation fail for good? A + * low value makes sure that we are more responsive to requests + * (especially PUTs). A high value guarantees a higher success rate + * (SELECTs in iterate can take several seconds despite LIMIT=1). + * + * The default value of 1s should ensure that users do not experience + * huge latencies while at the same time allowing operations to + * succeed with reasonable probability. + */ +#define BUSY_TIMEOUT_MS 1000 + + +/** + * Log an error message at log-level 'level' that indicates + * a failure of the command 'cmd' on file 'filename' + * with the message given by strerror(errno). + */ +#define LOG_SQLITE(db, level, cmd) do { GNUNET_log_from (level, "namestore-identity-provider", _("`%s' failed at %s:%d with error: %s\n"), cmd, __FILE__, __LINE__, sqlite3_errmsg(db->dbh)); } while(0) + +#define LOG(kind,...) GNUNET_log_from (kind, "namestore-sqlite", __VA_ARGS__) + + +/** + * Context for all functions in this plugin. + */ +struct Plugin +{ + + const struct GNUNET_CONFIGURATION_Handle *cfg; + + /** + * Database filename. + */ + char *fn; + + /** + * Native SQLite database handle. + */ + sqlite3 *dbh; + + /** + * Precompiled SQL to store ticket. + */ + sqlite3_stmt *store_ticket; + + /** + * Precompiled SQL to delete existing ticket. + */ + sqlite3_stmt *delete_ticket; + + /** + * Precompiled SQL to iterate tickets. + */ + sqlite3_stmt *iterate_tickets; + + /** + * Precompiled SQL to iterate tickets by audience. + */ + sqlite3_stmt *iterate_tickets_by_audience; +}; + + +/** + * @brief Prepare a SQL statement + * + * @param dbh handle to the database + * @param zSql SQL statement, UTF-8 encoded + * @param ppStmt set to the prepared statement + * @return 0 on success + */ +static int +sq_prepare (sqlite3 *dbh, + const char *zSql, + sqlite3_stmt **ppStmt) +{ + char *dummy; + int result; + + result = + sqlite3_prepare_v2 (dbh, + zSql, + strlen (zSql), + ppStmt, + (const char **) &dummy); + LOG (GNUNET_ERROR_TYPE_DEBUG, + "Prepared `%s' / %p: %d\n", + zSql, + *ppStmt, + result); + return result; +} + +/** + * Create our database indices. + * + * @param dbh handle to the database + */ +static void +create_indices (sqlite3 * dbh) +{ + /* create indices */ + if ( (SQLITE_OK != + sqlite3_exec (dbh, + "CREATE INDEX IF NOT EXISTS identity_reverse ON identity001tickets (identity,audience)", + NULL, NULL, NULL)) || + (SQLITE_OK != + sqlite3_exec (dbh, + "CREATE INDEX IF NOT EXISTS it_iter ON identity001tickets (rnd)", + NULL, NULL, NULL)) ) + LOG (GNUNET_ERROR_TYPE_ERROR, + "Failed to create indices: %s\n", + sqlite3_errmsg (dbh)); +} + + + +#if 0 +#define CHECK(a) GNUNET_break(a) +#define ENULL NULL +#else +#define ENULL &e +#define ENULL_DEFINED 1 +#define CHECK(a) if (! (a)) { GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "%s\n", e); sqlite3_free(e); } +#endif + + +/** + * Initialize the database connections and associated + * data structures (create tables and indices + * as needed as well). + * + * @param plugin the plugin context (state for this module) + * @return #GNUNET_OK on success + */ +static int +database_setup (struct Plugin *plugin) +{ + sqlite3_stmt *stmt; + char *afsdir; +#if ENULL_DEFINED + char *e; +#endif + + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_filename (plugin->cfg, + "identity-provider-sqlite", + "FILENAME", + &afsdir)) + { + GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, + "identity-provider-sqlite", + "FILENAME"); + return GNUNET_SYSERR; + } + if (GNUNET_OK != + GNUNET_DISK_file_test (afsdir)) + { + if (GNUNET_OK != + GNUNET_DISK_directory_create_for_file (afsdir)) + { + GNUNET_break (0); + GNUNET_free (afsdir); + return GNUNET_SYSERR; + } + } + /* afsdir should be UTF-8-encoded. If it isn't, it's a bug */ + plugin->fn = afsdir; + + /* Open database and precompile statements */ + if (sqlite3_open (plugin->fn, &plugin->dbh) != SQLITE_OK) + { + LOG (GNUNET_ERROR_TYPE_ERROR, + _("Unable to initialize SQLite: %s.\n"), + sqlite3_errmsg (plugin->dbh)); + return GNUNET_SYSERR; + } + CHECK (SQLITE_OK == + sqlite3_exec (plugin->dbh, + "PRAGMA temp_store=MEMORY", NULL, NULL, + ENULL)); + CHECK (SQLITE_OK == + sqlite3_exec (plugin->dbh, + "PRAGMA synchronous=NORMAL", NULL, NULL, + ENULL)); + CHECK (SQLITE_OK == + sqlite3_exec (plugin->dbh, + "PRAGMA legacy_file_format=OFF", NULL, NULL, + ENULL)); + CHECK (SQLITE_OK == + sqlite3_exec (plugin->dbh, + "PRAGMA auto_vacuum=INCREMENTAL", NULL, + NULL, ENULL)); + CHECK (SQLITE_OK == + sqlite3_exec (plugin->dbh, + "PRAGMA encoding=\"UTF-8\"", NULL, + NULL, ENULL)); + CHECK (SQLITE_OK == + sqlite3_exec (plugin->dbh, + "PRAGMA locking_mode=EXCLUSIVE", NULL, NULL, + ENULL)); + CHECK (SQLITE_OK == + sqlite3_exec (plugin->dbh, + "PRAGMA page_size=4092", NULL, NULL, + ENULL)); + + CHECK (SQLITE_OK == + sqlite3_busy_timeout (plugin->dbh, + BUSY_TIMEOUT_MS)); + + + /* Create table */ + CHECK (SQLITE_OK == + sq_prepare (plugin->dbh, + "SELECT 1 FROM sqlite_master WHERE tbl_name = 'identity001tickets'", + &stmt)); + if ((sqlite3_step (stmt) == SQLITE_DONE) && + (sqlite3_exec + (plugin->dbh, + "CREATE TABLE identity001tickets (" + " identity BLOB NOT NULL DEFAULT ''," + " audience BLOB NOT NULL DEFAULT ''," + " rnd INT8 NOT NULL DEFAULT ''," + " attributes BLOB NOT NULL DEFAULT ''" + ")", + NULL, NULL, NULL) != SQLITE_OK)) + { + LOG_SQLITE (plugin, GNUNET_ERROR_TYPE_ERROR, + "sqlite3_exec"); + sqlite3_finalize (stmt); + return GNUNET_SYSERR; + } + sqlite3_finalize (stmt); + + create_indices (plugin->dbh); + + if ( (SQLITE_OK != + sq_prepare (plugin->dbh, + "INSERT INTO identity001tickets (identity, audience, rnd, attributes)" + " VALUES (?, ?, ?, ?)", + &plugin->store_ticket)) || + (SQLITE_OK != + sq_prepare (plugin->dbh, + "DELETE FROM identity001tickets WHERE identity=? AND rnd=?", + &plugin->delete_ticket)) || + (SQLITE_OK != + sq_prepare (plugin->dbh, + "SELECT identity,audience,rnd,attributes" + " FROM identity001tickets WHERE identity=?" + " ORDER BY rnd LIMIT 1 OFFSET ?", + &plugin->iterate_tickets)) || + (SQLITE_OK != + sq_prepare (plugin->dbh, + "SELECT identity,audience,rnd,attributes" + " FROM identity001tickets WHERE audience=?" + " ORDER BY rnd LIMIT 1 OFFSET ?", + &plugin->iterate_tickets_by_audience)) ) + { + LOG_SQLITE (plugin, + GNUNET_ERROR_TYPE_ERROR, + "precompiling"); + return GNUNET_SYSERR; + } + return GNUNET_OK; +} + + +/** + * Shutdown database connection and associate data + * structures. + * @param plugin the plugin context (state for this module) + */ +static void +database_shutdown (struct Plugin *plugin) +{ + int result; + sqlite3_stmt *stmt; + + if (NULL != plugin->store_ticket) + sqlite3_finalize (plugin->store_ticket); + if (NULL != plugin->delete_ticket) + sqlite3_finalize (plugin->delete_ticket); + if (NULL != plugin->iterate_tickets) + sqlite3_finalize (plugin->iterate_tickets); + result = sqlite3_close (plugin->dbh); + if (result == SQLITE_BUSY) + { + LOG (GNUNET_ERROR_TYPE_WARNING, + _("Tried to close sqlite without finalizing all prepared statements.\n")); + stmt = sqlite3_next_stmt (plugin->dbh, + NULL); + while (NULL != stmt) + { + GNUNET_log_from (GNUNET_ERROR_TYPE_DEBUG, + "sqlite", + "Closing statement %p\n", + stmt); + result = sqlite3_finalize (stmt); + if (result != SQLITE_OK) + GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING, + "sqlite", + "Failed to close statement %p: %d\n", + stmt, + result); + stmt = sqlite3_next_stmt (plugin->dbh, + NULL); + } + result = sqlite3_close (plugin->dbh); + } + if (SQLITE_OK != result) + LOG_SQLITE (plugin, + GNUNET_ERROR_TYPE_ERROR, + "sqlite3_close"); + + GNUNET_free_non_null (plugin->fn); +} + + +/** + * Store a ticket in the database. + * + * @param cls closure (internal context for the plugin) + * @param ticket the ticket to persist + * @param attrs attributes to persist + * @return #GNUNET_OK on success, else #GNUNET_SYSERR + */ +static int +identity_provider_sqlite_store_ticket (void *cls, + const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket, + const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs) +{ + struct Plugin *plugin = cls; + int n; + size_t attrs_size; + char *attrs_serialized; + + attrs_size = attribute_list_serialize_get_size (attrs); + + attrs_serialized = GNUNET_malloc (attrs_size); + + attribute_list_serialize (attrs, + attrs_serialized); + + { + struct GNUNET_SQ_QueryParam sparams[] = { + GNUNET_SQ_query_param_auto_from_type (&ticket->identity), + GNUNET_SQ_query_param_auto_from_type (&ticket->audience), + GNUNET_SQ_query_param_uint64 (&ticket->rnd), + GNUNET_SQ_query_param_fixed_size (attrs_serialized, attrs_size), + GNUNET_SQ_query_param_end + }; + + if (GNUNET_OK != + GNUNET_SQ_bind (plugin->store_ticket, + sparams)) + { + LOG_SQLITE (plugin, + GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK, + "sqlite3_bind_XXXX"); + GNUNET_SQ_reset (plugin->dbh, + plugin->store_ticket); + return GNUNET_SYSERR; + } + n = sqlite3_step (plugin->store_ticket); + GNUNET_SQ_reset (plugin->dbh, + plugin->store_ticket); + } + switch (n) + { + case SQLITE_DONE: + GNUNET_log_from (GNUNET_ERROR_TYPE_DEBUG, + "sqlite", + "Ticket stored\n"); + return GNUNET_OK; + case SQLITE_BUSY: + LOG_SQLITE (plugin, + GNUNET_ERROR_TYPE_WARNING | GNUNET_ERROR_TYPE_BULK, + "sqlite3_step"); + return GNUNET_NO; + default: + LOG_SQLITE (plugin, + GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK, + "sqlite3_step"); + return GNUNET_SYSERR; + } +} + + +/** + * Store a ticket in the database. + * + * @param cls closure (internal context for the plugin) + * @param ticket the ticket to delete + * @return #GNUNET_OK on success, else #GNUNET_SYSERR + */ +static int +identity_provider_sqlite_delete_ticket (void *cls, + const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket) +{ + struct Plugin *plugin = cls; + int n; + + { + struct GNUNET_SQ_QueryParam sparams[] = { + GNUNET_SQ_query_param_auto_from_type (&ticket->identity), + GNUNET_SQ_query_param_uint64 (&ticket->rnd), + GNUNET_SQ_query_param_end + }; + + if (GNUNET_OK != + GNUNET_SQ_bind (plugin->delete_ticket, + sparams)) + { + LOG_SQLITE (plugin, + GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK, + "sqlite3_bind_XXXX"); + GNUNET_SQ_reset (plugin->dbh, + plugin->store_ticket); + return GNUNET_SYSERR; + } + n = sqlite3_step (plugin->delete_ticket); + GNUNET_SQ_reset (plugin->dbh, + plugin->delete_ticket); + } + switch (n) + { + case SQLITE_DONE: + GNUNET_log_from (GNUNET_ERROR_TYPE_DEBUG, + "sqlite", + "Ticket deleted\n"); + return GNUNET_OK; + case SQLITE_BUSY: + LOG_SQLITE (plugin, + GNUNET_ERROR_TYPE_WARNING | GNUNET_ERROR_TYPE_BULK, + "sqlite3_step"); + return GNUNET_NO; + default: + LOG_SQLITE (plugin, + GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK, + "sqlite3_step"); + return GNUNET_SYSERR; + } +} + + +/** + * The given 'sqlite' statement has been prepared to be run. + * It will return a record which should be given to the iterator. + * Runs the statement and parses the returned record. + * + * @param plugin plugin context + * @param stmt to run (and then clean up) + * @param iter iterator to call with the result + * @param iter_cls closure for @a iter + * @return #GNUNET_OK on success, #GNUNET_NO if there were no results, #GNUNET_SYSERR on error + */ +static int +get_ticket_and_call_iterator (struct Plugin *plugin, + sqlite3_stmt *stmt, + GNUNET_IDENTITY_PROVIDER_TicketIterator iter, + void *iter_cls) +{ + struct GNUNET_IDENTITY_PROVIDER_Ticket2 ticket; + size_t attrs_size; + void *attrs_serialized; + int ret; + int sret; + + ret = GNUNET_NO; + if (SQLITE_ROW == (sret = sqlite3_step (stmt))) + { + struct GNUNET_SQ_ResultSpec rs[] = { + GNUNET_SQ_result_spec_auto_from_type (&ticket.identity), + GNUNET_SQ_result_spec_auto_from_type (&ticket.audience), + GNUNET_SQ_result_spec_uint64 (&ticket.rnd), + GNUNET_SQ_result_spec_variable_size (&attrs_serialized, &attrs_size), + GNUNET_SQ_result_spec_end + + }; + ret = GNUNET_SQ_extract_result (stmt, + rs); + if (GNUNET_OK != ret) + { + GNUNET_break (0); + ret = GNUNET_SYSERR; + } + else + { + struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs; + + attrs = attribute_list_deserialize (attrs_serialized, attrs_size); + + if (NULL == attrs) + { + GNUNET_break (0); + ret = GNUNET_SYSERR; + } + else + { + if (NULL != iter) + iter (iter_cls, + &ticket, + attrs); + ret = GNUNET_YES; + } + } + GNUNET_SQ_cleanup_result (rs); + } + else + { + if (SQLITE_DONE != sret) + LOG_SQLITE (plugin, + GNUNET_ERROR_TYPE_ERROR, + "sqlite_step"); + } + GNUNET_SQ_reset (plugin->dbh, + stmt); + return ret; +} + +/** + * Iterate over the results for a particular key and zone in the + * datastore. Will return at most one result to the iterator. + * + * @param cls closure (internal context for the plugin) + * @param identity the issuing identity or audience (depending on audience switch) + * @param audience GNUNET_YES if identity is audience + * @param offset offset in the list of all matching records + * @param iter function to call with the result + * @param iter_cls closure for @a iter + * @return #GNUNET_OK on success, #GNUNET_NO if there were no results, #GNUNET_SYSERR on error + */ +static int +identity_provider_sqlite_iterate_tickets (void *cls, + const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, + int audience, + uint64_t offset, + GNUNET_IDENTITY_PROVIDER_TicketIterator iter, + void *iter_cls) +{ + struct Plugin *plugin = cls; + sqlite3_stmt *stmt; + int err; + + if (NULL == identity) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + struct GNUNET_SQ_QueryParam params[] = { + GNUNET_SQ_query_param_auto_from_type (identity), + GNUNET_SQ_query_param_uint64 (&offset), + GNUNET_SQ_query_param_end + }; + if (GNUNET_YES == audience) + { + stmt = plugin->iterate_tickets_by_audience; + err = GNUNET_SQ_bind (stmt, + params); + } + else + { + stmt = plugin->iterate_tickets; + err = GNUNET_SQ_bind (stmt, + params); + } + if (GNUNET_OK != err) + { + LOG_SQLITE (plugin, + GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK, + "sqlite3_bind_XXXX"); + GNUNET_SQ_reset (plugin->dbh, + stmt); + return GNUNET_SYSERR; + } + return get_ticket_and_call_iterator (plugin, + stmt, + iter, + iter_cls); +} + + +/** + * Entry point for the plugin. + * + * @param cls the "struct GNUNET_IDENTITY_PROVIDER_PluginEnvironment*" + * @return NULL on error, otherwise the plugin context + */ +void * +libgnunet_plugin_identity_provider_sqlite_init (void *cls) +{ + static struct Plugin plugin; + const struct GNUNET_CONFIGURATION_Handle *cfg = cls; + struct GNUNET_IDENTITY_PROVIDER_PluginFunctions *api; + + if (NULL != plugin.cfg) + return NULL; /* can only initialize once! */ + memset (&plugin, 0, sizeof (struct Plugin)); + plugin.cfg = cfg; + if (GNUNET_OK != database_setup (&plugin)) + { + database_shutdown (&plugin); + return NULL; + } + api = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_PluginFunctions); + api->cls = &plugin; + api->store_ticket = &identity_provider_sqlite_store_ticket; + api->delete_ticket = &identity_provider_sqlite_delete_ticket; + api->iterate_tickets = &identity_provider_sqlite_iterate_tickets; + LOG (GNUNET_ERROR_TYPE_INFO, + _("Sqlite database running\n")); + return api; +} + + +/** + * Exit point from the plugin. + * + * @param cls the plugin context (as returned by "init") + * @return always NULL + */ +void * +libgnunet_plugin_namestore_sqlite_done (void *cls) +{ + struct GNUNET_IDENTITY_PROVIDER_PluginFunctions *api = cls; + struct Plugin *plugin = api->cls; + + database_shutdown (plugin); + plugin->cfg = NULL; + GNUNET_free (api); + LOG (GNUNET_ERROR_TYPE_DEBUG, + "sqlite plugin is finished\n"); + return NULL; +} + +/* end of plugin_identity_provider_sqlite.c */ diff --git a/src/include/gnunet_identity_provider_plugin.h b/src/include/gnunet_identity_provider_plugin.h new file mode 100644 index 000000000..5867a5b80 --- /dev/null +++ b/src/include/gnunet_identity_provider_plugin.h @@ -0,0 +1,123 @@ +/* + This file is part of GNUnet + Copyright (C) 2012, 2013 GNUnet e.V. + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. +*/ + +/** + * @author Martin Schanzenbach + * + * @file + * Plugin API for the idp database backend + * + * @defgroup identity-provider-plugin IdP service plugin API + * Plugin API for the idp database backend + * @{ + */ +#ifndef GNUNET_IDENTITY_PROVIDER_PLUGIN_H +#define GNUNET_IDENTITY_PROVIDER_PLUGIN_H + +#include "gnunet_util_lib.h" +#include "gnunet_identity_provider_service.h" + +#ifdef __cplusplus +extern "C" +{ +#if 0 /* keep Emacsens' auto-indent happy */ +} +#endif +#endif + + +/** + * Function called by for each matching ticket. + * + * @param cls closure + * @param ticket the ticket + * @prarm attrs the attributes + */ +typedef void (*GNUNET_IDENTITY_PROVIDER_TicketIterator) (void *cls, + const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket, + const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs); + + +/** + * @brief struct returned by the initialization function of the plugin + */ +struct GNUNET_IDENTITY_PROVIDER_PluginFunctions +{ + + /** + * Closure to pass to all plugin functions. + */ + void *cls; + + /** + * Store a ticket in the database. + * + * @param cls closure (internal context for the plugin) + * @param ticket the ticket to store + * @param attrs the attributes shared with the ticket + * @return #GNUNET_OK on success, else #GNUNET_SYSERR + */ + int (*store_ticket) (void *cls, + const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket, + const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs); + + /** + * Delete a ticket from the database. + * + * @param cls closure (internal context for the plugin) + * @param ticket the ticket to store + * @return #GNUNET_OK on success, else #GNUNET_SYSERR + */ + int (*delete_ticket) (void *cls, + const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket); + + + + /** + * Iterate over all tickets + * + * @param cls closure (internal context for the plugin) + * @param identity the identity + * @param audience GNUNET_YES if the identity is the audience of the ticket + * else it is considered the issuer + * @param iter function to call with the result + * @param iter_cls closure for @a iter + * @return #GNUNET_OK on success, #GNUNET_NO if there were no results, #GNUNET_SYSERR on error + */ + int (*iterate_tickets) (void *cls, + const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, + int audience, + uint64_t offset, + GNUNET_IDENTITY_PROVIDER_TicketIterator iter, void *iter_cls); + + +}; + + +#if 0 /* keep Emacsens' auto-indent happy */ +{ +#endif +#ifdef __cplusplus +} +#endif + +#endif + +/** @} */ /* end of group */ diff --git a/src/include/gnunet_identity_provider_service.h b/src/include/gnunet_identity_provider_service.h index 049f891cc..02cd15959 100644 --- a/src/include/gnunet_identity_provider_service.h +++ b/src/include/gnunet_identity_provider_service.h @@ -336,17 +336,25 @@ GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_At * token * * @param cls closure - * @param grant the label in GNS pointing to the token * @param ticket the ticket - * @param token the issued token - * @param name name assigned by the user for this ego, - * NULL if the user just deleted the ego and it - * must thus no longer be used */ typedef void (*GNUNET_IDENTITY_PROVIDER_TicketCallback)(void *cls, const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket); +/** + * Method called when issued tickets are retrieved. Also returns the attributes + * that were issued at the time. + * + * @param cls closure + * @param ticket the ticket + * @param attrs the attributes as list + */ +typedef void +(*GNUNET_IDENTITY_PROVIDER_TicketResult)(void *cls, + const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket, + const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs); + /** * Issues a ticket to another identity. The identity may use @@ -389,7 +397,7 @@ GNUNET_IDENTITY_PROVIDER_idp_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Hand -/** TODO +/** * Consumes an issued ticket. The ticket is persisted * and used to retrieve identity information from the issuer * diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h index 63afeba8d..743a28946 100644 --- a/src/include/gnunet_protocols.h +++ b/src/include/gnunet_protocols.h @@ -2646,6 +2646,12 @@ extern "C" #define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET 973 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START 974 + +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP 975 + +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT 976 + /************************************************** * * CREDENTIAL MESSAGE TYPES -- cgit v1.2.3 From 1731fbd017731df1f3f88bd4b3beac765996a1ad Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Thu, 5 Oct 2017 22:44:56 +0200 Subject: -fix bugs --- .../gnunet-service-identity-provider.c | 70 +++++++++++------- src/identity-provider/identity-provider.conf | 1 + src/identity-provider/identity_provider.h | 36 +++++++++ src/identity-provider/identity_provider_api.c | 86 +++++++++++++++++++++- .../plugin_identity_provider_sqlite.c | 8 +- src/identity-provider/test_idp_issue.sh | 2 +- src/include/gnunet_protocols.h | 8 +- 7 files changed, 178 insertions(+), 33 deletions(-) diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index f77eebd6d..0b7f3389e 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -411,14 +411,30 @@ struct ConsumeTicketHandle struct GNUNET_CRYPTO_EcdsaPublicKey identity_pub; /** - * ParallelLookups DLL + * Lookup DLL */ struct ParallelLookup2 *parallel_lookups_head; + + /** + * Lookup DLL + */ struct ParallelLookup2 *parallel_lookups_tail; + /** + * Kill task + */ struct GNUNET_SCHEDULER_Task *kill_task; + + /** + * The ABE key + */ struct GNUNET_CRYPTO_AbeKey *key; + /** + * Attributes + */ + struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs; + /** * request id */ @@ -2029,11 +2045,13 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count, "Parallel lookup finished (count=%u)\n", rd_count); struct ParallelLookup2 *parallel_lookup = cls; struct ConsumeTicketHandle *handle = parallel_lookup->handle; - struct AttributeResultMessage *arm; + struct ConsumeTicketResultMessage *crm; struct GNUNET_MQ_Envelope *env; + struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *attr_le; char *data; char *data_tmp; - size_t msg_extra_len; + size_t attr_len; + size_t attrs_len; GNUNET_CONTAINER_DLL_remove (handle->parallel_lookups_head, handle->parallel_lookups_tail, @@ -2043,31 +2061,32 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count, GNUNET_break(0);//TODO if (rd->record_type == GNUNET_GNSRECORD_TYPE_ID_ATTR) { - msg_extra_len = GNUNET_CRYPTO_cpabe_decrypt (rd->data, - rd->data_size, - handle->key, - (void**)&data); - env = GNUNET_MQ_msg_extra (arm, - msg_extra_len, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT); - arm->id = htonl (handle->r_id); - arm->attr_len = htons (msg_extra_len); - arm->identity = handle->ticket.identity; - data_tmp = (char *) &arm[1]; - GNUNET_memcpy (data_tmp, - data, - msg_extra_len); - GNUNET_MQ_send (handle->client->mq, env); + attr_len = GNUNET_CRYPTO_cpabe_decrypt (rd->data, + rd->data_size, + handle->key, + (void**)&data); + attr_le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry); + attr_le->attribute = attribute_deserialize (data, + attr_len); + GNUNET_CONTAINER_DLL_insert (handle->attrs->list_head, + handle->attrs->list_tail, + attr_le); GNUNET_free (data); } if (NULL != handle->parallel_lookups_head) return; //Wait for more //Else we are done GNUNET_SCHEDULER_cancel (handle->kill_task); - env = GNUNET_MQ_msg (arm, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT); - arm->id = htonl (handle->r_id); - arm->attr_len = htons (0); + attrs_len = attribute_list_serialize_get_size (handle->attrs); + env = GNUNET_MQ_msg_extra (crm, + attrs_len, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT); + crm->id = htonl (handle->r_id); + crm->attrs_len = htons (attrs_len); + crm->identity = handle->ticket.identity; + data_tmp = (char *) &crm[1]; + attribute_list_serialize (handle->attrs, + data_tmp); GNUNET_MQ_send (handle->client->mq, env); } @@ -2213,6 +2232,7 @@ handle_consume_ticket_message (void *cls, ch->r_id = ntohl (cm->id); ch->client = idp; ch->identity = cm->identity; + ch->attrs = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList); GNUNET_CRYPTO_ecdsa_key_get_public (&ch->identity, &ch->identity_pub); ch->ticket = *((struct GNUNET_IDENTITY_PROVIDER_Ticket2*)&cm[1]); @@ -2713,7 +2733,7 @@ run_ticket_iteration_round (struct TicketIteration *ti) */ static void handle_ticket_iteration_start (void *cls, - const struct TicketIterationStartMessage *tis_msg) + const struct TicketIterationStartMessage *tis_msg) { struct IdpClient *client = cls; struct TicketIteration *ti; @@ -2743,7 +2763,7 @@ handle_ticket_iteration_start (void *cls, */ static void handle_ticket_iteration_stop (void *cls, - const struct TicketIterationStopMessage *tis_msg) + const struct TicketIterationStopMessage *tis_msg) { struct IdpClient *client = cls; struct TicketIteration *ti; @@ -2778,7 +2798,7 @@ handle_ticket_iteration_stop (void *cls, */ static void handle_ticket_iteration_next (void *cls, - const struct TicketIterationNextMessage *tis_msg) + const struct TicketIterationNextMessage *tis_msg) { struct IdpClient *client = cls; struct TicketIteration *ti; diff --git a/src/identity-provider/identity-provider.conf b/src/identity-provider/identity-provider.conf index 826b2419e..7ee5e50d8 100644 --- a/src/identity-provider/identity-provider.conf +++ b/src/identity-provider/identity-provider.conf @@ -10,6 +10,7 @@ UNIXPATH = $GNUNET_USER_RUNTIME_DIR/gnunet-service-identity-provider.sock UNIX_MATCH_UID = NO UNIX_MATCH_GID = YES TOKEN_EXPIRATION_INTERVAL = 30 m +DATABASE = sqlite [identity-provider-sqlite] FILENAME = $GNUNET_DATA_HOME/identity-provider/sqlite.db diff --git a/src/identity-provider/identity_provider.h b/src/identity-provider/identity_provider.h index 434af4d8c..96bed18f4 100644 --- a/src/identity-provider/identity_provider.h +++ b/src/identity-provider/identity_provider.h @@ -455,6 +455,42 @@ struct ConsumeTicketMessage //Followed by a serialized ticket }; +/** + * Attribute list is returned from the idp. + */ +struct ConsumeTicketResultMessage +{ + /** + * Message header + */ + struct GNUNET_MessageHeader header; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + + /** + * Length of serialized attribute data + */ + uint16_t attrs_len GNUNET_PACKED; + + /** + * always zero (for alignment) + */ + uint16_t reserved GNUNET_PACKED; + + /** + * The public key of the identity. + */ + struct GNUNET_CRYPTO_EcdsaPublicKey identity; + + /* followed by: + * serialized attributes data + */ +}; + + GNUNET_NETWORK_STRUCT_END diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c index 7c9576d05..6e0ce7b42 100644 --- a/src/identity-provider/identity_provider_api.c +++ b/src/identity-provider/identity_provider_api.c @@ -516,6 +516,86 @@ handle_attribute_store_response (void *cls, } + +/** + * Handle an incoming message of type + * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT + * + * @param cls + * @param msg the message we received + * @return #GNUNET_OK on success, #GNUNET_SYSERR on error + */ +static int +check_consume_ticket_result (void *cls, + const struct ConsumeTicketResultMessage *msg) +{ + size_t msg_len; + size_t attrs_len; + + msg_len = ntohs (msg->header.size); + attrs_len = ntohs (msg->attrs_len); + if (msg_len != sizeof (struct ConsumeTicketResultMessage) + attrs_len) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + return GNUNET_OK; +} + + +/** + * Handle an incoming message of type + * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT + * + * @param cls + * @param msg the message we received + */ +static void +handle_consume_ticket_result (void *cls, + const struct ConsumeTicketResultMessage *msg) +{ + struct GNUNET_IDENTITY_PROVIDER_Handle *h = cls; + struct GNUNET_IDENTITY_PROVIDER_Operation *op; + size_t attrs_len; + uint32_t r_id = ntohl (msg->id); + + attrs_len = ntohs (msg->attrs_len); + LOG (GNUNET_ERROR_TYPE_MESSAGE, + "Processing attribute result.\n"); + + + for (op = h->op_head; NULL != op; op = op->next) + if (op->r_id == r_id) + break; + if (NULL == op) + return; + + { + struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs; + struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; + attrs = attribute_list_deserialize ((char*)&msg[1], + attrs_len); + if (NULL != op->ar_cb) + { + for (le = attrs->list_head; NULL != le; le = le->next) + op->ar_cb (op->cls, + &msg->identity, + le->attribute); + } + attribute_list_destroy (attrs); + op->ar_cb (op->cls, + NULL, + NULL); + GNUNET_CONTAINER_DLL_remove (h->op_head, + h->op_tail, + op); + GNUNET_free (op); + return; + } + GNUNET_assert (0); +} + + /** * Handle an incoming message of type * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT @@ -551,7 +631,7 @@ check_attribute_result (void *cls, */ static void handle_attribute_result (void *cls, - const struct AttributeResultMessage *msg) + const struct AttributeResultMessage *msg) { static struct GNUNET_CRYPTO_EcdsaPrivateKey identity_dummy; struct GNUNET_IDENTITY_PROVIDER_Handle *h = cls; @@ -716,6 +796,10 @@ reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h) GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT, struct TicketResultMessage, h), + GNUNET_MQ_hd_var_size (consume_ticket_result, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT, + struct ConsumeTicketResultMessage, + h), GNUNET_MQ_handler_end () }; struct GNUNET_IDENTITY_PROVIDER_Operation *op; diff --git a/src/identity-provider/plugin_identity_provider_sqlite.c b/src/identity-provider/plugin_identity_provider_sqlite.c index d05baa79d..f31e2e68a 100644 --- a/src/identity-provider/plugin_identity_provider_sqlite.c +++ b/src/identity-provider/plugin_identity_provider_sqlite.c @@ -49,9 +49,9 @@ * a failure of the command 'cmd' on file 'filename' * with the message given by strerror(errno). */ -#define LOG_SQLITE(db, level, cmd) do { GNUNET_log_from (level, "namestore-identity-provider", _("`%s' failed at %s:%d with error: %s\n"), cmd, __FILE__, __LINE__, sqlite3_errmsg(db->dbh)); } while(0) +#define LOG_SQLITE(db, level, cmd) do { GNUNET_log_from (level, "identity-provider", _("`%s' failed at %s:%d with error: %s\n"), cmd, __FILE__, __LINE__, sqlite3_errmsg(db->dbh)); } while(0) -#define LOG(kind,...) GNUNET_log_from (kind, "namestore-sqlite", __VA_ARGS__) +#define LOG(kind,...) GNUNET_log_from (kind, "identity-provider-sqlite", __VA_ARGS__) /** @@ -315,6 +315,8 @@ database_shutdown (struct Plugin *plugin) sqlite3_finalize (plugin->delete_ticket); if (NULL != plugin->iterate_tickets) sqlite3_finalize (plugin->iterate_tickets); + if (NULL != plugin->iterate_tickets_by_audience) + sqlite3_finalize (plugin->iterate_tickets_by_audience); result = sqlite3_close (plugin->dbh); if (result == SQLITE_BUSY) { @@ -653,7 +655,7 @@ libgnunet_plugin_identity_provider_sqlite_init (void *cls) * @return always NULL */ void * -libgnunet_plugin_namestore_sqlite_done (void *cls) +libgnunet_plugin_identity_provider_sqlite_done (void *cls) { struct GNUNET_IDENTITY_PROVIDER_PluginFunctions *api = cls; struct Plugin *plugin = api->cls; diff --git a/src/identity-provider/test_idp_issue.sh b/src/identity-provider/test_idp_issue.sh index aca98e390..38369a33e 100755 --- a/src/identity-provider/test_idp_issue.sh +++ b/src/identity-provider/test_idp_issue.sh @@ -1,5 +1,5 @@ #!/bin/bash -trap "gnunet-arm -e -c test_idp_lookup.conf" SIGINT +trap "gnunet-arm -e -c test_idp.conf" SIGINT LOCATION=$(which gnunet-config) if [ -z $LOCATION ] diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h index 743a28946..b22e1b417 100644 --- a/src/include/gnunet_protocols.h +++ b/src/include/gnunet_protocols.h @@ -2646,11 +2646,13 @@ extern "C" #define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET 973 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START 974 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT 974 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP 975 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START 975 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT 976 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP 976 + +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT 977 /************************************************** * -- cgit v1.2.3 From 407c000bf423dc07f1f12fba9b8a8bcd08886d6c Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Fri, 6 Oct 2017 09:08:23 +0200 Subject: -fix bugs --- src/identity-provider/gnunet-idp.c | 4 +- .../gnunet-service-identity-provider.c | 55 ++++++++++++++++------ src/identity-provider/identity_attribute.c | 2 +- src/identity-provider/identity_provider_api.c | 4 +- src/identity-provider/test_idp_issue.sh | 2 +- 5 files changed, 46 insertions(+), 21 deletions(-) diff --git a/src/identity-provider/gnunet-idp.c b/src/identity-provider/gnunet-idp.c index a8739e6f6..fbe1d9613 100644 --- a/src/identity-provider/gnunet-idp.c +++ b/src/identity-provider/gnunet-idp.c @@ -151,7 +151,7 @@ store_attr_cont (void *cls, "%s\n", emsg); } else { GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - "Sucessfully added identity attribute %s=%s\n", + "Successfully added identity attribute %s=%s\n", attr_name, attr_value); } GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); @@ -251,7 +251,7 @@ iter_cb (void *cls, break; } GNUNET_free (attrs_tmp); - } else { + } else if (list) { GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, "%s: %s\n", attr->name, (char*)attr->data); } diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 0b7f3389e..3b3af331e 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -1366,7 +1366,7 @@ static void process_parallel_lookup (void *cls, uint32_t rd_count, const struct GNUNET_GNSRECORD_Data *rd) { - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parallel lookup finished (count=%u)\n", rd_count); struct ParallelLookup *parallel_lookup = cls; struct ExchangeHandle *handle = parallel_lookup->handle; @@ -1385,7 +1385,7 @@ process_parallel_lookup (void *cls, uint32_t rd_count, rd->data_size, handle->key, (void**)&data); - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, "Adding value: %s\n", data); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding value: %s\n", data); token_add_attr (handle->token, parallel_lookup->label, data); @@ -1400,7 +1400,7 @@ process_parallel_lookup (void *cls, uint32_t rd_count, data = GNUNET_GNSRECORD_value_to_string (rd[i].record_type, rd[i].data, rd[i].data_size); - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, "Adding value: %s\n", data); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding value: %s\n", data); token_add_attr (handle->token, parallel_lookup->label, data); GNUNET_free (data); } @@ -1485,7 +1485,7 @@ process_lookup_result (void *cls, uint32_t rd_count, size, rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); scopes = GNUNET_strdup (buf); - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Scopes %s\n", scopes); handle->key = GNUNET_CRYPTO_cpabe_deserialize_key ((void*)(buf + strlen (scopes) + 1), rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) @@ -1496,7 +1496,7 @@ process_lookup_result (void *cls, uint32_t rd_count, GNUNET_asprintf (&lookup_query, "%s.gnu", scope); - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Looking up %s\n", lookup_query); parallel_lookup = GNUNET_new (struct ParallelLookup); parallel_lookup->handle = handle; @@ -1776,9 +1776,19 @@ send_ticket_result (struct IdpClient *client, attrs_size = attribute_list_serialize_get_size (attrs); + /* store ticket in DB */ + if (GNUNET_OK != TKT_database->store_ticket (TKT_database->cls, + ticket, + attrs)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unable to store ticket after issue\n"); + GNUNET_break (0); + } + env = GNUNET_MQ_msg_extra (irm, sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket2) + attrs_size, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT); + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT); ticket_buf = (struct GNUNET_IDENTITY_PROVIDER_Ticket2 *)&irm[1]; *ticket_buf = *ticket; attrs_buf = (char*)&ticket_buf[1]; @@ -1792,8 +1802,8 @@ send_ticket_result (struct IdpClient *client, static void store_ticket_issue_cont (void *cls, - int32_t success, - const char *emsg) + int32_t success, + const char *emsg) { struct TicketIssueHandle *handle = cls; @@ -1843,10 +1853,10 @@ serialize_abe_keyinfo2 (const struct TicketIssueHandle *handle, } buf = GNUNET_malloc (attrs_str_len + size); write_ptr = buf; - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Writing attributes\n"); for (le = handle->attrs->list_head; NULL != le; le = le->next) { - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "%s\n", le->attribute->name); @@ -1943,6 +1953,7 @@ issue_ticket_after_abe_bootstrap (void *cls, ih); GNUNET_free (ecdhe_privkey); GNUNET_free (label); + GNUNET_free (attrs); GNUNET_free (code_record_data); } @@ -2041,7 +2052,7 @@ static void process_parallel_lookup2 (void *cls, uint32_t rd_count, const struct GNUNET_GNSRECORD_Data *rd) { - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parallel lookup finished (count=%u)\n", rd_count); struct ParallelLookup2 *parallel_lookup = cls; struct ConsumeTicketHandle *handle = parallel_lookup->handle; @@ -2056,6 +2067,7 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count, GNUNET_CONTAINER_DLL_remove (handle->parallel_lookups_head, handle->parallel_lookups_tail, parallel_lookup); + GNUNET_free (parallel_lookup->label); GNUNET_free (parallel_lookup); if (1 != rd_count) GNUNET_break(0);//TODO @@ -2075,7 +2087,18 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count, } if (NULL != handle->parallel_lookups_head) return; //Wait for more - //Else we are done + /* Else we are done */ + + /* Store ticket in DB */ + if (GNUNET_OK != TKT_database->store_ticket (TKT_database->cls, + &handle->ticket, + handle->attrs)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unable to store ticket after consume\n"); + GNUNET_break (0); + } + GNUNET_SCHEDULER_cancel (handle->kill_task); attrs_len = attribute_list_serialize_get_size (handle->attrs); env = GNUNET_MQ_msg_extra (crm, @@ -2177,7 +2200,7 @@ process_consume_abe_key (void *cls, uint32_t rd_count, size, rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); scopes = GNUNET_strdup (buf); - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Scopes %s\n", scopes); handle->key = GNUNET_CRYPTO_cpabe_deserialize_key ((void*)(buf + strlen (scopes) + 1), rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) @@ -2188,7 +2211,7 @@ process_consume_abe_key (void *cls, uint32_t rd_count, GNUNET_asprintf (&lookup_query, "%s.gnu", scope); - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Looking up %s\n", lookup_query); parallel_lookup = GNUNET_new (struct ParallelLookup2); parallel_lookup->handle = handle; @@ -2204,6 +2227,7 @@ process_consume_abe_key (void *cls, uint32_t rd_count, GNUNET_CONTAINER_DLL_insert (handle->parallel_lookups_head, handle->parallel_lookups_tail, parallel_lookup); + GNUNET_free (lookup_query); } handle->kill_task = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_MINUTES,3), &abort_parallel_lookups2, @@ -2241,7 +2265,7 @@ handle_consume_ticket_message (void *cls, GNUNET_asprintf (&lookup_query, "%s.gnu", rnd_label); - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Looking for ABE key under %s\n", lookup_query); ch->lookup_request @@ -2252,6 +2276,7 @@ handle_consume_ticket_message (void *cls, GNUNET_GNS_LO_LOCAL_MASTER, &process_consume_abe_key, ch); + GNUNET_free (rnd_label); GNUNET_free (lookup_query); GNUNET_SERVICE_client_continue (idp->client); } diff --git a/src/identity-provider/identity_attribute.c b/src/identity-provider/identity_attribute.c index 1c5654946..b90a08e3e 100644 --- a/src/identity-provider/identity_attribute.c +++ b/src/identity-provider/identity_attribute.c @@ -114,7 +114,7 @@ attribute_list_deserialize (const char* data, le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry); le->attribute = attribute_deserialize (read_ptr, data_size - (read_ptr - data)); - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Deserialized attribute %s\n", le->attribute->name); GNUNET_CONTAINER_DLL_insert (attrs->list_head, attrs->list_tail, diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c index 6e0ce7b42..371dce86d 100644 --- a/src/identity-provider/identity_provider_api.c +++ b/src/identity-provider/identity_provider_api.c @@ -560,7 +560,7 @@ handle_consume_ticket_result (void *cls, uint32_t r_id = ntohl (msg->id); attrs_len = ntohs (msg->attrs_len); - LOG (GNUNET_ERROR_TYPE_MESSAGE, + LOG (GNUNET_ERROR_TYPE_DEBUG, "Processing attribute result.\n"); @@ -641,7 +641,7 @@ handle_attribute_result (void *cls, uint32_t r_id = ntohl (msg->id); attr_len = ntohs (msg->attr_len); - LOG (GNUNET_ERROR_TYPE_MESSAGE, + LOG (GNUNET_ERROR_TYPE_DEBUG, "Processing attribute result.\n"); diff --git a/src/identity-provider/test_idp_issue.sh b/src/identity-provider/test_idp_issue.sh index 38369a33e..f2f48057d 100755 --- a/src/identity-provider/test_idp_issue.sh +++ b/src/identity-provider/test_idp_issue.sh @@ -32,6 +32,6 @@ gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf gnunet-idp -e testego -a name -V John -c test_idp.conf #gnunet-idp -e testego -D -c test_idp.conf TICKET=$(gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf | awk '{print $1}') -echo "Consuming $TICKET" +#echo "Consuming $TICKET" gnunet-idp -e rpego -C $TICKET -c test_idp.conf gnunet-arm -e -c test_idp.conf -- cgit v1.2.3 From fc76f42d3f8df9fc88648ad052f46c7ddf518879 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Fri, 6 Oct 2017 10:04:20 +0200 Subject: -add ticket iteration --- .../gnunet-service-identity-provider.c | 10 +- src/identity-provider/identity_provider_api.c | 293 ++++++++++++++++++++- .../plugin_identity_provider_sqlite.c | 23 +- src/include/gnunet_identity_provider_service.h | 99 ++++--- 4 files changed, 371 insertions(+), 54 deletions(-) diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 3b3af331e..3dcb2792e 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -1770,11 +1770,7 @@ send_ticket_result (struct IdpClient *client, { struct TicketResultMessage *irm; struct GNUNET_MQ_Envelope *env; - size_t attrs_size; struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket_buf; - char *attrs_buf; - - attrs_size = attribute_list_serialize_get_size (attrs); /* store ticket in DB */ if (GNUNET_OK != TKT_database->store_ticket (TKT_database->cls, @@ -1787,15 +1783,11 @@ send_ticket_result (struct IdpClient *client, } env = GNUNET_MQ_msg_extra (irm, - sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket2) + attrs_size, + sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket2), GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT); ticket_buf = (struct GNUNET_IDENTITY_PROVIDER_Ticket2 *)&irm[1]; *ticket_buf = *ticket; - attrs_buf = (char*)&ticket_buf[1]; - attribute_list_serialize (attrs, - attrs_buf); irm->id = htonl (r_id); - GNUNET_MQ_send (client->mq, env); } diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c index 371dce86d..6ef1d470e 100644 --- a/src/identity-provider/identity_provider_api.c +++ b/src/identity-provider/identity_provider_api.c @@ -107,6 +107,71 @@ struct GNUNET_IDENTITY_PROVIDER_Operation }; +/** + * Handle for a ticket iterator operation + */ +struct GNUNET_IDENTITY_PROVIDER_TicketIterator +{ + + /** + * Kept in a DLL. + */ + struct GNUNET_IDENTITY_PROVIDER_TicketIterator *next; + + /** + * Kept in a DLL. + */ + struct GNUNET_IDENTITY_PROVIDER_TicketIterator *prev; + + /** + * Main handle to access the idp. + */ + struct GNUNET_IDENTITY_PROVIDER_Handle *h; + + /** + * Function to call on completion. + */ + GNUNET_SCHEDULER_TaskCallback finish_cb; + + /** + * Closure for @e error_cb. + */ + void *finish_cb_cls; + + /** + * The continuation to call with the results + */ + GNUNET_IDENTITY_PROVIDER_TicketCallback tr_cb; + + /** + * Closure for @e tr_cb. + */ + void *cls; + + /** + * Function to call on errors. + */ + GNUNET_SCHEDULER_TaskCallback error_cb; + + /** + * Closure for @e error_cb. + */ + void *error_cb_cls; + + /** + * Envelope of the message to send to the service, if not yet + * sent. + */ + struct GNUNET_MQ_Envelope *env; + + /** + * The operation id this zone iteration operation has + */ + uint32_t r_id; + +}; + + /** * Handle for a attribute iterator operation */ @@ -217,6 +282,17 @@ struct GNUNET_IDENTITY_PROVIDER_Handle */ struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it_tail; + /** + * Head of active iterations + */ + struct GNUNET_IDENTITY_PROVIDER_TicketIterator *ticket_it_head; + + /** + * Tail of active iterations + */ + struct GNUNET_IDENTITY_PROVIDER_TicketIterator *ticket_it_tail; + + /** * Currently pending transmission request, or NULL for none. */ @@ -747,22 +823,54 @@ handle_ticket_result (void *cls, { struct GNUNET_IDENTITY_PROVIDER_Handle *handle = cls; struct GNUNET_IDENTITY_PROVIDER_Operation *op; + struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it; const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket; uint32_t r_id = ntohl (msg->id); + size_t msg_len; for (op = handle->op_head; NULL != op; op = op->next) if (op->r_id == r_id) break; - if (NULL == op) + for (it = handle->ticket_it_head; NULL != it; it = it->next) + if (it->r_id == r_id) + break; + if ((NULL == op) && (NULL == it)) return; - GNUNET_CONTAINER_DLL_remove (handle->op_head, - handle->op_tail, - op); - ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket2 *)&msg[1]; - if (NULL != op->tr_cb) - op->tr_cb (op->cls, ticket); - GNUNET_free (op); + msg_len = ntohs (msg->header.size); + if (NULL != op) + { + GNUNET_CONTAINER_DLL_remove (handle->op_head, + handle->op_tail, + op); + if (msg_len == sizeof (struct TicketResultMessage)) + { + if (NULL != op->tr_cb) + op->tr_cb (op->cls, NULL); + } else { + ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket2 *)&msg[1]; + if (NULL != op->tr_cb) + op->tr_cb (op->cls, ticket); + } + GNUNET_free (op); + return; + } else if (NULL != it) { + GNUNET_CONTAINER_DLL_remove (handle->ticket_it_head, + handle->ticket_it_tail, + it); + if (msg_len == sizeof (struct TicketResultMessage)) + { + if (NULL != it->tr_cb) + it->finish_cb (it->finish_cb_cls); + } else { + ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket2 *)&msg[1]; + if (NULL != it->tr_cb) + it->tr_cb (it->cls, ticket); + } + GNUNET_free (it); + return; + } + GNUNET_break (0); } @@ -1353,6 +1461,175 @@ GNUNET_IDENTITY_PROVIDER_rp_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Hand } +/** + * Lists all tickets that have been issued to remote + * identites (relying parties) + * + * @param h the identity provider to use + * @param identity the issuing identity + * @param error_cb function to call on error (i.e. disconnect), + * the handle is afterwards invalid + * @param error_cb_cls closure for @a error_cb + * @param proc function to call on each ticket; it + * will be called repeatedly with a value (if available) + * @param proc_cls closure for @a proc + * @param finish_cb function to call on completion + * the handle is afterwards invalid + * @param finish_cb_cls closure for @a finish_cb + * @return an iterator handle to use for iteration + */ +struct GNUNET_IDENTITY_PROVIDER_TicketIterator * +GNUNET_IDENTITY_PROVIDER_idp_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, + GNUNET_SCHEDULER_TaskCallback error_cb, + void *error_cb_cls, + GNUNET_IDENTITY_PROVIDER_TicketCallback proc, + void *proc_cls, + GNUNET_SCHEDULER_TaskCallback finish_cb, + void *finish_cb_cls) +{ + struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it; + struct GNUNET_CRYPTO_EcdsaPublicKey identity_pub; + struct GNUNET_MQ_Envelope *env; + struct TicketIterationStartMessage *msg; + uint32_t rid; + + GNUNET_CRYPTO_ecdsa_key_get_public (identity, + &identity_pub); + rid = h->r_id_gen++; + it = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_TicketIterator); + it->h = h; + it->error_cb = error_cb; + it->error_cb_cls = error_cb_cls; + it->finish_cb = finish_cb; + it->finish_cb_cls = finish_cb_cls; + it->tr_cb = proc; + it->cls = proc_cls; + it->r_id = rid; + GNUNET_CONTAINER_DLL_insert_tail (h->ticket_it_head, + h->ticket_it_tail, + it); + env = GNUNET_MQ_msg (msg, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START); + msg->id = htonl (rid); + msg->identity = identity_pub; + msg->is_audience = htonl (GNUNET_NO); + if (NULL == h->mq) + it->env = env; + else + GNUNET_MQ_send (h->mq, + env); + return it; + +} + + +/** + * Lists all tickets that have been issued to remote + * identites (relying parties) + * + * @param id the identity provider to use + * @param identity the issuing identity + * @param error_cb function to call on error (i.e. disconnect), + * the handle is afterwards invalid + * @param error_cb_cls closure for @a error_cb + * @param proc function to call on each ticket; it + * will be called repeatedly with a value (if available) + * @param proc_cls closure for @a proc + * @param finish_cb function to call on completion + * the handle is afterwards invalid + * @param finish_cb_cls closure for @a finish_cb + * @return an iterator handle to use for iteration + */ +struct GNUNET_IDENTITY_PROVIDER_TicketIterator * +GNUNET_IDENTITY_PROVIDER_ticket_iteration_start_rp (struct GNUNET_IDENTITY_PROVIDER_Handle *h, + const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, + GNUNET_SCHEDULER_TaskCallback error_cb, + void *error_cb_cls, + GNUNET_IDENTITY_PROVIDER_TicketCallback proc, + void *proc_cls, + GNUNET_SCHEDULER_TaskCallback finish_cb, + void *finish_cb_cls) +{ + struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it; + struct GNUNET_MQ_Envelope *env; + struct TicketIterationStartMessage *msg; + uint32_t rid; + + rid = h->r_id_gen++; + it = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_TicketIterator); + it->h = h; + it->error_cb = error_cb; + it->error_cb_cls = error_cb_cls; + it->finish_cb = finish_cb; + it->finish_cb_cls = finish_cb_cls; + it->tr_cb = proc; + it->cls = proc_cls; + it->r_id = rid; + GNUNET_CONTAINER_DLL_insert_tail (h->ticket_it_head, + h->ticket_it_tail, + it); + env = GNUNET_MQ_msg (msg, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START); + msg->id = htonl (rid); + msg->identity = *identity; + msg->is_audience = htonl (GNUNET_YES); + if (NULL == h->mq) + it->env = env; + else + GNUNET_MQ_send (h->mq, + env); + return it; + + +} + +/** + * Calls the record processor specified in #GNUNET_IDENTITY_PROVIDER_ticket_iteration_start + * for the next record. + * + * @param it the iterator + */ +void +GNUNET_IDENTITY_PROVIDER_ticket_iteration_next (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it) +{ + struct GNUNET_IDENTITY_PROVIDER_Handle *h = it->h; + struct TicketIterationNextMessage *msg; + struct GNUNET_MQ_Envelope *env; + + env = GNUNET_MQ_msg (msg, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT); + msg->id = htonl (it->r_id); + GNUNET_MQ_send (h->mq, + env); +} + + +/** + * Stops iteration and releases the idp handle for further calls. Must + * be called on any iteration that has not yet completed prior to calling + * #GNUNET_IDENTITY_PROVIDER_disconnect. + * + * @param it the iterator + */ +void +GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it) +{ + struct GNUNET_IDENTITY_PROVIDER_Handle *h = it->h; + struct GNUNET_MQ_Envelope *env; + struct TicketIterationStopMessage *msg; + + if (NULL != h->mq) + { + env = GNUNET_MQ_msg (msg, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP); + msg->id = htonl (it->r_id); + GNUNET_MQ_send (h->mq, + env); + } + GNUNET_free (it); +} + /* end of identity_provider_api.c */ diff --git a/src/identity-provider/plugin_identity_provider_sqlite.c b/src/identity-provider/plugin_identity_provider_sqlite.c index f31e2e68a..464ea29cb 100644 --- a/src/identity-provider/plugin_identity_provider_sqlite.c +++ b/src/identity-provider/plugin_identity_provider_sqlite.c @@ -376,7 +376,28 @@ identity_provider_sqlite_store_ticket (void *cls, attribute_list_serialize (attrs, attrs_serialized); - { + { + /* First delete duplicates */ + struct GNUNET_SQ_QueryParam dparams[] = { + GNUNET_SQ_query_param_auto_from_type (&ticket->identity), + GNUNET_SQ_query_param_uint64 (&ticket->rnd), + GNUNET_SQ_query_param_end + }; + if (GNUNET_OK != + GNUNET_SQ_bind (plugin->delete_ticket, + dparams)) + { + LOG_SQLITE (plugin, + GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK, + "sqlite3_bind_XXXX"); + GNUNET_SQ_reset (plugin->dbh, + plugin->delete_ticket); + return GNUNET_SYSERR; + } + n = sqlite3_step (plugin->delete_ticket); + GNUNET_SQ_reset (plugin->dbh, + plugin->delete_ticket); + struct GNUNET_SQ_QueryParam sparams[] = { GNUNET_SQ_query_param_auto_from_type (&ticket->identity), GNUNET_SQ_query_param_auto_from_type (&ticket->audience), diff --git a/src/include/gnunet_identity_provider_service.h b/src/include/gnunet_identity_provider_service.h index 02cd15959..198e2f918 100644 --- a/src/include/gnunet_identity_provider_service.h +++ b/src/include/gnunet_identity_provider_service.h @@ -342,20 +342,6 @@ typedef void (*GNUNET_IDENTITY_PROVIDER_TicketCallback)(void *cls, const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket); -/** - * Method called when issued tickets are retrieved. Also returns the attributes - * that were issued at the time. - * - * @param cls closure - * @param ticket the ticket - * @param attrs the attributes as list - */ -typedef void -(*GNUNET_IDENTITY_PROVIDER_TicketResult)(void *cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket, - const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs); - - /** * Issues a ticket to another identity. The identity may use * @GNUNET_IDENTITY_PROVIDER_authorization_ticket_consume to consume the ticket @@ -415,37 +401,78 @@ GNUNET_IDENTITY_PROVIDER_rp_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Hand GNUNET_IDENTITY_PROVIDER_AttributeResult cb, void *cb_cls); -/** TODO +/** + * Lists all tickets that have been issued to remote + * identites (relying parties) + * + * @param h the identity provider to use + * @param identity the issuing identity + * @param error_cb function to call on error (i.e. disconnect), + * the handle is afterwards invalid + * @param error_cb_cls closure for @a error_cb + * @param proc function to call on each ticket; it + * will be called repeatedly with a value (if available) + * @param proc_cls closure for @a proc + * @param finish_cb function to call on completion + * the handle is afterwards invalid + * @param finish_cb_cls closure for @a finish_cb + * @return an iterator handle to use for iteration + */ +struct GNUNET_IDENTITY_PROVIDER_TicketIterator * +GNUNET_IDENTITY_PROVIDER_idp_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, + GNUNET_SCHEDULER_TaskCallback error_cb, + void *error_cb_cls, + GNUNET_IDENTITY_PROVIDER_TicketCallback proc, + void *proc_cls, + GNUNET_SCHEDULER_TaskCallback finish_cb, + void *finish_cb_cls); + +/** * Lists all tickets that have been issued to remote * identites (relying parties) * * @param id the identity provider to use * @param identity the issuing identity - * @param cb the callback to use - * @param cb_cls the callback closure - * @return handle to abort the operation + * @param error_cb function to call on error (i.e. disconnect), + * the handle is afterwards invalid + * @param error_cb_cls closure for @a error_cb + * @param proc function to call on each ticket; it + * will be called repeatedly with a value (if available) + * @param proc_cls closure for @a proc + * @param finish_cb function to call on completion + * the handle is afterwards invalid + * @param finish_cb_cls closure for @a finish_cb + * @return an iterator handle to use for iteration */ -struct GNUNET_IDENTITY_PROVIDER_Operation * -GNUNET_IDENTITY_PROVIDER_idp_tickets_list (struct GNUNET_IDENTITY_PROVIDER_Handle *id, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, - GNUNET_IDENTITY_PROVIDER_TicketCallback *cb, - void *cb_cls); +struct GNUNET_IDENTITY_PROVIDER_TicketIterator * +GNUNET_IDENTITY_PROVIDER_ticket_iteration_start_rp (struct GNUNET_IDENTITY_PROVIDER_Handle *h, + const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, + GNUNET_SCHEDULER_TaskCallback error_cb, + void *error_cb_cls, + GNUNET_IDENTITY_PROVIDER_TicketCallback proc, + void *proc_cls, + GNUNET_SCHEDULER_TaskCallback finish_cb, + void *finish_cb_cls); -/** TODO - * Lists all attributes that are shared with this identity - * by remote parties +/** + * Calls the record processor specified in #GNUNET_IDENTITY_PROVIDER_ticket_iteration_start + * for the next record. * - * @param id identity provider service to use - * @param identity the identity (relying party) - * @param cb the result callback - * @param cb_cls the result callback closure - * @return handle to abort the operation + * @param it the iterator */ -struct GNUNET_IDENTITY_PROVIDER_Operation * -GNUNET_IDENTITY_PROVIDER_rp_attributes_list (struct GNUNET_IDENTITY_PROVIDER_Handle *id, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, - GNUNET_IDENTITY_PROVIDER_AttributeResult *cb, - void *cb_cls); +void +GNUNET_IDENTITY_PROVIDER_ticket_iteration_next (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it); + +/** + * Stops iteration and releases the idp handle for further calls. Must + * be called on any iteration that has not yet completed prior to calling + * #GNUNET_IDENTITY_PROVIDER_disconnect. + * + * @param it the iterator + */ +void +GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it); /** TODO remove DEPRECATED * Issue a token for a specific audience. -- cgit v1.2.3 From 7807374c7247af1d139ff70b4af047c227229a6e Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Fri, 6 Oct 2017 10:14:10 +0200 Subject: -do not persist sensitive data --- .../gnunet-service-identity-provider.c | 25 +++--------- .../plugin_identity_provider_sqlite.c | 44 ++++------------------ src/include/gnunet_identity_provider_plugin.h | 8 +--- 3 files changed, 15 insertions(+), 62 deletions(-) diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 3dcb2792e..8960ea162 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -1765,8 +1765,7 @@ cleanup_ticket_issue_handle (struct TicketIssueHandle *handle) static void send_ticket_result (struct IdpClient *client, uint32_t r_id, - const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket, - const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs) + const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket) { struct TicketResultMessage *irm; struct GNUNET_MQ_Envelope *env; @@ -1774,8 +1773,7 @@ send_ticket_result (struct IdpClient *client, /* store ticket in DB */ if (GNUNET_OK != TKT_database->store_ticket (TKT_database->cls, - ticket, - attrs)) + ticket)) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unable to store ticket after issue\n"); @@ -1810,8 +1808,7 @@ store_ticket_issue_cont (void *cls, } send_ticket_result (handle->client, handle->r_id, - &handle->ticket, - handle->attrs); + &handle->ticket); cleanup_ticket_issue_handle (handle); } @@ -2083,8 +2080,7 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count, /* Store ticket in DB */ if (GNUNET_OK != TKT_database->store_ticket (TKT_database->cls, - &handle->ticket, - handle->attrs)) + &handle->ticket)) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unable to store ticket after consume\n"); @@ -2664,8 +2660,7 @@ struct TicketIterationProcResult */ static void ticket_iterate_proc (void *cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket, - const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs) + const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket) { struct TicketIterationProcResult *proc = cls; @@ -2676,18 +2671,10 @@ ticket_iterate_proc (void *cls, proc->res_iteration_finished = IT_SUCCESS_NOT_MORE_RESULTS_AVAILABLE; return; } - if ((NULL == ticket) || (NULL == attrs)) - { - /* error */ - proc->res_iteration_finished = IT_START; - GNUNET_break (0); - return; - } proc->res_iteration_finished = IT_SUCCESS_MORE_AVAILABLE; send_ticket_result (proc->ti->client, proc->ti->r_id, - ticket, - attrs); + ticket); } diff --git a/src/identity-provider/plugin_identity_provider_sqlite.c b/src/identity-provider/plugin_identity_provider_sqlite.c index 464ea29cb..7a19ba827 100644 --- a/src/identity-provider/plugin_identity_provider_sqlite.c +++ b/src/identity-provider/plugin_identity_provider_sqlite.c @@ -27,7 +27,6 @@ #include "platform.h" #include "gnunet_identity_provider_service.h" #include "gnunet_identity_provider_plugin.h" -#include "identity_attribute.h" #include "gnunet_sq_lib.h" #include @@ -253,8 +252,7 @@ database_setup (struct Plugin *plugin) "CREATE TABLE identity001tickets (" " identity BLOB NOT NULL DEFAULT ''," " audience BLOB NOT NULL DEFAULT ''," - " rnd INT8 NOT NULL DEFAULT ''," - " attributes BLOB NOT NULL DEFAULT ''" + " rnd INT8 NOT NULL DEFAULT ''" ")", NULL, NULL, NULL) != SQLITE_OK)) { @@ -269,8 +267,8 @@ database_setup (struct Plugin *plugin) if ( (SQLITE_OK != sq_prepare (plugin->dbh, - "INSERT INTO identity001tickets (identity, audience, rnd, attributes)" - " VALUES (?, ?, ?, ?)", + "INSERT INTO identity001tickets (identity, audience, rnd)" + " VALUES (?, ?, ?)", &plugin->store_ticket)) || (SQLITE_OK != sq_prepare (plugin->dbh, @@ -278,13 +276,13 @@ database_setup (struct Plugin *plugin) &plugin->delete_ticket)) || (SQLITE_OK != sq_prepare (plugin->dbh, - "SELECT identity,audience,rnd,attributes" + "SELECT identity,audience,rnd" " FROM identity001tickets WHERE identity=?" " ORDER BY rnd LIMIT 1 OFFSET ?", &plugin->iterate_tickets)) || (SQLITE_OK != sq_prepare (plugin->dbh, - "SELECT identity,audience,rnd,attributes" + "SELECT identity,audience,rnd" " FROM identity001tickets WHERE audience=?" " ORDER BY rnd LIMIT 1 OFFSET ?", &plugin->iterate_tickets_by_audience)) ) @@ -356,25 +354,14 @@ database_shutdown (struct Plugin *plugin) * * @param cls closure (internal context for the plugin) * @param ticket the ticket to persist - * @param attrs attributes to persist * @return #GNUNET_OK on success, else #GNUNET_SYSERR */ static int identity_provider_sqlite_store_ticket (void *cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket, - const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs) + const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket) { struct Plugin *plugin = cls; int n; - size_t attrs_size; - char *attrs_serialized; - - attrs_size = attribute_list_serialize_get_size (attrs); - - attrs_serialized = GNUNET_malloc (attrs_size); - - attribute_list_serialize (attrs, - attrs_serialized); { /* First delete duplicates */ @@ -402,7 +389,6 @@ identity_provider_sqlite_store_ticket (void *cls, GNUNET_SQ_query_param_auto_from_type (&ticket->identity), GNUNET_SQ_query_param_auto_from_type (&ticket->audience), GNUNET_SQ_query_param_uint64 (&ticket->rnd), - GNUNET_SQ_query_param_fixed_size (attrs_serialized, attrs_size), GNUNET_SQ_query_param_end }; @@ -517,8 +503,6 @@ get_ticket_and_call_iterator (struct Plugin *plugin, void *iter_cls) { struct GNUNET_IDENTITY_PROVIDER_Ticket2 ticket; - size_t attrs_size; - void *attrs_serialized; int ret; int sret; @@ -529,7 +513,6 @@ get_ticket_and_call_iterator (struct Plugin *plugin, GNUNET_SQ_result_spec_auto_from_type (&ticket.identity), GNUNET_SQ_result_spec_auto_from_type (&ticket.audience), GNUNET_SQ_result_spec_uint64 (&ticket.rnd), - GNUNET_SQ_result_spec_variable_size (&attrs_serialized, &attrs_size), GNUNET_SQ_result_spec_end }; @@ -542,23 +525,10 @@ get_ticket_and_call_iterator (struct Plugin *plugin, } else { - struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs; - - attrs = attribute_list_deserialize (attrs_serialized, attrs_size); - - if (NULL == attrs) - { - GNUNET_break (0); - ret = GNUNET_SYSERR; - } - else - { if (NULL != iter) iter (iter_cls, - &ticket, - attrs); + &ticket); ret = GNUNET_YES; - } } GNUNET_SQ_cleanup_result (rs); } diff --git a/src/include/gnunet_identity_provider_plugin.h b/src/include/gnunet_identity_provider_plugin.h index 5867a5b80..9e779bde7 100644 --- a/src/include/gnunet_identity_provider_plugin.h +++ b/src/include/gnunet_identity_provider_plugin.h @@ -48,11 +48,9 @@ extern "C" * * @param cls closure * @param ticket the ticket - * @prarm attrs the attributes */ typedef void (*GNUNET_IDENTITY_PROVIDER_TicketIterator) (void *cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket, - const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs); + const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket); /** @@ -71,12 +69,10 @@ struct GNUNET_IDENTITY_PROVIDER_PluginFunctions * * @param cls closure (internal context for the plugin) * @param ticket the ticket to store - * @param attrs the attributes shared with the ticket * @return #GNUNET_OK on success, else #GNUNET_SYSERR */ int (*store_ticket) (void *cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket, - const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs); + const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket); /** * Delete a ticket from the database. -- cgit v1.2.3 From cc838240da0d28fa1fc6d7a97da2808a7a622365 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Fri, 6 Oct 2017 16:50:32 +0200 Subject: -remove deprecated --- src/identity-provider/Makefile.am | 23 - src/identity-provider/gnunet-identity-token.c | 179 --- src/identity-provider/gnunet-idp.c | 8 +- .../gnunet-service-identity-provider.c | 1417 +++----------------- src/identity-provider/identity_provider.h | 140 -- src/identity-provider/identity_provider_api.c | 362 +---- src/identity-provider/identity_token.c | 1006 -------------- src/identity-provider/identity_token.h | 351 ----- .../plugin_identity_provider_sqlite.c | 6 +- .../plugin_rest_identity_provider.c | 1216 ----------------- src/include/gnunet_identity_provider_plugin.h | 6 +- src/include/gnunet_identity_provider_service.h | 137 +- 12 files changed, 198 insertions(+), 4653 deletions(-) delete mode 100644 src/identity-provider/gnunet-identity-token.c delete mode 100644 src/identity-provider/identity_token.c delete mode 100644 src/identity-provider/identity_token.h delete mode 100644 src/identity-provider/plugin_rest_identity_provider.c diff --git a/src/identity-provider/Makefile.am b/src/identity-provider/Makefile.am index 1b35c6c04..0aabc2143 100644 --- a/src/identity-provider/Makefile.am +++ b/src/identity-provider/Makefile.am @@ -26,12 +26,10 @@ pkgcfg_DATA = \ lib_LTLIBRARIES = \ libgnunetidentityprovider.la plugin_LTLIBRARIES = \ - libgnunet_plugin_rest_identity_provider.la \ libgnunet_plugin_gnsrecord_identity_provider.la \ $(SQLITE_PLUGIN) bin_PROGRAMS = \ - gnunet-identity-token \ gnunet-idp libexec_PROGRAMS = \ @@ -60,7 +58,6 @@ libgnunet_plugin_identity_provider_sqlite_la_LDFLAGS = \ gnunet_service_identity_provider_SOURCES = \ gnunet-service-identity-provider.c \ - identity_token.c \ identity_attribute.h gnunet_service_identity_provider_LDADD = \ $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \ @@ -85,19 +82,6 @@ libgnunetidentityprovider_la_LDFLAGS = \ $(GN_LIB_LDFLAGS) $(WINFLAGS) \ -version-info 0:0:0 -libgnunet_plugin_rest_identity_provider_la_SOURCES = \ - plugin_rest_identity_provider.c -libgnunet_plugin_rest_identity_provider_la_LIBADD = \ - $(top_builddir)/src/identity/libgnunetidentity.la \ - libgnunetidentityprovider.la \ - $(top_builddir)/src/rest/libgnunetrest.la \ - $(top_builddir)/src/jsonapi/libgnunetjsonapi.la \ - $(top_builddir)/src/namestore/libgnunetnamestore.la \ - $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \ - $(LTLIBINTL) -ljansson -lmicrohttpd -libgnunet_plugin_rest_identity_provider_la_LDFLAGS = \ - $(GN_PLUGIN_LDFLAGS) - gnunet_idp_SOURCES = \ gnunet-idp.c gnunet_idp_LDADD = \ @@ -106,10 +90,3 @@ gnunet_idp_LDADD = \ $(top_builddir)/src/identity-provider/libgnunetidentityprovider.la \ $(top_builddir)/src/identity/libgnunetidentity.la \ $(GN_LIBINTL) - -gnunet_identity_token_SOURCES = \ - gnunet-identity-token.c -gnunet_identity_token_LDADD = \ - $(top_builddir)/src/util/libgnunetutil.la \ - -ljansson -lmicrohttpd \ - $(GN_LIBINTL) diff --git a/src/identity-provider/gnunet-identity-token.c b/src/identity-provider/gnunet-identity-token.c deleted file mode 100644 index 30b63bfc4..000000000 --- a/src/identity-provider/gnunet-identity-token.c +++ /dev/null @@ -1,179 +0,0 @@ -/* - This file is part of GNUnet. - Copyright (C) 2012-2015 GNUnet e.V. - - GNUnet is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published - by the Free Software Foundation; either version 3, or (at your - option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received a copy of the GNU General Public License - along with GNUnet; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. - */ -/** - * @author Martin Schanzenbach - * @file src/identity-provider/gnunet-service-identity-provider.c - * @brief Identity Token Service - * - */ - -#include "platform.h" -#include "gnunet_util_lib.h" -#include -#include "gnunet_signatures.h" - -/** - * The token - */ -static char* token; - -/** - * Weather to print the token - */ -static int print_token; - -static void -run (void *cls, - char *const *args, - const char *cfgfile, - const struct GNUNET_CONFIGURATION_Handle *c) -{ - char *payload; - char *header; - //Get token parts - const char *header_b64; - const char *payload_b64; - const char *signature_b32; - const char *keystring; - char *data; - json_t *payload_json; - json_t *keystring_json; - json_error_t error; - struct GNUNET_CRYPTO_EcdsaPublicKey key; - struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; - struct GNUNET_CRYPTO_EcdsaSignature sig; - - if (NULL == token) - { - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - _("Option `-t' is required\n")); - return; - } - header_b64 = strtok (token, "."); - payload_b64 = strtok (NULL, "."); - signature_b32 = strtok (NULL, "."); - if ( (NULL == header_b64) || - (NULL == payload_b64) || - (NULL == signature_b32) ) - { - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - _("Token `%s' is malformed\n"), - token); - GNUNET_free (token); - token = NULL; - return; - } - - //Decode payload - GNUNET_STRINGS_base64_decode (payload_b64, - strlen (payload_b64), - &payload); - //Decode header - GNUNET_STRINGS_base64_decode (header_b64, - strlen (header_b64), - &header); - - - GNUNET_asprintf(&data, - "%s,%s", - header_b64, - payload_b64); - char *val = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + strlen (data)); - purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose*)val; - purpose->size = htonl(sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + strlen (data)); - purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN); - GNUNET_memcpy (&purpose[1], data, strlen(data)); - GNUNET_free (data); - GNUNET_free (token); - token = NULL; - - if (print_token) - printf ("Token:\nHeader:\t\t%s\nPayload:\t%s\n", - header, - payload); - GNUNET_free (header); - - payload_json = json_loads (payload, 0, &error); - GNUNET_free (payload); - - if ((NULL == payload_json) || (! json_is_object (payload_json)) ) - { - GNUNET_free (val); - return; - } - keystring_json = json_object_get (payload_json, "iss"); - if (! json_is_string (keystring_json)) - { - GNUNET_free (val); - return; - } - keystring = json_string_value (keystring_json); - if (GNUNET_OK != - GNUNET_CRYPTO_ecdsa_public_key_from_string (keystring, - strlen (keystring), - &key)) - { - GNUNET_free (val); - return; - } - GNUNET_STRINGS_string_to_data (signature_b32, - strlen (signature_b32), - &sig, - sizeof (struct GNUNET_CRYPTO_EcdsaSignature)); - - if (print_token) - printf ("Signature:\t%s\n", - keystring); - - if (GNUNET_OK != - GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN, - purpose, - &sig, - &key)) - printf("Signature not OK!\n"); - else - printf("Signature OK!\n"); - GNUNET_free (val); - return; -} - - -int -main(int argc, char *const argv[]) -{ - struct GNUNET_GETOPT_CommandLineOption options[] = { - - GNUNET_GETOPT_option_string ('t', - "token", - NULL, - gettext_noop ("GNUid token"), - &token), - - GNUNET_GETOPT_option_flag ('p', - "print", - gettext_noop ("Print token contents"), - &print_token), - - GNUNET_GETOPT_OPTION_END - }; - return GNUNET_PROGRAM_run (argc, argv, "ct", - "ct", options, - &run, NULL); -} diff --git a/src/identity-provider/gnunet-idp.c b/src/identity-provider/gnunet-idp.c index fbe1d9613..bc30a1148 100644 --- a/src/identity-provider/gnunet-idp.c +++ b/src/identity-provider/gnunet-idp.c @@ -104,7 +104,7 @@ static struct GNUNET_CRYPTO_EcdsaPublicKey rp_key; /** * Ticket to consume */ -static struct GNUNET_IDENTITY_PROVIDER_Ticket2 ticket; +static struct GNUNET_IDENTITY_PROVIDER_Ticket ticket; /** * Attribute list @@ -128,12 +128,12 @@ do_cleanup(void *cls) static void ticket_issue_cb (void* cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket) + const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket) { char* ticket_str; if (NULL != ticket) { ticket_str = GNUNET_STRINGS_data_to_string_alloc (ticket, - sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket2)); + sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket)); printf("%s\n", ticket_str); GNUNET_free (ticket_str); @@ -278,7 +278,7 @@ ego_cb (void *cls, GNUNET_STRINGS_string_to_data (consume_ticket, strlen (consume_ticket), &ticket, - sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket2)); + sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket)); attr_list = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList); diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 8960ea162..9c03cdbd7 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -36,7 +36,6 @@ #include "gnunet_identity_provider_plugin.h" #include "gnunet_signatures.h" #include "identity_provider.h" -#include "identity_token.h" #include "identity_attribute.h" #include @@ -360,27 +359,8 @@ struct AttributeStoreHandle }; - -struct VerifiedAttributeEntry -{ - /** - * DLL - */ - struct VerifiedAttributeEntry *prev; - - /** - * DLL - */ - struct VerifiedAttributeEntry *next; - - /** - * Attribute Name - */ - char* name; -}; - +/* Prototype */ struct ParallelLookup; -struct ParallelLookup2; struct ConsumeTicketHandle { @@ -393,7 +373,7 @@ struct ConsumeTicketHandle /** * Ticket */ - struct GNUNET_IDENTITY_PROVIDER_Ticket2 ticket; + struct GNUNET_IDENTITY_PROVIDER_Ticket ticket; /** * LookupRequest @@ -413,12 +393,12 @@ struct ConsumeTicketHandle /** * Lookup DLL */ - struct ParallelLookup2 *parallel_lookups_head; + struct ParallelLookup *parallel_lookups_head; /** * Lookup DLL */ - struct ParallelLookup2 *parallel_lookups_tail; + struct ParallelLookup *parallel_lookups_tail; /** * Kill task @@ -441,82 +421,30 @@ struct ConsumeTicketHandle uint32_t r_id; }; -struct ParallelLookup2 -{ - struct ParallelLookup2 *next; - - struct ParallelLookup2 *prev; - - struct GNUNET_GNS_LookupRequest *lookup_request; - - struct ConsumeTicketHandle *handle; - - char *label; -}; - - -struct ExchangeHandle -{ - - /** - * Client connection - */ - struct IdpClient *client; - - /** - * Ticket - */ - struct TokenTicket *ticket; - - /** - * Token returned - */ - struct IdentityToken *token; - - /** - * LookupRequest - */ - struct GNUNET_GNS_LookupRequest *lookup_request; - - /** - * Audience Key - */ - struct GNUNET_CRYPTO_EcdsaPrivateKey aud_privkey; - - /** - * ParallelLookups DLL - */ - struct ParallelLookup *parallel_lookups_head; - struct ParallelLookup *parallel_lookups_tail; - - struct GNUNET_SCHEDULER_Task *kill_task; - struct GNUNET_CRYPTO_AbeKey *key; - - /** - * Label to return - */ - char *label; - - /** - * request id - */ - uint32_t r_id; -}; - +/** + * Handle for a parallel GNS lookup job + */ struct ParallelLookup { + /* DLL */ struct ParallelLookup *next; + /* DLL */ struct ParallelLookup *prev; + /* The GNS request */ struct GNUNET_GNS_LookupRequest *lookup_request; - struct ExchangeHandle *handle; + /* The handle the return to */ + struct ConsumeTicketHandle *handle; + /* The label to look up */ char *label; }; - +/** + * Ticket issue request handle + */ struct TicketIssueHandle { @@ -538,7 +466,7 @@ struct TicketIssueHandle /** * Ticket to issue */ - struct GNUNET_IDENTITY_PROVIDER_Ticket2 ticket; + struct GNUNET_IDENTITY_PROVIDER_Ticket ticket; /** * QueueEntry @@ -552,103 +480,6 @@ struct TicketIssueHandle }; -/** - * DEPRECATED - */ -struct IssueHandle -{ - - /** - * Client connection - */ - struct IdpClient *client; - - /** - * Issuer Key - */ - struct GNUNET_CRYPTO_EcdsaPrivateKey iss_key; - - /** - * Issue pubkey - */ - struct GNUNET_CRYPTO_EcdsaPublicKey iss_pkey; - - /** - * Audience Key - */ - struct GNUNET_CRYPTO_EcdsaPublicKey aud_key; - - /** - * The issuer egos ABE master key - */ - struct GNUNET_CRYPTO_AbeMasterKey *abe_key; - - /** - * Expiration - */ - struct GNUNET_TIME_Absolute expiration; - - /** - * Scopes - */ - char *scopes; - - /** - * DLL - */ - struct VerifiedAttributeEntry *v_attr_head; - - /** - * DLL - */ - struct VerifiedAttributeEntry *v_attr_tail; - - /** - * nonce - */ - uint64_t nonce; - - /** - * NS iterator - */ - struct GNUNET_NAMESTORE_ZoneIterator *ns_it; - - /** - * Cred request - */ - struct GNUNET_CREDENTIAL_Request *credential_request; - - /** - * Attribute map - */ - struct GNUNET_CONTAINER_MultiHashMap *attr_map; - - /** - * Token - */ - struct IdentityToken *token; - - /** - * Ticket - */ - struct TokenTicket *ticket; - - /** - * QueueEntry - */ - struct GNUNET_NAMESTORE_QueueEntry *ns_qe; - - /** - * The label the token is stored under - */ - char *label; - - /** - * request id - */ - uint32_t r_id; -}; - /** * DLL for ego handles to egos containing the ID_ATTRS in a map in json_t format * @@ -667,1088 +498,206 @@ struct EgoEntry /** * Ego handle - */ - struct GNUNET_IDENTITY_Ego *ego; - - /** - * Attribute map. Contains the attributes as json_t - */ - struct GNUNET_CONTAINER_MultiHashMap *attr_map; - -}; - -/** - * Cleanup task - */ -static void -cleanup() -{ - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Cleaning up\n"); - if (NULL != stats) - { - GNUNET_STATISTICS_destroy (stats, GNUNET_NO); - stats = NULL; - } - GNUNET_break (NULL == GNUNET_PLUGIN_unload (db_lib_name, - TKT_database)); - GNUNET_free (db_lib_name); - db_lib_name = NULL; - if (NULL != timeout_task) - GNUNET_SCHEDULER_cancel (timeout_task); - if (NULL != update_task) - GNUNET_SCHEDULER_cancel (update_task); - if (NULL != identity_handle) - GNUNET_IDENTITY_disconnect (identity_handle); - if (NULL != gns_handle) - GNUNET_GNS_disconnect (gns_handle); - if (NULL != credential_handle) - GNUNET_CREDENTIAL_disconnect (credential_handle); - if (NULL != ns_it) - GNUNET_NAMESTORE_zone_iteration_stop (ns_it); - if (NULL != ns_qe) - GNUNET_NAMESTORE_cancel (ns_qe); - if (NULL != ns_handle) - GNUNET_NAMESTORE_disconnect (ns_handle); - if (NULL != token) - GNUNET_free (token); - if (NULL != label) - GNUNET_free (label); - -} - -/** - * Shutdown task - * - * @param cls NULL - * @param tc task context - */ -static void -do_shutdown (void *cls) -{ - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Shutting down...\n"); - cleanup(); -} - -/** - * Finished storing newly bootstrapped ABE key - */ -static void -bootstrap_store_cont (void *cls, - int32_t success, - const char *emsg) -{ - struct AbeBootstrapHandle *abh = cls; - if (GNUNET_SYSERR == success) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Failed to bootstrap ABE master %s\n", - emsg); - abh->proc (abh->proc_cls, NULL); - GNUNET_free (abh->abe_key); - GNUNET_free (abh); - return; - } - abh->proc (abh->proc_cls, abh->abe_key); - GNUNET_free (abh); -} - -/** - * Generates and stores a new ABE key - */ -static void -bootstrap_store_task (void *cls) -{ - struct AbeBootstrapHandle *abh = cls; - struct GNUNET_GNSRECORD_Data rd[1]; - - rd[0].data_size = GNUNET_CRYPTO_cpabe_serialize_master_key (abh->abe_key, - (void**)&rd[0].data); - rd[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_MASTER; - rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION | GNUNET_GNSRECORD_RF_PRIVATE; - rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane? - abh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, - &abh->identity, - "+", - 1, - rd, - &bootstrap_store_cont, - abh); -} - -/** - * Error checking for ABE master - */ -static void -bootstrap_abe_error (void *cls) -{ - struct AbeBootstrapHandle *abh = cls; - GNUNET_free (abh); - abh->proc (abh->proc_cls, NULL); - GNUNET_free (abh); -} - - -/** - * Handle ABE lookup in namestore - */ -static void -bootstrap_abe_result (void *cls, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, - const char *label, - unsigned int rd_count, - const struct GNUNET_GNSRECORD_Data *rd) -{ - struct AbeBootstrapHandle *abh = cls; - struct GNUNET_CRYPTO_AbeMasterKey *abe_key; - int i; - - for (i=0;iproc (abh->proc_cls, abe_key); - GNUNET_free (abh); - return; - } - - //No ABE master found, bootstrapping... - abh->abe_key = GNUNET_CRYPTO_cpabe_create_master_key (); - GNUNET_SCHEDULER_add_now (&bootstrap_store_task, abh); -} - -/** - * Bootstrap ABE master if it does not yet exists. - * Will call the AbeBootstrapResult processor when done. - */ -static void -bootstrap_abe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, - AbeBootstrapResult proc, - void* cls) -{ - struct AbeBootstrapHandle *abh; - - abh = GNUNET_new (struct AbeBootstrapHandle); - abh->proc = proc; - abh->proc_cls = cls; - abh->identity = *identity; - abh->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle, - identity, - "+", - &bootstrap_abe_error, - abh, - &bootstrap_abe_result, - abh); - -} - - - -static struct GNUNET_MQ_Envelope* -create_exchange_result_message (const char* token, - const char* label, - uint64_t ticket_nonce, - uint64_t id) -{ - struct GNUNET_MQ_Envelope *env; - struct ExchangeResultMessage *erm; - uint16_t token_len = strlen (token) + 1; - - env = GNUNET_MQ_msg_extra (erm, - token_len, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_EXCHANGE_RESULT); - erm->ticket_nonce = htonl (ticket_nonce); - erm->id = id; - GNUNET_memcpy (&erm[1], token, token_len); - return env; -} - - -static struct GNUNET_MQ_Envelope* -create_issue_result_message (const char* label, - const char* ticket, - const char* token, - uint64_t id) -{ - struct GNUNET_MQ_Envelope *env; - struct IssueResultMessage *irm; - char *tmp_str; - size_t len; - - GNUNET_asprintf (&tmp_str, "%s,%s,%s", label, ticket, token); - len = strlen (tmp_str) + 1; - env = GNUNET_MQ_msg_extra (irm, - len, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_RESULT); - irm->id = id; - GNUNET_memcpy (&irm[1], tmp_str, strlen (tmp_str) + 1); - GNUNET_free (tmp_str); - return env; -} - -static void -cleanup_issue_handle (struct IssueHandle *handle) -{ - if (NULL != handle->attr_map) - GNUNET_CONTAINER_multihashmap_destroy (handle->attr_map); - if (NULL != handle->scopes) - GNUNET_free (handle->scopes); - if (NULL != handle->token) - token_destroy (handle->token); - if (NULL != handle->ticket) - ticket_destroy (handle->ticket); - if (NULL != handle->label) - GNUNET_free (handle->label); - if (NULL != handle->ns_it) - GNUNET_NAMESTORE_zone_iteration_stop (handle->ns_it); - if (NULL != handle->credential_request) - GNUNET_CREDENTIAL_request_cancel (handle->credential_request); - GNUNET_free (handle); -} - -static void -store_record_issue_cont (void *cls, - int32_t success, - const char *emsg) -{ - struct IssueHandle *handle = cls; - struct GNUNET_MQ_Envelope *env; - char *ticket_str; - char *token_str; - - handle->ns_qe = NULL; - if (GNUNET_SYSERR == success) - { - cleanup_issue_handle (handle); - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", - "Unknown Error\n"); - GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); - return; - } - if (GNUNET_OK != ticket_serialize (handle->ticket, - &handle->iss_key, - &ticket_str)) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", - "Error serializing ticket\n"); - cleanup_issue_handle (handle); - GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); - return; - } - if (GNUNET_OK != token_to_string (handle->token, - &handle->iss_key, - &token_str)) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", - "Error serializing token\n"); - GNUNET_free (ticket_str); - cleanup_issue_handle (handle); - GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); - return; - } - env = create_issue_result_message (handle->label, - ticket_str, - token_str, - handle->r_id); - GNUNET_MQ_send (handle->client->mq, - env); - cleanup_issue_handle (handle); - GNUNET_free (ticket_str); - GNUNET_free (token_str); -} - -static int -create_sym_key_from_ecdh(const struct GNUNET_HashCode *new_key_hash, - struct GNUNET_CRYPTO_SymmetricSessionKey *skey, - struct GNUNET_CRYPTO_SymmetricInitializationVector *iv) -{ - struct GNUNET_CRYPTO_HashAsciiEncoded new_key_hash_str; - - GNUNET_CRYPTO_hash_to_enc (new_key_hash, - &new_key_hash_str); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Creating symmetric rsa key from %s\n", (char*)&new_key_hash_str); - static const char ctx_key[] = "gnuid-aes-ctx-key"; - GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey), - new_key_hash, sizeof (struct GNUNET_HashCode), - ctx_key, strlen (ctx_key), - NULL, 0); - static const char ctx_iv[] = "gnuid-aes-ctx-iv"; - GNUNET_CRYPTO_kdf (iv, sizeof (struct GNUNET_CRYPTO_SymmetricInitializationVector), - new_key_hash, sizeof (struct GNUNET_HashCode), - ctx_iv, strlen (ctx_iv), - NULL, 0); - return GNUNET_OK; -} - -int -serialize_abe_keyinfo (const struct IssueHandle *handle, - const struct GNUNET_CRYPTO_AbeKey *rp_key, - struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey, - char **result) -{ - char *enc_keyinfo; - char *serialized_key; - char *buf; - struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey; - ssize_t size; - - struct GNUNET_CRYPTO_SymmetricSessionKey skey; - struct GNUNET_CRYPTO_SymmetricInitializationVector iv; - struct GNUNET_HashCode new_key_hash; - ssize_t enc_size; - - size = GNUNET_CRYPTO_cpabe_serialize_key (rp_key, - (void**)&serialized_key); - buf = GNUNET_malloc (strlen (handle->scopes) + 1 + size); - GNUNET_memcpy (buf, - handle->scopes, - strlen (handle->scopes) + 1); - GNUNET_memcpy (buf + strlen (handle->scopes) + 1, - serialized_key, - size); - // ECDH keypair E = eG - *ecdh_privkey = GNUNET_CRYPTO_ecdhe_key_create(); - GNUNET_CRYPTO_ecdhe_key_get_public (*ecdh_privkey, - &ecdh_pubkey); - enc_keyinfo = GNUNET_malloc (size + strlen (handle->scopes) + 1); - // Derived key K = H(eB) - GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdh_ecdsa (*ecdh_privkey, - &handle->aud_key, - &new_key_hash)); - create_sym_key_from_ecdh(&new_key_hash, &skey, &iv); - enc_size = GNUNET_CRYPTO_symmetric_encrypt (buf, - size + strlen (handle->scopes) + 1, - &skey, &iv, - enc_keyinfo); - *result = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)+ - enc_size); - GNUNET_memcpy (*result, - &ecdh_pubkey, - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); - GNUNET_memcpy (*result + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey), - enc_keyinfo, - enc_size); - GNUNET_free (enc_keyinfo); - return sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)+enc_size; -} - -static void -cleanup_exchange_handle (struct ExchangeHandle *handle) -{ - if (NULL != handle->ticket) - ticket_destroy (handle->ticket); - if (NULL != handle->token) - token_destroy (handle->token); - GNUNET_free (handle); -} - - -/** - * Build a token and store it - * - * @param cls the IssueHandle - */ -static void -sign_and_return_token (void *cls) -{ - struct ExchangeHandle *handle = cls; - struct GNUNET_MQ_Envelope *env; - char *token_str; - uint64_t time; - uint64_t exp_time; - - time = GNUNET_TIME_absolute_get().abs_value_us; - exp_time = time + token_expiration_interval.rel_value_us; - - token_add_attr_int (handle->token, "nbf", time); - token_add_attr_int (handle->token, "iat", time); - token_add_attr_int (handle->token, "exp", exp_time); - - //Readable - GNUNET_assert (GNUNET_OK == token_to_string (handle->token, - &handle->aud_privkey, - &token_str)); - - env = create_exchange_result_message (token_str, - handle->label, - handle->ticket->payload->nonce, - handle->r_id); - GNUNET_MQ_send (handle->client->mq, - env); - cleanup_exchange_handle (handle); - GNUNET_free (token_str); - -} - -/** - * Build an ABE key and store it - * - * @param cls the IssueHandle - */ -static void -issue_ticket (void *cls) -{ - struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; - struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; - struct IssueHandle *handle = cls; - struct GNUNET_GNSRECORD_Data code_record[1]; - struct GNUNET_CRYPTO_AbeKey *rp_key; - char *nonce_str; - char *code_record_data; - char **attrs; - char *scope; - char *scopes_tmp; - int attrs_len; - int i; - uint64_t time; - uint64_t exp_time; - size_t code_record_len; - - //Remote nonce - nonce_str = NULL; - GNUNET_asprintf (&nonce_str, "%lu", handle->nonce); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Request nonce: %s\n", nonce_str); - - GNUNET_CRYPTO_ecdsa_key_get_public (&handle->iss_key, - &pub_key); - handle->ticket = ticket_create (handle->nonce, - &pub_key, - handle->label, - &handle->aud_key); - - time = GNUNET_TIME_absolute_get().abs_value_us; - exp_time = time + token_expiration_interval.rel_value_us; - - token_add_attr_int (handle->token, "nbf", time); - token_add_attr_int (handle->token, "iat", time); - token_add_attr_int (handle->token, "exp", exp_time); - token_add_attr (handle->token, "nonce", nonce_str); - - //Create new ABE key for RP - attrs_len = (GNUNET_CONTAINER_multihashmap_size (handle->attr_map) + 1) * sizeof (char*); - attrs = GNUNET_malloc (attrs_len); - i = 0; - scopes_tmp = GNUNET_strdup (handle->scopes); - for (scope = strtok (scopes_tmp, ","); NULL != scope; scope = strtok (NULL, ",")) { - attrs[i] = scope; - i++; - } - rp_key = GNUNET_CRYPTO_cpabe_create_key (handle->abe_key, - attrs); - code_record_len = serialize_abe_keyinfo (handle, - rp_key, - &ecdhe_privkey, - &code_record_data); - code_record[0].data = code_record_data; - code_record[0].data_size = code_record_len; - code_record[0].expiration_time = exp_time; - code_record[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_KEY; - code_record[0].flags = GNUNET_GNSRECORD_RF_NONE; - - - //Publish record - handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, - &handle->iss_key, - handle->label, - 1, - code_record, - &store_record_issue_cont, - handle); - GNUNET_free (ecdhe_privkey); - GNUNET_free (nonce_str); - GNUNET_free (code_record_data); -} - -/** - * Credential to JSON - * @param cred the credential - * @return the resulting json, NULL if failed - */ -static json_t* -credential_to_json (struct GNUNET_CREDENTIAL_Credential *cred) -{ - char *issuer; - char *subject; - char *signature; - char attribute[cred->issuer_attribute_len + 1]; - json_t *cred_obj; - - issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->issuer_key); - if (NULL == issuer) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Issuer in credential malformed\n"); - return NULL; - } - subject = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->subject_key); - if (NULL == subject) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Subject in credential malformed\n"); - GNUNET_free (issuer); - return NULL; - } - GNUNET_STRINGS_base64_encode ((char*)&cred->signature, - sizeof (struct GNUNET_CRYPTO_EcdsaSignature), - &signature); - memcpy (attribute, - cred->issuer_attribute, - cred->issuer_attribute_len); - attribute[cred->issuer_attribute_len] = '\0'; - cred_obj = json_object (); - json_object_set_new (cred_obj, "issuer", json_string (issuer)); - json_object_set_new (cred_obj, "subject", json_string (subject)); - json_object_set_new (cred_obj, "attribute", json_string (attribute)); - json_object_set_new (cred_obj, "signature", json_string (signature)); - json_object_set_new (cred_obj, "expiration", json_integer (cred->expiration.abs_value_us)); - GNUNET_free (issuer); - GNUNET_free (subject); - GNUNET_free (signature); - return cred_obj; -} - - -static void -handle_vattr_collection (void* cls, - unsigned int d_count, - struct GNUNET_CREDENTIAL_Delegation *dc, - unsigned int c_count, - struct GNUNET_CREDENTIAL_Credential *cred) -{ - struct IssueHandle *handle = cls; - struct VerifiedAttributeEntry *vattr; - json_t *cred_json; - json_t *cred_array; - int i; - handle->credential_request = NULL; - - if (NULL == cred) - { - GNUNET_SCHEDULER_add_now (&issue_ticket, handle); - return; - } - cred_array = json_array(); - for (i=0;itoken, - handle->v_attr_head->name, - cred_array); - } - json_decref (cred_array); - vattr = handle->v_attr_head; - - GNUNET_CONTAINER_DLL_remove (handle->v_attr_head, - handle->v_attr_tail, - vattr); - GNUNET_free (vattr->name); - GNUNET_free (vattr); - - if (NULL == handle->v_attr_head) - { - GNUNET_SCHEDULER_add_now (&issue_ticket, handle); - return; - } - handle->credential_request = GNUNET_CREDENTIAL_collect (credential_handle, - &handle->aud_key, - handle->v_attr_head->name, - &handle->iss_key, - &handle_vattr_collection, - handle); - -} - - -static void -attr_collect_error (void *cls) -{ - struct IssueHandle *handle = cls; - - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Adding attribute Error!\n"); - handle->ns_it = NULL; - GNUNET_SCHEDULER_add_now (&issue_ticket, handle); -} - - -static void -attr_collect_finished (void *cls) -{ - struct IssueHandle *handle = cls; - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute END: \n"); - handle->ns_it = NULL; - - if (NULL == handle->v_attr_head) - { - GNUNET_SCHEDULER_add_now (&issue_ticket, handle); - return; - } - handle->credential_request = GNUNET_CREDENTIAL_collect (credential_handle, - &handle->aud_key, - handle->v_attr_head->name, - &handle->iss_key, - &handle_vattr_collection, - handle); -} - -/** - * Collect attributes for token - */ -static void -attr_collect (void *cls, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, - const char *label, - unsigned int rd_count, - const struct GNUNET_GNSRECORD_Data *rd) -{ - struct IssueHandle *handle = cls; - int i; - char* data; - struct GNUNET_HashCode key; - - GNUNET_CRYPTO_hash (label, - strlen (label), - &key); - - if (0 == rd_count || - ( (NULL != handle->attr_map) && - (GNUNET_YES != GNUNET_CONTAINER_multihashmap_contains (handle->attr_map, - &key)) - ) - ) - { - GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); - return; - } - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute: %s\n", label); - - if (1 == rd_count) - { - if (rd->record_type == GNUNET_GNSRECORD_TYPE_ID_ATTR) - { - data = GNUNET_GNSRECORD_value_to_string (rd->record_type, - rd->data, - rd->data_size); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding value: %s\n", data); - token_add_attr (handle->token, - label, - data); - GNUNET_free (data); - } - GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); - return; - } - - i = 0; - for (; i < rd_count; i++) - { - if (rd->record_type == GNUNET_GNSRECORD_TYPE_ID_ATTR) - { - data = GNUNET_GNSRECORD_value_to_string (rd[i].record_type, - rd[i].data, - rd[i].data_size); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding value: %s\n", data); - token_add_attr (handle->token, label, data); - GNUNET_free (data); - } - } - - GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); -} - -static void -process_parallel_lookup (void *cls, uint32_t rd_count, - const struct GNUNET_GNSRECORD_Data *rd) -{ - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Parallel lookup finished (count=%u)\n", rd_count); - struct ParallelLookup *parallel_lookup = cls; - struct ExchangeHandle *handle = parallel_lookup->handle; - char *data; - int i; - - GNUNET_CONTAINER_DLL_remove (handle->parallel_lookups_head, - handle->parallel_lookups_tail, - parallel_lookup); - GNUNET_free (parallel_lookup); - if (1 == rd_count) - { - if (rd->record_type == GNUNET_GNSRECORD_TYPE_ID_ATTR) - { - GNUNET_CRYPTO_cpabe_decrypt (rd->data, - rd->data_size, - handle->key, - (void**)&data); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding value: %s\n", data); - token_add_attr (handle->token, - parallel_lookup->label, - data); - GNUNET_free (data); - } - } else { - i = 0; - for (; i < rd_count; i++) - { - if (rd[i].record_type == GNUNET_GNSRECORD_TYPE_ID_ATTR) - { - data = GNUNET_GNSRECORD_value_to_string (rd[i].record_type, - rd[i].data, - rd[i].data_size); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding value: %s\n", data); - token_add_attr (handle->token, parallel_lookup->label, data); - GNUNET_free (data); - } - } - } - if (NULL != handle->parallel_lookups_head) - return; //Wait for more - //Else we are done - GNUNET_SCHEDULER_cancel (handle->kill_task); - GNUNET_SCHEDULER_add_now (&sign_and_return_token, handle); -} - -void -abort_parallel_lookups (void *cls) -{ - struct ExchangeHandle *handle = cls; - struct ParallelLookup *lu; - struct ParallelLookup *tmp; - - for (lu = handle->parallel_lookups_head; - NULL != lu;) { - GNUNET_GNS_lookup_cancel (lu->lookup_request); - GNUNET_free (lu->label); - tmp = lu->next; - GNUNET_CONTAINER_DLL_remove (handle->parallel_lookups_head, - handle->parallel_lookups_tail, - lu); - GNUNET_free (lu); - lu = tmp; - } - GNUNET_SCHEDULER_add_now (&sign_and_return_token, handle); - -} - -static void -process_lookup_result (void *cls, uint32_t rd_count, - const struct GNUNET_GNSRECORD_Data *rd) -{ - struct ExchangeHandle *handle = cls; - struct GNUNET_HashCode new_key_hash; - struct GNUNET_CRYPTO_SymmetricSessionKey enc_key; - struct GNUNET_CRYPTO_SymmetricInitializationVector enc_iv; - struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_key; - struct ParallelLookup *parallel_lookup; - size_t size; - char *buf; - char *scope; - char *lookup_query; - - handle->lookup_request = NULL; - if (1 != rd_count) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Number of keys %d != 1.", - rd_count); - cleanup_exchange_handle (handle); - GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); - return; - } - - //Decrypt - ecdh_key = (struct GNUNET_CRYPTO_EcdhePublicKey *)rd->data; - - buf = GNUNET_malloc (rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); - - //Calculate symmetric key from ecdh parameters - GNUNET_assert (GNUNET_OK == - GNUNET_CRYPTO_ecdsa_ecdh (&handle->aud_privkey, - ecdh_key, - &new_key_hash)); - create_sym_key_from_ecdh (&new_key_hash, - &enc_key, - &enc_iv); - size = GNUNET_CRYPTO_symmetric_decrypt (rd->data + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey), - rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey), - &enc_key, - &enc_iv, - buf); + */ + struct GNUNET_IDENTITY_Ego *ego; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Decrypted bytes: %zd Expected bytes: %zd\n", - size, rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); + /** + * Attribute map. Contains the attributes as json_t + */ + struct GNUNET_CONTAINER_MultiHashMap *attr_map; - scopes = GNUNET_strdup (buf); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Scopes %s\n", scopes); - handle->key = GNUNET_CRYPTO_cpabe_deserialize_key ((void*)(buf + strlen (scopes) + 1), - rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) - - strlen (scopes) - 1); +}; - for (scope = strtok (scopes, ","); NULL != scope; scope = strtok (NULL, ",")) +/** + * Cleanup task + */ +static void +cleanup() +{ + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Cleaning up\n"); + if (NULL != stats) { - GNUNET_asprintf (&lookup_query, - "%s.gnu", - scope); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Looking up %s\n", lookup_query); - parallel_lookup = GNUNET_new (struct ParallelLookup); - parallel_lookup->handle = handle; - parallel_lookup->label = GNUNET_strdup (scope); - parallel_lookup->lookup_request - = GNUNET_GNS_lookup (gns_handle, - lookup_query, - &handle->ticket->payload->identity_key, - GNUNET_GNSRECORD_TYPE_ID_ATTR, - GNUNET_GNS_LO_LOCAL_MASTER, - &process_parallel_lookup, - parallel_lookup); - GNUNET_CONTAINER_DLL_insert (handle->parallel_lookups_head, - handle->parallel_lookups_tail, - parallel_lookup); + GNUNET_STATISTICS_destroy (stats, GNUNET_NO); + stats = NULL; } - handle->kill_task = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_MINUTES,3), - &abort_parallel_lookups, - handle); + GNUNET_break (NULL == GNUNET_PLUGIN_unload (db_lib_name, + TKT_database)); + GNUNET_free (db_lib_name); + db_lib_name = NULL; + if (NULL != timeout_task) + GNUNET_SCHEDULER_cancel (timeout_task); + if (NULL != update_task) + GNUNET_SCHEDULER_cancel (update_task); + if (NULL != identity_handle) + GNUNET_IDENTITY_disconnect (identity_handle); + if (NULL != gns_handle) + GNUNET_GNS_disconnect (gns_handle); + if (NULL != credential_handle) + GNUNET_CREDENTIAL_disconnect (credential_handle); + if (NULL != ns_it) + GNUNET_NAMESTORE_zone_iteration_stop (ns_it); + if (NULL != ns_qe) + GNUNET_NAMESTORE_cancel (ns_qe); + if (NULL != ns_handle) + GNUNET_NAMESTORE_disconnect (ns_handle); + if (NULL != token) + GNUNET_free (token); + if (NULL != label) + GNUNET_free (label); + } /** - * Checks a exchange message + * Shutdown task * - * @param cls client sending the message - * @param xm message of type `struct ExchangeMessage` - * @return #GNUNET_OK if @a xm is well-formed + * @param cls NULL + * @param tc task context */ -static int -check_exchange_message (void *cls, - const struct ExchangeMessage *xm) +static void +do_shutdown (void *cls) { - uint16_t size; - - size = ntohs (xm->header.size); - if (size <= sizeof (struct ExchangeMessage)) - { - GNUNET_break (0); - return GNUNET_SYSERR; - } - return GNUNET_OK; + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Shutting down...\n"); + cleanup(); } /** - * - * Handler for exchange message - * - * @param cls unused - * @param client who sent the message - * @param message the message + * Finished storing newly bootstrapped ABE key */ static void -handle_exchange_message (void *cls, - const struct ExchangeMessage *xm) +bootstrap_store_cont (void *cls, + int32_t success, + const char *emsg) { - struct ExchangeHandle *xchange_handle; - struct IdpClient *idp = cls; - const char *ticket; - char *lookup_query; - - ticket = (const char *) &xm[1]; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Received EXCHANGE of `%s' from client\n", - ticket); - xchange_handle = GNUNET_malloc (sizeof (struct ExchangeHandle)); - xchange_handle->aud_privkey = xm->aud_privkey; - xchange_handle->r_id = xm->id; - if (GNUNET_SYSERR == ticket_parse (ticket, - &xchange_handle->aud_privkey, - &xchange_handle->ticket)) + struct AbeBootstrapHandle *abh = cls; + if (GNUNET_SYSERR == success) { - GNUNET_free (xchange_handle); - GNUNET_SERVICE_client_drop (idp->client); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to bootstrap ABE master %s\n", + emsg); + abh->proc (abh->proc_cls, NULL); + GNUNET_free (abh->abe_key); + GNUNET_free (abh); return; } - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Looking for ABE key under %s\n", - xchange_handle->ticket->payload->label); - GNUNET_asprintf (&lookup_query, - "%s.gnu", - xchange_handle->ticket->payload->label); - GNUNET_SERVICE_client_continue (idp->client); - xchange_handle->client = idp; - xchange_handle->token = token_create (&xchange_handle->ticket->payload->identity_key, - &xchange_handle->ticket->payload->identity_key); - xchange_handle->lookup_request - = GNUNET_GNS_lookup (gns_handle, - lookup_query, - &xchange_handle->ticket->payload->identity_key, - GNUNET_GNSRECORD_TYPE_ABE_KEY, - GNUNET_GNS_LO_LOCAL_MASTER, - &process_lookup_result, - xchange_handle); - GNUNET_free (lookup_query); - + abh->proc (abh->proc_cls, abh->abe_key); + GNUNET_free (abh); } -void -attr_collect_task (void *cls) +/** + * Generates and stores a new ABE key + */ +static void +bootstrap_store_task (void *cls) { - struct IssueHandle *issue_handle = cls; - - issue_handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, - &issue_handle->iss_key, - &attr_collect_error, - issue_handle, - &attr_collect, - issue_handle, - &attr_collect_finished, - issue_handle); + struct AbeBootstrapHandle *abh = cls; + struct GNUNET_GNSRECORD_Data rd[1]; + + rd[0].data_size = GNUNET_CRYPTO_cpabe_serialize_master_key (abh->abe_key, + (void**)&rd[0].data); + rd[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_MASTER; + rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION | GNUNET_GNSRECORD_RF_PRIVATE; + rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane? + abh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, + &abh->identity, + "+", + 1, + rd, + &bootstrap_store_cont, + abh); } -void -abe_key_lookup_error (void *cls) +/** + * Error checking for ABE master + */ +static void +bootstrap_abe_error (void *cls) { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Error looking for ABE master!\n"); - GNUNET_SCHEDULER_add_now (&do_shutdown, cls); + struct AbeBootstrapHandle *abh = cls; + GNUNET_free (abh); + abh->proc (abh->proc_cls, NULL); + GNUNET_free (abh); } -void -abe_key_lookup_result (void *cls, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, - const char *label, - unsigned int rd_count, - const struct GNUNET_GNSRECORD_Data *rd) + +/** + * Handle ABE lookup in namestore + */ +static void +bootstrap_abe_result (void *cls, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, + const char *label, + unsigned int rd_count, + const struct GNUNET_GNSRECORD_Data *rd) { - struct IssueHandle *handle = cls; + struct AbeBootstrapHandle *abh = cls; + struct GNUNET_CRYPTO_AbeMasterKey *abe_key; int i; for (i=0;iabe_key = GNUNET_CRYPTO_cpabe_deserialize_master_key ((void**)rd[i].data, - rd[i].data_size); - GNUNET_SCHEDULER_add_now (&attr_collect_task, handle); + abe_key = GNUNET_CRYPTO_cpabe_deserialize_master_key ((void**)rd[i].data, + rd[i].data_size); + abh->proc (abh->proc_cls, abe_key); + GNUNET_free (abh); return; } - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "No ABE master found!\n"); - GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); - -} - - -/** - * Checks an issue message - * - * @param cls client sending the message - * @param im message of type `struct IssueMessage` - * @return #GNUNET_OK if @a im is well-formed - */ -static int -check_issue_message(void *cls, - const struct IssueMessage *im) -{ - uint16_t size; - size = ntohs (im->header.size); - if (size <= sizeof (struct IssueMessage)) - { - GNUNET_break (0); - return GNUNET_SYSERR; - } - scopes = (char *) &im[1]; - if ('\0' != scopes[size - sizeof (struct IssueMessage) - 1]) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Malformed scopes received!\n"); - GNUNET_break (0); - return GNUNET_SYSERR; - } - return GNUNET_OK; + //No ABE master found, bootstrapping... + abh->abe_key = GNUNET_CRYPTO_cpabe_create_master_key (); + GNUNET_SCHEDULER_add_now (&bootstrap_store_task, abh); } - /** - * - * Handler for issue message - * - * @param cls unused - * @param client who sent the message - * @param message the message + * Bootstrap ABE master if it does not yet exists. + * Will call the AbeBootstrapResult processor when done. */ static void -handle_issue_message (void *cls, - const struct IssueMessage *im) +bootstrap_abe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, + AbeBootstrapResult proc, + void* cls) { - const char *scopes; - char *scopes_tmp; - char *scope; - uint64_t rnd_key; - struct GNUNET_HashCode key; - struct IssueHandle *issue_handle; - struct IdpClient *idp = cls; + struct AbeBootstrapHandle *abh; - scopes = (const char *) &im[1]; - //v_attrs = (const char *) &im[1] + ntohl(im->scope_len); - issue_handle = GNUNET_malloc (sizeof (struct IssueHandle)); - issue_handle->attr_map = GNUNET_CONTAINER_multihashmap_create (5, - GNUNET_NO); - scopes_tmp = GNUNET_strdup (scopes); + abh = GNUNET_new (struct AbeBootstrapHandle); + abh->proc = proc; + abh->proc_cls = cls; + abh->identity = *identity; + abh->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle, + identity, + "+", + &bootstrap_abe_error, + abh, + &bootstrap_abe_result, + abh); - for (scope = strtok (scopes_tmp, ","); NULL != scope; scope = strtok (NULL, ",")) - { - GNUNET_CRYPTO_hash (scope, - strlen (scope), - &key); - GNUNET_CONTAINER_multihashmap_put (issue_handle->attr_map, - &key, - scope, - GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); - } - GNUNET_free (scopes_tmp); - /*scopes_tmp = GNUNET_strdup (v_attrs); +} - for (scope = strtok (scopes_tmp, ","); NULL != scope; scope = strtok (NULL, ",")) - { - vattr_entry = GNUNET_new (struct VerifiedAttributeEntry); - vattr_entry->name = GNUNET_strdup (scope); - GNUNET_CONTAINER_DLL_insert (issue_handle->v_attr_head, - issue_handle->v_attr_tail, - vattr_entry); - } - GNUNET_free (scopes_tmp);*/ +static int +create_sym_key_from_ecdh(const struct GNUNET_HashCode *new_key_hash, + struct GNUNET_CRYPTO_SymmetricSessionKey *skey, + struct GNUNET_CRYPTO_SymmetricInitializationVector *iv) +{ + struct GNUNET_CRYPTO_HashAsciiEncoded new_key_hash_str; - issue_handle->r_id = im->id; - issue_handle->aud_key = im->aud_key; - issue_handle->iss_key = im->iss_key; - GNUNET_CRYPTO_ecdsa_key_get_public (&im->iss_key, - &issue_handle->iss_pkey); - issue_handle->expiration = GNUNET_TIME_absolute_ntoh (im->expiration); - issue_handle->nonce = ntohl (im->nonce); - GNUNET_SERVICE_client_continue (idp->client); - issue_handle->client = idp; - issue_handle->scopes = GNUNET_strdup (scopes); - issue_handle->token = token_create (&issue_handle->iss_pkey, - &issue_handle->aud_key); - rnd_key = - GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG, - UINT64_MAX); - GNUNET_STRINGS_base64_encode ((char*)&rnd_key, - sizeof (uint64_t), - &issue_handle->label); - issue_handle->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle, - &issue_handle->iss_key, - "+", - &abe_key_lookup_error, - issue_handle, - &abe_key_lookup_result, - issue_handle); + GNUNET_CRYPTO_hash_to_enc (new_key_hash, + &new_key_hash_str); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Creating symmetric rsa key from %s\n", (char*)&new_key_hash_str); + static const char ctx_key[] = "gnuid-aes-ctx-key"; + GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey), + new_key_hash, sizeof (struct GNUNET_HashCode), + ctx_key, strlen (ctx_key), + NULL, 0); + static const char ctx_iv[] = "gnuid-aes-ctx-iv"; + GNUNET_CRYPTO_kdf (iv, sizeof (struct GNUNET_CRYPTO_SymmetricInitializationVector), + new_key_hash, sizeof (struct GNUNET_HashCode), + ctx_iv, strlen (ctx_iv), + NULL, 0); + return GNUNET_OK; } static void @@ -1765,11 +714,11 @@ cleanup_ticket_issue_handle (struct TicketIssueHandle *handle) static void send_ticket_result (struct IdpClient *client, uint32_t r_id, - const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket) + const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket) { struct TicketResultMessage *irm; struct GNUNET_MQ_Envelope *env; - struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket_buf; + struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket_buf; /* store ticket in DB */ if (GNUNET_OK != TKT_database->store_ticket (TKT_database->cls, @@ -1781,9 +730,9 @@ send_ticket_result (struct IdpClient *client, } env = GNUNET_MQ_msg_extra (irm, - sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket2), + sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket), GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT); - ticket_buf = (struct GNUNET_IDENTITY_PROVIDER_Ticket2 *)&irm[1]; + ticket_buf = (struct GNUNET_IDENTITY_PROVIDER_Ticket *)&irm[1]; *ticket_buf = *ticket; irm->id = htonl (r_id); GNUNET_MQ_send (client->mq, @@ -2043,7 +992,7 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count, { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parallel lookup finished (count=%u)\n", rd_count); - struct ParallelLookup2 *parallel_lookup = cls; + struct ParallelLookup *parallel_lookup = cls; struct ConsumeTicketHandle *handle = parallel_lookup->handle; struct ConsumeTicketResultMessage *crm; struct GNUNET_MQ_Envelope *env; @@ -2105,8 +1054,8 @@ void abort_parallel_lookups2 (void *cls) { struct ConsumeTicketHandle *handle = cls; - struct ParallelLookup2 *lu; - struct ParallelLookup2 *tmp; + struct ParallelLookup *lu; + struct ParallelLookup *tmp; struct AttributeResultMessage *arm; struct GNUNET_MQ_Envelope *env; @@ -2147,7 +1096,7 @@ process_consume_abe_key (void *cls, uint32_t rd_count, struct GNUNET_CRYPTO_SymmetricSessionKey enc_key; struct GNUNET_CRYPTO_SymmetricInitializationVector enc_iv; struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_key; - struct ParallelLookup2 *parallel_lookup; + struct ParallelLookup *parallel_lookup; size_t size; char *buf; char *scope; @@ -2201,7 +1150,7 @@ process_consume_abe_key (void *cls, uint32_t rd_count, scope); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Looking up %s\n", lookup_query); - parallel_lookup = GNUNET_new (struct ParallelLookup2); + parallel_lookup = GNUNET_new (struct ParallelLookup); parallel_lookup->handle = handle; parallel_lookup->label = GNUNET_strdup (scope); parallel_lookup->lookup_request @@ -2247,7 +1196,7 @@ handle_consume_ticket_message (void *cls, ch->attrs = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList); GNUNET_CRYPTO_ecdsa_key_get_public (&ch->identity, &ch->identity_pub); - ch->ticket = *((struct GNUNET_IDENTITY_PROVIDER_Ticket2*)&cm[1]); + ch->ticket = *((struct GNUNET_IDENTITY_PROVIDER_Ticket*)&cm[1]); rnd_label = GNUNET_STRINGS_data_to_string_alloc (&ch->ticket.rnd, sizeof (uint64_t)); GNUNET_asprintf (&lookup_query, @@ -2660,7 +1609,7 @@ struct TicketIterationProcResult */ static void ticket_iterate_proc (void *cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket) + const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket) { struct TicketIterationProcResult *proc = cls; @@ -2973,14 +1922,6 @@ GNUNET_SERVICE_MAIN &client_connect_cb, &client_disconnect_cb, NULL, - GNUNET_MQ_hd_var_size (issue_message, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE, - struct IssueMessage, - NULL), - GNUNET_MQ_hd_var_size (exchange_message, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_EXCHANGE, - struct ExchangeMessage, - NULL), GNUNET_MQ_hd_var_size (attribute_store_message, GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE, struct AttributeStoreMessage, diff --git a/src/identity-provider/identity_provider.h b/src/identity-provider/identity_provider.h index 96bed18f4..9361854ad 100644 --- a/src/identity-provider/identity_provider.h +++ b/src/identity-provider/identity_provider.h @@ -33,146 +33,6 @@ GNUNET_NETWORK_STRUCT_BEGIN -/** - * The token - */ -struct GNUNET_IDENTITY_PROVIDER_Token -{ - /** - * The JWT representation of the identity token - */ - char *data; -}; - -/** - * The ticket DEPRECATED - */ -struct GNUNET_IDENTITY_PROVIDER_Ticket -{ - /** - * The Base64 representation of the ticket - */ - char *data; -}; - -/** - * Answer from service to client after issue operation - */ -struct IssueResultMessage -{ - /** - * Type: #GNUNET_MESSAGE_TYPE_IDENTITY_RESULT_CODE - */ - struct GNUNET_MessageHeader header; - - /** - * Unique identifier for this request (for key collisions). - */ - uint32_t id GNUNET_PACKED; - - /* followed by 0-terminated label,ticket,token */ - -}; - - -/** - * Ticket exchange message. - */ -struct ExchangeResultMessage -{ - /** - * Type: #GNUNET_MESSAGE_TYPE_IDENTITY_UPDATE - */ - struct GNUNET_MessageHeader header; - - /** - * Unique identifier for this request (for key collisions). - */ - uint32_t id GNUNET_PACKED; - - /** - * Nonce found in ticket. NBO - * 0 on error. - */ - uint64_t ticket_nonce GNUNET_PACKED; - - /* followed by 0-terminated token */ - -}; - - - -/** - * Client requests IdP to issue token. - */ -struct IssueMessage -{ - /** - * Type: #GNUNET_MESSAGE_TYPE_IDENTITY_GET_DEFAULT - */ - struct GNUNET_MessageHeader header; - - /** - * Unique identifier for this request (for key collisions). - */ - uint32_t id GNUNET_PACKED; - - - /** - * Issuer identity private key - */ - struct GNUNET_CRYPTO_EcdsaPrivateKey iss_key; - - /** - * Audience public key - */ - struct GNUNET_CRYPTO_EcdsaPublicKey aud_key; - - /** - * Nonce - */ - uint64_t nonce; - - /** - * Length of scopes - */ - uint64_t scope_len; - - /** - * Expiration of token in NBO. - */ - struct GNUNET_TIME_AbsoluteNBO expiration; - - - /* followed by 0-terminated comma-separated scope list */ - -}; - - -/** - * Use to exchange a ticket for a token - */ -struct ExchangeMessage -{ - /** - * Type: #GNUNET_MESSAGE_TYPE_IDENTITY_SET_DEFAULT - */ - struct GNUNET_MessageHeader header; - - /** - * Unique identifier for this request (for key collisions). - */ - uint32_t id GNUNET_PACKED; - - /** - * Audience identity private key - */ - struct GNUNET_CRYPTO_EcdsaPrivateKey aud_privkey; - - /* followed by 0-terminated ticket string */ - -}; - /** * Use to store an identity attribute */ diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c index 6ef1d470e..d623eaf3b 100644 --- a/src/identity-provider/identity_provider_api.c +++ b/src/identity-provider/identity_provider_api.c @@ -63,18 +63,6 @@ struct GNUNET_IDENTITY_PROVIDER_Operation */ const struct GNUNET_MessageHeader *msg; - /** - * Continuation to invoke with the result of the transmission; @e cb - * will be NULL in this case. - */ - GNUNET_IDENTITY_PROVIDER_ExchangeCallback ex_cb; - - /** - * Continuation to invoke with the result of the transmission for - * 'issue' operations (@e cont will be NULL in this case). - */ - GNUNET_IDENTITY_PROVIDER_IssueCallback iss_cb; - /** * Continuation to invoke after attribute store call */ @@ -403,151 +391,6 @@ mq_error_handler (void *cls, force_reconnect (handle); } -/** - * Check validity of message received from the service - * - * @param cls the `struct GNUNET_IDENTITY_PROVIDER_Handle *` - * @param result_msg the incoming message - */ -static int -check_exchange_result (void *cls, - const struct ExchangeResultMessage *erm) -{ - char *str; - size_t size = ntohs (erm->header.size); - - - str = (char *) &erm[0]; - if ( (size > sizeof (struct ExchangeResultMessage)) && - ('\0' != str[size - 1]) ) - { - GNUNET_break (0); - return GNUNET_SYSERR; - } - return GNUNET_OK; -} - - -/** - * Check validity of message received from the service - * - * @param cls the `struct GNUNET_IDENTITY_PROVIDER_Handle *` - * @param result_msg the incoming message - */ -static int -check_result (void *cls, - const struct IssueResultMessage *irm) -{ - char *str; - size_t size = ntohs (irm->header.size); - str = (char*) &irm[0]; - if ( (size > sizeof (struct IssueResultMessage)) && - ('\0' != str[size - 1]) ) - { - GNUNET_break (0); - return GNUNET_SYSERR; - } - return GNUNET_OK; -} - -/** - * Handler for messages received from the GNS service - * - * @param cls the `struct GNUNET_GNS_Handle *` - * @param loookup_msg the incoming message - */ -static void -handle_exchange_result (void *cls, - const struct ExchangeResultMessage *erm) -{ - struct GNUNET_IDENTITY_PROVIDER_Handle *handle = cls; - struct GNUNET_IDENTITY_PROVIDER_Operation *op; - struct GNUNET_IDENTITY_PROVIDER_Token token; - uint64_t ticket_nonce; - uint32_t r_id = ntohl (erm->id); - char *str; - - for (op = handle->op_head; NULL != op; op = op->next) - if (op->r_id == r_id) - break; - if (NULL == op) - return; - str = GNUNET_strdup ((char*)&erm[1]); - op = handle->op_head; - GNUNET_CONTAINER_DLL_remove (handle->op_head, - handle->op_tail, - op); - token.data = str; - ticket_nonce = ntohl (erm->ticket_nonce); - if (NULL != op->ex_cb) - op->ex_cb (op->cls, &token, ticket_nonce); - GNUNET_free (str); - GNUNET_free (op); - -} - -/** - * Handler for messages received from the GNS service - * - * @param cls the `struct GNUNET_GNS_Handle *` - * @param loookup_msg the incoming message - */ -static void -handle_result (void *cls, - const struct IssueResultMessage *irm) -{ - struct GNUNET_IDENTITY_PROVIDER_Handle *handle = cls; - struct GNUNET_IDENTITY_PROVIDER_Operation *op; - struct GNUNET_IDENTITY_PROVIDER_Token token; - struct GNUNET_IDENTITY_PROVIDER_Ticket ticket; - uint32_t r_id = ntohl (irm->id); - char *str; - char *label_str; - char *ticket_str; - char *token_str; - - for (op = handle->op_head; NULL != op; op = op->next) - if (op->r_id == r_id) - break; - if (NULL == op) - return; - str = GNUNET_strdup ((char*)&irm[1]); - label_str = strtok (str, ","); - - if (NULL == label_str) - { - GNUNET_free (str); - GNUNET_break (0); - return; - } - ticket_str = strtok (NULL, ","); - if (NULL == ticket_str) - { - GNUNET_free (str); - GNUNET_break (0); - return; - } - token_str = strtok (NULL, ","); - if (NULL == token_str) - { - GNUNET_free (str); - GNUNET_break (0); - return; - } - GNUNET_CONTAINER_DLL_remove (handle->op_head, - handle->op_tail, - op); - ticket.data = ticket_str; - token.data = token_str; - if (NULL != op->iss_cb) - op->iss_cb (op->cls, label_str, &ticket, &token); - GNUNET_free (str); - GNUNET_free (op); - -} - - - /** * Handle an incoming message of type * #GNUNET_MESSAGE_TYPE_NAMESTORE_RECORD_STORE_RESPONSE @@ -824,7 +667,7 @@ handle_ticket_result (void *cls, struct GNUNET_IDENTITY_PROVIDER_Handle *handle = cls; struct GNUNET_IDENTITY_PROVIDER_Operation *op; struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it; - const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket; + const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket; uint32_t r_id = ntohl (msg->id); size_t msg_len; @@ -847,7 +690,7 @@ handle_ticket_result (void *cls, if (NULL != op->tr_cb) op->tr_cb (op->cls, NULL); } else { - ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket2 *)&msg[1]; + ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket *)&msg[1]; if (NULL != op->tr_cb) op->tr_cb (op->cls, ticket); } @@ -863,7 +706,7 @@ handle_ticket_result (void *cls, it->finish_cb (it->finish_cb_cls); } else { - ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket2 *)&msg[1]; + ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket *)&msg[1]; if (NULL != it->tr_cb) it->tr_cb (it->cls, ticket); } @@ -888,14 +731,6 @@ reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h) GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE, struct AttributeStoreResponseMessage, h), - GNUNET_MQ_hd_var_size (result, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_RESULT, - struct IssueResultMessage, - h), - GNUNET_MQ_hd_var_size (exchange_result, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_EXCHANGE_RESULT, - struct ExchangeResultMessage, - h), GNUNET_MQ_hd_var_size (attribute_result, GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT, struct AttributeResultMessage, @@ -952,117 +787,6 @@ GNUNET_IDENTITY_PROVIDER_connect (const struct GNUNET_CONFIGURATION_Handle *cfg) } -/** - * Issue an identity token - * - * @param id identity service to query - * @param service_name for which service is an identity wanted - * @param cb function to call with the result (will only be called once) - * @param cb_cls closure for @a cb - * @return handle to abort the operation - */ -struct GNUNET_IDENTITY_PROVIDER_Operation * -GNUNET_IDENTITY_PROVIDER_issue_token (struct GNUNET_IDENTITY_PROVIDER_Handle *id, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss_key, - const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, - const char* scopes, - const char* vattr, - struct GNUNET_TIME_Absolute expiration, - uint64_t nonce, - GNUNET_IDENTITY_PROVIDER_IssueCallback cb, - void *cb_cls) -{ - struct GNUNET_IDENTITY_PROVIDER_Operation *op; - struct IssueMessage *im; - size_t slen; - - slen = strlen (scopes) + 1; - if (NULL != vattr) - slen += strlen (vattr) + 1; - if (slen >= GNUNET_MAX_MESSAGE_SIZE - sizeof (struct IssueMessage)) - { - GNUNET_break (0); - return NULL; - } - op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation); - op->h = id; - op->iss_cb = cb; - op->cls = cb_cls; - op->r_id = id->r_id_gen++; - op->env = GNUNET_MQ_msg_extra (im, - slen, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE); - im->id = op->r_id; - im->iss_key = *iss_key; - im->aud_key = *aud_key; - im->scope_len = htonl (strlen(scopes)+1); - im->nonce = htonl (nonce); - im->expiration = GNUNET_TIME_absolute_hton (expiration); - GNUNET_memcpy (&im[1], scopes, strlen(scopes)); - if (NULL != vattr) - GNUNET_memcpy ((char*)&im[1]+strlen(scopes)+1, vattr, strlen(vattr)); - GNUNET_CONTAINER_DLL_insert_tail (id->op_head, - id->op_tail, - op); - if (NULL != id->mq) - GNUNET_MQ_send_copy (id->mq, - op->env); - return op; -} - - -/** - * Exchange a token ticket for a token - * - * @param id identity provider service - * @param ticket ticket to exchange - * @param cont function to call once the operation finished - * @param cont_cls closure for @a cont - * @return handle to abort the operation - */ -struct GNUNET_IDENTITY_PROVIDER_Operation * -GNUNET_IDENTITY_PROVIDER_exchange_ticket (struct GNUNET_IDENTITY_PROVIDER_Handle *id, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *aud_privkey, - GNUNET_IDENTITY_PROVIDER_ExchangeCallback cont, - void *cont_cls) -{ - struct GNUNET_IDENTITY_PROVIDER_Operation *op; - struct ExchangeMessage *em; - size_t slen; - char *ticket_str; - - ticket_str = GNUNET_IDENTITY_PROVIDER_ticket_to_string (ticket); - - slen = strlen (ticket_str) + 1; - if (slen >= GNUNET_MAX_MESSAGE_SIZE - sizeof (struct ExchangeMessage)) - { - GNUNET_free (ticket_str); - GNUNET_break (0); - return NULL; - } - op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation); - op->h = id; - op->ex_cb = cont; - op->cls = cont_cls; - op->r_id = id->r_id_gen++; - op->env = GNUNET_MQ_msg_extra (em, - slen, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_EXCHANGE); - em->aud_privkey = *aud_privkey; - em->id = htonl (op->r_id); - GNUNET_memcpy (&em[1], ticket_str, slen); - GNUNET_free (ticket_str); - GNUNET_CONTAINER_DLL_insert_tail (id->op_head, - id->op_tail, - op); - if (NULL != id->mq) - GNUNET_MQ_send_copy (id->mq, - op->env); - return op; -} - - /** * Cancel an operation. Note that the operation MAY still * be executed; this merely cancels the continuation; if the request @@ -1107,80 +831,6 @@ GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h) GNUNET_free (h); } -/** - * Convenience API - */ - - -/** - * Destroy token - * - * @param token the token - */ -void -GNUNET_IDENTITY_PROVIDER_token_destroy(struct GNUNET_IDENTITY_PROVIDER_Token *token) -{ - GNUNET_assert (NULL != token); - if (NULL != token->data) - GNUNET_free (token->data); - GNUNET_free (token); -} - -/** - * Returns string representation of token. A JSON-Web-Token. - * - * @param token the token - * @return The JWT (must be freed) - */ -char * -GNUNET_IDENTITY_PROVIDER_token_to_string (const struct GNUNET_IDENTITY_PROVIDER_Token *token) -{ - return GNUNET_strdup (token->data); -} - -/** - * Returns string representation of ticket. Base64-Encoded - * - * @param ticket the ticket - * @return the Base64-Encoded ticket - */ -char * -GNUNET_IDENTITY_PROVIDER_ticket_to_string (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket) -{ - return GNUNET_strdup (ticket->data); -} - -/** - * Created a ticket from a string (Base64 encoded ticket) - * - * @param input Base64 encoded ticket - * @param ticket pointer where the ticket is stored - * @return GNUNET_OK - */ -int -GNUNET_IDENTITY_PROVIDER_string_to_ticket (const char* input, - struct GNUNET_IDENTITY_PROVIDER_Ticket **ticket) -{ - *ticket = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket)); - (*ticket)->data = GNUNET_strdup (input); - return GNUNET_OK; -} - - -/** - * Destroys a ticket - * - * @param ticket the ticket to destroy - */ -void -GNUNET_IDENTITY_PROVIDER_ticket_destroy(struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket) -{ - GNUNET_assert (NULL != ticket); - if (NULL != ticket->data) - GNUNET_free (ticket->data); - GNUNET_free (ticket); -} - /** * Store an attribute. If the attribute is already present, * it is replaced with the new attribute. @@ -1428,7 +1078,7 @@ GNUNET_IDENTITY_PROVIDER_idp_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handl struct GNUNET_IDENTITY_PROVIDER_Operation * GNUNET_IDENTITY_PROVIDER_rp_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *h, const struct GNUNET_CRYPTO_EcdsaPrivateKey * identity, - const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket, + const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, GNUNET_IDENTITY_PROVIDER_AttributeResult cb, void *cb_cls) { @@ -1444,14 +1094,14 @@ GNUNET_IDENTITY_PROVIDER_rp_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Hand h->op_tail, op); op->env = GNUNET_MQ_msg_extra (ctm, - sizeof (const struct GNUNET_IDENTITY_PROVIDER_Ticket2), + sizeof (const struct GNUNET_IDENTITY_PROVIDER_Ticket), GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET); ctm->identity = *identity; ctm->id = htonl (op->r_id); GNUNET_memcpy ((char*)&ctm[1], ticket, - sizeof (const struct GNUNET_IDENTITY_PROVIDER_Ticket2)); + sizeof (const struct GNUNET_IDENTITY_PROVIDER_Ticket)); if (NULL != h->mq) GNUNET_MQ_send_copy (h->mq, diff --git a/src/identity-provider/identity_token.c b/src/identity-provider/identity_token.c deleted file mode 100644 index 6794e373c..000000000 --- a/src/identity-provider/identity_token.c +++ /dev/null @@ -1,1006 +0,0 @@ -/* - This file is part of GNUnet - Copyright (C) 2010-2015 GNUnet e.V. - - GNUnet is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published - by the Free Software Foundation; either version 3, or (at your - option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received a copy of the GNU General Public License - along with GNUnet; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. - */ - -/** - * @file identity-provider/identity_token.c - * @brief helper library to manage identity tokens - * @author Martin Schanzenbach - */ -#include "platform.h" -#include "gnunet_util_lib.h" -#include "gnunet_signatures.h" -#include "identity_token.h" -#include -#include - -#define JWT_ALG "alg" - -#define JWT_ALG_VALUE "ED512" - -#define JWT_TYP "typ" - -#define JWT_TYP_VALUE "jwt" - -/** - * Crypto helper functions - */ - -static int -create_sym_key_from_ecdh(const struct GNUNET_HashCode *new_key_hash, - struct GNUNET_CRYPTO_SymmetricSessionKey *skey, - struct GNUNET_CRYPTO_SymmetricInitializationVector *iv) -{ - struct GNUNET_CRYPTO_HashAsciiEncoded new_key_hash_str; - - GNUNET_CRYPTO_hash_to_enc (new_key_hash, - &new_key_hash_str); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Creating symmetric rsa key from %s\n", (char*)&new_key_hash_str); - static const char ctx_key[] = "gnuid-aes-ctx-key"; - GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey), - new_key_hash, sizeof (struct GNUNET_HashCode), - ctx_key, strlen (ctx_key), - NULL, 0); - static const char ctx_iv[] = "gnuid-aes-ctx-iv"; - GNUNET_CRYPTO_kdf (iv, sizeof (struct GNUNET_CRYPTO_SymmetricInitializationVector), - new_key_hash, sizeof (struct GNUNET_HashCode), - ctx_iv, strlen (ctx_iv), - NULL, 0); - return GNUNET_OK; -} - - - -/** - * Decrypts data part from a token code - */ -static int -decrypt_str_ecdhe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, - const struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_key, - const char *cyphertext, - size_t cyphertext_len, - char **result_str) -{ - struct GNUNET_HashCode new_key_hash; - struct GNUNET_CRYPTO_SymmetricSessionKey enc_key; - struct GNUNET_CRYPTO_SymmetricInitializationVector enc_iv; - - char *str_buf = GNUNET_malloc (cyphertext_len); - size_t str_size; - - //Calculate symmetric key from ecdh parameters - GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdsa_ecdh (priv_key, - ecdh_key, - &new_key_hash)); - - create_sym_key_from_ecdh (&new_key_hash, - &enc_key, - &enc_iv); - - str_size = GNUNET_CRYPTO_symmetric_decrypt (cyphertext, - cyphertext_len, - &enc_key, - &enc_iv, - str_buf); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Decrypted bytes: %zd Expected bytes: %zd\n", - str_size, - cyphertext_len); - if (-1 == str_size) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "ECDH invalid\n"); - GNUNET_free (str_buf); - return GNUNET_SYSERR; - } - *result_str = GNUNET_malloc (str_size+1); - GNUNET_memcpy (*result_str, str_buf, str_size); - (*result_str)[str_size] = '\0'; - GNUNET_free (str_buf); - return GNUNET_OK; - -} - -/** - * Decrypt string using pubkey and ECDHE -*/ -static int -decrypt_str_ecdhe2 (const struct GNUNET_CRYPTO_EcdhePrivateKey *ecdh_privkey, - const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, - const char *ciphertext, - size_t ciphertext_len, - char **plaintext) -{ - struct GNUNET_CRYPTO_SymmetricSessionKey skey; - struct GNUNET_CRYPTO_SymmetricInitializationVector iv; - struct GNUNET_HashCode new_key_hash; - - //This is true see documentation for GNUNET_CRYPTO_symmetric_encrypt - *plaintext = GNUNET_malloc (ciphertext_len); - - // Derived key K = H(eB) - GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdh_ecdsa (ecdh_privkey, - aud_key, - &new_key_hash)); - create_sym_key_from_ecdh(&new_key_hash, &skey, &iv); - GNUNET_CRYPTO_symmetric_decrypt (ciphertext, - ciphertext_len, - &skey, &iv, - *plaintext); - return GNUNET_OK; -} - - -/** - * Encrypt string using pubkey and ECDHE - * Returns ECDHE pubkey to be used for decryption - */ -static int -encrypt_str_ecdhe (const char *plaintext, - const struct GNUNET_CRYPTO_EcdsaPublicKey *pub_key, - char **cyphertext, - struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey, - struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_pubkey) -{ - struct GNUNET_CRYPTO_SymmetricSessionKey skey; - struct GNUNET_CRYPTO_SymmetricInitializationVector iv; - struct GNUNET_HashCode new_key_hash; - ssize_t enc_size; - - // ECDH keypair E = eG - *ecdh_privkey = GNUNET_CRYPTO_ecdhe_key_create(); - GNUNET_CRYPTO_ecdhe_key_get_public (*ecdh_privkey, - ecdh_pubkey); - - //This is true see documentation for GNUNET_CRYPTO_symmetric_encrypt - *cyphertext = GNUNET_malloc (strlen (plaintext)); - - // Derived key K = H(eB) - GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdh_ecdsa (*ecdh_privkey, - pub_key, - &new_key_hash)); - create_sym_key_from_ecdh(&new_key_hash, &skey, &iv); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Encrypting string %s\n (len=%zd)", - plaintext, - strlen (plaintext)); - enc_size = GNUNET_CRYPTO_symmetric_encrypt (plaintext, - strlen (plaintext), - &skey, &iv, - *cyphertext); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Encrypted (len=%zd)", enc_size); - return GNUNET_OK; -} - - -/** - * Identity Token API - */ - - -/** - * Create an Identity Token - * - * @param type the JSON API resource type - * @param id the JSON API resource id - * @return a new JSON API resource or NULL on error. - */ -struct IdentityToken* -token_create (const struct GNUNET_CRYPTO_EcdsaPublicKey* iss, - const struct GNUNET_CRYPTO_EcdsaPublicKey* aud) -{ - struct IdentityToken *token; - char* audience; - char* issuer; - - issuer = GNUNET_STRINGS_data_to_string_alloc (iss, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - audience = GNUNET_STRINGS_data_to_string_alloc (aud, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - - token = GNUNET_malloc (sizeof (struct IdentityToken)); - token_add_attr (token, "iss", issuer); - token_add_attr (token, "aud", audience); - token_add_attr (token, "sub", issuer); - token->aud_key = *aud; - GNUNET_free (issuer); - GNUNET_free (audience); - return token; -} - -void -token_destroy (struct IdentityToken *token) -{ - struct TokenAttr *attr; - struct TokenAttr *tmp_attr; - struct TokenAttrValue *val; - struct TokenAttrValue *tmp_val; - - for (attr = token->attr_head; NULL != attr;) - { - tmp_attr = attr->next; - GNUNET_CONTAINER_DLL_remove (token->attr_head, - token->attr_tail, - attr); - for (val = attr->val_head; NULL != val;) - { - tmp_val = val->next; - GNUNET_CONTAINER_DLL_remove (attr->val_head, - attr->val_tail, - val); - if (NULL != val->value) - GNUNET_free (val->value); - GNUNET_free (val); - val = tmp_val; - } - GNUNET_free (attr->name); - GNUNET_free (attr); - attr = tmp_attr; - } - - - GNUNET_free (token); -} - -void -token_add_attr_json (struct IdentityToken *token, - const char* key, - json_t* value) -{ - struct TokenAttr *attr; - struct TokenAttrValue *new_val; - GNUNET_assert (NULL != token); - - new_val = GNUNET_malloc (sizeof (struct TokenAttrValue)); - new_val->json_value = value; - json_incref(value); - for (attr = token->attr_head; NULL != attr; attr = attr->next) - { - if (0 == strcmp (key, attr->name)) - break; - } - - if (NULL == attr) - { - attr = GNUNET_malloc (sizeof (struct TokenAttr)); - attr->name = GNUNET_strdup (key); - GNUNET_CONTAINER_DLL_insert (token->attr_head, - token->attr_tail, - attr); - } - - GNUNET_CONTAINER_DLL_insert (attr->val_head, - attr->val_tail, - new_val); -} - -void -token_add_attr (struct IdentityToken *token, - const char* key, - const char* value) -{ - struct TokenAttr *attr; - struct TokenAttrValue *new_val; - GNUNET_assert (NULL != token); - - new_val = GNUNET_malloc (sizeof (struct TokenAttrValue)); - new_val->value = GNUNET_strdup (value); - for (attr = token->attr_head; NULL != attr; attr = attr->next) - { - if (0 == strcmp (key, attr->name)) - break; - } - - if (NULL == attr) - { - attr = GNUNET_malloc (sizeof (struct TokenAttr)); - attr->name = GNUNET_strdup (key); - GNUNET_CONTAINER_DLL_insert (token->attr_head, - token->attr_tail, - attr); - } - - GNUNET_CONTAINER_DLL_insert (attr->val_head, - attr->val_tail, - new_val); -} - -void -token_add_attr_int (struct IdentityToken *token, - const char* key, - uint64_t value) -{ - struct TokenAttr *attr; - struct TokenAttrValue *new_val; - GNUNET_assert (NULL != token); - - new_val = GNUNET_malloc (sizeof (struct TokenAttrValue)); - new_val->int_value = value; - for (attr = token->attr_head; NULL != attr; attr = attr->next) - { - if (0 == strcmp (key, attr->name)) - break; - } - - if (NULL == attr) - { - attr = GNUNET_malloc (sizeof (struct TokenAttr)); - attr->name = GNUNET_strdup (key); - GNUNET_CONTAINER_DLL_insert (token->attr_head, - token->attr_tail, - attr); - } - - GNUNET_CONTAINER_DLL_insert (attr->val_head, - attr->val_tail, - new_val); -} - -static void -parse_json_payload(const char* payload_base64, - struct IdentityToken *token) -{ - const char *key; - const json_t *value; - const json_t *arr_value; - char *payload; - int idx; - json_t *payload_json; - json_error_t err_json; - - GNUNET_STRINGS_base64_decode (payload_base64, - strlen (payload_base64), - &payload); - //TODO signature and aud key - payload_json = json_loads (payload, JSON_DECODE_ANY, &err_json); - - json_object_foreach (payload_json, key, value) - { - if (json_is_array (value)) - { - json_array_foreach (value, idx, arr_value) - { - if (json_is_integer (arr_value)) - token_add_attr_int (token, key, - json_integer_value (arr_value)); - else if (json_is_string (arr_value)) - token_add_attr (token, - key, - json_string_value (arr_value)); - else - token_add_attr_json (token, - key, - (json_t*)arr_value); - } - } else { - if (json_is_integer (value)) - token_add_attr_int (token, key, - json_integer_value (value)); - else if (json_is_string (value)) - token_add_attr (token, key, json_string_value (value)); - else - token_add_attr_json (token, key, (json_t*)value); - } - } - - json_decref (payload_json); - GNUNET_free (payload); -} - -int -token_parse2 (const char* raw_data, - const struct GNUNET_CRYPTO_EcdhePrivateKey *priv_key, - const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, - struct IdentityToken **result) -{ - char *enc_token_str; - char *tmp_buf; - char *token_str; - char *enc_token; - char *payload_base64; - size_t enc_token_len; - - GNUNET_asprintf (&tmp_buf, "%s", raw_data); - strtok (tmp_buf, ","); - enc_token_str = strtok (NULL, ","); - - enc_token_len = GNUNET_STRINGS_base64_decode (enc_token_str, - strlen (enc_token_str), - &enc_token); - if (GNUNET_OK != decrypt_str_ecdhe2 (priv_key, - aud_key, - enc_token, - enc_token_len, - &token_str)) - { - GNUNET_free (tmp_buf); - GNUNET_free (enc_token); - return GNUNET_SYSERR; - } - - GNUNET_assert (NULL != strtok (token_str, ".")); - payload_base64 = strtok (NULL, "."); - - *result = GNUNET_malloc (sizeof (struct IdentityToken)); - parse_json_payload (payload_base64, *result); - - (*result)->aud_key = *aud_key; - GNUNET_free (enc_token); - GNUNET_free (token_str); - GNUNET_free (tmp_buf); - return GNUNET_OK; -} - -int -token_parse (const char* raw_data, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, - struct IdentityToken **result) -{ - char *ecdh_pubkey_str; - char *enc_token_str; - char *tmp_buf; - char *token_str; - char *enc_token; - char *payload_base64; - size_t enc_token_len; - struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey; - - GNUNET_asprintf (&tmp_buf, "%s", raw_data); - ecdh_pubkey_str = strtok (tmp_buf, ","); - enc_token_str = strtok (NULL, ","); - - GNUNET_assert (NULL != ecdh_pubkey_str); - GNUNET_assert (NULL != enc_token_str); - - GNUNET_STRINGS_string_to_data (ecdh_pubkey_str, - strlen (ecdh_pubkey_str), - &ecdh_pubkey, - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); - enc_token_len = GNUNET_STRINGS_base64_decode (enc_token_str, - strlen (enc_token_str), - &enc_token); - if (GNUNET_OK != decrypt_str_ecdhe (priv_key, - &ecdh_pubkey, - enc_token, - enc_token_len, - &token_str)) - { - GNUNET_free (tmp_buf); - GNUNET_free (enc_token); - return GNUNET_SYSERR; - } - - GNUNET_assert (NULL != strtok (token_str, ".")); - payload_base64 = strtok (NULL, "."); - - *result = GNUNET_malloc (sizeof (struct IdentityToken)); - parse_json_payload (payload_base64, *result); - - GNUNET_free (enc_token); - GNUNET_free (token_str); - GNUNET_free (tmp_buf); - return GNUNET_OK; -} - -static char* -create_json_payload (const struct IdentityToken *token) -{ - struct TokenAttr *attr; - struct TokenAttrValue *val; - json_t *root; - char *json_str; - - root = json_object(); - for (attr = token->attr_head; NULL != attr; attr = attr->next) - { - for (val = attr->val_head; NULL != val; val = val->next) - { - if (NULL != val->value) - { - json_object_set_new (root, - attr->name, - json_string (val->value)); - } else if (NULL != val->json_value) { - json_object_set (root, - attr->name, - val->json_value); - }else { - json_object_set_new (root, - attr->name, - json_integer (val->int_value)); - } - } - } - json_str = json_dumps (root, JSON_INDENT(1)); - json_decref (root); - return json_str; -} - -static char* -create_json_header(void) -{ - json_t *root; - char *json_str; - - root = json_object (); - json_object_set_new (root, JWT_ALG, json_string (JWT_ALG_VALUE)); - json_object_set_new (root, JWT_TYP, json_string (JWT_TYP_VALUE)); - - json_str = json_dumps (root, JSON_INDENT(1)); - json_decref (root); - return json_str; -} - -int -token_to_string (const struct IdentityToken *token, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, - char **result) -{ - char *payload_str; - char *header_str; - char *payload_base64; - char *header_base64; - char *padding; - char *signature_target; - char *signature_str; - struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; - header_str = create_json_header(); - GNUNET_STRINGS_base64_encode (header_str, - strlen (header_str), - &header_base64); - //Remove GNUNET padding of base64 - padding = strtok(header_base64, "="); - while (NULL != padding) - padding = strtok(NULL, "="); - - payload_str = create_json_payload (token); - GNUNET_STRINGS_base64_encode (payload_str, - strlen (payload_str), - &payload_base64); - - //Remove GNUNET padding of base64 - padding = strtok(payload_base64, "="); - while (NULL != padding) - padding = strtok(NULL, "="); - - GNUNET_asprintf (&signature_target, "%s,%s", header_base64, payload_base64); - purpose = - GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + - strlen (signature_target)); - purpose->size = - htonl (strlen (signature_target) + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose)); - purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN); - GNUNET_memcpy (&purpose[1], signature_target, strlen (signature_target)); - if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_sign (priv_key, - purpose, - (struct GNUNET_CRYPTO_EcdsaSignature *)&token->signature)) - { - GNUNET_free (signature_target); - GNUNET_free (payload_str); - GNUNET_free (payload_base64); - GNUNET_free (header_base64); - GNUNET_free (purpose); - return GNUNET_SYSERR; - } - - GNUNET_STRINGS_base64_encode ((const char*)&token->signature, - sizeof (struct GNUNET_CRYPTO_EcdsaSignature), - &signature_str); - GNUNET_asprintf (result, "%s.%s.%s", - header_base64, payload_base64, signature_str); - GNUNET_free (signature_target); - GNUNET_free (payload_str); - GNUNET_free (header_str); - GNUNET_free (signature_str); - GNUNET_free (payload_base64); - GNUNET_free (header_base64); - GNUNET_free (purpose); - return GNUNET_OK; -} - -int -token_serialize (const struct IdentityToken *token, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, - struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey, - char **result) -{ - char *token_str; - char *enc_token; - char *dh_key_str; - char *enc_token_base64; - struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey; - - GNUNET_assert (GNUNET_OK == token_to_string (token, - priv_key, - &token_str)); - - GNUNET_assert (GNUNET_OK == encrypt_str_ecdhe (token_str, - &token->aud_key, - &enc_token, - ecdh_privkey, - &ecdh_pubkey)); - GNUNET_STRINGS_base64_encode (enc_token, - strlen (token_str), - &enc_token_base64); - dh_key_str = GNUNET_STRINGS_data_to_string_alloc (&ecdh_pubkey, - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); - GNUNET_asprintf (result, "%s,%s", dh_key_str, enc_token_base64); - GNUNET_free (dh_key_str); - GNUNET_free (enc_token_base64); - GNUNET_free (enc_token); - GNUNET_free (token_str); - return GNUNET_OK; -} - -struct TokenTicketPayload* -ticket_payload_create (uint64_t nonce, - const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey, - const char* lbl_str) -{ - struct TokenTicketPayload* payload; - - payload = GNUNET_malloc (sizeof (struct TokenTicketPayload)); - payload->nonce = nonce; - payload->identity_key = *identity_pkey; - GNUNET_asprintf (&payload->label, lbl_str, strlen (lbl_str)); - return payload; -} - -void -ticket_payload_destroy (struct TokenTicketPayload* payload) -{ - if (NULL != payload->label) - GNUNET_free (payload->label); - GNUNET_free (payload); -} - -void -ticket_payload_serialize (struct TokenTicketPayload *payload, - char **result) -{ - char* identity_key_str; - - identity_key_str = GNUNET_STRINGS_data_to_string_alloc (&payload->identity_key, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - - GNUNET_asprintf (result, - "{\"nonce\": \"%"SCNu64"\",\"identity\": \"%s\",\"label\": \"%s\"}", - payload->nonce, identity_key_str, payload->label); - GNUNET_free (identity_key_str); - -} - - -/** - * Create the token code - * The data is encrypted with a share ECDH derived secret using B (aud_key) - * and e (ecdh_privkey) - * The ticket also contains E (ecdh_pubkey) and a signature over the - * data and E - */ -struct TokenTicket* -ticket_create (uint64_t nonce, - const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey, - const char* lbl_str, - const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key) -{ - struct TokenTicket *ticket; - struct TokenTicketPayload *code_payload; - - ticket = GNUNET_malloc (sizeof (struct TokenTicket)); - code_payload = ticket_payload_create (nonce, - identity_pkey, - lbl_str); - ticket->aud_key = *aud_key; - ticket->payload = code_payload; - - - return ticket; -} - -void -ticket_destroy (struct TokenTicket *ticket) -{ - ticket_payload_destroy (ticket->payload); - GNUNET_free (ticket); -} - -int -ticket_serialize (struct TokenTicket *ticket, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, - char **result) -{ - char *code_payload_str; - char *enc_ticket_payload; - char *ticket_payload_str; - char *ticket_sig_str; - char *ticket_str; - char *dh_key_str; - char *write_ptr; - struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; - - struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; - - ticket_payload_serialize (ticket->payload, - &code_payload_str); - - GNUNET_assert (GNUNET_OK == encrypt_str_ecdhe (code_payload_str, - &ticket->aud_key, - &enc_ticket_payload, - &ecdhe_privkey, - &ticket->ecdh_pubkey)); - - GNUNET_free (ecdhe_privkey); - - purpose = - GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + //E - strlen (code_payload_str)); // E_K (code_str) - purpose->size = - htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + - strlen (code_payload_str)); - purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET); - write_ptr = (char*) &purpose[1]; - GNUNET_memcpy (write_ptr, - &ticket->ecdh_pubkey, - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); - write_ptr += sizeof (struct GNUNET_CRYPTO_EcdhePublicKey); - GNUNET_memcpy (write_ptr, enc_ticket_payload, strlen (code_payload_str)); - GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdsa_sign (priv_key, - purpose, - &ticket->signature)); - GNUNET_STRINGS_base64_encode (enc_ticket_payload, - strlen (code_payload_str), - &ticket_payload_str); - ticket_sig_str = GNUNET_STRINGS_data_to_string_alloc (&ticket->signature, - sizeof (struct GNUNET_CRYPTO_EcdsaSignature)); - - dh_key_str = GNUNET_STRINGS_data_to_string_alloc (&ticket->ecdh_pubkey, - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Using ECDH pubkey %s to encrypt\n", dh_key_str); - GNUNET_asprintf (&ticket_str, "{\"data\": \"%s\", \"ecdh\": \"%s\", \"signature\": \"%s\"}", - ticket_payload_str, dh_key_str, ticket_sig_str); - GNUNET_STRINGS_base64_encode (ticket_str, strlen (ticket_str), result); - GNUNET_free (dh_key_str); - GNUNET_free (purpose); - GNUNET_free (ticket_str); - GNUNET_free (ticket_sig_str); - GNUNET_free (code_payload_str); - GNUNET_free (enc_ticket_payload); - GNUNET_free (ticket_payload_str); - return GNUNET_OK; -} - -int -ticket_payload_parse(const char *raw_data, - ssize_t data_len, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, - const struct GNUNET_CRYPTO_EcdhePublicKey *ecdhe_pkey, - struct TokenTicketPayload **result) -{ - const char* label_str; - const char* nonce_str; - const char* identity_key_str; - - json_t *root; - json_t *label_json; - json_t *identity_json; - json_t *nonce_json; - json_error_t err_json; - char* data_str; - uint64_t nonce; - struct GNUNET_CRYPTO_EcdsaPublicKey id_pkey; - - if (GNUNET_OK != decrypt_str_ecdhe (priv_key, - ecdhe_pkey, - raw_data, - data_len, - &data_str)) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Data decryption failed\n"); - return GNUNET_SYSERR; - } - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Data: %s\n", data_str); - root = json_loads (data_str, JSON_DECODE_ANY, &err_json); - if (!root) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Error parsing data: %s\n", err_json.text); - GNUNET_free (data_str); - return GNUNET_SYSERR; - } - - identity_json = json_object_get (root, "identity"); - if (!json_is_string (identity_json)) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Error parsing data: %s\n", err_json.text); - json_decref (root); - GNUNET_free (data_str); - return GNUNET_SYSERR; - } - identity_key_str = json_string_value (identity_json); - GNUNET_STRINGS_string_to_data (identity_key_str, - strlen (identity_key_str), - &id_pkey, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - - - label_json = json_object_get (root, "label"); - if (!json_is_string (label_json)) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Error parsing data: %s\n", err_json.text); - json_decref (root); - GNUNET_free (data_str); - return GNUNET_SYSERR; - } - - label_str = json_string_value (label_json); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found label: %s\n", label_str); - - nonce_json = json_object_get (root, "nonce"); - if (!json_is_string (label_json)) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Error parsing data: %s\n", err_json.text); - json_decref (root); - GNUNET_free (data_str); - return GNUNET_SYSERR; - } - - nonce_str = json_string_value (nonce_json); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found nonce: %s\n", nonce_str); - - GNUNET_assert (0 != sscanf (nonce_str, "%"SCNu64, &nonce)); - - *result = ticket_payload_create (nonce, - (const struct GNUNET_CRYPTO_EcdsaPublicKey*)&id_pkey, - label_str); - GNUNET_free (data_str); - json_decref (root); - return GNUNET_OK; - -} - -int -ticket_parse (const char *raw_data, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, - struct TokenTicket **result) -{ - const char* enc_data_str; - const char* ecdh_enc_str; - const char* signature_enc_str; - - json_t *root; - json_t *signature_json; - json_t *ecdh_json; - json_t *enc_data_json; - json_error_t err_json; - char* enc_data; - char* ticket_decoded; - char* write_ptr; - size_t enc_data_len; - struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; - struct TokenTicket *ticket; - struct TokenTicketPayload *ticket_payload; - - ticket_decoded = NULL; - GNUNET_STRINGS_base64_decode (raw_data, strlen (raw_data), &ticket_decoded); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Ticket: %s\n", ticket_decoded); - root = json_loads (ticket_decoded, JSON_DECODE_ANY, &err_json); - if (!root) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "%s\n", err_json.text); - return GNUNET_SYSERR; - } - - signature_json = json_object_get (root, "signature"); - ecdh_json = json_object_get (root, "ecdh"); - enc_data_json = json_object_get (root, "data"); - - signature_enc_str = json_string_value (signature_json); - ecdh_enc_str = json_string_value (ecdh_json); - enc_data_str = json_string_value (enc_data_json); - - ticket = GNUNET_malloc (sizeof (struct TokenTicket)); - - if (GNUNET_OK != GNUNET_STRINGS_string_to_data (ecdh_enc_str, - strlen (ecdh_enc_str), - &ticket->ecdh_pubkey, - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey))) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "ECDH PKEY %s invalid in data\n", ecdh_enc_str); - json_decref (root); - GNUNET_free (ticket); - return GNUNET_SYSERR; - } - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Using ECDH pubkey %s for data decryption\n", ecdh_enc_str); - if (GNUNET_OK != GNUNET_STRINGS_string_to_data (signature_enc_str, - strlen (signature_enc_str), - &ticket->signature, - sizeof (struct GNUNET_CRYPTO_EcdsaSignature))) - { - json_decref (root); - GNUNET_free (ticket_decoded); - GNUNET_free (ticket); - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "ECDH signature invalid in data\n"); - return GNUNET_SYSERR; - } - - enc_data_len = GNUNET_STRINGS_base64_decode (enc_data_str, - strlen (enc_data_str), - &enc_data); - - - if (GNUNET_OK != ticket_payload_parse (enc_data, - enc_data_len, - priv_key, - (const struct GNUNET_CRYPTO_EcdhePublicKey*)&ticket->ecdh_pubkey, - &ticket_payload)) - { - json_decref (root); - GNUNET_free (enc_data); - GNUNET_free (ticket_decoded); - GNUNET_free (ticket); - return GNUNET_SYSERR; - } - - ticket->payload = ticket_payload; - purpose = - GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + //E - enc_data_len); // E_K (code_str) - purpose->size = - htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + - enc_data_len); - purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET); - write_ptr = (char*) &purpose[1]; - GNUNET_memcpy (write_ptr, &ticket->ecdh_pubkey, sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); - write_ptr += sizeof (struct GNUNET_CRYPTO_EcdhePublicKey); - GNUNET_memcpy (write_ptr, enc_data, enc_data_len); - - if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET, - purpose, - &ticket->signature, - &ticket_payload->identity_key)) - { - ticket_destroy (ticket); - GNUNET_free (ticket_decoded); - json_decref (root); - GNUNET_free (purpose); - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Error verifying signature for ticket\n"); - return GNUNET_SYSERR; - } - *result = ticket; - GNUNET_free (purpose); - - GNUNET_free (enc_data); - GNUNET_free (ticket_decoded); - json_decref (root); - return GNUNET_OK; - -} - - - -/* end of identity_token.c */ diff --git a/src/identity-provider/identity_token.h b/src/identity-provider/identity_token.h deleted file mode 100644 index 5988bc668..000000000 --- a/src/identity-provider/identity_token.h +++ /dev/null @@ -1,351 +0,0 @@ -/* - This file is part of GNUnet. - Copyright (C) 2012-2015 GNUnet e.V. - - GNUnet is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published - by the Free Software Foundation; either version 3, or (at your - option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received a copy of the GNU General Public License - along with GNUnet; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. - */ -/** - * @author Martin Schanzenbach - * @file identity-provider/identity_token.h - * @brief GNUnet Identity Provider library - * - */ -#ifndef IDENTITY_TOKEN_H -#define IDENTITY_TOKEN_H - -#include "gnunet_crypto_lib.h" -#include - -struct IdentityToken -{ - /** - * DLL - */ - struct TokenAttr *attr_head; - - /** - * DLL - */ - struct TokenAttr *attr_tail; - - /** - * Token Signature - */ - struct GNUNET_CRYPTO_EcdsaSignature signature; - - /** - * Audience Pubkey - */ - struct GNUNET_CRYPTO_EcdsaPublicKey aud_key; -}; - -struct TokenAttr -{ - /** - * DLL - */ - struct TokenAttr *next; - - /** - * DLL - */ - struct TokenAttr *prev; - - /** - * Attribute name - */ - char *name; - - /** - * Attribute value DLL - */ - struct TokenAttrValue *val_head; - - /** - * Attribute value DLL - */ - struct TokenAttrValue *val_tail; - -}; - -struct TokenAttrValue -{ - /** - * DLL - */ - struct TokenAttrValue *next; - - /** - * DLL - */ - struct TokenAttrValue *prev; - - /** - * Attribute value - */ - char *value; - - /** - * Attribute int value - * used if NULL == value - */ - uint64_t int_value; - - /** - * Json value - */ - json_t *json_value; -}; - -struct TokenTicketPayload -{ - /** - * Nonce - */ - uint64_t nonce; - - /** - * Label - */ - char *label; - - /** - * Issuing Identity - */ - struct GNUNET_CRYPTO_EcdsaPublicKey identity_key; -}; - - -struct TokenTicket -{ - /** - * Meta info - */ - struct TokenTicketPayload *payload; - - /** - * ECDH Pubkey - */ - struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey; - - /** - * Signature - */ - struct GNUNET_CRYPTO_EcdsaSignature signature; - - /** - * Target identity - */ - struct GNUNET_CRYPTO_EcdsaPublicKey aud_key; -}; - - - -/** - * Create an identity token - * - * @param iss the issuer string for the token - * @param aud the audience of the token - * - * @return a new token - */ -struct IdentityToken* -token_create (const struct GNUNET_CRYPTO_EcdsaPublicKey *iss, - const struct GNUNET_CRYPTO_EcdsaPublicKey* aud); - -/** - * Destroy an identity token - * - * @param token the token to destroy - */ -void -token_destroy (struct IdentityToken*token); - -/** - * Add a new key value pair to the token - * - * @param token the token to modify - * @param key the key - * @param value the value - */ -void -token_add_attr (struct IdentityToken *token, - const char* key, - const char* value); - -/** - * Add a new key value pair to the token - * - * @param token the token to modify - * @param key the key - * @param value the value - */ -void -token_add_attr_int (struct IdentityToken *token, - const char* key, - uint64_t value); - - - -/** - * Add a value to a TokenAttribute - * - * @param attr the token attribute - * @param value value to add - */ - void - token_attr_add_value (const struct TokenAttr *attr, - const char *value); - -/** - * Add a new key value pair to the token with the value as json - * - * @param the token to modify - * @param key the key - * @param value the value - * - */ -void -token_add_attr_json (struct IdentityToken *token, - const char* key, - json_t* value); - -/** - * Serialize a token. The token will be signed and base64 according to the - * JWT format. The signature is base32-encoded ECDSA. - * The resulting JWT is encrypted using - * ECDHE for the audience and Base64 - * encoded in result. The audience requires the ECDHE public key P - * to decrypt the token T. The key P is included in the result and prepended - * before the token - * - * @param token the token to serialize - * @param priv_key the private key used to sign the token - * @param ecdhe_privkey the ECDHE private key used to encrypt the token - * @param result P,Base64(E(T)) - * - * @return GNUNET_OK on success - */ -int -token_serialize (const struct IdentityToken*token, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, - struct GNUNET_CRYPTO_EcdhePrivateKey **ecdhe_privkey, - char **result); - -/** - * Parses the serialized token and returns a token - * - * @param data the serialized token - * @param priv_key the private key of the audience - * @param result the token - * - * @return GNUNET_OK on success - */ -int -token_parse (const char* data, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, - struct IdentityToken **result); - -/** - * Parses the serialized token and returns a token - * This variant is intended for the party that issued the token and also - * wants to decrypt the serialized token. - * - * @param data the serialized token - * @param priv_key the private (!) ECDHE key - * @param aud_key the identity of the audience - * @param result the token - * - * @return GNUNET_OK on success - */ -int -token_parse2 (const char* data, - const struct GNUNET_CRYPTO_EcdhePrivateKey *priv_key, - const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, - struct IdentityToken **result); - - -/** - * - * Returns a JWT-string representation of the token - * - * @param token the token - * @param priv_key the private key used to sign the JWT - * @param result the JWT - * - * @return GNUNET_OK on success - */ -int -token_to_string (const struct IdentityToken *token, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, - char **result); - -/** - * - * Creates a ticket that can be exchanged by the audience for - * the token. The token must be placed under the label - * - * @param nonce nonce provided by the audience that requested the ticket - * @param iss_pkey the issuer pubkey used to sign the ticket - * @param label the label encoded in the ticket - * @param aud_ley the audience pubkey used to encrypt the ticket payload - * - * @return the ticket - */ -struct TokenTicket* -ticket_create (uint64_t nonce, - const struct GNUNET_CRYPTO_EcdsaPublicKey* iss_pkey, - const char* lbl_str, - const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key); - -/** - * Serialize a ticket. Returns the Base64 representation of the ticket. - * Format: Base64( { payload: E(Payload), ecdhe: K, signature: signature } ) - * - * @param ticket the ticket to serialize - * @param priv_key the issuer private key to sign the ticket payload - * @param result the serialized ticket - * - * @return GNUNET_OK on success - */ -int -ticket_serialize (struct TokenTicket *ticket, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, - char **result); - -/** - * Destroys a ticket - * - * @param the ticket to destroy - */ -void -ticket_destroy (struct TokenTicket *ticket); - -/** - * Parses a serialized ticket - * - * @param data the serialized ticket - * @param priv_key the audience private key - * @param ticket the ticket - * - * @return GNUNET_OK on success - */ -int -ticket_parse (const char* raw_data, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, - struct TokenTicket **ticket); - -#endif diff --git a/src/identity-provider/plugin_identity_provider_sqlite.c b/src/identity-provider/plugin_identity_provider_sqlite.c index 7a19ba827..ff2d3a22e 100644 --- a/src/identity-provider/plugin_identity_provider_sqlite.c +++ b/src/identity-provider/plugin_identity_provider_sqlite.c @@ -358,7 +358,7 @@ database_shutdown (struct Plugin *plugin) */ static int identity_provider_sqlite_store_ticket (void *cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket) + const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket) { struct Plugin *plugin = cls; int n; @@ -437,7 +437,7 @@ identity_provider_sqlite_store_ticket (void *cls, */ static int identity_provider_sqlite_delete_ticket (void *cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket) + const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket) { struct Plugin *plugin = cls; int n; @@ -502,7 +502,7 @@ get_ticket_and_call_iterator (struct Plugin *plugin, GNUNET_IDENTITY_PROVIDER_TicketIterator iter, void *iter_cls) { - struct GNUNET_IDENTITY_PROVIDER_Ticket2 ticket; + struct GNUNET_IDENTITY_PROVIDER_Ticket ticket; int ret; int sret; diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c deleted file mode 100644 index dfb935f5b..000000000 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ /dev/null @@ -1,1216 +0,0 @@ -/* - This file is part of GNUnet. - Copyright (C) 2012-2015 GNUnet e.V. - - GNUnet is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published - by the Free Software Foundation; either version 3, or (at your - option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received a copy of the GNU General Public License - along with GNUnet; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. - */ -/** - * @author Martin Schanzenbach - * @file identity/plugin_rest_identity.c - * @brief GNUnet Namestore REST plugin - * - */ - -#include "platform.h" -#include "gnunet_rest_plugin.h" -#include "gnunet_identity_service.h" -#include "gnunet_gns_service.h" -#include "gnunet_gnsrecord_lib.h" -#include "gnunet_namestore_service.h" -#include "gnunet_rest_lib.h" -#include "gnunet_jsonapi_lib.h" -#include "gnunet_jsonapi_util.h" -#include "microhttpd.h" -#include -#include -#include "gnunet_signatures.h" -#include "gnunet_identity_provider_service.h" - -/** - * REST root namespace - */ -#define GNUNET_REST_API_NS_IDENTITY_PROVIDER "/idp" - -/** - * Issue namespace - */ -#define GNUNET_REST_API_NS_IDENTITY_TOKEN_ISSUE "/idp/issue" - -/** - * Check namespace TODO - */ -#define GNUNET_REST_API_NS_IDENTITY_TOKEN_CHECK "/idp/check" - -/** - * Token namespace - */ -#define GNUNET_REST_API_NS_IDENTITY_OAUTH2_TOKEN "/idp/token" - -/** - * The parameter name in which the ticket must be provided - */ -#define GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET "ticket" - -/** - * The parameter name in which the expected nonce must be provided - */ -#define GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_EXPECTED_NONCE "expected_nonce" - -/** - * The parameter name in which the ticket must be provided - */ -#define GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TOKEN "token" - -/** - * The URL parameter name in which the nonce must be provided - */ -#define GNUNET_IDENTITY_TOKEN_REQUEST_NONCE "nonce" - -/** - * State while collecting all egos - */ -#define ID_REST_STATE_INIT 0 - -/** - * Done collecting egos - */ -#define ID_REST_STATE_POST_INIT 1 - -/** - * Resource type - */ -#define GNUNET_REST_JSONAPI_IDENTITY_TOKEN "token" - -/** - * URL parameter to create a GNUid token for a specific audience - */ -#define GNUNET_REST_JSONAPI_IDENTITY_AUD_REQUEST "audience" - -/** - * URL parameter to create a GNUid token for a specific issuer (EGO) - */ -#define GNUNET_REST_JSONAPI_IDENTITY_ISS_REQUEST "issuer" - -/** - * Attributes passed to issue request - */ -#define GNUNET_IDENTITY_TOKEN_ATTR_LIST "requested_attrs" - -/** - * Attributes passed to issue request - */ -#define GNUNET_IDENTITY_TOKEN_V_ATTR_LIST "requested_verified_attrs" - - -/** - * Token expiration string - */ -#define GNUNET_IDENTITY_TOKEN_EXP_STRING "expiration" - -/** - * Error messages - */ -#define GNUNET_REST_ERROR_RESOURCE_INVALID "Resource location invalid" -#define GNUNET_REST_ERROR_NO_DATA "No data" - -/** - * GNUid token lifetime - */ -#define GNUNET_GNUID_TOKEN_EXPIRATION_MICROSECONDS 300000000 - -/** - * The configuration handle - */ -const struct GNUNET_CONFIGURATION_Handle *cfg; - -/** - * HTTP methods allows for this plugin - */ -static char* allow_methods; - -/** - * @brief struct returned by the initialization function of the plugin - */ -struct Plugin -{ - const struct GNUNET_CONFIGURATION_Handle *cfg; -}; - -/** - * The ego list - */ -struct EgoEntry -{ - /** - * DLL - */ - struct EgoEntry *next; - - /** - * DLL - */ - struct EgoEntry *prev; - - /** - * Ego Identifier - */ - char *identifier; - - /** - * Public key string - */ - char *keystring; - - /** - * The Ego - */ - struct GNUNET_IDENTITY_Ego *ego; -}; - - -struct RequestHandle -{ - /** - * Ego list - */ - struct EgoEntry *ego_head; - - /** - * Ego list - */ - struct EgoEntry *ego_tail; - - /** - * Selected ego - */ - struct EgoEntry *ego_entry; - - /** - * Ptr to current ego private key - */ - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; - - /** - * Handle to the rest connection - */ - struct GNUNET_REST_RequestHandle *conndata_handle; - - /** - * The processing state - */ - int state; - - /** - * Handle to Identity service. - */ - struct GNUNET_IDENTITY_Handle *identity_handle; - - /** - * IDENTITY Operation - */ - struct GNUNET_IDENTITY_Operation *op; - - /** - * Identity Provider - */ - struct GNUNET_IDENTITY_PROVIDER_Handle *idp; - - /** - * Idp Operation - */ - struct GNUNET_IDENTITY_PROVIDER_Operation *idp_op; - - /** - * Handle to NS service - */ - struct GNUNET_NAMESTORE_Handle *ns_handle; - - /** - * NS iterator - */ - struct GNUNET_NAMESTORE_ZoneIterator *ns_it; - - /** - * NS Handle - */ - struct GNUNET_NAMESTORE_QueueEntry *ns_qe; - - /** - * Desired timeout for the lookup (default is no timeout). - */ - struct GNUNET_TIME_Relative timeout; - - /** - * ID of a task associated with the resolution process. - */ - struct GNUNET_SCHEDULER_Task *timeout_task; - - /** - * The plugin result processor - */ - GNUNET_REST_ResultProcessor proc; - - /** - * The closure of the result processor - */ - void *proc_cls; - - /** - * The url - */ - char *url; - - /** - * Error response message - */ - char *emsg; - - /** - * Reponse code - */ - int response_code; - - /** - * Response object - */ - struct GNUNET_JSONAPI_Document *resp_object; - -}; - - -/** - * Cleanup lookup handle - * @param handle Handle to clean up - */ -static void -cleanup_handle (struct RequestHandle *handle) -{ - struct EgoEntry *ego_entry; - struct EgoEntry *ego_tmp; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Cleaning up\n"); - if (NULL != handle->resp_object) - GNUNET_JSONAPI_document_delete (handle->resp_object); - if (NULL != handle->timeout_task) - GNUNET_SCHEDULER_cancel (handle->timeout_task); - if (NULL != handle->identity_handle) - GNUNET_IDENTITY_disconnect (handle->identity_handle); - if (NULL != handle->idp) - GNUNET_IDENTITY_PROVIDER_disconnect (handle->idp); - if (NULL != handle->ns_it) - GNUNET_NAMESTORE_zone_iteration_stop (handle->ns_it); - if (NULL != handle->ns_qe) - GNUNET_NAMESTORE_cancel (handle->ns_qe); - if (NULL != handle->ns_handle) - GNUNET_NAMESTORE_disconnect (handle->ns_handle); - if (NULL != handle->url) - GNUNET_free (handle->url); - if (NULL != handle->emsg) - GNUNET_free (handle->emsg); - for (ego_entry = handle->ego_head; - NULL != ego_entry;) - { - ego_tmp = ego_entry; - ego_entry = ego_entry->next; - GNUNET_free (ego_tmp->identifier); - GNUNET_free (ego_tmp->keystring); - GNUNET_free (ego_tmp); - } - GNUNET_free (handle); -} - - -/** - * Task run on error, sends error message. Cleans up everything. - * - * @param cls the `struct RequestHandle` - */ -static void -do_error (void *cls) -{ - struct RequestHandle *handle = cls; - struct MHD_Response *resp; - char *json_error; - - GNUNET_asprintf (&json_error, - "{Error while processing request: %s}", - handle->emsg); - resp = GNUNET_REST_create_response (json_error); - handle->proc (handle->proc_cls, resp, handle->response_code); - cleanup_handle (handle); - GNUNET_free (json_error); -} - -/** - * Task run on timeout, sends error message. Cleans up everything. - * - * @param cls the `struct RequestHandle` - */ -static void -do_timeout (void *cls) -{ - struct RequestHandle *handle = cls; - - handle->timeout_task = NULL; - do_error (handle); -} - - -/** - * Task run on shutdown. Cleans up everything. - * - * @param cls unused - */ -static void -do_cleanup_handle_delayed (void *cls) -{ - struct RequestHandle *handle = cls; - - cleanup_handle (handle); -} - - -/** - * Get a ticket for identity - * @param cls the handle - * @param ticket the ticket returned from the idp - */ -static void -token_creat_cont (void *cls, - const char *label, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - const struct GNUNET_IDENTITY_PROVIDER_Token *token) -{ - struct GNUNET_JSONAPI_Resource *json_resource; - struct RequestHandle *handle = cls; - struct MHD_Response *resp; - json_t *ticket_json; - json_t *token_json; - char *ticket_str; - char *token_str; - char *result_str; - - handle->idp_op = NULL; - - if (NULL == ticket) - { - handle->emsg = GNUNET_strdup ("Error in token issue"); - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - - handle->resp_object = GNUNET_JSONAPI_document_new (); - json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET, - label); - ticket_str = GNUNET_IDENTITY_PROVIDER_ticket_to_string (ticket); - token_str = GNUNET_IDENTITY_PROVIDER_token_to_string (token); - ticket_json = json_string (ticket_str); - token_json = json_string (token_str); - GNUNET_JSONAPI_resource_add_attr (json_resource, - GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET, - ticket_json); - GNUNET_JSONAPI_resource_add_attr (json_resource, - GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TOKEN, - token_json); - GNUNET_free (ticket_str); - GNUNET_free (token_str); - json_decref (ticket_json); - json_decref (token_json); - GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource); - - GNUNET_JSONAPI_document_serialize (handle->resp_object, &result_str); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Result %s\n", result_str); - resp = GNUNET_REST_create_response (result_str); - handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); - GNUNET_free (result_str); - GNUNET_SCHEDULER_add_now (&do_cleanup_handle_delayed, handle); -} - - -/** - * Continueationf for token issue request - * - * @param con the Rest handle - * @param url the requested url - * @param cls the request handle - */ -static void -issue_token_cont (struct GNUNET_REST_RequestHandle *con, - const char *url, - void *cls) -{ - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; - const char *egoname; - - struct RequestHandle *handle = cls; - struct EgoEntry *ego_entry; - struct GNUNET_HashCode key; - struct MHD_Response *resp; - struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; - struct GNUNET_CRYPTO_EcdsaPublicKey aud_key; - struct GNUNET_TIME_Relative etime_rel; - struct GNUNET_TIME_Absolute exp_time; - char *ego_val; - char *audience; - char *exp_str; - char *nonce_str; - char *scopes; - char *vattrs; - uint64_t time; - uint64_t nonce; - - if (GNUNET_NO == GNUNET_REST_namespace_match (handle->url, - GNUNET_REST_API_NS_IDENTITY_TOKEN_ISSUE)) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "URL invalid: %s\n", handle->url); - resp = GNUNET_REST_create_response (NULL); - handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); - cleanup_handle (handle); - return; - } - egoname = NULL; - ego_entry = NULL; - GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_ISS_REQUEST, - strlen (GNUNET_REST_JSONAPI_IDENTITY_ISS_REQUEST), - &key); - if ( GNUNET_YES != - GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, - &key) ) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Issuer not found\n"); - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - ego_val = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, - &key); - if (NULL == ego_val) - { - GNUNET_SCHEDULER_add_now (&do_error, handle); - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Ego invalid: %s\n", - ego_val); - return; - } - for (ego_entry = handle->ego_head; - NULL != ego_entry; - ego_entry = ego_entry->next) - { - if (0 != strcmp (ego_val, ego_entry->identifier)) - continue; - egoname = ego_entry->identifier; - break; - } - if ( (NULL == egoname) || - (NULL == ego_entry) ) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Ego not found: %s\n", - ego_val); - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Ego to issue token for: %s\n", - egoname); - - - //Meta info - GNUNET_CRYPTO_hash (GNUNET_IDENTITY_TOKEN_ATTR_LIST, - strlen (GNUNET_IDENTITY_TOKEN_ATTR_LIST), - &key); - - scopes = NULL; - if ( GNUNET_YES != - GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, - &key) ) - { - handle->emsg = GNUNET_strdup ("Scopes missing!\n"); - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - scopes = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, - &key); - - //vattrs - GNUNET_CRYPTO_hash (GNUNET_IDENTITY_TOKEN_V_ATTR_LIST, - strlen (GNUNET_IDENTITY_TOKEN_V_ATTR_LIST), - &key); - - vattrs = NULL; - if ( GNUNET_YES == - GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, - &key) ) - { - vattrs = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, - &key); - } - - - - //Token audience - GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_AUD_REQUEST, - strlen (GNUNET_REST_JSONAPI_IDENTITY_AUD_REQUEST), - &key); - audience = NULL; - if ( GNUNET_YES != - GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, - &key) ) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Audience missing!\n"); - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - audience = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, - &key); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Audience to issue token for: %s\n", - audience); - - priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); - GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, - &pub_key); - GNUNET_STRINGS_string_to_data (audience, - strlen (audience), - &aud_key, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - - //Remote nonce - nonce_str = NULL; - GNUNET_CRYPTO_hash (GNUNET_IDENTITY_TOKEN_REQUEST_NONCE, - strlen (GNUNET_IDENTITY_TOKEN_REQUEST_NONCE), - &key); - if ( GNUNET_YES != - GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, - &key) ) - { - handle->emsg = GNUNET_strdup ("Request nonce missing!\n"); - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - nonce_str = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, - &key); - GNUNET_assert (NULL != nonce_str); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Request nonce: %s\n", - nonce_str); - GNUNET_assert (1 == sscanf (nonce_str, "%"SCNu64, &nonce)); - - //Get expiration for token from URL parameter - GNUNET_CRYPTO_hash (GNUNET_IDENTITY_TOKEN_EXP_STRING, - strlen (GNUNET_IDENTITY_TOKEN_EXP_STRING), - &key); - - exp_str = NULL; - if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, - &key)) - { - exp_str = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, - &key); - } - if (NULL == exp_str) { - handle->emsg = GNUNET_strdup ("No expiration given!\n"); - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - - if (GNUNET_OK != - GNUNET_STRINGS_fancy_time_to_relative (exp_str, - &etime_rel)) - { - handle->emsg = GNUNET_strdup ("Expiration invalid!\n"); - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - time = GNUNET_TIME_absolute_get().abs_value_us; - exp_time.abs_value_us = time + etime_rel.rel_value_us; - - handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg); - handle->idp_op = GNUNET_IDENTITY_PROVIDER_issue_token (handle->idp, - priv_key, - &aud_key, - scopes, - vattrs, - exp_time, - nonce, - &token_creat_cont, - handle); - -} - - -/** - * Build a GNUid token for identity - * - * @param cls the request handle - */ -static void -return_token_list (void *cls) -{ - char* result_str; - struct RequestHandle *handle = cls; - struct MHD_Response *resp; - - GNUNET_JSONAPI_document_serialize (handle->resp_object, &result_str); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Result %s\n", result_str); - resp = GNUNET_REST_create_response (result_str); - handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); - GNUNET_free (result_str); - cleanup_handle (handle); -} - - -static void -token_collect_error_cb (void *cls) -{ - struct RequestHandle *handle = cls; - - do_error (handle); -} - - -/** - * Collect all tokens for an ego - * - * TODO move this into the identity-provider service - * - */ -static void -token_collect (void *cls, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, - const char *label, - unsigned int rd_count, - const struct GNUNET_GNSRECORD_Data *rd); - - -static void -token_collect_finished_cb (void *cls) -{ - struct RequestHandle *handle = cls; - struct EgoEntry *ego_tmp; - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; - - ego_tmp = handle->ego_head; - GNUNET_CONTAINER_DLL_remove (handle->ego_head, - handle->ego_tail, - ego_tmp); - GNUNET_free (ego_tmp->identifier); - GNUNET_free (ego_tmp->keystring); - GNUNET_free (ego_tmp); - - if (NULL == handle->ego_head) - { - //Done - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding token END\n"); - handle->ns_it = NULL; - GNUNET_SCHEDULER_add_now (&return_token_list, handle); - return; - } - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Next ego: %s\n", - handle->ego_head->identifier); - priv_key = GNUNET_IDENTITY_ego_get_private_key (handle->ego_head->ego); - handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (handle->ns_handle, - priv_key, - &token_collect_error_cb, - handle, - &token_collect, - handle, - &token_collect_finished_cb, - handle); -} - - -/** - * Collect all tokens for an ego - * - * TODO move this into the identity-provider service - * - */ -static void -token_collect (void *cls, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, - const char *label, - unsigned int rd_count, - const struct GNUNET_GNSRECORD_Data *rd) -{ - struct RequestHandle *handle = cls; - int i; - char* data; - struct GNUNET_JSONAPI_Resource *json_resource; - json_t *issuer; - json_t *token; - - for (i = 0; i < rd_count; i++) - { - if (rd[i].record_type == GNUNET_GNSRECORD_TYPE_ID_TOKEN) - { - data = GNUNET_GNSRECORD_value_to_string (rd[i].record_type, - rd[i].data, - rd[i].data_size); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding token: %s\n", data); - json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_TOKEN, - label); - issuer = json_string (handle->ego_head->identifier); - GNUNET_JSONAPI_resource_add_attr (json_resource, - GNUNET_REST_JSONAPI_IDENTITY_ISS_REQUEST, - issuer); - json_decref (issuer); - token = json_string (data); - GNUNET_JSONAPI_resource_add_attr (json_resource, - GNUNET_REST_JSONAPI_IDENTITY_TOKEN, - token); - json_decref (token); - - GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource); - GNUNET_free (data); - } - } - - GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); -} - - - -/** - * Respond to OPTIONS request - * - * @param con_handle the connection handle - * @param url the url - * @param cls the RequestHandle - */ -static void -list_token_cont (struct GNUNET_REST_RequestHandle *con_handle, - const char* url, - void *cls) -{ - char* ego_val; - struct GNUNET_HashCode key; - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; - struct RequestHandle *handle = cls; - struct EgoEntry *ego_entry; - struct EgoEntry *ego_tmp; - - GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_ISS_REQUEST, - strlen (GNUNET_REST_JSONAPI_IDENTITY_ISS_REQUEST), - &key); - - if ( GNUNET_YES != - GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, - &key) ) - { - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "No issuer given.\n"); - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - ego_val = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, - &key); - GNUNET_assert (NULL != ego_val); - //Remove non-matching egos - for (ego_entry = handle->ego_head; - NULL != ego_entry;) - { - ego_tmp = ego_entry; - ego_entry = ego_entry->next; - if (0 != strcmp (ego_val, ego_tmp->identifier)) - { - GNUNET_CONTAINER_DLL_remove (handle->ego_head, - handle->ego_tail, - ego_tmp); - GNUNET_free (ego_tmp->identifier); - GNUNET_free (ego_tmp->keystring); - GNUNET_free (ego_tmp); - } - } - handle->resp_object = GNUNET_JSONAPI_document_new (); - if (NULL == handle->ego_head) - { - //Done - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "No results.\n"); - GNUNET_SCHEDULER_add_now (&return_token_list, handle); - return; - } - priv_key = GNUNET_IDENTITY_ego_get_private_key (handle->ego_head->ego); - handle->ns_handle = GNUNET_NAMESTORE_connect (cfg); - handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (handle->ns_handle, - priv_key, - &token_collect_error_cb, - handle, - &token_collect, - handle, - &token_collect_finished_cb, - handle); - -} - -/** - * Return token to requestor - * - * @param cls request handle - * @param token the token - */ -static void -exchange_cont (void *cls, - const struct GNUNET_IDENTITY_PROVIDER_Token *token, - uint64_t ticket_nonce) -{ - json_t *root; - struct RequestHandle *handle = cls; - struct MHD_Response *resp; - struct GNUNET_HashCode key; - char* result; - char* token_str; - char* nonce_str; - uint64_t expected_nonce; - - //Get nonce - GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_EXPECTED_NONCE, - strlen (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_EXPECTED_NONCE), - &key); - - if ( GNUNET_NO == - GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, - &key) ) - { - handle->emsg = GNUNET_strdup ("No nonce given."); - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - nonce_str = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, - &key); - GNUNET_assert (NULL != nonce_str); - GNUNET_assert (1 == sscanf (nonce_str, "%"SCNu64, &expected_nonce)); - - if (ticket_nonce != expected_nonce) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Ticket nonce %"SCNu64" does not match expected nonce %"SCNu64"\n", - ticket_nonce, expected_nonce); - handle->emsg = GNUNET_strdup ("Ticket nonce does not match expected nonce\n"); - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - - root = json_object (); - token_str = GNUNET_IDENTITY_PROVIDER_token_to_string (token); - json_object_set_new (root, "token", json_string (token_str)); - json_object_set_new (root, "token_type", json_string ("jwt")); - GNUNET_free (token_str); - - result = json_dumps (root, JSON_INDENT(1)); - resp = GNUNET_REST_create_response (result); - GNUNET_free (result); - handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); - cleanup_handle (handle); - json_decref (root); -} - - -/** - * - * Callback called when identity for token exchange has been found - * - * @param cls request handle - * @param ego the identity to use as issuer - * @param ctx user context - * @param name identity name - * - */ -static void -exchange_token_ticket_cb (void *cls, - struct GNUNET_IDENTITY_Ego *ego, - void **ctx, - const char *name) -{ - struct RequestHandle *handle = cls; - struct GNUNET_HashCode key; - struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket; - char* ticket_str; - - handle->op = NULL; - - if (NULL == ego) - { - handle->emsg = GNUNET_strdup ("No identity found."); - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - - //Get ticket - GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET, - strlen (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET), - &key); - - if ( GNUNET_NO == - GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, - &key) ) - { - handle->emsg = GNUNET_strdup ("No ticket given."); - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - ticket_str = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, - &key); - handle->priv_key = GNUNET_IDENTITY_ego_get_private_key (ego); - GNUNET_IDENTITY_PROVIDER_string_to_ticket (ticket_str, - &ticket); - - handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg); - handle->idp_op = GNUNET_IDENTITY_PROVIDER_exchange_ticket (handle->idp, - ticket, - handle->priv_key, - &exchange_cont, - handle); - GNUNET_IDENTITY_PROVIDER_ticket_destroy (ticket); - -} - - - -/** - * Respond to issue request - * - * @param con_handle the connection handle - * @param url the url - * @param cls the RequestHandle - */ -static void -exchange_token_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle, - const char* url, - void *cls) -{ - struct RequestHandle *handle = cls; - - //Get token from GNS - handle->op = GNUNET_IDENTITY_get (handle->identity_handle, - "gns-master", - &exchange_token_ticket_cb, - handle); -} - -/** - * Respond to OPTIONS request - * - * @param con_handle the connection handle - * @param url the url - * @param cls the RequestHandle - */ -static void -options_cont (struct GNUNET_REST_RequestHandle *con_handle, - const char* url, - void *cls) -{ - struct MHD_Response *resp; - struct RequestHandle *handle = cls; - - //For now, independent of path return all options - resp = GNUNET_REST_create_response (NULL); - MHD_add_response_header (resp, - "Access-Control-Allow-Methods", - allow_methods); - handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); - cleanup_handle (handle); - return; -} - -/** - * Handle rest request - * - * @param handle the request handle - */ -static void -init_cont (struct RequestHandle *handle) -{ - struct GNUNET_REST_RequestHandlerError err; - static const struct GNUNET_REST_RequestHandler handlers[] = { - {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TOKEN_ISSUE, &issue_token_cont}, - //{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_TOKEN_CHECK, &check_token_cont}, - {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_PROVIDER, &list_token_cont}, - {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_PROVIDER, &options_cont}, - {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_OAUTH2_TOKEN, &exchange_token_ticket_cont}, - GNUNET_REST_HANDLER_END - }; - - if (GNUNET_NO == GNUNET_REST_handle_request (handle->conndata_handle, - handlers, - &err, - handle)) - { - handle->response_code = err.error_code; - GNUNET_SCHEDULER_add_now (&do_error, handle); - } -} - -/** - * If listing is enabled, prints information about the egos. - * - * This function is initially called for all egos and then again - * whenever a ego's identifier changes or if it is deleted. At the - * end of the initial pass over all egos, the function is once called - * with 'NULL' for 'ego'. That does NOT mean that the callback won't - * be invoked in the future or that there was an error. - * - * When used with 'GNUNET_IDENTITY_create' or 'GNUNET_IDENTITY_get', - * this function is only called ONCE, and 'NULL' being passed in - * 'ego' does indicate an error (i.e. name is taken or no default - * value is known). If 'ego' is non-NULL and if '*ctx' - * is set in those callbacks, the value WILL be passed to a subsequent - * call to the identity callback of 'GNUNET_IDENTITY_connect' (if - * that one was not NULL). - * - * When an identity is renamed, this function is called with the - * (known) ego but the NEW identifier. - * - * When an identity is deleted, this function is called with the - * (known) ego and "NULL" for the 'identifier'. In this case, - * the 'ego' is henceforth invalid (and the 'ctx' should also be - * cleaned up). - * - * @param cls closure - * @param ego ego handle - * @param ctx context for application to store data for this ego - * (during the lifetime of this process, initially NULL) - * @param identifier identifier assigned by the user for this ego, - * NULL if the user just deleted the ego and it - * must thus no longer be used - */ -static void -list_ego (void *cls, - struct GNUNET_IDENTITY_Ego *ego, - void **ctx, - const char *identifier) -{ - struct RequestHandle *handle = cls; - struct EgoEntry *ego_entry; - struct GNUNET_CRYPTO_EcdsaPublicKey pk; - - if ((NULL == ego) && (ID_REST_STATE_INIT == handle->state)) - { - handle->state = ID_REST_STATE_POST_INIT; - init_cont (handle); - return; - } - if (ID_REST_STATE_INIT == handle->state) { - ego_entry = GNUNET_new (struct EgoEntry); - GNUNET_IDENTITY_ego_get_public_key (ego, &pk); - ego_entry->keystring = - GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk); - ego_entry->ego = ego; - ego_entry->identifier = GNUNET_strdup (identifier); - GNUNET_CONTAINER_DLL_insert_tail(handle->ego_head,handle->ego_tail, ego_entry); - } - -} - -/** - * Function processing the REST call - * - * @param method HTTP method - * @param url URL of the HTTP request - * @param data body of the HTTP request (optional) - * @param data_size length of the body - * @param proc callback function for the result - * @param proc_cls closure for callback function - * @return GNUNET_OK if request accepted - */ -static void -rest_identity_process_request(struct GNUNET_REST_RequestHandle *conndata_handle, - GNUNET_REST_ResultProcessor proc, - void *proc_cls) -{ - struct RequestHandle *handle = GNUNET_new (struct RequestHandle); - - handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; - handle->proc_cls = proc_cls; - handle->proc = proc; - handle->state = ID_REST_STATE_INIT; - handle->conndata_handle = conndata_handle; - - - handle->url = GNUNET_strdup (conndata_handle->url); - if (handle->url[strlen (handle->url)-1] == '/') - handle->url[strlen (handle->url)-1] = '\0'; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Connecting...\n"); - handle->identity_handle = GNUNET_IDENTITY_connect (cfg, - &list_ego, - handle); - handle->timeout_task = - GNUNET_SCHEDULER_add_delayed (handle->timeout, - &do_timeout, - handle); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Connected\n"); -} - -/** - * Entry point for the plugin. - * - * @param cls Config info - * @return NULL on error, otherwise the plugin context - */ -void * -libgnunet_plugin_rest_identity_provider_init (void *cls) -{ - static struct Plugin plugin; - struct GNUNET_REST_Plugin *api; - - cfg = cls; - if (NULL != plugin.cfg) - return NULL; /* can only initialize once! */ - memset (&plugin, 0, sizeof (struct Plugin)); - plugin.cfg = cfg; - api = GNUNET_new (struct GNUNET_REST_Plugin); - api->cls = &plugin; - api->name = GNUNET_REST_API_NS_IDENTITY_PROVIDER; - api->process_request = &rest_identity_process_request; - GNUNET_asprintf (&allow_methods, - "%s, %s, %s, %s, %s", - MHD_HTTP_METHOD_GET, - MHD_HTTP_METHOD_POST, - MHD_HTTP_METHOD_PUT, - MHD_HTTP_METHOD_DELETE, - MHD_HTTP_METHOD_OPTIONS); - - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - _("Identity Token REST API initialized\n")); - return api; -} - - -/** - * Exit point from the plugin. - * - * @param cls the plugin context (as returned by "init") - * @return always NULL - */ -void * -libgnunet_plugin_rest_identity_provider_done (void *cls) -{ - struct GNUNET_REST_Plugin *api = cls; - struct Plugin *plugin = api->cls; - - plugin->cfg = NULL; - GNUNET_free_non_null (allow_methods); - GNUNET_free (api); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Identity Token REST plugin is finished\n"); - return NULL; -} - -/* end of plugin_rest_gns.c */ diff --git a/src/include/gnunet_identity_provider_plugin.h b/src/include/gnunet_identity_provider_plugin.h index 9e779bde7..27d7eb44f 100644 --- a/src/include/gnunet_identity_provider_plugin.h +++ b/src/include/gnunet_identity_provider_plugin.h @@ -50,7 +50,7 @@ extern "C" * @param ticket the ticket */ typedef void (*GNUNET_IDENTITY_PROVIDER_TicketIterator) (void *cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket); + const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket); /** @@ -72,7 +72,7 @@ struct GNUNET_IDENTITY_PROVIDER_PluginFunctions * @return #GNUNET_OK on success, else #GNUNET_SYSERR */ int (*store_ticket) (void *cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket); + const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket); /** * Delete a ticket from the database. @@ -82,7 +82,7 @@ struct GNUNET_IDENTITY_PROVIDER_PluginFunctions * @return #GNUNET_OK on success, else #GNUNET_SYSERR */ int (*delete_ticket) (void *cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket); + const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket); diff --git a/src/include/gnunet_identity_provider_service.h b/src/include/gnunet_identity_provider_service.h index 198e2f918..fb5131567 100644 --- a/src/include/gnunet_identity_provider_service.h +++ b/src/include/gnunet_identity_provider_service.h @@ -56,15 +56,10 @@ struct GNUNET_IDENTITY_PROVIDER_Handle; */ struct GNUNET_IDENTITY_PROVIDER_Token; -/** - * Handle for a ticket DEPRECATED - */ -struct GNUNET_IDENTITY_PROVIDER_Ticket; - /** * The ticket */ -struct GNUNET_IDENTITY_PROVIDER_Ticket2 +struct GNUNET_IDENTITY_PROVIDER_Ticket { /** * The ticket issuer @@ -169,38 +164,6 @@ struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry struct GNUNET_IDENTITY_PROVIDER_Attribute *attribute; }; -/** - * Method called when a token has been exchanged for a ticket. - * On success returns a token - * - * @param cls closure - * @param token the token - */ -typedef void -(*GNUNET_IDENTITY_PROVIDER_ExchangeCallback)(void *cls, - const struct GNUNET_IDENTITY_PROVIDER_Token *token, - uint64_t ticket_nonce); - -/** TODO DEPRECATED - * Method called when a token has been issued. - * On success returns a ticket that can be given to the audience to retrive the - * token - * - * @param cls closure - * @param grant the label in GNS pointing to the token - * @param ticket the ticket - * @param token the issued token - * @param name name assigned by the user for this ego, - * NULL if the user just deleted the ego and it - * must thus no longer be used - */ -typedef void -(*GNUNET_IDENTITY_PROVIDER_IssueCallback)(void *cls, - const char *grant, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - const struct GNUNET_IDENTITY_PROVIDER_Token *token); - - /** * Connect to the identity provider service. * @@ -340,7 +303,7 @@ GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_At */ typedef void (*GNUNET_IDENTITY_PROVIDER_TicketCallback)(void *cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket); + const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket); /** * Issues a ticket to another identity. The identity may use @@ -397,7 +360,7 @@ GNUNET_IDENTITY_PROVIDER_idp_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Hand struct GNUNET_IDENTITY_PROVIDER_Operation * GNUNET_IDENTITY_PROVIDER_rp_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *id, const struct GNUNET_CRYPTO_EcdsaPrivateKey * identity, - const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket, + const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, GNUNET_IDENTITY_PROVIDER_AttributeResult cb, void *cb_cls); @@ -474,50 +437,6 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_next (struct GNUNET_IDENTITY_PROVIDER_ void GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it); -/** TODO remove DEPRECATED - * Issue a token for a specific audience. - * - * @param id identity provider service to use - * @param iss issuer (identity) - * @param aud audience (identity) - * @param scope the identity attributes requested, comman separated - * @param expiration the token expiration - * @param nonce the nonce that will be included in token and ticket - * @param cb callback to call with result - * @param cb_cls closure - * @return handle to abort the operation - */ -struct GNUNET_IDENTITY_PROVIDER_Operation * -GNUNET_IDENTITY_PROVIDER_issue_token (struct GNUNET_IDENTITY_PROVIDER_Handle *id, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss_key, - const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, - const char* scope, - const char* vattr, - struct GNUNET_TIME_Absolute expiration, - uint64_t nonce, - GNUNET_IDENTITY_PROVIDER_IssueCallback cb, - void *cb_cls); - - -/** TODO remove DEPRECATED - * Exchange a ticket for a token. Intended to be used by audience that - * received a ticket. - * - * @param id identity provider service to use - * @param ticket the ticket to exchange - * @param aud_privkey the audience of the ticket - * @param cont function to call once the operation finished - * @param cont_cls closure for @a cont - * @return handle to abort the operation - */ -struct GNUNET_IDENTITY_PROVIDER_Operation * -GNUNET_IDENTITY_PROVIDER_exchange_ticket (struct GNUNET_IDENTITY_PROVIDER_Handle *id, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *aud_privkey, - GNUNET_IDENTITY_PROVIDER_ExchangeCallback cont, - void *cont_cls); - - /** * Disconnect from identity provider service. * @@ -538,56 +457,6 @@ GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h); void GNUNET_IDENTITY_PROVIDER_cancel (struct GNUNET_IDENTITY_PROVIDER_Operation *op); - -/** - * Convenience API - */ - -/** - * Destroy token - * - * @param token the token - */ -void -GNUNET_IDENTITY_PROVIDER_token_destroy(struct GNUNET_IDENTITY_PROVIDER_Token *token); - -/** - * Returns string representation of token. A JSON-Web-Token. - * - * @param token the token - * @return The JWT (must be freed) - */ -char * -GNUNET_IDENTITY_PROVIDER_token_to_string (const struct GNUNET_IDENTITY_PROVIDER_Token *token); - -/** - * Returns string representation of ticket. Base64-Encoded - * - * @param ticket the ticket - * @return the Base64-Encoded ticket - */ -char * -GNUNET_IDENTITY_PROVIDER_ticket_to_string (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket); - -/** - * Created a ticket from a string (Base64 encoded ticket) - * - * @param input Base64 encoded ticket - * @param ticket pointer where the ticket is stored - * @return GNUNET_OK - */ -int -GNUNET_IDENTITY_PROVIDER_string_to_ticket (const char* input, - struct GNUNET_IDENTITY_PROVIDER_Ticket **ticket); - -/** - * Destroys a ticket - * - * @param ticket the ticket to destroy - */ -void -GNUNET_IDENTITY_PROVIDER_ticket_destroy(struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket); - #if 0 /* keep Emacsens' auto-indent happy */ { #endif -- cgit v1.2.3 From 371458b9ed084c6d510a03c9ea27cb8162f0e87a Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Fri, 6 Oct 2017 16:55:48 +0200 Subject: -revise API naming; cleanups --- src/identity-provider/gnunet-idp.c | 22 ++++++------ src/identity-provider/identity_provider_api.c | 32 ++++++++--------- src/include/gnunet_identity_provider_service.h | 50 +++++++++++++------------- src/include/gnunet_protocols.h | 34 +++++++----------- 4 files changed, 65 insertions(+), 73 deletions(-) diff --git a/src/identity-provider/gnunet-idp.c b/src/identity-provider/gnunet-idp.c index bc30a1148..d6544eb3b 100644 --- a/src/identity-provider/gnunet-idp.c +++ b/src/identity-provider/gnunet-idp.c @@ -193,20 +193,20 @@ iter_finished (void *cls) } if (issue_attrs) { - idp_op = GNUNET_IDENTITY_PROVIDER_idp_ticket_issue (idp_handle, - pkey, - &rp_key, - attr_list, - &ticket_issue_cb, - NULL); + idp_op = GNUNET_IDENTITY_PROVIDER_ticket_issue (idp_handle, + pkey, + &rp_key, + attr_list, + &ticket_issue_cb, + NULL); return; } if (consume_ticket) { - idp_op = GNUNET_IDENTITY_PROVIDER_rp_ticket_consume (idp_handle, - pkey, - &ticket, - &process_attrs, - NULL); + idp_op = GNUNET_IDENTITY_PROVIDER_ticket_consume (idp_handle, + pkey, + &ticket, + &process_attrs, + NULL); return; } attr = GNUNET_IDENTITY_PROVIDER_attribute_new (attr_name, diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c index d623eaf3b..33468cc13 100644 --- a/src/identity-provider/identity_provider_api.c +++ b/src/identity-provider/identity_provider_api.c @@ -1027,12 +1027,12 @@ GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_At * @return handle to abort the operation */ struct GNUNET_IDENTITY_PROVIDER_Operation * -GNUNET_IDENTITY_PROVIDER_idp_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss, - const struct GNUNET_CRYPTO_EcdsaPublicKey *rp, - const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs, - GNUNET_IDENTITY_PROVIDER_TicketCallback cb, - void *cb_cls) +GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss, + const struct GNUNET_CRYPTO_EcdsaPublicKey *rp, + const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs, + GNUNET_IDENTITY_PROVIDER_TicketCallback cb, + void *cb_cls) { struct GNUNET_IDENTITY_PROVIDER_Operation *op; struct TicketIssueMessage *tim; @@ -1076,8 +1076,8 @@ GNUNET_IDENTITY_PROVIDER_idp_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handl * @return handle to abort the operation */ struct GNUNET_IDENTITY_PROVIDER_Operation * -GNUNET_IDENTITY_PROVIDER_rp_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *h, - const struct GNUNET_CRYPTO_EcdsaPrivateKey * identity, +GNUNET_IDENTITY_PROVIDER_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *h, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, GNUNET_IDENTITY_PROVIDER_AttributeResult cb, void *cb_cls) @@ -1129,14 +1129,14 @@ GNUNET_IDENTITY_PROVIDER_rp_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Hand * @return an iterator handle to use for iteration */ struct GNUNET_IDENTITY_PROVIDER_TicketIterator * -GNUNET_IDENTITY_PROVIDER_idp_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, - GNUNET_SCHEDULER_TaskCallback error_cb, - void *error_cb_cls, - GNUNET_IDENTITY_PROVIDER_TicketCallback proc, - void *proc_cls, - GNUNET_SCHEDULER_TaskCallback finish_cb, - void *finish_cb_cls) +GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, + GNUNET_SCHEDULER_TaskCallback error_cb, + void *error_cb_cls, + GNUNET_IDENTITY_PROVIDER_TicketCallback proc, + void *proc_cls, + GNUNET_SCHEDULER_TaskCallback finish_cb, + void *finish_cb_cls) { struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it; struct GNUNET_CRYPTO_EcdsaPublicKey identity_pub; diff --git a/src/include/gnunet_identity_provider_service.h b/src/include/gnunet_identity_provider_service.h index fb5131567..d1b437128 100644 --- a/src/include/gnunet_identity_provider_service.h +++ b/src/include/gnunet_identity_provider_service.h @@ -319,12 +319,12 @@ typedef void * @return handle to abort the operation */ struct GNUNET_IDENTITY_PROVIDER_Operation * -GNUNET_IDENTITY_PROVIDER_idp_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *id, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss, - const struct GNUNET_CRYPTO_EcdsaPublicKey *rp, - const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs, - GNUNET_IDENTITY_PROVIDER_TicketCallback cb, - void *cb_cls); +GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *id, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss, + const struct GNUNET_CRYPTO_EcdsaPublicKey *rp, + const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs, + GNUNET_IDENTITY_PROVIDER_TicketCallback cb, + void *cb_cls); /** TODO * Revoked an issued ticket. The relying party will be unable to retrieve @@ -338,11 +338,11 @@ GNUNET_IDENTITY_PROVIDER_idp_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handl * @return handle to abort the operation */ struct GNUNET_IDENTITY_PROVIDER_Operation * -GNUNET_IDENTITY_PROVIDER_idp_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle *id, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cb, - void *cb_cls); +GNUNET_IDENTITY_PROVIDER_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle *id, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, + const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, + GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cb, + void *cb_cls); @@ -351,18 +351,18 @@ GNUNET_IDENTITY_PROVIDER_idp_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Hand * and used to retrieve identity information from the issuer * * @param id the identity provider to use - * @param identity the identity that is the subject of the issued ticket (the relying party) + * @param identity the identity that is the subject of the issued ticket (the audience) * @param ticket the issued ticket to consume * @param cb the callback to call * @param cb_cls the callback closure * @return handle to abort the operation */ struct GNUNET_IDENTITY_PROVIDER_Operation * -GNUNET_IDENTITY_PROVIDER_rp_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *id, - const struct GNUNET_CRYPTO_EcdsaPrivateKey * identity, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - GNUNET_IDENTITY_PROVIDER_AttributeResult cb, - void *cb_cls); +GNUNET_IDENTITY_PROVIDER_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *id, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, + const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, + GNUNET_IDENTITY_PROVIDER_AttributeResult cb, + void *cb_cls); /** * Lists all tickets that have been issued to remote @@ -382,14 +382,14 @@ GNUNET_IDENTITY_PROVIDER_rp_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Hand * @return an iterator handle to use for iteration */ struct GNUNET_IDENTITY_PROVIDER_TicketIterator * -GNUNET_IDENTITY_PROVIDER_idp_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, - GNUNET_SCHEDULER_TaskCallback error_cb, - void *error_cb_cls, - GNUNET_IDENTITY_PROVIDER_TicketCallback proc, - void *proc_cls, - GNUNET_SCHEDULER_TaskCallback finish_cb, - void *finish_cb_cls); +GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, + GNUNET_SCHEDULER_TaskCallback error_cb, + void *error_cb_cls, + GNUNET_IDENTITY_PROVIDER_TicketCallback proc, + void *proc_cls, + GNUNET_SCHEDULER_TaskCallback finish_cb, + void *finish_cb_cls); /** * Lists all tickets that have been issued to remote diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h index b22e1b417..dd806fcac 100644 --- a/src/include/gnunet_protocols.h +++ b/src/include/gnunet_protocols.h @@ -2620,39 +2620,31 @@ extern "C" * * IDENTITY PROVIDER MESSAGE TYPES */ -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE 961 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE 961 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_EXCHANGE 962 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE 962 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_RESULT 963 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_START 963 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_EXCHANGE_RESULT 964 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP 964 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE 965 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_NEXT 965 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE 966 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT 966 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_START 967 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ISSUE 967 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP 968 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT 968 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_NEXT 969 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET 969 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT 970 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT 970 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ISSUE 971 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START 971 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT 972 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP 972 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET 973 - -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT 974 - -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START 975 - -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP 976 - -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT 977 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT 973 /************************************************** * -- cgit v1.2.3 From 8b22f677adfde6212410c5abb2aff27988cc997c Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Fri, 6 Oct 2017 19:31:46 +0200 Subject: -readd new rest plugin --- src/identity-provider/Makefile.am | 16 +- .../plugin_rest_identity_provider.c | 632 +++++++++++++++++++++ src/identity-provider/test_idp.conf | 2 + src/identity-provider/test_idp_issue.sh | 2 + 4 files changed, 651 insertions(+), 1 deletion(-) create mode 100644 src/identity-provider/plugin_rest_identity_provider.c diff --git a/src/identity-provider/Makefile.am b/src/identity-provider/Makefile.am index 0aabc2143..64a54457d 100644 --- a/src/identity-provider/Makefile.am +++ b/src/identity-provider/Makefile.am @@ -26,7 +26,8 @@ pkgcfg_DATA = \ lib_LTLIBRARIES = \ libgnunetidentityprovider.la plugin_LTLIBRARIES = \ - libgnunet_plugin_gnsrecord_identity_provider.la \ + libgnunet_plugin_rest_identity_provider.la \ + libgnunet_plugin_gnsrecord_identity_provider.la \ $(SQLITE_PLUGIN) bin_PROGRAMS = \ @@ -82,6 +83,19 @@ libgnunetidentityprovider_la_LDFLAGS = \ $(GN_LIB_LDFLAGS) $(WINFLAGS) \ -version-info 0:0:0 +libgnunet_plugin_rest_identity_provider_la_SOURCES = \ + plugin_rest_identity_provider.c +libgnunet_plugin_rest_identity_provider_la_LIBADD = \ + $(top_builddir)/src/identity/libgnunetidentity.la \ + libgnunetidentityprovider.la \ + $(top_builddir)/src/rest/libgnunetrest.la \ + $(top_builddir)/src/jsonapi/libgnunetjsonapi.la \ + $(top_builddir)/src/namestore/libgnunetnamestore.la \ + $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \ + $(LTLIBINTL) -ljansson -lmicrohttpd +libgnunet_plugin_rest_identity_provider_la_LDFLAGS = \ + $(GN_PLUGIN_LDFLAGS) + gnunet_idp_SOURCES = \ gnunet-idp.c gnunet_idp_LDADD = \ diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c new file mode 100644 index 000000000..b8fb3d1cb --- /dev/null +++ b/src/identity-provider/plugin_rest_identity_provider.c @@ -0,0 +1,632 @@ +/* + This file is part of GNUnet. + Copyright (C) 2012-2015 GNUnet e.V. + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. + */ +/** + * @author Martin Schanzenbach + * @file identity/plugin_rest_identity.c + * @brief GNUnet Namestore REST plugin + * + */ + +#include "platform.h" +#include "gnunet_rest_plugin.h" +#include "gnunet_identity_service.h" +#include "gnunet_gns_service.h" +#include "gnunet_gnsrecord_lib.h" +#include "gnunet_namestore_service.h" +#include "gnunet_rest_lib.h" +#include "gnunet_jsonapi_lib.h" +#include "gnunet_jsonapi_util.h" +#include "microhttpd.h" +#include +#include +#include "gnunet_signatures.h" +#include "gnunet_identity_provider_service.h" + +/** + * REST root namespace + */ +#define GNUNET_REST_API_NS_IDENTITY_PROVIDER "/idp" + +/** + * Attribute namespace + */ +#define GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES "/idp/attributes" + +/** + * Attribute key + */ +#define GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE "attribute" + +/** + * Value key + */ +#define GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE_VALUE "value" + +/** + * State while collecting all egos + */ +#define ID_REST_STATE_INIT 0 + +/** + * Done collecting egos + */ +#define ID_REST_STATE_POST_INIT 1 + + +/** + * The configuration handle + */ +const struct GNUNET_CONFIGURATION_Handle *cfg; + +/** + * HTTP methods allows for this plugin + */ +static char* allow_methods; + +/** + * @brief struct returned by the initialization function of the plugin + */ +struct Plugin +{ + const struct GNUNET_CONFIGURATION_Handle *cfg; +}; + +/** + * The ego list + */ +struct EgoEntry +{ + /** + * DLL + */ + struct EgoEntry *next; + + /** + * DLL + */ + struct EgoEntry *prev; + + /** + * Ego Identifier + */ + char *identifier; + + /** + * Public key string + */ + char *keystring; + + /** + * The Ego + */ + struct GNUNET_IDENTITY_Ego *ego; +}; + + +struct RequestHandle +{ + /** + * Ego list + */ + struct EgoEntry *ego_head; + + /** + * Ego list + */ + struct EgoEntry *ego_tail; + + /** + * Selected ego + */ + struct EgoEntry *ego_entry; + + /** + * Ptr to current ego private key + */ + const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; + + /** + * Handle to the rest connection + */ + struct GNUNET_REST_RequestHandle *conndata_handle; + + /** + * The processing state + */ + int state; + + /** + * Handle to Identity service. + */ + struct GNUNET_IDENTITY_Handle *identity_handle; + + /** + * IDENTITY Operation + */ + struct GNUNET_IDENTITY_Operation *op; + + /** + * Identity Provider + */ + struct GNUNET_IDENTITY_PROVIDER_Handle *idp; + + /** + * Idp Operation + */ + struct GNUNET_IDENTITY_PROVIDER_Operation *idp_op; + + /** + * Attribute iterator + */ + struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *attr_it; + + /** + * Desired timeout for the lookup (default is no timeout). + */ + struct GNUNET_TIME_Relative timeout; + + /** + * ID of a task associated with the resolution process. + */ + struct GNUNET_SCHEDULER_Task *timeout_task; + + /** + * The plugin result processor + */ + GNUNET_REST_ResultProcessor proc; + + /** + * The closure of the result processor + */ + void *proc_cls; + + /** + * The url + */ + char *url; + + /** + * Error response message + */ + char *emsg; + + /** + * Reponse code + */ + int response_code; + + /** + * Response object + */ + struct GNUNET_JSONAPI_Document *resp_object; + + /** + * Resource object + */ + struct GNUNET_JSONAPI_Resource *json_resource; + +}; + + + +/** + * Cleanup lookup handle + * @param handle Handle to clean up + */ +static void +cleanup_handle (struct RequestHandle *handle) +{ + struct EgoEntry *ego_entry; + struct EgoEntry *ego_tmp; + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Cleaning up\n"); + if (NULL != handle->resp_object) + GNUNET_JSONAPI_document_delete (handle->resp_object); + if (NULL != handle->timeout_task) + GNUNET_SCHEDULER_cancel (handle->timeout_task); + if (NULL != handle->identity_handle) + GNUNET_IDENTITY_disconnect (handle->identity_handle); + if (NULL != handle->idp) + GNUNET_IDENTITY_PROVIDER_disconnect (handle->idp); + if (NULL != handle->attr_it) + GNUNET_IDENTITY_PROVIDER_get_attributes_stop (handle->attr_it); + if (NULL != handle->url) + GNUNET_free (handle->url); + if (NULL != handle->emsg) + GNUNET_free (handle->emsg); + for (ego_entry = handle->ego_head; + NULL != ego_entry;) + { + ego_tmp = ego_entry; + ego_entry = ego_entry->next; + GNUNET_free (ego_tmp->identifier); + GNUNET_free (ego_tmp->keystring); + GNUNET_free (ego_tmp); + } + GNUNET_free (handle); +} + +/** + * Task run on error, sends error message. Cleans up everything. + * + * @param cls the `struct RequestHandle` + */ +static void +do_error (void *cls) +{ + struct RequestHandle *handle = cls; + struct MHD_Response *resp; + char *json_error; + + GNUNET_asprintf (&json_error, + "{Error while processing request: %s}", + handle->emsg); + resp = GNUNET_REST_create_response (json_error); + handle->proc (handle->proc_cls, resp, handle->response_code); + cleanup_handle (handle); + GNUNET_free (json_error); +} + +/** + * Task run on timeout, sends error message. Cleans up everything. + * + * @param cls the `struct RequestHandle` + */ +static void +do_timeout (void *cls) +{ + struct RequestHandle *handle = cls; + + handle->timeout_task = NULL; + do_error (handle); +} + + +static void +attr_collect_error_cb (void *cls) +{ + struct RequestHandle *handle = cls; + + do_error (handle); +} + +/** + * Return attributes for identity + * + * @param cls the request handle + */ +static void +return_attr_list (void *cls) +{ + char* result_str; + struct RequestHandle *handle = cls; + struct MHD_Response *resp; + + GNUNET_JSONAPI_document_serialize (handle->resp_object, &result_str); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Result %s\n", result_str); + resp = GNUNET_REST_create_response (result_str); + handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); + GNUNET_free (result_str); + cleanup_handle (handle); +} + + +static void +attr_collect_finished_cb (void *cls) +{ + struct RequestHandle *handle = cls; + //Done + handle->attr_it = NULL; + GNUNET_SCHEDULER_add_now (&return_attr_list, handle); +} + +/** + * Collect all attributes for an ego + * + */ +static void +attr_collect (void *cls, + const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, + const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr) +{ + struct RequestHandle *handle = cls; + json_t *value; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute: %s\n", + attr->name); + value = json_string (attr->data); + GNUNET_JSONAPI_resource_add_attr (handle->json_resource, + attr->name, + value); + json_decref (value); + GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it); +} + + + +/** + * List attributes for identity request + * + * @param con_handle the connection handle + * @param url the url + * @param cls the RequestHandle + */ +static void +list_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle, + const char* url, + void *cls) +{ + const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; + struct RequestHandle *handle = cls; + struct EgoEntry *ego_entry; + char *identity; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Getting attributes for %s.\n", + handle->url); + if ( strlen (GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES) >= + strlen (handle->url)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No identity given.\n"); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + identity = handle->url + strlen (GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES) + 1; + + for (ego_entry = handle->ego_head; + NULL != ego_entry; + ego_entry = ego_entry->next) + if (0 == strcmp (identity, ego_entry->identifier)) + break; + handle->resp_object = GNUNET_JSONAPI_document_new (); + + handle->json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE, + identity); + GNUNET_JSONAPI_document_resource_add (handle->resp_object, handle->json_resource); + + if (NULL == ego_entry) + { + //Done + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Ego %s not found.\n", + identity); + GNUNET_SCHEDULER_add_now (&return_attr_list, handle); + return; + } + priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); + handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg); + handle->attr_it = GNUNET_IDENTITY_PROVIDER_get_attributes_start (handle->idp, + priv_key, + &attr_collect_error_cb, + handle, + &attr_collect, + handle, + &attr_collect_finished_cb, + handle); +} + + +/** + * Respond to OPTIONS request + * + * @param con_handle the connection handle + * @param url the url + * @param cls the RequestHandle + */ +static void +options_cont (struct GNUNET_REST_RequestHandle *con_handle, + const char* url, + void *cls) +{ + struct MHD_Response *resp; + struct RequestHandle *handle = cls; + + //For now, independent of path return all options + resp = GNUNET_REST_create_response (NULL); + MHD_add_response_header (resp, + "Access-Control-Allow-Methods", + allow_methods); + handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); + cleanup_handle (handle); + return; +} + +/** + * Handle rest request + * + * @param handle the request handle + */ +static void +init_cont (struct RequestHandle *handle) +{ + struct GNUNET_REST_RequestHandlerError err; + static const struct GNUNET_REST_RequestHandler handlers[] = { + {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES, &list_attribute_cont}, + {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_PROVIDER, + &options_cont}, + GNUNET_REST_HANDLER_END + }; + + if (GNUNET_NO == GNUNET_REST_handle_request (handle->conndata_handle, + handlers, + &err, + handle)) + { + handle->response_code = err.error_code; + GNUNET_SCHEDULER_add_now (&do_error, handle); + } +} + +/** + * If listing is enabled, prints information about the egos. + * + * This function is initially called for all egos and then again + * whenever a ego's identifier changes or if it is deleted. At the + * end of the initial pass over all egos, the function is once called + * with 'NULL' for 'ego'. That does NOT mean that the callback won't + * be invoked in the future or that there was an error. + * + * When used with 'GNUNET_IDENTITY_create' or 'GNUNET_IDENTITY_get', + * this function is only called ONCE, and 'NULL' being passed in + * 'ego' does indicate an error (i.e. name is taken or no default + * value is known). If 'ego' is non-NULL and if '*ctx' + * is set in those callbacks, the value WILL be passed to a subsequent + * call to the identity callback of 'GNUNET_IDENTITY_connect' (if + * that one was not NULL). + * + * When an identity is renamed, this function is called with the + * (known) ego but the NEW identifier. + * + * When an identity is deleted, this function is called with the + * (known) ego and "NULL" for the 'identifier'. In this case, + * the 'ego' is henceforth invalid (and the 'ctx' should also be + * cleaned up). + * + * @param cls closure + * @param ego ego handle + * @param ctx context for application to store data for this ego + * (during the lifetime of this process, initially NULL) + * @param identifier identifier assigned by the user for this ego, + * NULL if the user just deleted the ego and it + * must thus no longer be used + */ +static void +list_ego (void *cls, + struct GNUNET_IDENTITY_Ego *ego, + void **ctx, + const char *identifier) +{ + struct RequestHandle *handle = cls; + struct EgoEntry *ego_entry; + struct GNUNET_CRYPTO_EcdsaPublicKey pk; + + if ((NULL == ego) && (ID_REST_STATE_INIT == handle->state)) + { + handle->state = ID_REST_STATE_POST_INIT; + init_cont (handle); + return; + } + if (ID_REST_STATE_INIT == handle->state) { + ego_entry = GNUNET_new (struct EgoEntry); + GNUNET_IDENTITY_ego_get_public_key (ego, &pk); + ego_entry->keystring = + GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk); + ego_entry->ego = ego; + ego_entry->identifier = GNUNET_strdup (identifier); + GNUNET_CONTAINER_DLL_insert_tail(handle->ego_head,handle->ego_tail, ego_entry); + } + +} + +/** + * Function processing the REST call + * + * @param method HTTP method + * @param url URL of the HTTP request + * @param data body of the HTTP request (optional) + * @param data_size length of the body + * @param proc callback function for the result + * @param proc_cls closure for callback function + * @return GNUNET_OK if request accepted + */ +static void +rest_identity_process_request(struct GNUNET_REST_RequestHandle *conndata_handle, + GNUNET_REST_ResultProcessor proc, + void *proc_cls) +{ + struct RequestHandle *handle = GNUNET_new (struct RequestHandle); + + handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; + handle->proc_cls = proc_cls; + handle->proc = proc; + handle->state = ID_REST_STATE_INIT; + handle->conndata_handle = conndata_handle; + + + handle->url = GNUNET_strdup (conndata_handle->url); + if (handle->url[strlen (handle->url)-1] == '/') + handle->url[strlen (handle->url)-1] = '\0'; + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Connecting...\n"); + handle->identity_handle = GNUNET_IDENTITY_connect (cfg, + &list_ego, + handle); + handle->timeout_task = + GNUNET_SCHEDULER_add_delayed (handle->timeout, + &do_timeout, + handle); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Connected\n"); +} + +/** + * Entry point for the plugin. + * + * @param cls Config info + * @return NULL on error, otherwise the plugin context + */ +void * +libgnunet_plugin_rest_identity_provider_init (void *cls) +{ + static struct Plugin plugin; + struct GNUNET_REST_Plugin *api; + + cfg = cls; + if (NULL != plugin.cfg) + return NULL; /* can only initialize once! */ + memset (&plugin, 0, sizeof (struct Plugin)); + plugin.cfg = cfg; + api = GNUNET_new (struct GNUNET_REST_Plugin); + api->cls = &plugin; + api->name = GNUNET_REST_API_NS_IDENTITY_PROVIDER; + api->process_request = &rest_identity_process_request; + GNUNET_asprintf (&allow_methods, + "%s, %s, %s, %s, %s", + MHD_HTTP_METHOD_GET, + MHD_HTTP_METHOD_POST, + MHD_HTTP_METHOD_PUT, + MHD_HTTP_METHOD_DELETE, + MHD_HTTP_METHOD_OPTIONS); + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + _("Identity Provider REST API initialized\n")); + return api; +} + + +/** + * Exit point from the plugin. + * + * @param cls the plugin context (as returned by "init") + * @return always NULL + */ +void * +libgnunet_plugin_rest_identity_provider_done (void *cls) +{ + struct GNUNET_REST_Plugin *api = cls; + struct Plugin *plugin = api->cls; + + plugin->cfg = NULL; + GNUNET_free_non_null (allow_methods); + GNUNET_free (api); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Identity Provider REST plugin is finished\n"); + return NULL; +} + +/* end of plugin_rest_identity_provider.c */ diff --git a/src/identity-provider/test_idp.conf b/src/identity-provider/test_idp.conf index a457bbe8f..9669bef7e 100644 --- a/src/identity-provider/test_idp.conf +++ b/src/identity-provider/test_idp.conf @@ -27,3 +27,5 @@ RECORD_PUT_INTERVAL = 1 h ZONE_PUBLISH_TIME_WINDOW = 1 h DNS_ROOT=PD67SGHF3E0447TU9HADIVU9OM7V4QHTOG0EBU69TFRI2LG63DR0 +[rest] +PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/rest diff --git a/src/identity-provider/test_idp_issue.sh b/src/identity-provider/test_idp_issue.sh index f2f48057d..8cd1297d3 100755 --- a/src/identity-provider/test_idp_issue.sh +++ b/src/identity-provider/test_idp_issue.sh @@ -24,6 +24,7 @@ which timeout &> /dev/null && DO_TIMEOUT="timeout 30" TEST_ATTR="test" gnunet-arm -s -c test_idp.conf +gnunet-arm -i rest -c test_idp.conf gnunet-identity -C testego -c test_idp.conf gnunet-identity -C rpego -c test_idp.conf SUBJECT_KEY=$(gnunet-identity -d -c test_idp.conf | grep rpego | awk '{print $3}') @@ -32,6 +33,7 @@ gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf gnunet-idp -e testego -a name -V John -c test_idp.conf #gnunet-idp -e testego -D -c test_idp.conf TICKET=$(gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf | awk '{print $1}') +curl http://localhost:7776/idp/attributes/testego #echo "Consuming $TICKET" gnunet-idp -e rpego -C $TICKET -c test_idp.conf gnunet-arm -e -c test_idp.conf -- cgit v1.2.3 From 8147dd7190f0b2b6261e58aec768e43d0a7afc22 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Fri, 6 Oct 2017 20:13:15 +0200 Subject: -fix --- src/identity-provider/Makefile.am | 3 +-- src/identity-provider/gnunet-service-identity-provider.c | 1 - 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/src/identity-provider/Makefile.am b/src/identity-provider/Makefile.am index 64a54457d..488954a44 100644 --- a/src/identity-provider/Makefile.am +++ b/src/identity-provider/Makefile.am @@ -69,8 +69,7 @@ gnunet_service_identity_provider_LDADD = \ $(top_builddir)/src/credential/libgnunetcredential.la \ $(top_builddir)/src/identity-provider/libgnunetidentityprovider.la \ $(top_builddir)/src/gns/libgnunetgns.la \ - $(GN_LIBINTL) \ - -ljansson + $(GN_LIBINTL) libgnunetidentityprovider_la_SOURCES = \ identity_provider_api.c \ diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 9c03cdbd7..863423cac 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -37,7 +37,6 @@ #include "gnunet_signatures.h" #include "identity_provider.h" #include "identity_attribute.h" -#include /** * First pass state -- cgit v1.2.3 From 46b73f8d138ade01499165f62edb683c87c777c4 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Fri, 6 Oct 2017 21:35:55 +0200 Subject: -towards ticket revocation --- .../gnunet-service-identity-provider.c | 357 +++++++++++++++++++-- src/identity-provider/identity_provider.h | 31 +- src/identity-provider/identity_provider_api.c | 4 +- src/include/gnunet_protocols.h | 16 +- 4 files changed, 374 insertions(+), 34 deletions(-) diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 863423cac..95d8b93b2 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -441,6 +441,56 @@ struct ParallelLookup char *label; }; +/** + * Ticket revocation request handle + */ +struct TicketRevocationHandle +{ + + /** + * Client connection + */ + struct IdpClient *client; + + /** + * Attributes to issue + */ + struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs; + + /** + * Issuer Key + */ + struct GNUNET_CRYPTO_EcdsaPrivateKey identity; + + /** + * Ticket to issue + */ + struct GNUNET_IDENTITY_PROVIDER_Ticket ticket; + + /** + * QueueEntry + */ + struct GNUNET_NAMESTORE_QueueEntry *ns_qe; + + /** + * Namestore iterator + */ + struct GNUNET_NAMESTORE_ZoneIterator *ns_it; + + /** + * The ABE master key + */ + struct GNUNET_CRYPTO_AbeMasterKey *abe_key; + + + /** + * request id + */ + uint32_t r_id; +}; + + + /** * Ticket issue request handle */ @@ -652,11 +702,13 @@ bootstrap_abe_result (void *cls, /** * Bootstrap ABE master if it does not yet exists. * Will call the AbeBootstrapResult processor when done. + * will always recreate the ABE key of GNUNET_YES == recreate */ static void bootstrap_abe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, AbeBootstrapResult proc, - void* cls) + void* cls, + int recreate) { struct AbeBootstrapHandle *abh; @@ -664,14 +716,19 @@ bootstrap_abe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, abh->proc = proc; abh->proc_cls = cls; abh->identity = *identity; - abh->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle, - identity, - "+", - &bootstrap_abe_error, - abh, - &bootstrap_abe_result, - abh); - + if (GNUNET_YES == recreate) + { + abh->abe_key = GNUNET_CRYPTO_cpabe_create_master_key (); + GNUNET_SCHEDULER_add_now (&bootstrap_store_task, abh); + } else { + abh->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle, + identity, + "+", + &bootstrap_abe_error, + abh, + &bootstrap_abe_result, + abh); + } } @@ -903,13 +960,13 @@ issue_ticket_after_abe_bootstrap (void *cls, * @return #GNUNET_OK if @a im is well-formed */ static int -check_ticket_issue_message(void *cls, - const struct TicketIssueMessage *im) +check_issue_ticket_message(void *cls, + const struct IssueTicketMessage *im) { uint16_t size; size = ntohs (im->header.size); - if (size <= sizeof (struct TicketIssueMessage)) + if (size <= sizeof (struct IssueTicketMessage)) { GNUNET_break (0); return GNUNET_SYSERR; @@ -927,8 +984,8 @@ check_ticket_issue_message(void *cls, * @param message the message */ static void -handle_ticket_issue_message (void *cls, - const struct TicketIssueMessage *im) +handle_issue_ticket_message (void *cls, + const struct IssueTicketMessage *im) { struct TicketIssueHandle *ih; struct IdpClient *idp = cls; @@ -946,11 +1003,260 @@ handle_ticket_issue_message (void *cls, ih->ticket.rnd = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG, UINT64_MAX); - bootstrap_abe (&ih->identity, &issue_ticket_after_abe_bootstrap, ih); + bootstrap_abe (&ih->identity, &issue_ticket_after_abe_bootstrap, ih, GNUNET_NO); GNUNET_SERVICE_client_continue (idp->client); } +static void +attr_reenc_cont (void *cls, + int32_t success, + const char *emsg) +{ + struct TicketRevocationHandle *rh = cls; + struct GNUNET_GNSRECORD_Data rd[1]; + size_t buf_size; + char *buf; + + if (GNUNET_SYSERR == success) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to reencrypt attribute %s\n", + emsg); + GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); + return; + } + GNUNET_CONTAINER_DLL_remove (rh->attrs->list_head, + rh->attrs->list_tail, + rh->attrs->list_head); + if (NULL == rh->attrs->list_head) + { + /* Done, issue new keys */ + GNUNET_break (0); //TODO + return; + } + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Re-encrypting attribute\n"); + buf_size = attribute_serialize_get_size (rh->attrs->list_head->attribute); + buf = GNUNET_malloc (buf_size); + + attribute_serialize (rh->attrs->list_head->attribute, + buf); + + /** + * Encrypt the attribute value and store in namestore + */ + rd[0].data_size = GNUNET_CRYPTO_cpabe_encrypt (buf, + buf_size, + rh->attrs->list_head->attribute->name, //Policy + rh->abe_key, + (void**)&rd[0].data); + GNUNET_free (buf); + rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR; + rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; + rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane? + rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, + &rh->identity, + rh->attrs->list_head->attribute->name, + 1, + rd, + &attr_reenc_cont, + rh); + GNUNET_free ((void*)rd[0].data); + +} + + +static void +reenc_after_abe_bootstrap (void *cls, + struct GNUNET_CRYPTO_AbeMasterKey *abe_key) +{ + struct TicketRevocationHandle *rh = cls; + struct GNUNET_GNSRECORD_Data rd[1]; + char* buf; + size_t buf_size; + + + rh->abe_key = abe_key; + GNUNET_assert (NULL != abe_key); + + if (NULL == rh->attrs->list_head) + { + /* No attributes to reencrypt, this is odd... */ + } else { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Re-encrypting attribute\n"); + buf_size = attribute_serialize_get_size (rh->attrs->list_head->attribute); + buf = GNUNET_malloc (buf_size); + + attribute_serialize (rh->attrs->list_head->attribute, + buf); + + /** + * Encrypt the attribute value and store in namestore + */ + rd[0].data_size = GNUNET_CRYPTO_cpabe_encrypt (buf, + buf_size, + rh->attrs->list_head->attribute->name, //Policy + rh->abe_key, + (void**)&rd[0].data); + GNUNET_free (buf); + rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR; + rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; + rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane? + rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, + &rh->identity, + rh->attrs->list_head->attribute->name, + 1, + rd, + &attr_reenc_cont, + rh); + GNUNET_free ((void*)rd[0].data); + + } +} + + +static void +revoke_collect_iter_error (void *cls) +{ + //struct AttributeIterator *ai = cls; + //TODO + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to iterate over attributes\n"); + GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); +} + +static void +revoke_collect_iter_finished (void *cls) +{ + struct TicketRevocationHandle *rh = cls; + + /* Bootstrap new abe key */ + bootstrap_abe (&rh->identity, &reenc_after_abe_bootstrap, rh, GNUNET_YES); +} + +static void +revoke_collect_iter_cb (void *cls, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, + const char *label, + unsigned int rd_count, + const struct GNUNET_GNSRECORD_Data *rd) +{ + struct TicketRevocationHandle *rh = cls; + struct GNUNET_CRYPTO_AbeKey *key; + struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; + ssize_t attr_len; + char* attr_ser; + char* attrs[2]; + + if (rd_count != 1) + { + GNUNET_NAMESTORE_zone_iterator_next (rh->ns_it); + return; + } + + if (GNUNET_GNSRECORD_TYPE_ID_ATTR != rd->record_type) { + GNUNET_NAMESTORE_zone_iterator_next (rh->ns_it); + return; + } + attrs[0] = (char*)label; + attrs[1] = 0; + key = GNUNET_CRYPTO_cpabe_create_key (rh->abe_key, + attrs); + attr_len = GNUNET_CRYPTO_cpabe_decrypt (rd->data, + rd->data_size, + key, + (void**)&attr_ser); + GNUNET_CRYPTO_cpabe_delete_key (key); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Attribute to reencrypt: %s\n", label); + le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry); + le->attribute = attribute_deserialize (attr_ser, attr_len); + GNUNET_CONTAINER_DLL_insert_tail (rh->attrs->list_head, + rh->attrs->list_tail, + le); + GNUNET_NAMESTORE_zone_iterator_next (rh->ns_it); +} + + +static void +collect_after_abe_bootstrap (void *cls, + struct GNUNET_CRYPTO_AbeMasterKey *abe_key) +{ + struct TicketRevocationHandle *rh = cls; + + rh->abe_key = cls; + GNUNET_assert (NULL != abe_key); + + /* Reencrypt all attributes with new key */ + rh->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, + &rh->identity, + &revoke_collect_iter_error, + rh, + &revoke_collect_iter_cb, + rh, + &revoke_collect_iter_finished, + rh); + +} + + +/** + * Checks a ticket revocation message + * + * @param cls client sending the message + * @param im message of type `struct RevokeTicketMessage` + * @return #GNUNET_OK if @a im is well-formed + */ +static int +check_revoke_ticket_message(void *cls, + const struct RevokeTicketMessage *im) +{ + uint16_t size; + + size = ntohs (im->header.size); + if (size <= sizeof (struct RevokeTicketMessage)) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + return GNUNET_OK; +} + + +/** + * + * Handler for ticket revocation message + * + * @param cls unused + * @param client who sent the message + * @param message the message + */ +static void +handle_revoke_ticket_message (void *cls, + const struct RevokeTicketMessage *rm) +{ + struct TicketRevocationHandle *rh; + struct IdpClient *idp = cls; + struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket; + size_t attrs_len; + + rh = GNUNET_new (struct TicketRevocationHandle); + attrs_len = ntohs (rm->attrs_len); + ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket*)&rm[1]; + if (0 < attrs_len) + rh->attrs = attribute_list_deserialize ((char*)&ticket[1], attrs_len); + rh->ticket = *ticket; + rh->r_id = ntohl (rm->id); + rh->client = idp; + rh->identity = rm->identity; + GNUNET_CRYPTO_ecdsa_key_get_public (&rh->identity, + &rh->ticket.identity); + bootstrap_abe (&rh->identity, &collect_after_abe_bootstrap, rh, GNUNET_NO); + GNUNET_SERVICE_client_continue (idp->client); + +} static void @@ -1034,7 +1340,7 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count, "Unable to store ticket after consume\n"); GNUNET_break (0); } - + GNUNET_SCHEDULER_cancel (handle->kill_task); attrs_len = attribute_list_serialize_get_size (handle->attrs); env = GNUNET_MQ_msg_extra (crm, @@ -1217,7 +1523,7 @@ handle_consume_ticket_message (void *cls, GNUNET_SERVICE_client_continue (idp->client); } -void +static void attr_store_cont (void *cls, int32_t success, const char *emsg) @@ -1351,7 +1657,7 @@ handle_attribute_store_message (void *cls, GNUNET_SERVICE_client_continue (idp->client); as_handle->client = idp; - bootstrap_abe (&as_handle->identity, &store_after_abe_bootstrap, as_handle); + bootstrap_abe (&as_handle->identity, &store_after_abe_bootstrap, as_handle, GNUNET_NO); } static void @@ -1483,7 +1789,7 @@ handle_iteration_start (void *cls, GNUNET_CONTAINER_DLL_insert (idp->op_head, idp->op_tail, ai); - bootstrap_abe (&ai->identity, &iterate_after_abe_bootstrap, ai); + bootstrap_abe (&ai->identity, &iterate_after_abe_bootstrap, ai, GNUNET_NO); GNUNET_SERVICE_client_continue (idp->client); } @@ -1937,9 +2243,9 @@ GNUNET_SERVICE_MAIN GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP, struct AttributeIterationStopMessage, NULL), - GNUNET_MQ_hd_var_size (ticket_issue_message, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ISSUE, - struct TicketIssueMessage, + GNUNET_MQ_hd_var_size (issue_ticket_message, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_TICKET, + struct IssueTicketMessage, NULL), GNUNET_MQ_hd_var_size (consume_ticket_message, GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET, @@ -1957,6 +2263,9 @@ GNUNET_SERVICE_MAIN GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP, struct TicketIterationStopMessage, NULL), - + GNUNET_MQ_hd_var_size (revoke_ticket_message, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET, + struct RevokeTicketMessage, + NULL), GNUNET_MQ_handler_end()); - /* end of gnunet-service-identity-provider.c */ +/* end of gnunet-service-identity-provider.c */ diff --git a/src/identity-provider/identity_provider.h b/src/identity-provider/identity_provider.h index 9361854ad..a4cdd694e 100644 --- a/src/identity-provider/identity_provider.h +++ b/src/identity-provider/identity_provider.h @@ -245,7 +245,7 @@ struct TicketIterationStopMessage /** * Ticket issue message */ -struct TicketIssueMessage +struct IssueTicketMessage { /** * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ISSUE @@ -275,6 +275,35 @@ struct TicketIssueMessage //Followed by a serialized attribute list }; +/** + * Ticket revoke message + */ +struct RevokeTicketMessage +{ + /** + * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ISSUE + */ + struct GNUNET_MessageHeader header; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + + /** + * Identity. + */ + struct GNUNET_CRYPTO_EcdsaPrivateKey identity; + + /** + * length of serialized attribute list + */ + uint32_t attrs_len GNUNET_PACKED; + + //Followed by a ticket and serialized attribute list +}; + + /** * Ticket result message */ diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c index 33468cc13..97ecc691c 100644 --- a/src/identity-provider/identity_provider_api.c +++ b/src/identity-provider/identity_provider_api.c @@ -1035,7 +1035,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h void *cb_cls) { struct GNUNET_IDENTITY_PROVIDER_Operation *op; - struct TicketIssueMessage *tim; + struct IssueTicketMessage *tim; size_t attr_len; op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation); @@ -1049,7 +1049,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h attr_len = attribute_list_serialize_get_size (attrs); op->env = GNUNET_MQ_msg_extra (tim, attr_len, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ISSUE); + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_TICKET); tim->identity = *iss; tim->rp = *rp; tim->id = htonl (op->r_id); diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h index dd806fcac..bf643a9fd 100644 --- a/src/include/gnunet_protocols.h +++ b/src/include/gnunet_protocols.h @@ -2632,19 +2632,21 @@ extern "C" #define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT 966 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ISSUE 967 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_TICKET 967 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT 968 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET 968 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET 969 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT 969 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT 970 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET 970 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START 971 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT 971 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP 972 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START 972 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT 973 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP 973 + +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT 974 /************************************************** * -- cgit v1.2.3 From 58d4e0f0447ae4efc6b3f4ba8a3d612c22f7cbb4 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Fri, 6 Oct 2017 22:31:12 +0200 Subject: -more revocation --- .../gnunet-service-identity-provider.c | 177 +++++++++++++++++++-- .../plugin_identity_provider_sqlite.c | 41 +++-- src/include/gnunet_identity_provider_plugin.h | 6 +- 3 files changed, 195 insertions(+), 29 deletions(-) diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 95d8b93b2..dd78dd9aa 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -482,6 +482,10 @@ struct TicketRevocationHandle */ struct GNUNET_CRYPTO_AbeMasterKey *abe_key; + /** + * Offset + */ + uint32_t offset; /** * request id @@ -770,7 +774,8 @@ cleanup_ticket_issue_handle (struct TicketIssueHandle *handle) static void send_ticket_result (struct IdpClient *client, uint32_t r_id, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket) + const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, + const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs) { struct TicketResultMessage *irm; struct GNUNET_MQ_Envelope *env; @@ -778,7 +783,8 @@ send_ticket_result (struct IdpClient *client, /* store ticket in DB */ if (GNUNET_OK != TKT_database->store_ticket (TKT_database->cls, - ticket)) + ticket, + attrs)) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unable to store ticket after issue\n"); @@ -813,14 +819,16 @@ store_ticket_issue_cont (void *cls, } send_ticket_result (handle->client, handle->r_id, - &handle->ticket); + &handle->ticket, + handle->attrs); cleanup_ticket_issue_handle (handle); } int -serialize_abe_keyinfo2 (const struct TicketIssueHandle *handle, +serialize_abe_keyinfo2 (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, + const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs, const struct GNUNET_CRYPTO_AbeKey *rp_key, struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey, char **result) @@ -842,14 +850,14 @@ serialize_abe_keyinfo2 (const struct TicketIssueHandle *handle, size = GNUNET_CRYPTO_cpabe_serialize_key (rp_key, (void**)&serialized_key); attrs_str_len = 0; - for (le = handle->attrs->list_head; NULL != le; le = le->next) { + for (le = attrs->list_head; NULL != le; le = le->next) { attrs_str_len += strlen (le->attribute->name) + 1; } buf = GNUNET_malloc (attrs_str_len + size); write_ptr = buf; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Writing attributes\n"); - for (le = handle->attrs->list_head; NULL != le; le = le->next) { + for (le = attrs->list_head; NULL != le; le = le->next) { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "%s\n", le->attribute->name); @@ -873,7 +881,7 @@ serialize_abe_keyinfo2 (const struct TicketIssueHandle *handle, enc_keyinfo = GNUNET_malloc (size + attrs_str_len); // Derived key K = H(eB) GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdh_ecdsa (*ecdh_privkey, - &handle->ticket.audience, + &ticket->audience, &new_key_hash)); create_sym_key_from_ecdh(&new_key_hash, &skey, &iv); enc_size = GNUNET_CRYPTO_symmetric_encrypt (buf, @@ -925,7 +933,8 @@ issue_ticket_after_abe_bootstrap (void *cls, attrs); //TODO review this wireformat - code_record_len = serialize_abe_keyinfo2 (ih, + code_record_len = serialize_abe_keyinfo2 (&ih->ticket, + ih->attrs, rp_key, &ecdhe_privkey, &code_record_data); @@ -1008,6 +1017,124 @@ handle_issue_ticket_message (void *cls, } +/** + * Process ticket from database + * + * @param cls struct TicketIterationProcResult + * @param ticket the ticket + * @param attrs the attributes + */ +static void +ticket_reissue_proc (void *cls, + const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, + const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs); + + +static void +reissue_ticket_cont (void *cls, + int32_t success, + const char *emsg) +{ + struct TicketRevocationHandle *rh = cls; + + rh->ns_qe = NULL; + if (GNUNET_SYSERR == success) + { + //TODO cleanup_ticket_revocation_handle (handle); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", + "Unknown Error\n"); + GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); + return; + } + rh->offset++; + GNUNET_assert (GNUNET_SYSERR != + TKT_database->iterate_tickets (TKT_database->cls, + &rh->ticket.identity, + GNUNET_NO, + rh->offset, + &ticket_reissue_proc, + rh)); +} + + + +/** + * Process ticket from database + * + * @param cls struct TicketIterationProcResult + * @param ticket the ticket + * @param attrs the attributes + */ +static void +ticket_reissue_proc (void *cls, + const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, + const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs) +{ + struct TicketRevocationHandle *rh = cls; + struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; + struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; + struct GNUNET_GNSRECORD_Data code_record[1]; + struct GNUNET_CRYPTO_AbeKey *rp_key; + char *code_record_data; + char **attr_arr; + char *label; + int attrs_len; + int i; + size_t code_record_len; + + + if (NULL == ticket) + { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Iteration done\n"); + /* Send reply ? */ + GNUNET_break (0); + return; + } + //Create new ABE key for RP + attrs_len = 0; + for (le = attrs->list_head; NULL != le; le = le->next) + attrs_len++; + attr_arr = GNUNET_malloc ((attrs_len + 1)*sizeof (char*)); + i = 0; + for (le = attrs->list_head; NULL != le; le = le->next) { + attr_arr[i] = (char*) le->attribute->name; + i++; + } + attr_arr[i] = NULL; + rp_key = GNUNET_CRYPTO_cpabe_create_key (rh->abe_key, + attr_arr); + + //TODO review this wireformat + code_record_len = serialize_abe_keyinfo2 (&rh->ticket, + rh->attrs, + rp_key, + &ecdhe_privkey, + &code_record_data); + code_record[0].data = code_record_data; + code_record[0].data_size = code_record_len; + code_record[0].expiration_time = GNUNET_TIME_UNIT_DAYS.rel_value_us; + code_record[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_KEY; + code_record[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; + + label = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd, + sizeof (uint64_t)); + //Publish record + rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, + &rh->identity, + label, + 1, + code_record, + &reissue_ticket_cont, + rh); + GNUNET_free (ecdhe_privkey); + GNUNET_free (label); + GNUNET_free (attr_arr); + GNUNET_free (code_record_data); + +} + + static void attr_reenc_cont (void *cls, int32_t success, @@ -1017,6 +1144,7 @@ attr_reenc_cont (void *cls, struct GNUNET_GNSRECORD_Data rd[1]; size_t buf_size; char *buf; + int ret; if (GNUNET_SYSERR == success) { @@ -1032,7 +1160,18 @@ attr_reenc_cont (void *cls, if (NULL == rh->attrs->list_head) { /* Done, issue new keys */ - GNUNET_break (0); //TODO + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "Revocation Phase IV: Reissuing Tickets\n"); + if (GNUNET_SYSERR == + (ret = TKT_database->iterate_tickets (TKT_database->cls, + &rh->ticket.identity, + GNUNET_NO, + rh->offset, + &ticket_reissue_proc, + rh))) + { + GNUNET_break (0); + } return; } GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, @@ -1083,9 +1222,10 @@ reenc_after_abe_bootstrap (void *cls, if (NULL == rh->attrs->list_head) { /* No attributes to reencrypt, this is odd... */ + GNUNET_break (0); } else { - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Re-encrypting attribute\n"); + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "Revocation Phase III: Re-encrypting attributes\n"); buf_size = attribute_serialize_get_size (rh->attrs->list_head->attribute); buf = GNUNET_malloc (buf_size); @@ -1131,7 +1271,8 @@ static void revoke_collect_iter_finished (void *cls) { struct TicketRevocationHandle *rh = cls; - + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "Revocation Phase II: Invalidating old ABE Master\n"); /* Bootstrap new abe key */ bootstrap_abe (&rh->identity, &reenc_after_abe_bootstrap, rh, GNUNET_YES); } @@ -1188,7 +1329,8 @@ collect_after_abe_bootstrap (void *cls, rh->abe_key = cls; GNUNET_assert (NULL != abe_key); - + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "Revocation Phase I: Collecting attributes\n"); /* Reencrypt all attributes with new key */ rh->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, &rh->identity, @@ -1334,7 +1476,8 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count, /* Store ticket in DB */ if (GNUNET_OK != TKT_database->store_ticket (TKT_database->cls, - &handle->ticket)) + &handle->ticket, + handle->attrs)) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unable to store ticket after consume\n"); @@ -1914,7 +2057,8 @@ struct TicketIterationProcResult */ static void ticket_iterate_proc (void *cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket) + const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, + const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs) { struct TicketIterationProcResult *proc = cls; @@ -1928,7 +2072,8 @@ ticket_iterate_proc (void *cls, proc->res_iteration_finished = IT_SUCCESS_MORE_AVAILABLE; send_ticket_result (proc->ti->client, proc->ti->r_id, - ticket); + ticket, + attrs); } diff --git a/src/identity-provider/plugin_identity_provider_sqlite.c b/src/identity-provider/plugin_identity_provider_sqlite.c index ff2d3a22e..ac4e3c686 100644 --- a/src/identity-provider/plugin_identity_provider_sqlite.c +++ b/src/identity-provider/plugin_identity_provider_sqlite.c @@ -27,6 +27,7 @@ #include "platform.h" #include "gnunet_identity_provider_service.h" #include "gnunet_identity_provider_plugin.h" +#include "identity_attribute.h" #include "gnunet_sq_lib.h" #include @@ -252,7 +253,8 @@ database_setup (struct Plugin *plugin) "CREATE TABLE identity001tickets (" " identity BLOB NOT NULL DEFAULT ''," " audience BLOB NOT NULL DEFAULT ''," - " rnd INT8 NOT NULL DEFAULT ''" + " rnd INT8 NOT NULL DEFAULT ''," + " attributes BLOB NOT NULL DEFAULT ''" ")", NULL, NULL, NULL) != SQLITE_OK)) { @@ -267,8 +269,8 @@ database_setup (struct Plugin *plugin) if ( (SQLITE_OK != sq_prepare (plugin->dbh, - "INSERT INTO identity001tickets (identity, audience, rnd)" - " VALUES (?, ?, ?)", + "INSERT INTO identity001tickets (identity, audience, rnd, attributes)" + " VALUES (?, ?, ?, ?)", &plugin->store_ticket)) || (SQLITE_OK != sq_prepare (plugin->dbh, @@ -276,13 +278,13 @@ database_setup (struct Plugin *plugin) &plugin->delete_ticket)) || (SQLITE_OK != sq_prepare (plugin->dbh, - "SELECT identity,audience,rnd" + "SELECT identity,audience,rnd,attributes" " FROM identity001tickets WHERE identity=?" " ORDER BY rnd LIMIT 1 OFFSET ?", &plugin->iterate_tickets)) || (SQLITE_OK != sq_prepare (plugin->dbh, - "SELECT identity,audience,rnd" + "SELECT identity,audience,rnd,attributes" " FROM identity001tickets WHERE audience=?" " ORDER BY rnd LIMIT 1 OFFSET ?", &plugin->iterate_tickets_by_audience)) ) @@ -358,9 +360,12 @@ database_shutdown (struct Plugin *plugin) */ static int identity_provider_sqlite_store_ticket (void *cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket) + const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, + const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs) { struct Plugin *plugin = cls; + size_t attrs_len; + char *attrs_ser; int n; { @@ -384,11 +389,16 @@ identity_provider_sqlite_store_ticket (void *cls, n = sqlite3_step (plugin->delete_ticket); GNUNET_SQ_reset (plugin->dbh, plugin->delete_ticket); - + + attrs_len = attribute_list_serialize_get_size (attrs); + attrs_ser = GNUNET_malloc (attrs_len); + attribute_list_serialize (attrs, + attrs_ser); struct GNUNET_SQ_QueryParam sparams[] = { GNUNET_SQ_query_param_auto_from_type (&ticket->identity), GNUNET_SQ_query_param_auto_from_type (&ticket->audience), GNUNET_SQ_query_param_uint64 (&ticket->rnd), + GNUNET_SQ_query_param_fixed_size (attrs_ser, attrs_len), GNUNET_SQ_query_param_end }; @@ -406,6 +416,7 @@ identity_provider_sqlite_store_ticket (void *cls, n = sqlite3_step (plugin->store_ticket); GNUNET_SQ_reset (plugin->dbh, plugin->store_ticket); + GNUNET_free (attrs_ser); } switch (n) { @@ -503,8 +514,11 @@ get_ticket_and_call_iterator (struct Plugin *plugin, void *iter_cls) { struct GNUNET_IDENTITY_PROVIDER_Ticket ticket; + struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs; int ret; int sret; + size_t attrs_len; + char *attrs_ser; ret = GNUNET_NO; if (SQLITE_ROW == (sret = sqlite3_step (stmt))) @@ -513,6 +527,8 @@ get_ticket_and_call_iterator (struct Plugin *plugin, GNUNET_SQ_result_spec_auto_from_type (&ticket.identity), GNUNET_SQ_result_spec_auto_from_type (&ticket.audience), GNUNET_SQ_result_spec_uint64 (&ticket.rnd), + GNUNET_SQ_result_spec_variable_size ((void**)&attrs_ser, + &attrs_len), GNUNET_SQ_result_spec_end }; @@ -525,10 +541,13 @@ get_ticket_and_call_iterator (struct Plugin *plugin, } else { - if (NULL != iter) - iter (iter_cls, - &ticket); - ret = GNUNET_YES; + attrs = attribute_list_deserialize (attrs_ser, + attrs_len); + if (NULL != iter) + iter (iter_cls, + &ticket, + attrs); + ret = GNUNET_YES; } GNUNET_SQ_cleanup_result (rs); } diff --git a/src/include/gnunet_identity_provider_plugin.h b/src/include/gnunet_identity_provider_plugin.h index 27d7eb44f..e34ed3f1a 100644 --- a/src/include/gnunet_identity_provider_plugin.h +++ b/src/include/gnunet_identity_provider_plugin.h @@ -50,7 +50,8 @@ extern "C" * @param ticket the ticket */ typedef void (*GNUNET_IDENTITY_PROVIDER_TicketIterator) (void *cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket); + const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, + const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs); /** @@ -72,7 +73,8 @@ struct GNUNET_IDENTITY_PROVIDER_PluginFunctions * @return #GNUNET_OK on success, else #GNUNET_SYSERR */ int (*store_ticket) (void *cls, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket); + const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, + const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs); /** * Delete a ticket from the database. -- cgit v1.2.3 From fd111326e7c91616593ff361bdad61deea337aa9 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sat, 7 Oct 2017 10:37:42 +0200 Subject: -finish revocation in service, cleanup --- .../gnunet-service-identity-provider.c | 244 +++++++++++++++------ src/identity-provider/identity_provider.h | 21 ++ src/include/gnunet_protocols.h | 16 +- 3 files changed, 201 insertions(+), 80 deletions(-) diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index dd78dd9aa..62955b5da 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -314,6 +314,17 @@ struct IdpClient * Tail of DLL of ticket iteration ops */ struct TicketIteration *ticket_iter_tail; + + + /** + * Head of DLL of ticket revocation ops + */ + struct TicketRevocationHandle *revocation_list_head; + + /** + * Tail of DLL of ticket revocation ops + */ + struct TicketRevocationHandle *revocation_list_tail; }; @@ -446,6 +457,15 @@ struct ParallelLookup */ struct TicketRevocationHandle { + /** + * DLL + */ + struct TicketRevocationHandle *next; + + /** + * DLL + */ + struct TicketRevocationHandle *prev; /** * Client connection @@ -1135,15 +1155,104 @@ ticket_reissue_proc (void *cls, } +/********************************************************** + * Revocation + **********************************************************/ + +/** + * Cleanup revoke handle + */ +static void +cleanup_revoke_ticket_handle (struct TicketRevocationHandle *handle) +{ + if (NULL != handle->attrs) + attribute_list_destroy (handle->attrs); + if (NULL != handle->abe_key) + GNUNET_free (handle->abe_key); + if (NULL != handle->ns_qe) + GNUNET_NAMESTORE_cancel (handle->ns_qe); + GNUNET_free (handle); +} + +/** + * Send revocation result + */ +static void +send_revocation_finished (struct TicketRevocationHandle *rh, + uint32_t success) +{ + struct GNUNET_MQ_Envelope *env; + struct RevokeTicketResultMessage *trm; + + env = GNUNET_MQ_msg (trm, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT); + trm->id = htonl (rh->r_id); + trm->success = htonl (success); + GNUNET_MQ_send (rh->client->mq, + env); + GNUNET_CONTAINER_DLL_remove (rh->client->revocation_list_head, + rh->client->revocation_list_tail, + rh); + cleanup_revoke_ticket_handle (rh); +} + +/* Prototype for below function */ static void attr_reenc_cont (void *cls, int32_t success, - const char *emsg) + const char *emsg); + +/** + * Revoke next attribte by reencryption with + * new ABE master + */ +static void +reenc_next_attribute (struct TicketRevocationHandle *rh) { - struct TicketRevocationHandle *rh = cls; struct GNUNET_GNSRECORD_Data rd[1]; + char* buf; size_t buf_size; - char *buf; + + buf_size = attribute_serialize_get_size (rh->attrs->list_head->attribute); + buf = GNUNET_malloc (buf_size); + + attribute_serialize (rh->attrs->list_head->attribute, + buf); + + /** + * Encrypt the attribute value and store in namestore + */ + rd[0].data_size = GNUNET_CRYPTO_cpabe_encrypt (buf, + buf_size, + rh->attrs->list_head->attribute->name, //Policy + rh->abe_key, + (void**)&rd[0].data); + GNUNET_free (buf); + rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR; + rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; + rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane? + rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, + &rh->identity, + rh->attrs->list_head->attribute->name, + 1, + rd, + &attr_reenc_cont, + rh); + GNUNET_free ((void*)rd[0].data); + +} + +/** + * Namestore callback after revoked attribute + * is stored + */ +static void +attr_reenc_cont (void *cls, + int32_t success, + const char *emsg) +{ + struct TicketRevocationHandle *rh = cls; + struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; int ret; if (GNUNET_SYSERR == success) @@ -1154,9 +1263,13 @@ attr_reenc_cont (void *cls, GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); return; } + le = rh->attrs->list_head; GNUNET_CONTAINER_DLL_remove (rh->attrs->list_head, rh->attrs->list_tail, rh->attrs->list_head); + GNUNET_free (le->attribute); + GNUNET_free (le); + if (NULL == rh->attrs->list_head) { /* Done, issue new keys */ @@ -1175,98 +1288,54 @@ attr_reenc_cont (void *cls, return; } GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Re-encrypting attribute\n"); - buf_size = attribute_serialize_get_size (rh->attrs->list_head->attribute); - buf = GNUNET_malloc (buf_size); - - attribute_serialize (rh->attrs->list_head->attribute, - buf); - - /** - * Encrypt the attribute value and store in namestore - */ - rd[0].data_size = GNUNET_CRYPTO_cpabe_encrypt (buf, - buf_size, - rh->attrs->list_head->attribute->name, //Policy - rh->abe_key, - (void**)&rd[0].data); - GNUNET_free (buf); - rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR; - rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; - rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane? - rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, - &rh->identity, - rh->attrs->list_head->attribute->name, - 1, - rd, - &attr_reenc_cont, - rh); - GNUNET_free ((void*)rd[0].data); - + "Re-encrypting next attribute\n"); + reenc_next_attribute (rh); } +/** + * Start reencryption with newly generated ABE master + */ static void reenc_after_abe_bootstrap (void *cls, struct GNUNET_CRYPTO_AbeMasterKey *abe_key) { struct TicketRevocationHandle *rh = cls; - struct GNUNET_GNSRECORD_Data rd[1]; - char* buf; - size_t buf_size; - - - rh->abe_key = abe_key; + GNUNET_free (rh->abe_key); GNUNET_assert (NULL != abe_key); + rh->abe_key = abe_key; if (NULL == rh->attrs->list_head) { - /* No attributes to reencrypt, this is odd... */ - GNUNET_break (0); + /* No attributes to reencrypt */ + send_revocation_finished (rh, GNUNET_OK); + cleanup_revoke_ticket_handle (rh); + return; } else { GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, "Revocation Phase III: Re-encrypting attributes\n"); - buf_size = attribute_serialize_get_size (rh->attrs->list_head->attribute); - buf = GNUNET_malloc (buf_size); - - attribute_serialize (rh->attrs->list_head->attribute, - buf); - - /** - * Encrypt the attribute value and store in namestore - */ - rd[0].data_size = GNUNET_CRYPTO_cpabe_encrypt (buf, - buf_size, - rh->attrs->list_head->attribute->name, //Policy - rh->abe_key, - (void**)&rd[0].data); - GNUNET_free (buf); - rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR; - rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; - rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane? - rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, - &rh->identity, - rh->attrs->list_head->attribute->name, - 1, - rd, - &attr_reenc_cont, - rh); - GNUNET_free ((void*)rd[0].data); - + reenc_next_attribute (rh); } } +/** + * Collecting attributes failed... abort. + */ static void revoke_collect_iter_error (void *cls) { - //struct AttributeIterator *ai = cls; - //TODO + struct TicketRevocationHandle *rh = cls; + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to iterate over attributes\n"); - GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); + send_revocation_finished (rh, GNUNET_SYSERR); + cleanup_revoke_ticket_handle (rh); } +/** + * Done decrypting existing attributes. + */ static void revoke_collect_iter_finished (void *cls) { @@ -1277,6 +1346,10 @@ revoke_collect_iter_finished (void *cls) bootstrap_abe (&rh->identity, &reenc_after_abe_bootstrap, rh, GNUNET_YES); } +/** + * Decrypt existing attribute and store it + * We will revoke it by reencrypting it with a new ABE master key. + */ static void revoke_collect_iter_cb (void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, @@ -1320,7 +1393,9 @@ revoke_collect_iter_cb (void *cls, GNUNET_NAMESTORE_zone_iterator_next (rh->ns_it); } - +/** + * Start attribute collection for revocation + */ static void collect_after_abe_bootstrap (void *cls, struct GNUNET_CRYPTO_AbeMasterKey *abe_key) @@ -1395,6 +1470,9 @@ handle_revoke_ticket_message (void *cls, rh->identity = rm->identity; GNUNET_CRYPTO_ecdsa_key_get_public (&rh->identity, &rh->ticket.identity); + GNUNET_CONTAINER_DLL_insert (idp->revocation_list_head, + idp->revocation_list_tail, + rh); bootstrap_abe (&rh->identity, &collect_after_abe_bootstrap, rh, GNUNET_NO); GNUNET_SERVICE_client_continue (idp->client); @@ -2046,7 +2124,11 @@ struct TicketIterationProcResult }; - +static void +cleanup_ticket_iter_handle (struct TicketIteration *ti) +{ + GNUNET_free (ti); +} /** * Process ticket from database @@ -2125,7 +2207,7 @@ run_ticket_iteration_round (struct TicketIteration *ti) GNUNET_CONTAINER_DLL_remove (ti->client->ticket_iter_head, ti->client->ticket_iter_tail, ti); - GNUNET_free (ti); + cleanup_ticket_iter_handle (ti); } /** @@ -2188,7 +2270,7 @@ handle_ticket_iteration_stop (void *cls, GNUNET_CONTAINER_DLL_remove (client->ticket_iter_head, client->ticket_iter_tail, ti); - GNUNET_free (ti); + cleanup_ticket_iter_handle (ti); GNUNET_SERVICE_client_continue (client->client); } @@ -2319,6 +2401,8 @@ client_disconnect_cb (void *cls, { struct IdpClient *idp = app_ctx; struct AttributeIterator *ai; + struct TicketIteration *ti; + struct TicketRevocationHandle *rh; //TODO other operations @@ -2333,6 +2417,20 @@ client_disconnect_cb (void *cls, ai); GNUNET_free (ai); } + while (NULL != (rh = idp->revocation_list_head)) + { + GNUNET_CONTAINER_DLL_remove (idp->revocation_list_head, + idp->revocation_list_tail, + rh); + cleanup_revoke_ticket_handle (rh); + } + while (NULL != (ti = idp->ticket_iter_head)) + { + GNUNET_CONTAINER_DLL_remove (idp->ticket_iter_head, + idp->ticket_iter_tail, + ti); + cleanup_ticket_iter_handle (ti); + } GNUNET_free (idp); } diff --git a/src/identity-provider/identity_provider.h b/src/identity-provider/identity_provider.h index a4cdd694e..cb0f1591d 100644 --- a/src/identity-provider/identity_provider.h +++ b/src/identity-provider/identity_provider.h @@ -303,6 +303,27 @@ struct RevokeTicketMessage //Followed by a ticket and serialized attribute list }; +/** + * Ticket revoke message + */ +struct RevokeTicketResultMessage +{ + /** + * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ISSUE + */ + struct GNUNET_MessageHeader header; + + /** + * Unique identifier for this request (for key collisions). + */ + uint32_t id GNUNET_PACKED; + + /** + * Revocation result + */ + uint32_t success GNUNET_PACKED; +}; + /** * Ticket result message diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h index bf643a9fd..6710d749f 100644 --- a/src/include/gnunet_protocols.h +++ b/src/include/gnunet_protocols.h @@ -2634,19 +2634,21 @@ extern "C" #define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_TICKET 967 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET 968 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT 968 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT 969 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET 969 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET 970 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT 970 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT 971 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET 971 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START 972 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT 972 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP 973 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START 973 -#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT 974 +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP 974 + +#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT 975 /************************************************** * -- cgit v1.2.3 From bada12fb79c54aa1151e86b0284e8b6f38fd020c Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sat, 7 Oct 2017 10:55:04 +0200 Subject: -fixes --- .../gnunet-service-identity-provider.c | 107 ++++++++++++--------- 1 file changed, 62 insertions(+), 45 deletions(-) diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 62955b5da..b4cf154b4 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -1037,6 +1037,51 @@ handle_issue_ticket_message (void *cls, } +/********************************************************** + * Revocation + **********************************************************/ + +/** + * Cleanup revoke handle + */ +static void +cleanup_revoke_ticket_handle (struct TicketRevocationHandle *handle) +{ + if (NULL != handle->attrs) + attribute_list_destroy (handle->attrs); + if (NULL != handle->abe_key) + GNUNET_free (handle->abe_key); + if (NULL != handle->ns_qe) + GNUNET_NAMESTORE_cancel (handle->ns_qe); + if (NULL != handle->ns_it) + GNUNET_NAMESTORE_zone_iteration_stop (handle->ns_it); + GNUNET_free (handle); +} + + +/** + * Send revocation result + */ +static void +send_revocation_finished (struct TicketRevocationHandle *rh, + uint32_t success) +{ + struct GNUNET_MQ_Envelope *env; + struct RevokeTicketResultMessage *trm; + + env = GNUNET_MQ_msg (trm, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT); + trm->id = htonl (rh->r_id); + trm->success = htonl (success); + GNUNET_MQ_send (rh->client->mq, + env); + GNUNET_CONTAINER_DLL_remove (rh->client->revocation_list_head, + rh->client->revocation_list_tail, + rh); + cleanup_revoke_ticket_handle (rh); +} + + /** * Process ticket from database * @@ -1060,10 +1105,10 @@ reissue_ticket_cont (void *cls, rh->ns_qe = NULL; if (GNUNET_SYSERR == success) { - //TODO cleanup_ticket_revocation_handle (handle); GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", "Unknown Error\n"); - GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); + send_revocation_finished (rh, GNUNET_SYSERR); + cleanup_revoke_ticket_handle (rh); return; } rh->offset++; @@ -1091,6 +1136,7 @@ ticket_reissue_proc (void *cls, const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs) { struct TicketRevocationHandle *rh = cls; + const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs_to_reissue; struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; struct GNUNET_GNSRECORD_Data code_record[1]; @@ -1107,17 +1153,25 @@ ticket_reissue_proc (void *cls, { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Iteration done\n"); - /* Send reply ? */ - GNUNET_break (0); + send_revocation_finished (rh, GNUNET_OK); + cleanup_revoke_ticket_handle (rh); return; } //Create new ABE key for RP attrs_len = 0; - for (le = attrs->list_head; NULL != le; le = le->next) + attrs_to_reissue = attrs; + + /* If this is the RP we want to revoke attributes of, the do so */ + if (0 == memcmp (&ticket->audience, + &rh->ticket.audience, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) + attrs_to_reissue = rh->attrs; + + for (le = attrs_to_reissue->list_head; NULL != le; le = le->next) attrs_len++; attr_arr = GNUNET_malloc ((attrs_len + 1)*sizeof (char*)); i = 0; - for (le = attrs->list_head; NULL != le; le = le->next) { + for (le = attrs_to_reissue->list_head; NULL != le; le = le->next) { attr_arr[i] = (char*) le->attribute->name; i++; } @@ -1155,46 +1209,7 @@ ticket_reissue_proc (void *cls, } -/********************************************************** - * Revocation - **********************************************************/ -/** - * Cleanup revoke handle - */ -static void -cleanup_revoke_ticket_handle (struct TicketRevocationHandle *handle) -{ - if (NULL != handle->attrs) - attribute_list_destroy (handle->attrs); - if (NULL != handle->abe_key) - GNUNET_free (handle->abe_key); - if (NULL != handle->ns_qe) - GNUNET_NAMESTORE_cancel (handle->ns_qe); - GNUNET_free (handle); -} - -/** - * Send revocation result - */ -static void -send_revocation_finished (struct TicketRevocationHandle *rh, - uint32_t success) -{ - struct GNUNET_MQ_Envelope *env; - struct RevokeTicketResultMessage *trm; - - env = GNUNET_MQ_msg (trm, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT); - trm->id = htonl (rh->r_id); - trm->success = htonl (success); - GNUNET_MQ_send (rh->client->mq, - env); - GNUNET_CONTAINER_DLL_remove (rh->client->revocation_list_head, - rh->client->revocation_list_tail, - rh); - cleanup_revoke_ticket_handle (rh); -} /* Prototype for below function */ static void @@ -1329,6 +1344,7 @@ revoke_collect_iter_error (void *cls) GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to iterate over attributes\n"); + rh->ns_it = NULL; send_revocation_finished (rh, GNUNET_SYSERR); cleanup_revoke_ticket_handle (rh); } @@ -1340,6 +1356,7 @@ static void revoke_collect_iter_finished (void *cls) { struct TicketRevocationHandle *rh = cls; + rh->ns_it = NULL; GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, "Revocation Phase II: Invalidating old ABE Master\n"); /* Bootstrap new abe key */ -- cgit v1.2.3 From f12a22a2a9b6d71f0fc9d24940e77d84d6568da0 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sat, 7 Oct 2017 11:08:04 +0200 Subject: -add api impl for revocation --- .../gnunet-service-identity-provider.c | 2 +- src/identity-provider/identity_provider.h | 2 +- src/identity-provider/identity_provider_api.c | 107 +++++++++++++++++++-- src/include/gnunet_identity_provider_service.h | 2 +- 4 files changed, 104 insertions(+), 9 deletions(-) diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index b4cf154b4..f9d3f3f92 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -1768,7 +1768,7 @@ attr_store_cont (void *cls, { struct AttributeStoreHandle *as_handle = cls; struct GNUNET_MQ_Envelope *env; - struct AttributeStoreResponseMessage *acr_msg; + struct AttributeStoreResultMessage *acr_msg; if (GNUNET_SYSERR == success) { diff --git a/src/identity-provider/identity_provider.h b/src/identity-provider/identity_provider.h index cb0f1591d..be9fdc6f5 100644 --- a/src/identity-provider/identity_provider.h +++ b/src/identity-provider/identity_provider.h @@ -65,7 +65,7 @@ struct AttributeStoreMessage /** * Attribute store response message */ -struct AttributeStoreResponseMessage +struct AttributeStoreResultMessage { /** * Message header diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c index 97ecc691c..fb9926a2c 100644 --- a/src/identity-provider/identity_provider_api.c +++ b/src/identity-provider/identity_provider_api.c @@ -72,6 +72,11 @@ struct GNUNET_IDENTITY_PROVIDER_Operation * Attribute result callback */ GNUNET_IDENTITY_PROVIDER_AttributeResult ar_cb; + + /** + * Revocation result callback + */ + GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus rvk_cb; /** * Ticket result callback @@ -400,7 +405,7 @@ mq_error_handler (void *cls, */ static void handle_attribute_store_response (void *cls, - const struct AttributeStoreResponseMessage *msg) + const struct AttributeStoreResultMessage *msg) { struct GNUNET_IDENTITY_PROVIDER_Handle *h = cls; struct GNUNET_IDENTITY_PROVIDER_Operation *op; @@ -716,6 +721,48 @@ handle_ticket_result (void *cls, GNUNET_break (0); } +/** + * Handle an incoming message of type + * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT + * + * @param cls + * @param msg the message we received + */ +static void +handle_revoke_ticket_result (void *cls, + const struct RevokeTicketResultMessage *msg) +{ + struct GNUNET_IDENTITY_PROVIDER_Handle *h = cls; + struct GNUNET_IDENTITY_PROVIDER_Operation *op; + uint32_t r_id = ntohl (msg->id); + int32_t success; + + LOG (GNUNET_ERROR_TYPE_DEBUG, + "Processing revocation result.\n"); + + + for (op = h->op_head; NULL != op; op = op->next) + if (op->r_id == r_id) + break; + if (NULL == op) + return; + success = ntohl (msg->success); + { + if (NULL != op->rvk_cb) + { + op->rvk_cb (op->cls, + success, + NULL); + } + GNUNET_CONTAINER_DLL_remove (h->op_head, + h->op_tail, + op); + GNUNET_free (op); + return; + } + GNUNET_assert (0); +} + /** @@ -729,7 +776,7 @@ reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h) struct GNUNET_MQ_MessageHandler handlers[] = { GNUNET_MQ_hd_fixed_size (attribute_store_response, GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE, - struct AttributeStoreResponseMessage, + struct AttributeStoreResultMessage, h), GNUNET_MQ_hd_var_size (attribute_result, GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT, @@ -743,6 +790,10 @@ reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h) GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT, struct ConsumeTicketResultMessage, h), + GNUNET_MQ_hd_fixed_size (revoke_ticket_result, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT, + struct RevokeTicketResultMessage, + h), GNUNET_MQ_handler_end () }; struct GNUNET_IDENTITY_PROVIDER_Operation *op; @@ -1077,10 +1128,10 @@ GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h */ struct GNUNET_IDENTITY_PROVIDER_Operation * GNUNET_IDENTITY_PROVIDER_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *h, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, - const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - GNUNET_IDENTITY_PROVIDER_AttributeResult cb, - void *cb_cls) + const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, + const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, + GNUNET_IDENTITY_PROVIDER_AttributeResult cb, + void *cb_cls) { struct GNUNET_IDENTITY_PROVIDER_Operation *op; struct ConsumeTicketMessage *ctm; @@ -1280,6 +1331,50 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (struct GNUNET_IDENTITY_PROVIDER_ GNUNET_free (it); } +/** + * Revoked an issued ticket. The relying party will be unable to retrieve + * updated attributes. + * + * @param id the identity provider to use + * @param identity the issuing identity + * @param ticket the ticket to revoke + * @param cb the callback + * @param cb_cls the callback closure + * @return handle to abort the operation + */ +struct GNUNET_IDENTITY_PROVIDER_Operation * +GNUNET_IDENTITY_PROVIDER_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle *h, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, + const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, + GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cb, + void *cb_cls) +{ + struct GNUNET_IDENTITY_PROVIDER_Operation *op; + struct GNUNET_MQ_Envelope *env; + struct RevokeTicketMessage *msg; + uint32_t rid; + + rid = h->r_id_gen++; + op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation); + op->h = h; + op->rvk_cb = cb; + op->cls = cb_cls; + op->r_id = rid; + GNUNET_CONTAINER_DLL_insert_tail (h->op_head, + h->op_tail, + op); + env = GNUNET_MQ_msg (msg, + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET); + msg->id = htonl (rid); + msg->identity = *identity; + if (NULL == h->mq) + op->env = env; + else + GNUNET_MQ_send (h->mq, + env); + return op; +} + /* end of identity_provider_api.c */ diff --git a/src/include/gnunet_identity_provider_service.h b/src/include/gnunet_identity_provider_service.h index d1b437128..fa4d4536c 100644 --- a/src/include/gnunet_identity_provider_service.h +++ b/src/include/gnunet_identity_provider_service.h @@ -326,7 +326,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *i GNUNET_IDENTITY_PROVIDER_TicketCallback cb, void *cb_cls); -/** TODO +/** * Revoked an issued ticket. The relying party will be unable to retrieve * updated attributes. * -- cgit v1.2.3 From b7389bb3a98c077bcf39cafe2f9b66db15bd0bda Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sat, 7 Oct 2017 13:01:52 +0200 Subject: -mem fixes, revocation finish --- src/identity-provider/gnunet-idp.c | 46 +++++++- .../gnunet-service-identity-provider.c | 123 +++++++++++++-------- src/identity-provider/identity_provider_api.c | 8 +- .../plugin_identity_provider_sqlite.c | 1 + src/identity-provider/test_idp_revoke.sh | 37 +++++++ src/util/crypto_abe.c | 3 +- 6 files changed, 167 insertions(+), 51 deletions(-) create mode 100755 src/identity-provider/test_idp_revoke.sh diff --git a/src/identity-provider/gnunet-idp.c b/src/identity-provider/gnunet-idp.c index d6544eb3b..6940220d7 100644 --- a/src/identity-provider/gnunet-idp.c +++ b/src/identity-provider/gnunet-idp.c @@ -61,6 +61,11 @@ static char* issue_attrs; */ static char* consume_ticket; +/** + * Ticket to revoke + */ +static char* revoke_ticket; + /** * Ego name */ @@ -181,18 +186,32 @@ iter_error (void *cls) GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); } +static void +process_rvk (void *cls, int success, const char* msg) +{ + if (GNUNET_OK != success) + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "Revocation failed.\n"); + else + GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + "Revocation successful.\n"); + GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); +} + static void iter_finished (void *cls) { struct GNUNET_IDENTITY_PROVIDER_Attribute *attr; attr_iterator = NULL; - if (list) { + if (list) + { GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); return; } - if (issue_attrs) { + if (issue_attrs) + { idp_op = GNUNET_IDENTITY_PROVIDER_ticket_issue (idp_handle, pkey, &rp_key, @@ -201,7 +220,8 @@ iter_finished (void *cls) NULL); return; } - if (consume_ticket) { + if (consume_ticket) + { idp_op = GNUNET_IDENTITY_PROVIDER_ticket_consume (idp_handle, pkey, &ticket, @@ -209,6 +229,15 @@ iter_finished (void *cls) NULL); return; } + if (revoke_ticket) + { + idp_op = GNUNET_IDENTITY_PROVIDER_ticket_revoke (idp_handle, + pkey, + &ticket, + &process_rvk, + NULL); + return; + } attr = GNUNET_IDENTITY_PROVIDER_attribute_new (attr_name, GNUNET_IDENTITY_PROVIDER_AT_STRING, attr_value, @@ -279,6 +308,12 @@ ego_cb (void *cls, strlen (consume_ticket), &ticket, sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket)); + if (NULL != revoke_ticket) + GNUNET_STRINGS_string_to_data (revoke_ticket, + strlen (revoke_ticket), + &ticket, + sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket)); + attr_list = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList); @@ -358,6 +393,11 @@ main(int argc, char *const argv[]) NULL, gettext_noop ("Consume a ticket"), &consume_ticket), + GNUNET_GETOPT_option_string ('R', + "revoke", + NULL, + gettext_noop ("Revoke a ticket"), + &revoke_ticket), GNUNET_GETOPT_OPTION_END }; return GNUNET_PROGRAM_run (argc, argv, "ct", diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index f9d3f3f92..2f477370e 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -473,10 +473,15 @@ struct TicketRevocationHandle struct IdpClient *client; /** - * Attributes to issue + * Attributes to reissue */ struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs; + /** + * Attributes to revoke + */ + struct GNUNET_IDENTITY_PROVIDER_AttributeList *rvk_attrs; + /** * Issuer Key */ @@ -679,6 +684,7 @@ bootstrap_store_task (void *cls) rd, &bootstrap_store_cont, abh); + GNUNET_free ((void*)rd[0].data); } /** @@ -917,6 +923,7 @@ serialize_abe_keyinfo2 (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, enc_keyinfo, enc_size); GNUNET_free (enc_keyinfo); + GNUNET_free (buf); return sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)+enc_size; } @@ -978,6 +985,8 @@ issue_ticket_after_abe_bootstrap (void *cls, GNUNET_free (label); GNUNET_free (attrs); GNUNET_free (code_record_data); + GNUNET_CRYPTO_cpabe_delete_master_key (abe_key); + GNUNET_CRYPTO_cpabe_delete_key (rp_key); } @@ -1049,8 +1058,10 @@ cleanup_revoke_ticket_handle (struct TicketRevocationHandle *handle) { if (NULL != handle->attrs) attribute_list_destroy (handle->attrs); + if (NULL != handle->rvk_attrs) + attribute_list_destroy (handle->rvk_attrs); if (NULL != handle->abe_key) - GNUNET_free (handle->abe_key); + GNUNET_CRYPTO_cpabe_delete_master_key (handle->abe_key); if (NULL != handle->ns_qe) GNUNET_NAMESTORE_cancel (handle->ns_qe); if (NULL != handle->ns_it) @@ -1078,7 +1089,6 @@ send_revocation_finished (struct TicketRevocationHandle *rh, GNUNET_CONTAINER_DLL_remove (rh->client->revocation_list_head, rh->client->revocation_list_tail, rh); - cleanup_revoke_ticket_handle (rh); } @@ -1101,6 +1111,7 @@ reissue_ticket_cont (void *cls, const char *emsg) { struct TicketRevocationHandle *rh = cls; + int ret; rh->ns_qe = NULL; if (GNUNET_SYSERR == success) @@ -1111,14 +1122,20 @@ reissue_ticket_cont (void *cls, cleanup_revoke_ticket_handle (rh); return; } + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Continue DB iteration\n"); rh->offset++; - GNUNET_assert (GNUNET_SYSERR != + GNUNET_assert (GNUNET_SYSERR != (ret = TKT_database->iterate_tickets (TKT_database->cls, &rh->ticket.identity, GNUNET_NO, rh->offset, &ticket_reissue_proc, - rh)); + rh))); + if (GNUNET_NO == ret) + { + send_revocation_finished (rh, GNUNET_OK); + cleanup_revoke_ticket_handle (rh); + } } @@ -1136,7 +1153,6 @@ ticket_reissue_proc (void *cls, const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs) { struct TicketRevocationHandle *rh = cls; - const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs_to_reissue; struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; struct GNUNET_GNSRECORD_Data code_record[1]; @@ -1159,19 +1175,16 @@ ticket_reissue_proc (void *cls, } //Create new ABE key for RP attrs_len = 0; - attrs_to_reissue = attrs; /* If this is the RP we want to revoke attributes of, the do so */ - if (0 == memcmp (&ticket->audience, - &rh->ticket.audience, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) - attrs_to_reissue = rh->attrs; - for (le = attrs_to_reissue->list_head; NULL != le; le = le->next) + for (le = attrs->list_head; NULL != le; le = le->next) attrs_len++; attr_arr = GNUNET_malloc ((attrs_len + 1)*sizeof (char*)); i = 0; - for (le = attrs_to_reissue->list_head; NULL != le; le = le->next) { + for (le = attrs->list_head; NULL != le; le = le->next) { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Recreating key with %s\n", (char*) le->attribute->name); attr_arr[i] = (char*) le->attribute->name; i++; } @@ -1181,7 +1194,7 @@ ticket_reissue_proc (void *cls, //TODO review this wireformat code_record_len = serialize_abe_keyinfo2 (&rh->ticket, - rh->attrs, + attrs, rp_key, &ecdhe_privkey, &code_record_data); @@ -1205,18 +1218,40 @@ ticket_reissue_proc (void *cls, GNUNET_free (label); GNUNET_free (attr_arr); GNUNET_free (code_record_data); - + GNUNET_CRYPTO_cpabe_delete_key (rp_key); } - - /* Prototype for below function */ static void attr_reenc_cont (void *cls, int32_t success, const char *emsg); +static void +revocation_reissue_tickets (struct TicketRevocationHandle *rh) +{ + int ret; + /* Done, issue new keys */ + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Revocation Phase IV: Reissuing Tickets\n"); + if (GNUNET_SYSERR == (ret = TKT_database->iterate_tickets (TKT_database->cls, + &rh->ticket.identity, + GNUNET_NO, + rh->offset, + &ticket_reissue_proc, + rh))) + { + GNUNET_break (0); + } + if (GNUNET_NO == ret) + { + send_revocation_finished (rh, GNUNET_OK); + cleanup_revoke_ticket_handle (rh); + } + +} + /** * Revoke next attribte by reencryption with * new ABE master @@ -1226,8 +1261,15 @@ reenc_next_attribute (struct TicketRevocationHandle *rh) { struct GNUNET_GNSRECORD_Data rd[1]; char* buf; + char* enc_buf; size_t buf_size; + if (NULL == rh->attrs->list_head) + { + revocation_reissue_tickets (rh); + return; + } + buf_size = attribute_serialize_get_size (rh->attrs->list_head->attribute); buf = GNUNET_malloc (buf_size); @@ -1241,8 +1283,9 @@ reenc_next_attribute (struct TicketRevocationHandle *rh) buf_size, rh->attrs->list_head->attribute->name, //Policy rh->abe_key, - (void**)&rd[0].data); + (void**)&enc_buf); GNUNET_free (buf); + rd[0].data = enc_buf; rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR; rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane? @@ -1253,7 +1296,7 @@ reenc_next_attribute (struct TicketRevocationHandle *rh) rd, &attr_reenc_cont, rh); - GNUNET_free ((void*)rd[0].data); + GNUNET_free (enc_buf); } @@ -1268,7 +1311,6 @@ attr_reenc_cont (void *cls, { struct TicketRevocationHandle *rh = cls; struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; - int ret; if (GNUNET_SYSERR == success) { @@ -1278,30 +1320,19 @@ attr_reenc_cont (void *cls, GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); return; } + if (NULL == rh->attrs->list_head) + { + revocation_reissue_tickets (rh); + return; + } le = rh->attrs->list_head; GNUNET_CONTAINER_DLL_remove (rh->attrs->list_head, rh->attrs->list_tail, - rh->attrs->list_head); + le); GNUNET_free (le->attribute); GNUNET_free (le); - if (NULL == rh->attrs->list_head) - { - /* Done, issue new keys */ - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - "Revocation Phase IV: Reissuing Tickets\n"); - if (GNUNET_SYSERR == - (ret = TKT_database->iterate_tickets (TKT_database->cls, - &rh->ticket.identity, - GNUNET_NO, - rh->offset, - &ticket_reissue_proc, - rh))) - { - GNUNET_break (0); - } - return; - } + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Re-encrypting next attribute\n"); reenc_next_attribute (rh); @@ -1327,7 +1358,7 @@ reenc_after_abe_bootstrap (void *cls, cleanup_revoke_ticket_handle (rh); return; } else { - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Revocation Phase III: Re-encrypting attributes\n"); reenc_next_attribute (rh); } @@ -1357,7 +1388,7 @@ revoke_collect_iter_finished (void *cls) { struct TicketRevocationHandle *rh = cls; rh->ns_it = NULL; - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Revocation Phase II: Invalidating old ABE Master\n"); /* Bootstrap new abe key */ bootstrap_abe (&rh->identity, &reenc_after_abe_bootstrap, rh, GNUNET_YES); @@ -1404,6 +1435,7 @@ revoke_collect_iter_cb (void *cls, "Attribute to reencrypt: %s\n", label); le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry); le->attribute = attribute_deserialize (attr_ser, attr_len); + GNUNET_free (attr_ser); GNUNET_CONTAINER_DLL_insert_tail (rh->attrs->list_head, rh->attrs->list_tail, le); @@ -1419,9 +1451,9 @@ collect_after_abe_bootstrap (void *cls, { struct TicketRevocationHandle *rh = cls; - rh->abe_key = cls; + rh->abe_key = abe_key; GNUNET_assert (NULL != abe_key); - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Revocation Phase I: Collecting attributes\n"); /* Reencrypt all attributes with new key */ rh->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, @@ -1480,7 +1512,8 @@ handle_revoke_ticket_message (void *cls, attrs_len = ntohs (rm->attrs_len); ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket*)&rm[1]; if (0 < attrs_len) - rh->attrs = attribute_list_deserialize ((char*)&ticket[1], attrs_len); + rh->rvk_attrs = attribute_list_deserialize ((char*)&ticket[1], attrs_len); + rh->attrs = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList); rh->ticket = *ticket; rh->r_id = ntohl (rm->id); rh->client = idp; @@ -1502,7 +1535,7 @@ cleanup_as_handle (struct AttributeStoreHandle *handle) if (NULL != handle->attribute) GNUNET_free (handle->attribute); if (NULL != handle->abe_key) - GNUNET_free (handle->abe_key); + GNUNET_CRYPTO_cpabe_delete_master_key (handle->abe_key); GNUNET_free (handle); } @@ -1625,7 +1658,7 @@ static void cleanup_consume_ticket_handle (struct ConsumeTicketHandle *handle) { if (NULL != handle->key) - GNUNET_free (handle->key); + GNUNET_CRYPTO_cpabe_delete_key (handle->key); GNUNET_free (handle); } diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c index fb9926a2c..1dec43b16 100644 --- a/src/identity-provider/identity_provider_api.c +++ b/src/identity-provider/identity_provider_api.c @@ -1363,10 +1363,14 @@ GNUNET_IDENTITY_PROVIDER_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle * GNUNET_CONTAINER_DLL_insert_tail (h->op_head, h->op_tail, op); - env = GNUNET_MQ_msg (msg, - GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET); + env = GNUNET_MQ_msg_extra (msg, + sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket), + GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET); msg->id = htonl (rid); msg->identity = *identity; + memcpy (&msg[1], + ticket, + sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket)); if (NULL == h->mq) op->env = env; else diff --git a/src/identity-provider/plugin_identity_provider_sqlite.c b/src/identity-provider/plugin_identity_provider_sqlite.c index ac4e3c686..c55366214 100644 --- a/src/identity-provider/plugin_identity_provider_sqlite.c +++ b/src/identity-provider/plugin_identity_provider_sqlite.c @@ -547,6 +547,7 @@ get_ticket_and_call_iterator (struct Plugin *plugin, iter (iter_cls, &ticket, attrs); + attribute_list_destroy (attrs); ret = GNUNET_YES; } GNUNET_SQ_cleanup_result (rs); diff --git a/src/identity-provider/test_idp_revoke.sh b/src/identity-provider/test_idp_revoke.sh new file mode 100755 index 000000000..57872c5b9 --- /dev/null +++ b/src/identity-provider/test_idp_revoke.sh @@ -0,0 +1,37 @@ +#!/bin/bash +trap "gnunet-arm -e -c test_idp.conf" SIGINT + +LOCATION=$(which gnunet-config) +if [ -z $LOCATION ] +then + LOCATION="gnunet-config" +fi +$LOCATION --version 1> /dev/null +if test $? != 0 +then + echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" + exit 77 +fi + +rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f` + +# (1) PKEY1.user -> PKEY2.resu.user +# (2) PKEY2.resu -> PKEY3 +# (3) PKEY3.user -> PKEY4 + + +which timeout &> /dev/null && DO_TIMEOUT="timeout 30" + +TEST_ATTR="test" +gnunet-arm -s -c test_idp.conf +gnunet-identity -C testego -c test_idp.conf +gnunet-identity -C rpego -c test_idp.conf +SUBJECT_KEY=$(gnunet-identity -d -c test_idp.conf | grep rpego | awk '{print $3}') +TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}') +gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf +gnunet-idp -e testego -a name -V John -c test_idp.conf +#gnunet-idp -e testego -D -c test_idp.conf +TICKET=$(gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf | awk '{print $1}') +#echo "Consuming $TICKET" +gnunet-idp -e testego -R $TICKET -c test_idp.conf +gnunet-arm -e -c test_idp.conf diff --git a/src/util/crypto_abe.c b/src/util/crypto_abe.c index 899965159..f52cd5213 100644 --- a/src/util/crypto_abe.c +++ b/src/util/crypto_abe.c @@ -108,7 +108,7 @@ aes_128_cbc_encrypt( char* pt, GNUNET_assert (0 == gcry_cipher_encrypt (handle, *ct, buf_size, buf, buf_size)); gcry_cipher_close (handle); //AES_cbc_encrypt(pt->data, ct->data, pt->len, &key, iv, AES_ENCRYPT); - + GNUNET_free (buf); return buf_size; } @@ -300,6 +300,7 @@ GNUNET_CRYPTO_cpabe_decrypt (const void *block, } gabe_cph_free(cph); plt_len = aes_128_cbc_decrypt(aes_buf, aes_buf_size, m, (char**)result); + GNUNET_free (aes_buf); //freeing is buggy in gabe //gabe_prv_free (prv); //gabe_pub_free (pub); -- cgit v1.2.3 From 6fce29c2dc4360da38f326c172ee2170f1688e36 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sat, 7 Oct 2017 13:12:12 +0200 Subject: -fixes, add tests --- src/identity-provider/test_idp_attribute.sh | 32 +++++++++++++++++++++++++ src/identity-provider/test_idp_consume.sh | 36 +++++++++++++++++++++++++++++ src/identity-provider/test_idp_issue.sh | 11 ++++----- src/rest/rest.conf | 1 + 4 files changed, 74 insertions(+), 6 deletions(-) create mode 100755 src/identity-provider/test_idp_attribute.sh create mode 100755 src/identity-provider/test_idp_consume.sh diff --git a/src/identity-provider/test_idp_attribute.sh b/src/identity-provider/test_idp_attribute.sh new file mode 100755 index 000000000..433dfa3c4 --- /dev/null +++ b/src/identity-provider/test_idp_attribute.sh @@ -0,0 +1,32 @@ +#!/bin/bash +trap "gnunet-arm -e -c test_idp.conf" SIGINT + +LOCATION=$(which gnunet-config) +if [ -z $LOCATION ] +then + LOCATION="gnunet-config" +fi +$LOCATION --version 1> /dev/null +if test $? != 0 +then + echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" + exit 77 +fi + +rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f` + +# (1) PKEY1.user -> PKEY2.resu.user +# (2) PKEY2.resu -> PKEY3 +# (3) PKEY3.user -> PKEY4 + + +which timeout &> /dev/null && DO_TIMEOUT="timeout 30" + +TEST_ATTR="test" +gnunet-arm -s -c test_idp.conf +gnunet-identity -C testego -c test_idp.conf +gnunet-identity -C rpego -c test_idp.conf +TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}') +gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf +gnunet-idp -e testego -a name -V John -c test_idp.conf +gnunet-arm -e -c test_idp.conf diff --git a/src/identity-provider/test_idp_consume.sh b/src/identity-provider/test_idp_consume.sh new file mode 100755 index 000000000..0d05145e0 --- /dev/null +++ b/src/identity-provider/test_idp_consume.sh @@ -0,0 +1,36 @@ +#!/bin/bash +trap "gnunet-arm -e -c test_idp.conf" SIGINT + +LOCATION=$(which gnunet-config) +if [ -z $LOCATION ] +then + LOCATION="gnunet-config" +fi +$LOCATION --version 1> /dev/null +if test $? != 0 +then + echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" + exit 77 +fi + +rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f` + +# (1) PKEY1.user -> PKEY2.resu.user +# (2) PKEY2.resu -> PKEY3 +# (3) PKEY3.user -> PKEY4 + + +which timeout &> /dev/null && DO_TIMEOUT="timeout 30" + +TEST_ATTR="test" +gnunet-arm -s -c test_idp.conf +gnunet-identity -C testego -c test_idp.conf +gnunet-identity -C rpego -c test_idp.conf +SUBJECT_KEY=$(gnunet-identity -d -c test_idp.conf | grep rpego | awk '{print $3}') +TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}') +gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf > /dev/null 2>&1 +gnunet-idp -e testego -a name -V John -c test_idp.conf > /dev/null 2>&1 +TICKET=$(gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf | awk '{print $1}') +echo "Consuming ticket $TICKET" +gnunet-idp -e rpego -C $TICKET -c test_idp.conf +gnunet-arm -e -c test_idp.conf diff --git a/src/identity-provider/test_idp_issue.sh b/src/identity-provider/test_idp_issue.sh index 8cd1297d3..bf5783c9d 100755 --- a/src/identity-provider/test_idp_issue.sh +++ b/src/identity-provider/test_idp_issue.sh @@ -24,16 +24,15 @@ which timeout &> /dev/null && DO_TIMEOUT="timeout 30" TEST_ATTR="test" gnunet-arm -s -c test_idp.conf -gnunet-arm -i rest -c test_idp.conf +#gnunet-arm -i rest -c test_idp.conf gnunet-identity -C testego -c test_idp.conf gnunet-identity -C rpego -c test_idp.conf SUBJECT_KEY=$(gnunet-identity -d -c test_idp.conf | grep rpego | awk '{print $3}') TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}') -gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf -gnunet-idp -e testego -a name -V John -c test_idp.conf +gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf > /dev/null 2>&1 +gnunet-idp -e testego -a name -V John -c test_idp.conf > /dev/null 2>&1 #gnunet-idp -e testego -D -c test_idp.conf TICKET=$(gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf | awk '{print $1}') -curl http://localhost:7776/idp/attributes/testego -#echo "Consuming $TICKET" -gnunet-idp -e rpego -C $TICKET -c test_idp.conf +#curl http://localhost:7776/idp/attributes/testego +echo "Ticket: $TICKET" gnunet-arm -e -c test_idp.conf diff --git a/src/rest/rest.conf b/src/rest/rest.conf index 6cd013345..b86e6c1a0 100644 --- a/src/rest/rest.conf +++ b/src/rest/rest.conf @@ -1,4 +1,5 @@ [rest] +UNIXPATH = $GNUNET_USER_RUNTIME_DIR/gnunet-service-rest.sock BINARY=gnunet-rest-server REST_PORT=7776 REST_ALLOW_HEADERS=Authorization,Accept,Content-Type -- cgit v1.2.3 From 0729d3ff0b209fe2da270d98c967ad0acbdd49cb Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sat, 7 Oct 2017 13:21:21 +0200 Subject: -fix records --- src/identity-provider/plugin_gnsrecord_identity_provider.c | 9 +++++++-- src/identity-provider/test_idp_attribute.sh | 1 + 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/identity-provider/plugin_gnsrecord_identity_provider.c b/src/identity-provider/plugin_gnsrecord_identity_provider.c index cee0a9506..ad5a95dc7 100644 --- a/src/identity-provider/plugin_gnsrecord_identity_provider.c +++ b/src/identity-provider/plugin_gnsrecord_identity_provider.c @@ -54,12 +54,13 @@ value_to_string (void *cls, switch (type) { case GNUNET_GNSRECORD_TYPE_ID_ATTR: - case GNUNET_GNSRECORD_TYPE_ID_TOKEN: + return GNUNET_STRINGS_data_to_string_alloc (data, data_size); + case GNUNET_GNSRECORD_TYPE_ID_TOKEN: //DEPRECATED return GNUNET_strndup (data, data_size); case GNUNET_GNSRECORD_TYPE_ABE_KEY: case GNUNET_GNSRECORD_TYPE_ABE_MASTER: return GNUNET_STRINGS_data_to_string_alloc (data, data_size); - case GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA: + case GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA: //DEPRECATED ecdhe_privkey = data; audience_pubkey = data+sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey); scopes = (char*) audience_pubkey+(sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); @@ -109,6 +110,10 @@ string_to_value (void *cls, switch (type) { case GNUNET_GNSRECORD_TYPE_ID_ATTR: + return GNUNET_STRINGS_string_to_data (s, + strlen (s), + *data, + *data_size); case GNUNET_GNSRECORD_TYPE_ID_TOKEN: *data = GNUNET_strdup (s); *data_size = strlen (s); diff --git a/src/identity-provider/test_idp_attribute.sh b/src/identity-provider/test_idp_attribute.sh index 433dfa3c4..6c357128f 100755 --- a/src/identity-provider/test_idp_attribute.sh +++ b/src/identity-provider/test_idp_attribute.sh @@ -29,4 +29,5 @@ gnunet-identity -C rpego -c test_idp.conf TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}') gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf gnunet-idp -e testego -a name -V John -c test_idp.conf +gnunet-namestore -D -z testego -D -c test_idp.conf gnunet-arm -e -c test_idp.conf -- cgit v1.2.3 From 40fa67d024c8d7cc7d6f2af1a557e0ecc59e60f0 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sat, 7 Oct 2017 18:51:31 +0200 Subject: -add new jwt handling --- src/identity-provider/jwt.c | 172 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 172 insertions(+) create mode 100644 src/identity-provider/jwt.c diff --git a/src/identity-provider/jwt.c b/src/identity-provider/jwt.c new file mode 100644 index 000000000..c8bc67806 --- /dev/null +++ b/src/identity-provider/jwt.c @@ -0,0 +1,172 @@ +/* + This file is part of GNUnet + Copyright (C) 2010-2015 GNUnet e.V. + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. + */ + +/** + * @file identity-provider/jwt.c + * @brief helper library for JSON-Web-Tokens + * @author Martin Schanzenbach + */ +#include "platform.h" +#include "gnunet_util_lib.h" +#include "gnunet_signatures.h" +#include "identity_attribute.h" +#include + + +#define JWT_ALG "alg" + +/*TODO is this the correct way to define new algs? */ +#define JWT_ALG_VALUE "ED512" + +#define JWT_TYP "typ" + +#define JWT_TYP_VALUE "jwt" + +static char* +create_jwt_header(void) +{ + json_t *root; + char *json_str; + + root = json_object (); + json_object_set_new (root, JWT_ALG, json_string (JWT_ALG_VALUE)); + json_object_set_new (root, JWT_TYP, json_string (JWT_TYP_VALUE)); + + json_str = json_dumps (root, JSON_INDENT(1)); + json_decref (root); + return json_str; +} + +/** + * Create a JWT from a ticket and attributes + * + * @param ticket the ticket + * @param attrs the attribute list + * @return a new base64-encoded JWT string. + */ +char* +jwt_create (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, + const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key) +{ + struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; + struct GNUNET_CRYPTO_EcdsaSignature signature; + struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; + char* audience; + char* issuer; + char* header; + char* padding; + char* body_str; + char* result; + char* header_base64; + char* body_base64; + char* signature_target; + char* signature_base64; + json_t* body; + + /* TODO maybe we should use a local identity here */ + issuer = GNUNET_STRINGS_data_to_string_alloc (&ticket->identity, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + audience = GNUNET_STRINGS_data_to_string_alloc (&ticket->audience, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + header = create_jwt_header (); + body = json_object (); + /* TODO who is the issuer? local IdP or subject ? See self-issued tokens? */ + json_object_set_new (body, + "iss", json_string (issuer)); + json_object_set_new (body, + "sub", json_string (issuer)); + /* TODO what should be in here exactly? */ + json_object_set_new (body, + "aud", json_string (audience)); + for (le = attrs->list_head; NULL != le; le = le->next) + { + /** + * TODO here we should have a function that + * calls the Attribute plugins to create a + * json representation for its value + */ + json_object_set_new (body, + le->attribute->name, + json_string (le->attribute->data)); + } + body_str = json_dumps (body, JSON_INDENT(0)); + json_decref (body); + + GNUNET_STRINGS_base64_encode (header, + strlen (header), + &header_base64); + //Remove GNUNET padding of base64 + padding = strtok(header_base64, "="); + while (NULL != padding) + padding = strtok(NULL, "="); + + GNUNET_STRINGS_base64_encode (body_str, + strlen (body_str), + &body_base64); + + //Remove GNUNET padding of base64 + padding = strtok(body_base64, "="); + while (NULL != padding) + padding = strtok(NULL, "="); + + GNUNET_free (issuer); + GNUNET_free (audience); + + /** + * TODO + * Creating the JWT signature. This might not be + * standards compliant, check. + */ + GNUNET_asprintf (&signature_target, "%s,%s", header_base64, body_base64); + + purpose = + GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + + strlen (signature_target)); + purpose->size = + htonl (strlen (signature_target) + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose)); + purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN); + GNUNET_memcpy (&purpose[1], signature_target, strlen (signature_target)); + if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_sign (priv_key, + purpose, + (struct GNUNET_CRYPTO_EcdsaSignature *)&signature)) + { + GNUNET_free (signature_target); + GNUNET_free (body_str); + GNUNET_free (body_base64); + GNUNET_free (header_base64); + GNUNET_free (purpose); + return NULL; + } + GNUNET_STRINGS_base64_encode ((const char*)&signature, + sizeof (struct GNUNET_CRYPTO_EcdsaSignature), + &signature_base64); + GNUNET_asprintf (&result, "%s.%s.%s", + header_base64, body_base64, signature_base64); + + GNUNET_free (signature_target); + GNUNET_free (header); + GNUNET_free (body_str); + GNUNET_free (signature_base64); + GNUNET_free (body_base64); + GNUNET_free (header_base64); + GNUNET_free (purpose); + return result; +} -- cgit v1.2.3 From be9becc6f217f93f433d3301ae10b0d05ff31096 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sat, 7 Oct 2017 20:03:31 +0200 Subject: -add ticket listing for rest, bugfixes --- src/identity-provider/Makefile.am | 3 +- src/identity-provider/identity_provider_api.c | 11 +- .../plugin_rest_identity_provider.c | 146 +++++++++++++++++++-- src/identity-provider/test_idp_consume.sh | 2 + 4 files changed, 145 insertions(+), 17 deletions(-) diff --git a/src/identity-provider/Makefile.am b/src/identity-provider/Makefile.am index 488954a44..098313f9a 100644 --- a/src/identity-provider/Makefile.am +++ b/src/identity-provider/Makefile.am @@ -83,7 +83,8 @@ libgnunetidentityprovider_la_LDFLAGS = \ -version-info 0:0:0 libgnunet_plugin_rest_identity_provider_la_SOURCES = \ - plugin_rest_identity_provider.c + plugin_rest_identity_provider.c \ + jwt.c libgnunet_plugin_rest_identity_provider_la_LIBADD = \ $(top_builddir)/src/identity/libgnunetidentity.la \ libgnunetidentityprovider.la \ diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c index 1dec43b16..99faf0ecd 100644 --- a/src/identity-provider/identity_provider_api.c +++ b/src/identity-provider/identity_provider_api.c @@ -702,20 +702,19 @@ handle_ticket_result (void *cls, GNUNET_free (op); return; } else if (NULL != it) { - GNUNET_CONTAINER_DLL_remove (handle->ticket_it_head, - handle->ticket_it_tail, - it); if (msg_len == sizeof (struct TicketResultMessage)) { if (NULL != it->tr_cb) - it->finish_cb (it->finish_cb_cls); + GNUNET_CONTAINER_DLL_remove (handle->ticket_it_head, + handle->ticket_it_tail, + it); + it->finish_cb (it->finish_cb_cls); + GNUNET_free (it); } else { - ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket *)&msg[1]; if (NULL != it->tr_cb) it->tr_cb (it->cls, ticket); } - GNUNET_free (it); return; } GNUNET_break (0); diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index b8fb3d1cb..43251d93d 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c @@ -49,11 +49,22 @@ */ #define GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES "/idp/attributes" +/** + * Ticket namespace + */ +#define GNUNET_REST_API_NS_IDENTITY_TICKETS "/idp/tickets" + /** * Attribute key */ #define GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE "attribute" +/** + * Ticket key + */ +#define GNUNET_REST_JSONAPI_IDENTITY_TICKET "ticket" + + /** * Value key */ @@ -176,7 +187,12 @@ struct RequestHandle * Attribute iterator */ struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *attr_it; - + + /** + * Ticket iterator + */ + struct GNUNET_IDENTITY_PROVIDER_TicketIterator *ticket_it; + /** * Desired timeout for the lookup (default is no timeout). */ @@ -243,10 +259,12 @@ cleanup_handle (struct RequestHandle *handle) GNUNET_SCHEDULER_cancel (handle->timeout_task); if (NULL != handle->identity_handle) GNUNET_IDENTITY_disconnect (handle->identity_handle); - if (NULL != handle->idp) - GNUNET_IDENTITY_PROVIDER_disconnect (handle->idp); if (NULL != handle->attr_it) GNUNET_IDENTITY_PROVIDER_get_attributes_stop (handle->attr_it); + if (NULL != handle->ticket_it) + GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (handle->ticket_it); + if (NULL != handle->idp) + GNUNET_IDENTITY_PROVIDER_disconnect (handle->idp); if (NULL != handle->url) GNUNET_free (handle->url); if (NULL != handle->emsg) @@ -300,7 +318,7 @@ do_timeout (void *cls) static void -attr_collect_error_cb (void *cls) +collect_error_cb (void *cls) { struct RequestHandle *handle = cls; @@ -313,7 +331,7 @@ attr_collect_error_cb (void *cls) * @param cls the request handle */ static void -return_attr_list (void *cls) +return_response (void *cls) { char* result_str; struct RequestHandle *handle = cls; @@ -329,14 +347,121 @@ return_attr_list (void *cls) static void -attr_collect_finished_cb (void *cls) +collect_finished_cb (void *cls) { struct RequestHandle *handle = cls; //Done handle->attr_it = NULL; - GNUNET_SCHEDULER_add_now (&return_attr_list, handle); + handle->ticket_it = NULL; + GNUNET_SCHEDULER_add_now (&return_response, handle); +} + + +/** + * Collect all attributes for an ego + * + */ +static void +ticket_collect (void *cls, + const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket) +{ + struct RequestHandle *handle = cls; + json_t *value; + char* tmp; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding ticket\n"); + tmp = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd, + sizeof (uint64_t)); + handle->json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_TICKET, + tmp); + GNUNET_free (tmp); + GNUNET_JSONAPI_document_resource_add (handle->resp_object, handle->json_resource); + + tmp = GNUNET_STRINGS_data_to_string_alloc (&ticket->identity, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + value = json_string (tmp); + GNUNET_JSONAPI_resource_add_attr (handle->json_resource, + "issuer", + value); + GNUNET_free (tmp); + json_decref (value); + tmp = GNUNET_STRINGS_data_to_string_alloc (&ticket->audience, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + value = json_string (tmp); + GNUNET_JSONAPI_resource_add_attr (handle->json_resource, + "audience", + value); + GNUNET_free (tmp); + json_decref (value); + tmp = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd, + sizeof (uint64_t)); + value = json_string (tmp); + GNUNET_JSONAPI_resource_add_attr (handle->json_resource, + "rnd", + value); + GNUNET_free (tmp); + json_decref (value); + GNUNET_IDENTITY_PROVIDER_ticket_iteration_next (handle->ticket_it); } + + +/** + * List tickets for identity request + * + * @param con_handle the connection handle + * @param url the url + * @param cls the RequestHandle + */ +static void +list_tickets_cont (struct GNUNET_REST_RequestHandle *con_handle, + const char* url, + void *cls) +{ + const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; + struct RequestHandle *handle = cls; + struct EgoEntry *ego_entry; + char *identity; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Getting tickets for %s.\n", + handle->url); + if ( strlen (GNUNET_REST_API_NS_IDENTITY_TICKETS) >= + strlen (handle->url)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No identity given.\n"); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + identity = handle->url + strlen (GNUNET_REST_API_NS_IDENTITY_TICKETS) + 1; + + for (ego_entry = handle->ego_head; + NULL != ego_entry; + ego_entry = ego_entry->next) + if (0 == strcmp (identity, ego_entry->identifier)) + break; + handle->resp_object = GNUNET_JSONAPI_document_new (); + + if (NULL == ego_entry) + { + //Done + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Ego %s not found.\n", + identity); + GNUNET_SCHEDULER_add_now (&return_response, handle); + return; + } + priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); + handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg); + handle->ticket_it = GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (handle->idp, + priv_key, + &collect_error_cb, + handle, + &ticket_collect, + handle, + &collect_finished_cb, + handle); +} + + /** * Collect all attributes for an ego * @@ -405,18 +530,18 @@ list_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle, //Done GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Ego %s not found.\n", identity); - GNUNET_SCHEDULER_add_now (&return_attr_list, handle); + GNUNET_SCHEDULER_add_now (&return_response, handle); return; } priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg); handle->attr_it = GNUNET_IDENTITY_PROVIDER_get_attributes_start (handle->idp, priv_key, - &attr_collect_error_cb, + &collect_error_cb, handle, &attr_collect, handle, - &attr_collect_finished_cb, + &collect_finished_cb, handle); } @@ -457,6 +582,7 @@ init_cont (struct RequestHandle *handle) struct GNUNET_REST_RequestHandlerError err; static const struct GNUNET_REST_RequestHandler handlers[] = { {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES, &list_attribute_cont}, + {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TICKETS, &list_tickets_cont}, {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_PROVIDER, &options_cont}, GNUNET_REST_HANDLER_END diff --git a/src/identity-provider/test_idp_consume.sh b/src/identity-provider/test_idp_consume.sh index 0d05145e0..81cd0b149 100755 --- a/src/identity-provider/test_idp_consume.sh +++ b/src/identity-provider/test_idp_consume.sh @@ -24,6 +24,7 @@ which timeout &> /dev/null && DO_TIMEOUT="timeout 30" TEST_ATTR="test" gnunet-arm -s -c test_idp.conf +gnunet-arm -i rest -c test_idp.conf gnunet-identity -C testego -c test_idp.conf gnunet-identity -C rpego -c test_idp.conf SUBJECT_KEY=$(gnunet-identity -d -c test_idp.conf | grep rpego | awk '{print $3}') @@ -33,4 +34,5 @@ gnunet-idp -e testego -a name -V John -c test_idp.conf > /dev/null 2>&1 TICKET=$(gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf | awk '{print $1}') echo "Consuming ticket $TICKET" gnunet-idp -e rpego -C $TICKET -c test_idp.conf +curl http://localhost:7776/idp/tickets/testego gnunet-arm -e -c test_idp.conf -- cgit v1.2.3 From dc7f9d7e2bf4e9c607738500051adab58b1bd2f3 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 9 Oct 2017 09:32:43 +0200 Subject: -add REST revoke API --- .../plugin_rest_identity_provider.c | 184 +++++++++++++++++++-- src/identity-provider/test_idp_consume.sh | 2 +- 2 files changed, 172 insertions(+), 14 deletions(-) diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index 43251d93d..bb9f210ef 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c @@ -54,6 +54,11 @@ */ #define GNUNET_REST_API_NS_IDENTITY_TICKETS "/idp/tickets" +/** + * Revoke namespace + */ +#define GNUNET_REST_API_NS_IDENTITY_REVOKE "/idp/revoke" + /** * Attribute key */ @@ -153,11 +158,6 @@ struct RequestHandle */ const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; - /** - * Handle to the rest connection - */ - struct GNUNET_REST_RequestHandle *conndata_handle; - /** * The processing state */ @@ -168,6 +168,12 @@ struct RequestHandle */ struct GNUNET_IDENTITY_Handle *identity_handle; + /** + * Rest connection + */ + struct GNUNET_REST_RequestHandle *rest_handle; + + /** * IDENTITY Operation */ @@ -187,12 +193,12 @@ struct RequestHandle * Attribute iterator */ struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *attr_it; - + /** * Ticket iterator */ struct GNUNET_IDENTITY_PROVIDER_TicketIterator *ticket_it; - + /** * Desired timeout for the lookup (default is no timeout). */ @@ -232,7 +238,7 @@ struct RequestHandle * Response object */ struct GNUNET_JSONAPI_Document *resp_object; - + /** * Resource object */ @@ -281,6 +287,13 @@ cleanup_handle (struct RequestHandle *handle) GNUNET_free (handle); } +static void +cleanup_handle_delayed (void *cls) +{ + cleanup_handle (cls); +} + + /** * Task run on error, sends error message. Cleans up everything. * @@ -546,6 +559,151 @@ list_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle, } +static void +revoke_finished_cont (void *cls, + int32_t success, + const char *emsg) +{ + struct RequestHandle *handle = cls; + struct MHD_Response *resp; + + resp = GNUNET_REST_create_response (emsg); + if (GNUNET_OK != success) + { + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); + GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); +} + +static void +revoke_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle, + const char* url, + void *cls) +{ + const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity_priv; + const char* identity_str; + const char* audience_str; + const char* rnd_str; + + struct RequestHandle *handle = cls; + struct EgoEntry *ego_entry; + struct MHD_Response *resp; + struct GNUNET_IDENTITY_PROVIDER_Ticket ticket; + struct GNUNET_JSONAPI_Document *json_obj; + struct GNUNET_JSONAPI_Resource *json_res; + struct GNUNET_CRYPTO_EcdsaPublicKey tmp_pk; + char term_data[handle->rest_handle->data_size+1]; + json_t *rnd_json; + json_t *identity_json; + json_t *audience_json; + json_t *data_json; + json_error_t err; + struct GNUNET_JSON_Specification docspec[] = { + GNUNET_JSON_spec_jsonapi_document (&json_obj), + GNUNET_JSON_spec_end() + }; + + if (0 >= handle->rest_handle->data_size) + { + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + + term_data[handle->rest_handle->data_size] = '\0'; + GNUNET_memcpy (term_data, + handle->rest_handle->data, + handle->rest_handle->data_size); + data_json = json_loads (term_data, + JSON_DECODE_ANY, + &err); + GNUNET_assert (GNUNET_OK == + GNUNET_JSON_parse (data_json, docspec, + NULL, NULL)); + json_decref (data_json); + if (NULL == json_obj) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unable to parse JSONAPI Object from %s\n", + term_data); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + if (1 != GNUNET_JSONAPI_document_resource_count (json_obj)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Cannot create more than 1 resource! (Got %d)\n", + GNUNET_JSONAPI_document_resource_count (json_obj)); + GNUNET_JSONAPI_document_delete (json_obj); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + json_res = GNUNET_JSONAPI_document_get_resource (json_obj, 0); + if (GNUNET_NO == GNUNET_JSONAPI_resource_check_type (json_res, + GNUNET_REST_JSONAPI_IDENTITY_TICKET)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unsupported JSON data type\n"); + GNUNET_JSONAPI_document_delete (json_obj); + resp = GNUNET_REST_create_response (NULL); + handle->proc (handle->proc_cls, resp, MHD_HTTP_CONFLICT); + cleanup_handle (handle); + return; + } + rnd_json = GNUNET_JSONAPI_resource_read_attr (json_res, + "rnd"); + identity_json = GNUNET_JSONAPI_resource_read_attr (json_res, + "identity"); + audience_json = GNUNET_JSONAPI_resource_read_attr (json_res, + "audience"); + rnd_str = json_string_value (rnd_json); + identity_str = json_string_value (identity_json); + audience_str = json_string_value (audience_json); + + GNUNET_STRINGS_string_to_data (rnd_str, + strlen (rnd_str), + &ticket.rnd, + sizeof (uint64_t)); + GNUNET_STRINGS_string_to_data (identity_str, + strlen (identity_str), + &ticket.identity, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + GNUNET_STRINGS_string_to_data (audience_str, + strlen (audience_str), + &ticket.audience, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + + for (ego_entry = handle->ego_head; + NULL != ego_entry; + ego_entry = ego_entry->next) + { + GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, + &tmp_pk); + if (0 == memcmp (&ticket.identity, + &tmp_pk, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) + break; + } + if (NULL == ego_entry) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Identity unknown (%s)\n", identity_str); + GNUNET_JSONAPI_document_delete (json_obj); + return; + } + identity_priv = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); + + handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg); + handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_revoke (handle->idp, + identity_priv, + &ticket, + &revoke_finished_cont, + handle); + GNUNET_JSONAPI_document_delete (json_obj); +} + + /** * Respond to OPTIONS request * @@ -583,12 +741,13 @@ init_cont (struct RequestHandle *handle) static const struct GNUNET_REST_RequestHandler handlers[] = { {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES, &list_attribute_cont}, {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TICKETS, &list_tickets_cont}, + {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_REVOKE, &revoke_ticket_cont}, {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_PROVIDER, &options_cont}, GNUNET_REST_HANDLER_END }; - if (GNUNET_NO == GNUNET_REST_handle_request (handle->conndata_handle, + if (GNUNET_NO == GNUNET_REST_handle_request (handle->rest_handle, handlers, &err, handle)) @@ -671,7 +830,7 @@ list_ego (void *cls, * @return GNUNET_OK if request accepted */ static void -rest_identity_process_request(struct GNUNET_REST_RequestHandle *conndata_handle, +rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle, GNUNET_REST_ResultProcessor proc, void *proc_cls) { @@ -681,10 +840,9 @@ rest_identity_process_request(struct GNUNET_REST_RequestHandle *conndata_handle, handle->proc_cls = proc_cls; handle->proc = proc; handle->state = ID_REST_STATE_INIT; - handle->conndata_handle = conndata_handle; - + handle->rest_handle = rest_handle; - handle->url = GNUNET_strdup (conndata_handle->url); + handle->url = GNUNET_strdup (rest_handle->url); if (handle->url[strlen (handle->url)-1] == '/') handle->url[strlen (handle->url)-1] = '\0'; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, diff --git a/src/identity-provider/test_idp_consume.sh b/src/identity-provider/test_idp_consume.sh index 81cd0b149..ab437c0e8 100755 --- a/src/identity-provider/test_idp_consume.sh +++ b/src/identity-provider/test_idp_consume.sh @@ -35,4 +35,4 @@ TICKET=$(gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf echo "Consuming ticket $TICKET" gnunet-idp -e rpego -C $TICKET -c test_idp.conf curl http://localhost:7776/idp/tickets/testego -gnunet-arm -e -c test_idp.conf +#gnunet-arm -e -c test_idp.conf -- cgit v1.2.3 From 0e7c1fb8feff37774d66ca46b3eb09492ecf93af Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 9 Oct 2017 11:00:40 +0200 Subject: -add attribute store API, fixes --- .../plugin_rest_identity_provider.c | 157 ++++++++++++++++++--- src/include/gnunet_jsonapi_lib.h | 2 +- src/jsonapi/jsonapi_resource.c | 2 +- 3 files changed, 140 insertions(+), 21 deletions(-) diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index bb9f210ef..0ba0666d0 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c @@ -338,6 +338,25 @@ collect_error_cb (void *cls) do_error (handle); } +static void +finished_cont (void *cls, + int32_t success, + const char *emsg) +{ + struct RequestHandle *handle = cls; + struct MHD_Response *resp; + + resp = GNUNET_REST_create_response (emsg); + if (GNUNET_OK != success) + { + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); + GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); +} + + /** * Return attributes for identity * @@ -475,6 +494,123 @@ list_tickets_cont (struct GNUNET_REST_RequestHandle *con_handle, } +static void +add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle, + const char* url, + void *cls) +{ + const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity_priv; + const char* identity; + const char* name_str; + const char* value_str; + + struct RequestHandle *handle = cls; + struct EgoEntry *ego_entry; + struct MHD_Response *resp; + struct GNUNET_IDENTITY_PROVIDER_Attribute *attribute; + struct GNUNET_JSONAPI_Document *json_obj; + struct GNUNET_JSONAPI_Resource *json_res; + char term_data[handle->rest_handle->data_size+1]; + json_t *value_json; + json_t *data_json; + json_error_t err; + struct GNUNET_JSON_Specification docspec[] = { + GNUNET_JSON_spec_jsonapi_document (&json_obj), + GNUNET_JSON_spec_end() + }; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding an attribute for %s.\n", + handle->url); + if ( strlen (GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES) >= + strlen (handle->url)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No identity given.\n"); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + identity = handle->url + strlen (GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES) + 1; + + for (ego_entry = handle->ego_head; + NULL != ego_entry; + ego_entry = ego_entry->next) + if (0 == strcmp (identity, ego_entry->identifier)) + break; + + if (NULL == ego_entry) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Identity unknown (%s)\n", identity); + GNUNET_JSONAPI_document_delete (json_obj); + return; + } + identity_priv = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); + + if (0 >= handle->rest_handle->data_size) + { + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + + term_data[handle->rest_handle->data_size] = '\0'; + GNUNET_memcpy (term_data, + handle->rest_handle->data, + handle->rest_handle->data_size); + data_json = json_loads (term_data, + JSON_DECODE_ANY, + &err); + GNUNET_assert (GNUNET_OK == + GNUNET_JSON_parse (data_json, docspec, + NULL, NULL)); + json_decref (data_json); + if (NULL == json_obj) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unable to parse JSONAPI Object from %s\n", + term_data); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + if (1 != GNUNET_JSONAPI_document_resource_count (json_obj)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Cannot create more than 1 resource! (Got %d)\n", + GNUNET_JSONAPI_document_resource_count (json_obj)); + GNUNET_JSONAPI_document_delete (json_obj); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + json_res = GNUNET_JSONAPI_document_get_resource (json_obj, 0); + if (GNUNET_NO == GNUNET_JSONAPI_resource_check_type (json_res, + GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unsupported JSON data type\n"); + GNUNET_JSONAPI_document_delete (json_obj); + resp = GNUNET_REST_create_response (NULL); + handle->proc (handle->proc_cls, resp, MHD_HTTP_CONFLICT); + cleanup_handle (handle); + return; + } + name_str = GNUNET_JSONAPI_resource_get_id (json_res); + value_json = GNUNET_JSONAPI_resource_read_attr (json_res, + "value"); + value_str = json_string_value (value_json); + attribute = GNUNET_IDENTITY_PROVIDER_attribute_new (name_str, + GNUNET_IDENTITY_PROVIDER_AT_STRING, + value_str, + strlen (value_str)); + handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg); + handle->idp_op = GNUNET_IDENTITY_PROVIDER_attribute_store (handle->idp, + identity_priv, + attribute, + &finished_cont, + handle); + GNUNET_free (attribute); + GNUNET_JSONAPI_document_delete (json_obj); +} + + + /** * Collect all attributes for an ego * @@ -559,24 +695,6 @@ list_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle, } -static void -revoke_finished_cont (void *cls, - int32_t success, - const char *emsg) -{ - struct RequestHandle *handle = cls; - struct MHD_Response *resp; - - resp = GNUNET_REST_create_response (emsg); - if (GNUNET_OK != success) - { - GNUNET_SCHEDULER_add_now (&do_error, handle); - return; - } - handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); - GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); -} - static void revoke_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle, const char* url, @@ -698,7 +816,7 @@ revoke_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle, handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_revoke (handle->idp, identity_priv, &ticket, - &revoke_finished_cont, + &finished_cont, handle); GNUNET_JSONAPI_document_delete (json_obj); } @@ -740,6 +858,7 @@ init_cont (struct RequestHandle *handle) struct GNUNET_REST_RequestHandlerError err; static const struct GNUNET_REST_RequestHandler handlers[] = { {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES, &list_attribute_cont}, + {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES, &add_attribute_cont}, {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TICKETS, &list_tickets_cont}, {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_REVOKE, &revoke_ticket_cont}, {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_PROVIDER, diff --git a/src/include/gnunet_jsonapi_lib.h b/src/include/gnunet_jsonapi_lib.h index f95bff836..2f6b810f0 100644 --- a/src/include/gnunet_jsonapi_lib.h +++ b/src/include/gnunet_jsonapi_lib.h @@ -248,7 +248,7 @@ GNUNET_JSONAPI_resource_check_id (const struct GNUNET_JSONAPI_Resource *resource * @param res the JSON resource * @return the resource id */ -char* +const char* GNUNET_JSONAPI_resource_get_id (const struct GNUNET_JSONAPI_Resource *resource); diff --git a/src/jsonapi/jsonapi_resource.c b/src/jsonapi/jsonapi_resource.c index 4a166f58a..be28ad5df 100644 --- a/src/jsonapi/jsonapi_resource.c +++ b/src/jsonapi/jsonapi_resource.c @@ -245,7 +245,7 @@ GNUNET_JSONAPI_resource_check_id (const struct GNUNET_JSONAPI_Resource *resource * @param res the JSON resource * @return the resource id */ -char* +const char* GNUNET_JSONAPI_resource_get_id (const struct GNUNET_JSONAPI_Resource *resource) { return resource->id; -- cgit v1.2.3 From 037bf3d5a227287e4b2e9c4dbb2583f39bd8fa20 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 9 Oct 2017 11:07:28 +0200 Subject: -fixes --- .../plugin_rest_identity_provider.c | 30 ++++++++++------------ src/identity-provider/test_idp_attribute.sh | 3 ++- 2 files changed, 16 insertions(+), 17 deletions(-) diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index 0ba0666d0..f136901a0 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c @@ -239,11 +239,6 @@ struct RequestHandle */ struct GNUNET_JSONAPI_Document *resp_object; - /** - * Resource object - */ - struct GNUNET_JSONAPI_Resource *json_resource; - }; @@ -397,6 +392,7 @@ static void ticket_collect (void *cls, const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket) { + struct GNUNET_JSONAPI_Resource *json_resource; struct RequestHandle *handle = cls; json_t *value; char* tmp; @@ -404,15 +400,15 @@ ticket_collect (void *cls, GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding ticket\n"); tmp = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd, sizeof (uint64_t)); - handle->json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_TICKET, + json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_TICKET, tmp); GNUNET_free (tmp); - GNUNET_JSONAPI_document_resource_add (handle->resp_object, handle->json_resource); + GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource); tmp = GNUNET_STRINGS_data_to_string_alloc (&ticket->identity, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); value = json_string (tmp); - GNUNET_JSONAPI_resource_add_attr (handle->json_resource, + GNUNET_JSONAPI_resource_add_attr (json_resource, "issuer", value); GNUNET_free (tmp); @@ -420,7 +416,7 @@ ticket_collect (void *cls, tmp = GNUNET_STRINGS_data_to_string_alloc (&ticket->audience, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); value = json_string (tmp); - GNUNET_JSONAPI_resource_add_attr (handle->json_resource, + GNUNET_JSONAPI_resource_add_attr (json_resource, "audience", value); GNUNET_free (tmp); @@ -428,7 +424,7 @@ ticket_collect (void *cls, tmp = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd, sizeof (uint64_t)); value = json_string (tmp); - GNUNET_JSONAPI_resource_add_attr (handle->json_resource, + GNUNET_JSONAPI_resource_add_attr (json_resource, "rnd", value); GNUNET_free (tmp); @@ -535,7 +531,7 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle, ego_entry = ego_entry->next) if (0 == strcmp (identity, ego_entry->identifier)) break; - + if (NULL == ego_entry) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, @@ -620,14 +616,19 @@ attr_collect (void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr) { + struct GNUNET_JSONAPI_Resource *json_resource; struct RequestHandle *handle = cls; json_t *value; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute: %s\n", attr->name); + json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE, + attr->name); + GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource); + value = json_string (attr->data); - GNUNET_JSONAPI_resource_add_attr (handle->json_resource, - attr->name, + GNUNET_JSONAPI_resource_add_attr (json_resource, + "value", value); json_decref (value); GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it); @@ -670,9 +671,6 @@ list_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle, break; handle->resp_object = GNUNET_JSONAPI_document_new (); - handle->json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE, - identity); - GNUNET_JSONAPI_document_resource_add (handle->resp_object, handle->json_resource); if (NULL == ego_entry) { diff --git a/src/identity-provider/test_idp_attribute.sh b/src/identity-provider/test_idp_attribute.sh index 6c357128f..0b0436ede 100755 --- a/src/identity-provider/test_idp_attribute.sh +++ b/src/identity-provider/test_idp_attribute.sh @@ -24,10 +24,11 @@ which timeout &> /dev/null && DO_TIMEOUT="timeout 30" TEST_ATTR="test" gnunet-arm -s -c test_idp.conf +gnunet-arm -i rest -c test_idp.conf gnunet-identity -C testego -c test_idp.conf gnunet-identity -C rpego -c test_idp.conf TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}') gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf gnunet-idp -e testego -a name -V John -c test_idp.conf -gnunet-namestore -D -z testego -D -c test_idp.conf +curl localhost:7776/idp/attributes/testego gnunet-arm -e -c test_idp.conf -- cgit v1.2.3 From 44f8117be5a2aca8b303943ff016927a35621ed9 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 9 Oct 2017 14:45:42 +0200 Subject: -improve revocation handling --- .../gnunet-service-identity-provider.c | 283 ++++++++++----------- src/identity-provider/identity_attribute.c | 25 ++ src/identity-provider/identity_attribute.h | 2 + .../plugin_identity_provider_sqlite.c | 54 ++++ src/identity-provider/test_idp_attribute.sh | 5 +- src/identity-provider/test_idp_issue.sh | 4 +- src/include/gnunet_identity_provider_plugin.h | 5 +- src/include/gnunet_identity_provider_service.h | 5 + 8 files changed, 228 insertions(+), 155 deletions(-) diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 2f477370e..364c097b5 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -424,7 +424,8 @@ struct ConsumeTicketHandle * Attributes */ struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs; - + + /** * request id */ @@ -671,9 +672,11 @@ bootstrap_store_task (void *cls) { struct AbeBootstrapHandle *abh = cls; struct GNUNET_GNSRECORD_Data rd[1]; + char *key; rd[0].data_size = GNUNET_CRYPTO_cpabe_serialize_master_key (abh->abe_key, - (void**)&rd[0].data); + (void**)&key); + rd[0].data = key; rd[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_MASTER; rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION | GNUNET_GNSRECORD_RF_PRIVATE; rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane? @@ -684,7 +687,7 @@ bootstrap_store_task (void *cls) rd, &bootstrap_store_cont, abh); - GNUNET_free ((void*)rd[0].data); + GNUNET_free (key); } /** @@ -717,7 +720,7 @@ bootstrap_abe_result (void *cls, for (i=0;iproc (abh->proc_cls, abe_key); GNUNET_free (abh); @@ -1125,12 +1128,12 @@ reissue_ticket_cont (void *cls, GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Continue DB iteration\n"); rh->offset++; GNUNET_assert (GNUNET_SYSERR != (ret = - TKT_database->iterate_tickets (TKT_database->cls, - &rh->ticket.identity, - GNUNET_NO, - rh->offset, - &ticket_reissue_proc, - rh))); + TKT_database->iterate_tickets (TKT_database->cls, + &rh->ticket.identity, + GNUNET_NO, + rh->offset, + &ticket_reissue_proc, + rh))); if (GNUNET_NO == ret) { send_revocation_finished (rh, GNUNET_OK); @@ -1138,6 +1141,8 @@ reissue_ticket_cont (void *cls, } } +static void +revocation_reissue_tickets (struct TicketRevocationHandle *rh); /** @@ -1154,14 +1159,17 @@ ticket_reissue_proc (void *cls, { struct TicketRevocationHandle *rh = cls; struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; + struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le_rollover; struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; struct GNUNET_GNSRECORD_Data code_record[1]; struct GNUNET_CRYPTO_AbeKey *rp_key; char *code_record_data; char **attr_arr; char *label; + char *policy; int attrs_len; int i; + int reissue_ticket; size_t code_record_len; @@ -1173,6 +1181,37 @@ ticket_reissue_proc (void *cls, cleanup_revoke_ticket_handle (rh); return; } + + /* + * Check if any attribute of this ticket intersects with a rollover attribute + */ + reissue_ticket = GNUNET_NO; + for (le = attrs->list_head; NULL != le; le = le->next) + { + for (le_rollover = rh->rvk_attrs->list_head; + NULL != le_rollover; + le_rollover = le_rollover->next) + { + if (0 == strcmp (le_rollover->attribute->name, + le->attribute->name)) + { + reissue_ticket = GNUNET_YES; + break; + } + } + if (GNUNET_YES == reissue_ticket) + break; + } + + if (GNUNET_NO == reissue_ticket) + { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Skipping ticket.\n"); + rh->offset++; + revocation_reissue_tickets (rh); + return; + } + //Create new ABE key for RP attrs_len = 0; @@ -1183,9 +1222,12 @@ ticket_reissue_proc (void *cls, attr_arr = GNUNET_malloc ((attrs_len + 1)*sizeof (char*)); i = 0; for (le = attrs->list_head; NULL != le; le = le->next) { + GNUNET_asprintf (&policy, "%s:%lu", + le->attribute->name, + le->attribute->attribute_version); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Recreating key with %s\n", (char*) le->attribute->name); - attr_arr[i] = (char*) le->attribute->name; + "Recreating key with %s\n", policy); + attr_arr[i] = policy; i++; } attr_arr[i] = NULL; @@ -1214,6 +1256,8 @@ ticket_reissue_proc (void *cls, code_record, &reissue_ticket_cont, rh); + for (; i > 0; i--) + GNUNET_free (attr_arr[i]); GNUNET_free (ecdhe_privkey); GNUNET_free (label); GNUNET_free (attr_arr); @@ -1262,30 +1306,43 @@ reenc_next_attribute (struct TicketRevocationHandle *rh) struct GNUNET_GNSRECORD_Data rd[1]; char* buf; char* enc_buf; + size_t enc_size; + char* rd_buf; size_t buf_size; + char* policy; + uint32_t attr_ver; if (NULL == rh->attrs->list_head) { revocation_reissue_tickets (rh); return; } - buf_size = attribute_serialize_get_size (rh->attrs->list_head->attribute); buf = GNUNET_malloc (buf_size); - attribute_serialize (rh->attrs->list_head->attribute, buf); - + rh->attrs->list_head->attribute->attribute_version++; + GNUNET_asprintf (&policy, "%s:%lu", rh->attrs->list_head->attribute->name, rh->attrs->list_head->attribute->attribute_version); /** * Encrypt the attribute value and store in namestore */ - rd[0].data_size = GNUNET_CRYPTO_cpabe_encrypt (buf, - buf_size, - rh->attrs->list_head->attribute->name, //Policy - rh->abe_key, - (void**)&enc_buf); + enc_size = GNUNET_CRYPTO_cpabe_encrypt (buf, + buf_size, + policy, //Policy + rh->abe_key, + (void**)&enc_buf); GNUNET_free (buf); - rd[0].data = enc_buf; + GNUNET_free (policy); + rd[0].data_size = enc_size + sizeof (uint32_t); + rd_buf = GNUNET_malloc (rd[0].data_size); + attr_ver = htonl (rh->attrs->list_head->attribute->attribute_version); + GNUNET_memcpy (rd_buf, + &attr_ver, + sizeof (uint32_t)); + GNUNET_memcpy (rd_buf+sizeof (uint32_t), + enc_buf, + enc_size); + rd[0].data = rd_buf; rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR; rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane? @@ -1297,7 +1354,7 @@ reenc_next_attribute (struct TicketRevocationHandle *rh) &attr_reenc_cont, rh); GNUNET_free (enc_buf); - + GNUNET_free (rd_buf); } /** @@ -1329,8 +1386,9 @@ attr_reenc_cont (void *cls, GNUNET_CONTAINER_DLL_remove (rh->attrs->list_head, rh->attrs->list_tail, le); - GNUNET_free (le->attribute); - GNUNET_free (le); + GNUNET_CONTAINER_DLL_insert (rh->rvk_attrs->list_head, + rh->rvk_attrs->list_tail, + le); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, @@ -1339,18 +1397,17 @@ attr_reenc_cont (void *cls, } -/** - * Start reencryption with newly generated ABE master - */ static void -reenc_after_abe_bootstrap (void *cls, - struct GNUNET_CRYPTO_AbeMasterKey *abe_key) +process_attributes_to_update (void *cls, + const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, + const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs) { struct TicketRevocationHandle *rh = cls; - GNUNET_free (rh->abe_key); - GNUNET_assert (NULL != abe_key); - rh->abe_key = abe_key; + rh->attrs = attribute_list_dup (attrs); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Revocation Phase I: Collecting attributes\n"); + /* Reencrypt all attributes with new key */ if (NULL == rh->attrs->list_head) { /* No attributes to reencrypt */ @@ -1359,111 +1416,9 @@ reenc_after_abe_bootstrap (void *cls, return; } else { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Revocation Phase III: Re-encrypting attributes\n"); + "Revocation Phase II: Re-encrypting attributes\n"); reenc_next_attribute (rh); } -} - - -/** - * Collecting attributes failed... abort. - */ -static void -revoke_collect_iter_error (void *cls) -{ - struct TicketRevocationHandle *rh = cls; - - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Failed to iterate over attributes\n"); - rh->ns_it = NULL; - send_revocation_finished (rh, GNUNET_SYSERR); - cleanup_revoke_ticket_handle (rh); -} - -/** - * Done decrypting existing attributes. - */ -static void -revoke_collect_iter_finished (void *cls) -{ - struct TicketRevocationHandle *rh = cls; - rh->ns_it = NULL; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Revocation Phase II: Invalidating old ABE Master\n"); - /* Bootstrap new abe key */ - bootstrap_abe (&rh->identity, &reenc_after_abe_bootstrap, rh, GNUNET_YES); -} - -/** - * Decrypt existing attribute and store it - * We will revoke it by reencrypting it with a new ABE master key. - */ -static void -revoke_collect_iter_cb (void *cls, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, - const char *label, - unsigned int rd_count, - const struct GNUNET_GNSRECORD_Data *rd) -{ - struct TicketRevocationHandle *rh = cls; - struct GNUNET_CRYPTO_AbeKey *key; - struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; - ssize_t attr_len; - char* attr_ser; - char* attrs[2]; - - if (rd_count != 1) - { - GNUNET_NAMESTORE_zone_iterator_next (rh->ns_it); - return; - } - - if (GNUNET_GNSRECORD_TYPE_ID_ATTR != rd->record_type) { - GNUNET_NAMESTORE_zone_iterator_next (rh->ns_it); - return; - } - attrs[0] = (char*)label; - attrs[1] = 0; - key = GNUNET_CRYPTO_cpabe_create_key (rh->abe_key, - attrs); - attr_len = GNUNET_CRYPTO_cpabe_decrypt (rd->data, - rd->data_size, - key, - (void**)&attr_ser); - GNUNET_CRYPTO_cpabe_delete_key (key); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Attribute to reencrypt: %s\n", label); - le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry); - le->attribute = attribute_deserialize (attr_ser, attr_len); - GNUNET_free (attr_ser); - GNUNET_CONTAINER_DLL_insert_tail (rh->attrs->list_head, - rh->attrs->list_tail, - le); - GNUNET_NAMESTORE_zone_iterator_next (rh->ns_it); -} - -/** - * Start attribute collection for revocation - */ -static void -collect_after_abe_bootstrap (void *cls, - struct GNUNET_CRYPTO_AbeMasterKey *abe_key) -{ - struct TicketRevocationHandle *rh = cls; - - rh->abe_key = abe_key; - GNUNET_assert (NULL != abe_key); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Revocation Phase I: Collecting attributes\n"); - /* Reencrypt all attributes with new key */ - rh->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, - &rh->identity, - &revoke_collect_iter_error, - rh, - &revoke_collect_iter_cb, - rh, - &revoke_collect_iter_finished, - rh); } @@ -1490,7 +1445,6 @@ check_revoke_ticket_message(void *cls, return GNUNET_OK; } - /** * * Handler for ticket revocation message @@ -1513,7 +1467,7 @@ handle_revoke_ticket_message (void *cls, ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket*)&rm[1]; if (0 < attrs_len) rh->rvk_attrs = attribute_list_deserialize ((char*)&ticket[1], attrs_len); - rh->attrs = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList); + rh->rvk_attrs = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList); rh->ticket = *ticket; rh->r_id = ntohl (rm->id); rh->client = idp; @@ -1523,7 +1477,11 @@ handle_revoke_ticket_message (void *cls, GNUNET_CONTAINER_DLL_insert (idp->revocation_list_head, idp->revocation_list_tail, rh); - bootstrap_abe (&rh->identity, &collect_after_abe_bootstrap, rh, GNUNET_NO); + TKT_database->get_ticket_attributes (TKT_database->cls, + &rh->ticket, + &process_attributes_to_update, + rh); + //bootstrap_abe (&rh->identity, &collect_after_abe_bootstrap, rh, GNUNET_NO); GNUNET_SERVICE_client_continue (idp->client); } @@ -1586,13 +1544,14 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count, GNUNET_break(0);//TODO if (rd->record_type == GNUNET_GNSRECORD_TYPE_ID_ATTR) { - attr_len = GNUNET_CRYPTO_cpabe_decrypt (rd->data, - rd->data_size, + attr_len = GNUNET_CRYPTO_cpabe_decrypt (rd->data + sizeof (uint32_t), + rd->data_size - sizeof (uint32_t), handle->key, (void**)&data); attr_le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry); attr_le->attribute = attribute_deserialize (data, attr_len); + attr_le->attribute->attribute_version = ntohl(*(uint32_t*)rd->data); GNUNET_CONTAINER_DLL_insert (handle->attrs->list_head, handle->attrs->list_tail, attr_le); @@ -1829,7 +1788,12 @@ attr_store_task (void *cls) struct AttributeStoreHandle *as_handle = cls; struct GNUNET_GNSRECORD_Data rd[1]; char* buf; + char* policy; + char* enc_buf; + char* rd_buf; + size_t enc_size; size_t buf_size; + uint32_t attr_ver; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Storing attribute\n"); @@ -1839,15 +1803,30 @@ attr_store_task (void *cls) attribute_serialize (as_handle->attribute, buf); + GNUNET_asprintf (&policy, + "%s:%lu", + as_handle->attribute->name, + as_handle->attribute->attribute_version); /** * Encrypt the attribute value and store in namestore */ - rd[0].data_size = GNUNET_CRYPTO_cpabe_encrypt (buf, - buf_size, - as_handle->attribute->name, //Policy - as_handle->abe_key, - (void**)&rd[0].data); + enc_size = GNUNET_CRYPTO_cpabe_encrypt (buf, + buf_size, + policy, //Policy + as_handle->abe_key, + (void**)&enc_buf); GNUNET_free (buf); + GNUNET_free (policy); + rd[0].data_size = enc_size + sizeof (uint32_t); + rd_buf = GNUNET_malloc (rd[0].data_size); + attr_ver = htonl (as_handle->attribute->attribute_version); + GNUNET_memcpy (rd_buf, + &attr_ver, + sizeof (uint32_t)); + GNUNET_memcpy (rd_buf+sizeof (uint32_t), + enc_buf, + enc_size); + rd[0].data = rd_buf; rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR; rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane? @@ -1858,8 +1837,8 @@ attr_store_task (void *cls) rd, &attr_store_cont, as_handle); - GNUNET_free ((void*)rd[0].data); - + GNUNET_free (enc_buf); + GNUNET_free (rd_buf); } @@ -1982,6 +1961,7 @@ attr_iter_cb (void *cls, char* attr_ser; char* attrs[2]; char* data_tmp; + char* policy; if (rd_count != 1) { @@ -1993,15 +1973,18 @@ attr_iter_cb (void *cls, GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it); return; } - attrs[0] = (char*)label; + GNUNET_asprintf (&policy, "%s:%lu", + label, *(uint32_t*)rd->data); + attrs[0] = policy; attrs[1] = 0; key = GNUNET_CRYPTO_cpabe_create_key (ai->abe_key, attrs); - msg_extra_len = GNUNET_CRYPTO_cpabe_decrypt (rd->data, - rd->data_size, + msg_extra_len = GNUNET_CRYPTO_cpabe_decrypt (rd->data+sizeof (uint32_t), + rd->data_size-sizeof (uint32_t), key, (void**)&attr_ser); GNUNET_CRYPTO_cpabe_delete_key (key); + GNUNET_free (policy); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found attribute: %s\n", label); env = GNUNET_MQ_msg_extra (arm, diff --git a/src/identity-provider/identity_attribute.c b/src/identity-provider/identity_attribute.c index b90a08e3e..a8d2b27e6 100644 --- a/src/identity-provider/identity_attribute.c +++ b/src/identity-provider/identity_attribute.c @@ -125,6 +125,31 @@ attribute_list_deserialize (const char* data, return attrs; } +struct GNUNET_IDENTITY_PROVIDER_AttributeList* +attribute_list_dup (const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs) +{ + struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; + struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *result_le; + struct GNUNET_IDENTITY_PROVIDER_AttributeList *result; + size_t len; + + result = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList); + for (le = attrs->list_head; NULL != le; le = le->next) + { + result_le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry); + len = sizeof (struct GNUNET_IDENTITY_PROVIDER_Attribute) + le->attribute->data_size; + result_le->attribute = GNUNET_malloc (len); + GNUNET_memcpy (result_le->attribute, + le->attribute, + len); + GNUNET_CONTAINER_DLL_insert (result->list_head, + result->list_tail, + result_le); + } + return result; +} + + void attribute_list_destroy (struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs) { diff --git a/src/identity-provider/identity_attribute.h b/src/identity-provider/identity_attribute.h index d44f4c17f..8a8da12f1 100644 --- a/src/identity-provider/identity_attribute.h +++ b/src/identity-provider/identity_attribute.h @@ -138,5 +138,7 @@ attribute_new (const char* attr_name, const void* data, size_t data_size); +struct GNUNET_IDENTITY_PROVIDER_AttributeList* +attribute_list_dup (const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs); #endif diff --git a/src/identity-provider/plugin_identity_provider_sqlite.c b/src/identity-provider/plugin_identity_provider_sqlite.c index c55366214..c87f30e1c 100644 --- a/src/identity-provider/plugin_identity_provider_sqlite.c +++ b/src/identity-provider/plugin_identity_provider_sqlite.c @@ -87,6 +87,11 @@ struct Plugin */ sqlite3_stmt *iterate_tickets; + /** + * Precompiled SQL to get ticket attributes. + */ + sqlite3_stmt *get_ticket_attrs; + /** * Precompiled SQL to iterate tickets by audience. */ @@ -276,6 +281,11 @@ database_setup (struct Plugin *plugin) sq_prepare (plugin->dbh, "DELETE FROM identity001tickets WHERE identity=? AND rnd=?", &plugin->delete_ticket)) || + (SQLITE_OK != + sq_prepare (plugin->dbh, + "SELECT identity,audience,rnd,attributes" + " FROM identity001tickets WHERE identity=? AND rnd=?", + &plugin->get_ticket_attrs)) || (SQLITE_OK != sq_prepare (plugin->dbh, "SELECT identity,audience,rnd,attributes" @@ -317,6 +327,8 @@ database_shutdown (struct Plugin *plugin) sqlite3_finalize (plugin->iterate_tickets); if (NULL != plugin->iterate_tickets_by_audience) sqlite3_finalize (plugin->iterate_tickets_by_audience); + if (NULL != plugin->get_ticket_attrs) + sqlite3_finalize (plugin->get_ticket_attrs); result = sqlite3_close (plugin->dbh); if (result == SQLITE_BUSY) { @@ -564,6 +576,47 @@ get_ticket_and_call_iterator (struct Plugin *plugin, return ret; } + +/** + * Lookup tickets in the datastore. + * + * @param cls closure (internal context for the plugin) + * @param zone private key of the zone + * @param label name of the record in the zone + * @param iter function to call with the result + * @param iter_cls closure for @a iter + * @return #GNUNET_OK on success, else #GNUNET_SYSERR + */ +static int +identity_provider_sqlite_ticket_get_attrs (void *cls, + const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, + GNUNET_IDENTITY_PROVIDER_TicketIterator iter, + void *iter_cls) +{ + struct Plugin *plugin = cls; + struct GNUNET_SQ_QueryParam params[] = { + GNUNET_SQ_query_param_auto_from_type (&ticket->identity), + GNUNET_SQ_query_param_uint64 (&ticket->rnd), + GNUNET_SQ_query_param_end + }; + + if (GNUNET_OK != + GNUNET_SQ_bind (plugin->get_ticket_attrs, + params)) + { + LOG_SQLITE (plugin, GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK, + "sqlite3_bind_XXXX"); + GNUNET_SQ_reset (plugin->dbh, + plugin->get_ticket_attrs); + return GNUNET_SYSERR; + } + return get_ticket_and_call_iterator (plugin, + plugin->get_ticket_attrs, + iter, + iter_cls); +} + + /** * Iterate over the results for a particular key and zone in the * datastore. Will return at most one result to the iterator. @@ -653,6 +706,7 @@ libgnunet_plugin_identity_provider_sqlite_init (void *cls) api->store_ticket = &identity_provider_sqlite_store_ticket; api->delete_ticket = &identity_provider_sqlite_delete_ticket; api->iterate_tickets = &identity_provider_sqlite_iterate_tickets; + api->get_ticket_attributes = &identity_provider_sqlite_ticket_get_attrs; LOG (GNUNET_ERROR_TYPE_INFO, _("Sqlite database running\n")); return api; diff --git a/src/identity-provider/test_idp_attribute.sh b/src/identity-provider/test_idp_attribute.sh index 0b0436ede..7e86ae532 100755 --- a/src/identity-provider/test_idp_attribute.sh +++ b/src/identity-provider/test_idp_attribute.sh @@ -24,11 +24,12 @@ which timeout &> /dev/null && DO_TIMEOUT="timeout 30" TEST_ATTR="test" gnunet-arm -s -c test_idp.conf -gnunet-arm -i rest -c test_idp.conf +#gnunet-arm -i rest -c test_idp.conf gnunet-identity -C testego -c test_idp.conf gnunet-identity -C rpego -c test_idp.conf TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}') gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf gnunet-idp -e testego -a name -V John -c test_idp.conf -curl localhost:7776/idp/attributes/testego +gnunet-idp -e testego -D -c test_idp.conf +#curl localhost:7776/idp/attributes/testego gnunet-arm -e -c test_idp.conf diff --git a/src/identity-provider/test_idp_issue.sh b/src/identity-provider/test_idp_issue.sh index bf5783c9d..26c490c76 100755 --- a/src/identity-provider/test_idp_issue.sh +++ b/src/identity-provider/test_idp_issue.sh @@ -24,7 +24,7 @@ which timeout &> /dev/null && DO_TIMEOUT="timeout 30" TEST_ATTR="test" gnunet-arm -s -c test_idp.conf -#gnunet-arm -i rest -c test_idp.conf +gnunet-arm -i rest -c test_idp.conf gnunet-identity -C testego -c test_idp.conf gnunet-identity -C rpego -c test_idp.conf SUBJECT_KEY=$(gnunet-identity -d -c test_idp.conf | grep rpego | awk '{print $3}') @@ -35,4 +35,4 @@ gnunet-idp -e testego -a name -V John -c test_idp.conf > /dev/null 2>&1 TICKET=$(gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf | awk '{print $1}') #curl http://localhost:7776/idp/attributes/testego echo "Ticket: $TICKET" -gnunet-arm -e -c test_idp.conf +#gnunet-arm -e -c test_idp.conf diff --git a/src/include/gnunet_identity_provider_plugin.h b/src/include/gnunet_identity_provider_plugin.h index e34ed3f1a..c0a258ab6 100644 --- a/src/include/gnunet_identity_provider_plugin.h +++ b/src/include/gnunet_identity_provider_plugin.h @@ -105,7 +105,10 @@ struct GNUNET_IDENTITY_PROVIDER_PluginFunctions uint64_t offset, GNUNET_IDENTITY_PROVIDER_TicketIterator iter, void *iter_cls); - + int (*get_ticket_attributes) (void* cls, + const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, + GNUNET_IDENTITY_PROVIDER_TicketIterator iter, + void *iter_cls); }; diff --git a/src/include/gnunet_identity_provider_service.h b/src/include/gnunet_identity_provider_service.h index fa4d4536c..d17a1cc9c 100644 --- a/src/include/gnunet_identity_provider_service.h +++ b/src/include/gnunet_identity_provider_service.h @@ -113,6 +113,11 @@ struct GNUNET_IDENTITY_PROVIDER_Attribute */ uint32_t attribute_type; + /** + * Attribute version + */ + uint32_t attribute_version; + /** * Number of bytes in @e data. */ -- cgit v1.2.3 From df344790f7f2e7c39cfd951ce373c4ec52b6cda7 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 9 Oct 2017 14:52:47 +0200 Subject: -fixes --- .../gnunet-service-identity-provider.c | 28 +++++++++++++++------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 364c097b5..6d99e8467 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -1257,7 +1257,7 @@ ticket_reissue_proc (void *cls, &reissue_ticket_cont, rh); for (; i > 0; i--) - GNUNET_free (attr_arr[i]); + GNUNET_free (attr_arr[i-1]); GNUNET_free (ecdhe_privkey); GNUNET_free (label); GNUNET_free (attr_arr); @@ -1322,7 +1322,9 @@ reenc_next_attribute (struct TicketRevocationHandle *rh) attribute_serialize (rh->attrs->list_head->attribute, buf); rh->attrs->list_head->attribute->attribute_version++; - GNUNET_asprintf (&policy, "%s:%lu", rh->attrs->list_head->attribute->name, rh->attrs->list_head->attribute->attribute_version); + GNUNET_asprintf (&policy, "%s:%lu", + rh->attrs->list_head->attribute->name, + rh->attrs->list_head->attribute->attribute_version); /** * Encrypt the attribute value and store in namestore */ @@ -1423,6 +1425,21 @@ process_attributes_to_update (void *cls, } + +static void +get_ticket_after_abe_bootstrap (void *cls, + struct GNUNET_CRYPTO_AbeMasterKey *abe_key) +{ + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Finished ABE bootstrap\n"); + struct TicketRevocationHandle *rh = cls; + rh->abe_key = abe_key; + TKT_database->get_ticket_attributes (TKT_database->cls, + &rh->ticket, + &process_attributes_to_update, + rh); +} + /** * Checks a ticket revocation message * @@ -1444,7 +1461,6 @@ check_revoke_ticket_message(void *cls, } return GNUNET_OK; } - /** * * Handler for ticket revocation message @@ -1477,11 +1493,7 @@ handle_revoke_ticket_message (void *cls, GNUNET_CONTAINER_DLL_insert (idp->revocation_list_head, idp->revocation_list_tail, rh); - TKT_database->get_ticket_attributes (TKT_database->cls, - &rh->ticket, - &process_attributes_to_update, - rh); - //bootstrap_abe (&rh->identity, &collect_after_abe_bootstrap, rh, GNUNET_NO); + bootstrap_abe (&rh->identity, &get_ticket_after_abe_bootstrap, rh, GNUNET_NO); GNUNET_SERVICE_client_continue (idp->client); } -- cgit v1.2.3 From 1cfa320f0cb213aed0a3a04577d065a65f847d49 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Tue, 10 Oct 2017 16:01:14 +0200 Subject: -bugfixes, fix memleaks --- src/identity-provider/gnunet-idp.c | 29 ++-- .../gnunet-service-identity-provider.c | 183 +++++++++++++-------- src/identity-provider/identity_attribute.c | 3 + src/identity-provider/identity_attribute.h | 5 + src/identity-provider/identity_provider_api.c | 15 +- src/identity-provider/test_idp.conf | 2 +- src/identity-provider/test_idp_consume.sh | 6 +- src/identity-provider/test_idp_revoke.sh | 41 ++++- src/include/gnunet_crypto_lib.h | 3 +- src/util/crypto_abe.c | 23 ++- 10 files changed, 211 insertions(+), 99 deletions(-) diff --git a/src/identity-provider/gnunet-idp.c b/src/identity-provider/gnunet-idp.c index 6940220d7..0efe6eaa9 100644 --- a/src/identity-provider/gnunet-idp.c +++ b/src/identity-provider/gnunet-idp.c @@ -31,6 +31,11 @@ #include "gnunet_identity_service.h" #include "gnunet_signatures.h" +/** + * return value + */ +static int ret; + /** * List attribute flag */ @@ -154,10 +159,6 @@ store_attr_cont (void *cls, if (GNUNET_SYSERR == success) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", emsg); - } else { - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - "Successfully added identity attribute %s=%s\n", - attr_name, attr_value); } GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); } @@ -172,6 +173,11 @@ process_attrs (void *cls, GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); return; } + if (NULL == attr) + { + ret = 1; + return; + } GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, "%s: %s\n", attr->name, (char*)attr->data); } @@ -190,11 +196,11 @@ static void process_rvk (void *cls, int success, const char* msg) { if (GNUNET_OK != success) + { GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, "Revocation failed.\n"); - else - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - "Revocation successful.\n"); + ret = 1; + } GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); } @@ -335,7 +341,7 @@ run (void *cls, const char *cfgfile, const struct GNUNET_CONFIGURATION_Handle *c) { - + ret = 0; if (NULL == ego_name) { GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, @@ -400,7 +406,8 @@ main(int argc, char *const argv[]) &revoke_ticket), GNUNET_GETOPT_OPTION_END }; - return GNUNET_PROGRAM_run (argc, argv, "ct", - "ct", options, - &run, NULL); + GNUNET_PROGRAM_run (argc, argv, "ct", + "ct", options, + &run, NULL); + return ret; } diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 6d99e8467..85291d69a 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -903,6 +903,7 @@ serialize_abe_keyinfo2 (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, GNUNET_memcpy (write_ptr, serialized_key, size); + GNUNET_free (serialized_key); // ECDH keypair E = eG *ecdh_privkey = GNUNET_CRYPTO_ecdhe_key_create(); GNUNET_CRYPTO_ecdhe_key_get_public (*ecdh_privkey, @@ -944,6 +945,7 @@ issue_ticket_after_abe_bootstrap (void *cls, char *code_record_data; char **attrs; char *label; + char *policy; int attrs_len; int i; size_t code_record_len; @@ -955,7 +957,13 @@ issue_ticket_after_abe_bootstrap (void *cls, attrs = GNUNET_malloc ((attrs_len + 1)*sizeof (char*)); i = 0; for (le = ih->attrs->list_head; NULL != le; le = le->next) { - attrs[i] = (char*) le->attribute->name; + GNUNET_asprintf (&policy, "%s_%lu", + le->attribute->name, + le->attribute->attribute_version); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Adding attribute to key: %s\n", + policy); + attrs[i] = policy; i++; } attrs[i] = NULL; @@ -984,12 +992,15 @@ issue_ticket_after_abe_bootstrap (void *cls, code_record, &store_ticket_issue_cont, ih); + //for (; i > 0; i--) + // GNUNET_free (attrs[i-1]); GNUNET_free (ecdhe_privkey); GNUNET_free (label); GNUNET_free (attrs); GNUNET_free (code_record_data); + GNUNET_CRYPTO_cpabe_delete_key (rp_key, + GNUNET_YES); GNUNET_CRYPTO_cpabe_delete_master_key (abe_key); - GNUNET_CRYPTO_cpabe_delete_key (rp_key); } @@ -1107,6 +1118,16 @@ ticket_reissue_proc (void *cls, const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs); +static void +revocation_reissue_tickets (struct TicketRevocationHandle *rh); + + +static void reissue_next (void *cls) +{ + struct TicketRevocationHandle *rh = cls; + revocation_reissue_tickets (rh); +} + static void reissue_ticket_cont (void *cls, @@ -1114,7 +1135,6 @@ reissue_ticket_cont (void *cls, const char *emsg) { struct TicketRevocationHandle *rh = cls; - int ret; rh->ns_qe = NULL; if (GNUNET_SYSERR == success) @@ -1125,25 +1145,10 @@ reissue_ticket_cont (void *cls, cleanup_revoke_ticket_handle (rh); return; } - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Continue DB iteration\n"); rh->offset++; - GNUNET_assert (GNUNET_SYSERR != (ret = - TKT_database->iterate_tickets (TKT_database->cls, - &rh->ticket.identity, - GNUNET_NO, - rh->offset, - &ticket_reissue_proc, - rh))); - if (GNUNET_NO == ret) - { - send_revocation_finished (rh, GNUNET_OK); - cleanup_revoke_ticket_handle (rh); - } + GNUNET_SCHEDULER_add_now (&reissue_next, rh); } -static void -revocation_reissue_tickets (struct TicketRevocationHandle *rh); - /** * Process ticket from database @@ -1177,8 +1182,18 @@ ticket_reissue_proc (void *cls, { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Iteration done\n"); - send_revocation_finished (rh, GNUNET_OK); - cleanup_revoke_ticket_handle (rh); + return; + } + + if (0 == memcmp (&ticket->audience, + &rh->ticket.audience, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) + { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Do not reissue for this identity.!\n"); + + rh->offset++; + GNUNET_SCHEDULER_add_now (&reissue_next, rh); return; } @@ -1196,19 +1211,20 @@ ticket_reissue_proc (void *cls, le->attribute->name)) { reissue_ticket = GNUNET_YES; - break; + le->attribute->attribute_version = le_rollover->attribute->attribute_version; } } - if (GNUNET_YES == reissue_ticket) - break; } if (GNUNET_NO == reissue_ticket) { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Skipping ticket.\n"); + rh->offset++; - revocation_reissue_tickets (rh); + GNUNET_SCHEDULER_add_now (&reissue_next, rh); + + return; } @@ -1222,7 +1238,7 @@ ticket_reissue_proc (void *cls, attr_arr = GNUNET_malloc ((attrs_len + 1)*sizeof (char*)); i = 0; for (le = attrs->list_head; NULL != le; le = le->next) { - GNUNET_asprintf (&policy, "%s:%lu", + GNUNET_asprintf (&policy, "%s_%lu", le->attribute->name, le->attribute->attribute_version); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, @@ -1235,7 +1251,7 @@ ticket_reissue_proc (void *cls, attr_arr); //TODO review this wireformat - code_record_len = serialize_abe_keyinfo2 (&rh->ticket, + code_record_len = serialize_abe_keyinfo2 (ticket, attrs, rp_key, &ecdhe_privkey, @@ -1256,13 +1272,13 @@ ticket_reissue_proc (void *cls, code_record, &reissue_ticket_cont, rh); - for (; i > 0; i--) - GNUNET_free (attr_arr[i-1]); + //for (; i > 0; i--) + // GNUNET_free (attr_arr[i-1]); GNUNET_free (ecdhe_privkey); GNUNET_free (label); GNUNET_free (attr_arr); GNUNET_free (code_record_data); - GNUNET_CRYPTO_cpabe_delete_key (rp_key); + GNUNET_CRYPTO_cpabe_delete_key (rp_key, GNUNET_YES); } @@ -1278,7 +1294,7 @@ revocation_reissue_tickets (struct TicketRevocationHandle *rh) int ret; /* Done, issue new keys */ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Revocation Phase IV: Reissuing Tickets\n"); + "Revocation Phase III: Reissuing Tickets\n"); if (GNUNET_SYSERR == (ret = TKT_database->iterate_tickets (TKT_database->cls, &rh->ticket.identity, GNUNET_NO, @@ -1292,8 +1308,8 @@ revocation_reissue_tickets (struct TicketRevocationHandle *rh) { send_revocation_finished (rh, GNUNET_OK); cleanup_revoke_ticket_handle (rh); + return; } - } /** @@ -1322,9 +1338,11 @@ reenc_next_attribute (struct TicketRevocationHandle *rh) attribute_serialize (rh->attrs->list_head->attribute, buf); rh->attrs->list_head->attribute->attribute_version++; - GNUNET_asprintf (&policy, "%s:%lu", + GNUNET_asprintf (&policy, "%s_%lu", rh->attrs->list_head->attribute->name, rh->attrs->list_head->attribute->attribute_version); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Encrypting with policy %s\n", policy); /** * Encrypt the attribute value and store in namestore */ @@ -1388,6 +1406,7 @@ attr_reenc_cont (void *cls, GNUNET_CONTAINER_DLL_remove (rh->attrs->list_head, rh->attrs->list_tail, le); + GNUNET_assert (NULL != rh->rvk_attrs); GNUNET_CONTAINER_DLL_insert (rh->rvk_attrs->list_head, rh->rvk_attrs->list_tail, le); @@ -1476,13 +1495,9 @@ handle_revoke_ticket_message (void *cls, struct TicketRevocationHandle *rh; struct IdpClient *idp = cls; struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket; - size_t attrs_len; rh = GNUNET_new (struct TicketRevocationHandle); - attrs_len = ntohs (rm->attrs_len); ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket*)&rm[1]; - if (0 < attrs_len) - rh->rvk_attrs = attribute_list_deserialize ((char*)&ticket[1], attrs_len); rh->rvk_attrs = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList); rh->ticket = *ticket; rh->r_id = ntohl (rm->id); @@ -1500,15 +1515,18 @@ handle_revoke_ticket_message (void *cls, static void -cleanup_as_handle (struct AttributeStoreHandle *handle) +cleanup_consume_ticket_handle (struct ConsumeTicketHandle *handle) { - if (NULL != handle->attribute) - GNUNET_free (handle->attribute); - if (NULL != handle->abe_key) - GNUNET_CRYPTO_cpabe_delete_master_key (handle->abe_key); + if (NULL != handle->key) + GNUNET_CRYPTO_cpabe_delete_key (handle->key, + GNUNET_YES); + if (NULL != handle->attrs) + attribute_list_destroy (handle->attrs); GNUNET_free (handle); } + + /** * Checks a ticket consume message * @@ -1544,7 +1562,7 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count, struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *attr_le; char *data; char *data_tmp; - size_t attr_len; + ssize_t attr_len; size_t attrs_len; GNUNET_CONTAINER_DLL_remove (handle->parallel_lookups_head, @@ -1560,14 +1578,17 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count, rd->data_size - sizeof (uint32_t), handle->key, (void**)&data); - attr_le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry); - attr_le->attribute = attribute_deserialize (data, - attr_len); - attr_le->attribute->attribute_version = ntohl(*(uint32_t*)rd->data); - GNUNET_CONTAINER_DLL_insert (handle->attrs->list_head, - handle->attrs->list_tail, - attr_le); - GNUNET_free (data); + if (GNUNET_SYSERR != attr_len) + { + attr_le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry); + attr_le->attribute = attribute_deserialize (data, + attr_len); + attr_le->attribute->attribute_version = ntohl(*(uint32_t*)rd->data); + GNUNET_CONTAINER_DLL_insert (handle->attrs->list_head, + handle->attrs->list_tail, + attr_le); + GNUNET_free (data); + } } if (NULL != handle->parallel_lookups_head) return; //Wait for more @@ -1595,6 +1616,7 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count, attribute_list_serialize (handle->attrs, data_tmp); GNUNET_MQ_send (handle->client->mq, env); + cleanup_consume_ticket_handle (handle); } void @@ -1625,14 +1647,6 @@ abort_parallel_lookups2 (void *cls) } -static void -cleanup_consume_ticket_handle (struct ConsumeTicketHandle *handle) -{ - if (NULL != handle->key) - GNUNET_CRYPTO_cpabe_delete_key (handle->key); - GNUNET_free (handle); -} - static void process_consume_abe_key (void *cls, uint32_t rd_count, @@ -1713,6 +1727,8 @@ process_consume_abe_key (void *cls, uint32_t rd_count, parallel_lookup); GNUNET_free (lookup_query); } + GNUNET_free (scopes); + GNUNET_free (buf); handle->kill_task = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_MINUTES,3), &abort_parallel_lookups2, handle); @@ -1765,6 +1781,16 @@ handle_consume_ticket_message (void *cls, GNUNET_SERVICE_client_continue (idp->client); } +static void +cleanup_as_handle (struct AttributeStoreHandle *handle) +{ + if (NULL != handle->attribute) + GNUNET_free (handle->attribute); + if (NULL != handle->abe_key) + GNUNET_CRYPTO_cpabe_delete_master_key (handle->abe_key); + GNUNET_free (handle); +} + static void attr_store_cont (void *cls, int32_t success, @@ -1779,6 +1805,7 @@ attr_store_cont (void *cls, GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to store attribute %s\n", emsg); + cleanup_as_handle (as_handle); GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); return; } @@ -1816,9 +1843,11 @@ attr_store_task (void *cls) buf); GNUNET_asprintf (&policy, - "%s:%lu", + "%s_%lu", as_handle->attribute->name, as_handle->attribute->attribute_version); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Encrypting with policy %s\n", policy); /** * Encrypt the attribute value and store in namestore */ @@ -1926,7 +1955,7 @@ static void cleanup_iter_handle (struct AttributeIterator *ai) { if (NULL != ai->abe_key) - GNUNET_free (ai->abe_key); + GNUNET_CRYPTO_cpabe_delete_master_key (ai->abe_key); GNUNET_CONTAINER_DLL_remove (ai->client->op_head, ai->client->op_tail, ai); @@ -1936,10 +1965,11 @@ cleanup_iter_handle (struct AttributeIterator *ai) static void attr_iter_error (void *cls) { - //struct AttributeIterator *ai = cls; + struct AttributeIterator *ai = cls; //TODO GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to iterate over attributes\n"); + cleanup_iter_handle (ai); GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); } @@ -1974,6 +2004,7 @@ attr_iter_cb (void *cls, char* attrs[2]; char* data_tmp; char* policy; + uint32_t attr_ver; if (rd_count != 1) { @@ -1985,8 +2016,9 @@ attr_iter_cb (void *cls, GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it); return; } - GNUNET_asprintf (&policy, "%s:%lu", - label, *(uint32_t*)rd->data); + attr_ver = ntohl(*((uint32_t*)rd->data)); + GNUNET_asprintf (&policy, "%s_%lu", + label, attr_ver); attrs[0] = policy; attrs[1] = 0; key = GNUNET_CRYPTO_cpabe_create_key (ai->abe_key, @@ -1995,8 +2027,10 @@ attr_iter_cb (void *cls, rd->data_size-sizeof (uint32_t), key, (void**)&attr_ser); - GNUNET_CRYPTO_cpabe_delete_key (key); - GNUNET_free (policy); + + GNUNET_CRYPTO_cpabe_delete_key (key, + GNUNET_YES); + //GNUNET_free (policy); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found attribute: %s\n", label); env = GNUNET_MQ_msg_extra (arm, @@ -2012,6 +2046,8 @@ attr_iter_cb (void *cls, msg_extra_len); GNUNET_MQ_send (ai->client->mq, env); GNUNET_free (attr_ser); + GNUNET_CRYPTO_cpabe_delete_master_key (ai->abe_key); + ai->abe_key = NULL; } @@ -2031,6 +2067,16 @@ iterate_after_abe_bootstrap (void *cls, ai); } +void +iterate_next_after_abe_bootstrap (void *cls, + struct GNUNET_CRYPTO_AbeMasterKey *abe_key) +{ + struct AttributeIterator *ai = cls; + ai->abe_key = abe_key; + GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it); +} + + /** * Handles a #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ITERATION_START message @@ -2121,7 +2167,10 @@ handle_iteration_next (void *cls, GNUNET_SERVICE_client_drop (idp->client); return; } - GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it); + bootstrap_abe (&ai->identity, + &iterate_next_after_abe_bootstrap, + ai, + GNUNET_NO); GNUNET_SERVICE_client_continue (idp->client); } diff --git a/src/identity-provider/identity_attribute.c b/src/identity-provider/identity_attribute.c index a8d2b27e6..c7e833326 100644 --- a/src/identity-provider/identity_attribute.c +++ b/src/identity-provider/identity_attribute.c @@ -142,6 +142,7 @@ attribute_list_dup (const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs) GNUNET_memcpy (result_le->attribute, le->attribute, len); + result_le->attribute->name = (const char*)&result_le->attribute[1]; GNUNET_CONTAINER_DLL_insert (result->list_head, result->list_tail, result_le); @@ -186,6 +187,7 @@ attribute_serialize (const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr, attr_ser = (struct Attribute*)result; attr_ser->attribute_type = htons (attr->attribute_type); + attr_ser->attribute_version = htonl (attr->attribute_version); name_len = strlen (attr->name); attr_ser->name_len = htons (name_len); write_ptr = (char*)&attr_ser[1]; @@ -221,6 +223,7 @@ attribute_deserialize (const char* data, attr = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_Attribute) + data_len + name_len + 1); attr->attribute_type = ntohs (attr_ser->attribute_type); + attr->attribute_version = ntohl (attr_ser->attribute_version); attr->data_size = ntohs (attr_ser->data_size); write_ptr = (char*)&attr[1]; diff --git a/src/identity-provider/identity_attribute.h b/src/identity-provider/identity_attribute.h index 8a8da12f1..3e8fadccf 100644 --- a/src/identity-provider/identity_attribute.h +++ b/src/identity-provider/identity_attribute.h @@ -35,6 +35,11 @@ struct Attribute */ uint32_t attribute_type; + /** + * Attribute version + */ + uint32_t attribute_version; + /** * Name length */ diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c index 99faf0ecd..6d28709df 100644 --- a/src/identity-provider/identity_provider_api.c +++ b/src/identity-provider/identity_provider_api.c @@ -501,12 +501,21 @@ handle_consume_ticket_result (void *cls, attrs_len); if (NULL != op->ar_cb) { - for (le = attrs->list_head; NULL != le; le = le->next) + if (NULL == attrs) + { op->ar_cb (op->cls, &msg->identity, - le->attribute); + NULL); + } + else + { + for (le = attrs->list_head; NULL != le; le = le->next) + op->ar_cb (op->cls, + &msg->identity, + le->attribute); + attribute_list_destroy (attrs); + } } - attribute_list_destroy (attrs); op->ar_cb (op->cls, NULL, NULL); diff --git a/src/identity-provider/test_idp.conf b/src/identity-provider/test_idp.conf index 9669bef7e..e5d1c7186 100644 --- a/src/identity-provider/test_idp.conf +++ b/src/identity-provider/test_idp.conf @@ -15,7 +15,7 @@ PLUGINS = [identity-provider] AUTOSTART = YES -PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/idplog +PREFIX = valgrind --leak-check=full --show-leak-kinds=all --track-origins=yes --log-file=/tmp/idplog [gns] #PREFIX = valgrind --leak-check=full --track-origins=yes diff --git a/src/identity-provider/test_idp_consume.sh b/src/identity-provider/test_idp_consume.sh index ab437c0e8..e47c13da6 100755 --- a/src/identity-provider/test_idp_consume.sh +++ b/src/identity-provider/test_idp_consume.sh @@ -29,10 +29,10 @@ gnunet-identity -C testego -c test_idp.conf gnunet-identity -C rpego -c test_idp.conf SUBJECT_KEY=$(gnunet-identity -d -c test_idp.conf | grep rpego | awk '{print $3}') TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}') -gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf > /dev/null 2>&1 -gnunet-idp -e testego -a name -V John -c test_idp.conf > /dev/null 2>&1 +gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf +gnunet-idp -e testego -a name -V John -c test_idp.conf TICKET=$(gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf | awk '{print $1}') echo "Consuming ticket $TICKET" gnunet-idp -e rpego -C $TICKET -c test_idp.conf curl http://localhost:7776/idp/tickets/testego -#gnunet-arm -e -c test_idp.conf +gnunet-arm -e -c test_idp.conf diff --git a/src/identity-provider/test_idp_revoke.sh b/src/identity-provider/test_idp_revoke.sh index 57872c5b9..d5c2c3f77 100755 --- a/src/identity-provider/test_idp_revoke.sh +++ b/src/identity-provider/test_idp_revoke.sh @@ -24,14 +24,37 @@ which timeout &> /dev/null && DO_TIMEOUT="timeout 30" TEST_ATTR="test" gnunet-arm -s -c test_idp.conf -gnunet-identity -C testego -c test_idp.conf -gnunet-identity -C rpego -c test_idp.conf -SUBJECT_KEY=$(gnunet-identity -d -c test_idp.conf | grep rpego | awk '{print $3}') -TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}') -gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf -gnunet-idp -e testego -a name -V John -c test_idp.conf -#gnunet-idp -e testego -D -c test_idp.conf -TICKET=$(gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf | awk '{print $1}') +gnunet-identity -C alice -c test_idp.conf +gnunet-identity -C bob -c test_idp.conf +gnunet-identity -C eve -c test_idp.conf +ALICE_KEY=$(gnunet-identity -d -c test_idp.conf | grep alice | awk '{print $3}') +BOB_KEY=$(gnunet-identity -d -c test_idp.conf | grep bob | awk '{print $3}') +EVE_KEY=$(gnunet-identity -d -c test_idp.conf | grep eve | awk '{print $3}') + +gnunet-idp -e alice -a email -V john@doe.gnu -c test_idp.conf +gnunet-idp -e alice -a name -V John -c test_idp.conf +TICKET_BOB=$(gnunet-idp -e alice -i "email,name" -r $BOB_KEY -c test_idp.conf | awk '{print $1}') +#gnunet-idp -e bob -C $TICKET_BOB -c test_idp.conf +TICKET_EVE=$(gnunet-idp -e alice -i "email" -r $EVE_KEY -c test_idp.conf | awk '{print $1}') + + #echo "Consuming $TICKET" -gnunet-idp -e testego -R $TICKET -c test_idp.conf +#gnunet-idp -e eve -C $TICKET_EVE -c test_idp.conf +gnunet-idp -e alice -R $TICKET_EVE -c test_idp.conf + +gnunet-idp -e eve -C $TICKET_EVE -c test_idp.conf > /dev/null 2>&1 +if test $? == 0 +then + echo "Eve can still resolve attributes..." + gnunet-arm -e -c test_idp.conf + exit 1 +fi +gnunet-idp -e bob -C $TICKET_BOB -c test_idp.conf > /dev/null 2>&1 +if test $? != 0 +then + echo "Bob cannot resolve attributes..." + gnunet-arm -e -c test_idp.conf + exit 1 +fi + gnunet-arm -e -c test_idp.conf diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 78d31a9ec..2b6718557 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h @@ -2151,7 +2151,8 @@ struct GNUNET_CRYPTO_AbeKey * GNUNET_CRYPTO_cpabe_create_key (struct GNUNET_CRYPTO_AbeMasterKey *msk, char **attrs); void -GNUNET_CRYPTO_cpabe_delete_key (struct GNUNET_CRYPTO_AbeKey *key); +GNUNET_CRYPTO_cpabe_delete_key (struct GNUNET_CRYPTO_AbeKey *key, + int delete_pub); /** diff --git a/src/util/crypto_abe.c b/src/util/crypto_abe.c index f52cd5213..fcaa826ed 100644 --- a/src/util/crypto_abe.c +++ b/src/util/crypto_abe.c @@ -159,7 +159,10 @@ GNUNET_CRYPTO_cpabe_create_master_key (void) void GNUNET_CRYPTO_cpabe_delete_master_key (struct GNUNET_CRYPTO_AbeMasterKey *key) { - gabe_msk_free (key->msk); //For some reason free of pub implicit? + gabe_msk_free (key->msk); + gabe_pub_free (key->pub); + //GNUNET_free (key->msk); + //gabe_msk_free (key->msk); //For some reason free of pub implicit? GNUNET_free (key); } @@ -175,15 +178,19 @@ GNUNET_CRYPTO_cpabe_create_key (struct GNUNET_CRYPTO_AbeMasterKey *key, prv_key->prv = gabe_keygen(key->pub, key->msk, attrs); size = gabe_pub_serialize(key->pub, &tmp); prv_key->pub = gabe_pub_unserialize(tmp, size); + GNUNET_free (tmp); GNUNET_assert (NULL != prv_key->prv); return prv_key; } void -GNUNET_CRYPTO_cpabe_delete_key (struct GNUNET_CRYPTO_AbeKey *key) +GNUNET_CRYPTO_cpabe_delete_key (struct GNUNET_CRYPTO_AbeKey *key, + int delete_pub) { //Memory management in gabe is buggy - //gabe_prv_free (prv); + gabe_prv_free (key->prv); + if (GNUNET_YES == delete_pub) + gabe_pub_free (key->pub); GNUNET_free (key); } @@ -266,6 +273,7 @@ GNUNET_CRYPTO_cpabe_encrypt (const void *block, cph_buf_len = gabe_cph_serialize(cph, &cph_buf); gabe_cph_free(cph); + GNUNET_free (cph); plt = GNUNET_memdup (block, size); aes_buf_len = aes_128_cbc_encrypt(plt, size, m, &aes_buf); GNUNET_free (plt); @@ -293,14 +301,21 @@ GNUNET_CRYPTO_cpabe_decrypt (const void *block, read_cpabe(block, &cph_buf, &cph_buf_size, &aes_buf, &aes_buf_size); cph = gabe_cph_unserialize(key->pub, cph_buf, cph_buf_size); if( !gabe_dec(key->pub, key->prv, cph, m) ) { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "%s\n", gabe_error()); + GNUNET_free (aes_buf); + GNUNET_free (cph_buf); gabe_cph_free(cph); + GNUNET_free (cph); + element_clear (m); return GNUNET_SYSERR; } gabe_cph_free(cph); + GNUNET_free (cph); plt_len = aes_128_cbc_decrypt(aes_buf, aes_buf_size, m, (char**)result); + GNUNET_free (cph_buf); GNUNET_free (aes_buf); + element_clear (m); //freeing is buggy in gabe //gabe_prv_free (prv); //gabe_pub_free (pub); -- cgit v1.2.3 From 0af3570c12b847c2f38334c1f27ad198011d718b Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Tue, 10 Oct 2017 21:15:56 +0200 Subject: -add tests --- src/identity-provider/Makefile.am | 16 ++++++++++++++++ src/identity-provider/test_idp.conf | 7 ++----- src/identity-provider/test_idp_attribute.sh | 9 +++++++-- src/identity-provider/test_idp_consume.sh | 13 +++++++++---- src/identity-provider/test_idp_issue.sh | 12 ++++++++---- 5 files changed, 42 insertions(+), 15 deletions(-) diff --git a/src/identity-provider/Makefile.am b/src/identity-provider/Makefile.am index 098313f9a..a4b3f565d 100644 --- a/src/identity-provider/Makefile.am +++ b/src/identity-provider/Makefile.am @@ -16,6 +16,11 @@ if HAVE_SQLITE SQLITE_PLUGIN = libgnunet_plugin_identity_provider_sqlite.la endif +EXTRA_DIST = \ + test_idp_defaults.conf \ + test_idp.conf \ + $(check_SCRIPTS) + pkgcfgdir= $(pkgdatadir)/config.d/ libexecdir= $(pkglibdir)/libexec/ @@ -104,3 +109,14 @@ gnunet_idp_LDADD = \ $(top_builddir)/src/identity-provider/libgnunetidentityprovider.la \ $(top_builddir)/src/identity/libgnunetidentity.la \ $(GN_LIBINTL) + +check_SCRIPTS = \ + test_idp_attribute.sh \ + test_idp_issue.sh \ + test_idp_consume.sh \ + test_idp_revoke.sh + +if ENABLE_TEST_RUN + AM_TESTS_ENVIRONMENT=export GNUNET_PREFIX=$${GNUNET_PREFIX:-@libdir@};export PATH=$${GNUNET_PREFIX:-@prefix@}/bin:$$PATH;unset XDG_DATA_HOME;unset XDG_CONFIG_HOME; + TESTS = $(check_SCRIPTS) +endif diff --git a/src/identity-provider/test_idp.conf b/src/identity-provider/test_idp.conf index e5d1c7186..2b76c7bf2 100644 --- a/src/identity-provider/test_idp.conf +++ b/src/identity-provider/test_idp.conf @@ -8,14 +8,14 @@ AUTOSTART = YES [rest] AUTOSTART = YES -PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/restlog +#PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/restlog [transport] PLUGINS = [identity-provider] AUTOSTART = YES -PREFIX = valgrind --leak-check=full --show-leak-kinds=all --track-origins=yes --log-file=/tmp/idplog +#PREFIX = valgrind --leak-check=full --show-leak-kinds=all --track-origins=yes --log-file=/tmp/idplog [gns] #PREFIX = valgrind --leak-check=full --track-origins=yes @@ -26,6 +26,3 @@ DEFAULT_LOOKUP_TIMEOUT = 15 s RECORD_PUT_INTERVAL = 1 h ZONE_PUBLISH_TIME_WINDOW = 1 h DNS_ROOT=PD67SGHF3E0447TU9HADIVU9OM7V4QHTOG0EBU69TFRI2LG63DR0 - -[rest] -PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/rest diff --git a/src/identity-provider/test_idp_attribute.sh b/src/identity-provider/test_idp_attribute.sh index 7e86ae532..7f0f06dac 100755 --- a/src/identity-provider/test_idp_attribute.sh +++ b/src/identity-provider/test_idp_attribute.sh @@ -29,7 +29,12 @@ gnunet-identity -C testego -c test_idp.conf gnunet-identity -C rpego -c test_idp.conf TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}') gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf -gnunet-idp -e testego -a name -V John -c test_idp.conf -gnunet-idp -e testego -D -c test_idp.conf +gnunet-idp -e testego -a name -V John -c test_idp.conf > /dev/null 2>&1 +if test $? != 0 +then + echo "Failed." + exit 1 +fi + #curl localhost:7776/idp/attributes/testego gnunet-arm -e -c test_idp.conf diff --git a/src/identity-provider/test_idp_consume.sh b/src/identity-provider/test_idp_consume.sh index e47c13da6..11f6865a4 100755 --- a/src/identity-provider/test_idp_consume.sh +++ b/src/identity-provider/test_idp_consume.sh @@ -24,7 +24,7 @@ which timeout &> /dev/null && DO_TIMEOUT="timeout 30" TEST_ATTR="test" gnunet-arm -s -c test_idp.conf -gnunet-arm -i rest -c test_idp.conf +#gnunet-arm -i rest -c test_idp.conf gnunet-identity -C testego -c test_idp.conf gnunet-identity -C rpego -c test_idp.conf SUBJECT_KEY=$(gnunet-identity -d -c test_idp.conf | grep rpego | awk '{print $3}') @@ -32,7 +32,12 @@ TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}' gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf gnunet-idp -e testego -a name -V John -c test_idp.conf TICKET=$(gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf | awk '{print $1}') -echo "Consuming ticket $TICKET" -gnunet-idp -e rpego -C $TICKET -c test_idp.conf -curl http://localhost:7776/idp/tickets/testego +gnunet-idp -e rpego -C $TICKET -c test_idp.conf > /dev/null 2>&1 + +if test $? != 0 +then + "Failed." + exit 1 +fi +#curl http://localhost:7776/idp/tickets/testego gnunet-arm -e -c test_idp.conf diff --git a/src/identity-provider/test_idp_issue.sh b/src/identity-provider/test_idp_issue.sh index 26c490c76..90487ee73 100755 --- a/src/identity-provider/test_idp_issue.sh +++ b/src/identity-provider/test_idp_issue.sh @@ -24,7 +24,7 @@ which timeout &> /dev/null && DO_TIMEOUT="timeout 30" TEST_ATTR="test" gnunet-arm -s -c test_idp.conf -gnunet-arm -i rest -c test_idp.conf +#gnunet-arm -i rest -c test_idp.conf gnunet-identity -C testego -c test_idp.conf gnunet-identity -C rpego -c test_idp.conf SUBJECT_KEY=$(gnunet-identity -d -c test_idp.conf | grep rpego | awk '{print $3}') @@ -32,7 +32,11 @@ TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}' gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf > /dev/null 2>&1 gnunet-idp -e testego -a name -V John -c test_idp.conf > /dev/null 2>&1 #gnunet-idp -e testego -D -c test_idp.conf -TICKET=$(gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf | awk '{print $1}') +gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf > /dev/null 2>&1 +if test $? != 0 +then + echo "Failed." + exit 1 +fi #curl http://localhost:7776/idp/attributes/testego -echo "Ticket: $TICKET" -#gnunet-arm -e -c test_idp.conf +gnunet-arm -e -c test_idp.conf -- cgit v1.2.3 From 2d5d51340c15a78b3acb79314781758fdef61ab0 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Thu, 12 Oct 2017 11:25:04 +0200 Subject: -add consume rest api --- .../plugin_rest_identity_provider.c | 161 +++++++++++++++++++++ 1 file changed, 161 insertions(+) diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index f136901a0..b6a8f3d36 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c @@ -59,6 +59,11 @@ */ #define GNUNET_REST_API_NS_IDENTITY_REVOKE "/idp/revoke" +/** + * Revoke namespace + */ +#define GNUNET_REST_API_NS_IDENTITY_CONSUME "/idp/consume" + /** * Attribute key */ @@ -819,6 +824,161 @@ revoke_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle, GNUNET_JSONAPI_document_delete (json_obj); } +static void +consume_cont (void *cls, + const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, + const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr) +{ + struct RequestHandle *handle = cls; + struct GNUNET_JSONAPI_Resource *json_resource; + json_t *value; + + if (NULL == identity) + { + GNUNET_SCHEDULER_add_now (&return_response, handle); + return; + } + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute: %s\n", + attr->name); + json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE, + attr->name); + GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource); + + value = json_string (attr->data); + GNUNET_JSONAPI_resource_add_attr (json_resource, + "value", + value); + json_decref (value); +} + +static void +consume_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle, + const char* url, + void *cls) +{ + const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity_priv; + const char* identity_str; + const char* audience_str; + const char* rnd_str; + + struct RequestHandle *handle = cls; + struct EgoEntry *ego_entry; + struct MHD_Response *resp; + struct GNUNET_IDENTITY_PROVIDER_Ticket ticket; + struct GNUNET_JSONAPI_Document *json_obj; + struct GNUNET_JSONAPI_Resource *json_res; + struct GNUNET_CRYPTO_EcdsaPublicKey tmp_pk; + char term_data[handle->rest_handle->data_size+1]; + json_t *rnd_json; + json_t *identity_json; + json_t *audience_json; + json_t *data_json; + json_error_t err; + struct GNUNET_JSON_Specification docspec[] = { + GNUNET_JSON_spec_jsonapi_document (&json_obj), + GNUNET_JSON_spec_end() + }; + + if (0 >= handle->rest_handle->data_size) + { + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + + term_data[handle->rest_handle->data_size] = '\0'; + GNUNET_memcpy (term_data, + handle->rest_handle->data, + handle->rest_handle->data_size); + data_json = json_loads (term_data, + JSON_DECODE_ANY, + &err); + GNUNET_assert (GNUNET_OK == + GNUNET_JSON_parse (data_json, docspec, + NULL, NULL)); + json_decref (data_json); + if (NULL == json_obj) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unable to parse JSONAPI Object from %s\n", + term_data); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + if (1 != GNUNET_JSONAPI_document_resource_count (json_obj)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Cannot create more than 1 resource! (Got %d)\n", + GNUNET_JSONAPI_document_resource_count (json_obj)); + GNUNET_JSONAPI_document_delete (json_obj); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + json_res = GNUNET_JSONAPI_document_get_resource (json_obj, 0); + if (GNUNET_NO == GNUNET_JSONAPI_resource_check_type (json_res, + GNUNET_REST_JSONAPI_IDENTITY_TICKET)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unsupported JSON data type\n"); + GNUNET_JSONAPI_document_delete (json_obj); + resp = GNUNET_REST_create_response (NULL); + handle->proc (handle->proc_cls, resp, MHD_HTTP_CONFLICT); + cleanup_handle (handle); + return; + } + rnd_json = GNUNET_JSONAPI_resource_read_attr (json_res, + "rnd"); + identity_json = GNUNET_JSONAPI_resource_read_attr (json_res, + "identity"); + audience_json = GNUNET_JSONAPI_resource_read_attr (json_res, + "audience"); + rnd_str = json_string_value (rnd_json); + identity_str = json_string_value (identity_json); + audience_str = json_string_value (audience_json); + + GNUNET_STRINGS_string_to_data (rnd_str, + strlen (rnd_str), + &ticket.rnd, + sizeof (uint64_t)); + GNUNET_STRINGS_string_to_data (identity_str, + strlen (identity_str), + &ticket.identity, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + GNUNET_STRINGS_string_to_data (audience_str, + strlen (audience_str), + &ticket.audience, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + + for (ego_entry = handle->ego_head; + NULL != ego_entry; + ego_entry = ego_entry->next) + { + GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, + &tmp_pk); + if (0 == memcmp (&ticket.audience, + &tmp_pk, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) + break; + } + if (NULL == ego_entry) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Identity unknown (%s)\n", identity_str); + GNUNET_JSONAPI_document_delete (json_obj); + return; + } + identity_priv = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); + handle->resp_object = GNUNET_JSONAPI_document_new (); + handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg); + handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_consume (handle->idp, + identity_priv, + &ticket, + &consume_cont, + handle); + GNUNET_JSONAPI_document_delete (json_obj); +} + + /** * Respond to OPTIONS request @@ -859,6 +1019,7 @@ init_cont (struct RequestHandle *handle) {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES, &add_attribute_cont}, {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TICKETS, &list_tickets_cont}, {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_REVOKE, &revoke_ticket_cont}, + {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_CONSUME, &consume_ticket_cont}, {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_PROVIDER, &options_cont}, GNUNET_REST_HANDLER_END -- cgit v1.2.3 From c3075f1807d794ab1fb8af4779a07f3f528ce84e Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Thu, 12 Oct 2017 15:12:42 +0200 Subject: -fix --- src/identity-provider/gnunet-idp.c | 2 +- src/identity-provider/plugin_rest_identity_provider.c | 8 +++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/identity-provider/gnunet-idp.c b/src/identity-provider/gnunet-idp.c index 0efe6eaa9..88136c124 100644 --- a/src/identity-provider/gnunet-idp.c +++ b/src/identity-provider/gnunet-idp.c @@ -247,7 +247,7 @@ iter_finished (void *cls) attr = GNUNET_IDENTITY_PROVIDER_attribute_new (attr_name, GNUNET_IDENTITY_PROVIDER_AT_STRING, attr_value, - strlen (attr_value)); + strlen (attr_value) + 1); idp_op = GNUNET_IDENTITY_PROVIDER_attribute_store (idp_handle, pkey, attr, diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index b6a8f3d36..f6039722f 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c @@ -599,7 +599,7 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle, attribute = GNUNET_IDENTITY_PROVIDER_attribute_new (name_str, GNUNET_IDENTITY_PROVIDER_AT_STRING, value_str, - strlen (value_str)); + strlen (value_str) + 1); handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg); handle->idp_op = GNUNET_IDENTITY_PROVIDER_attribute_store (handle->idp, identity_priv, @@ -624,6 +624,12 @@ attr_collect (void *cls, struct GNUNET_JSONAPI_Resource *json_resource; struct RequestHandle *handle = cls; json_t *value; + + if ((NULL == attr->name) || (NULL == attr->data)) + { + GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it); + return; + } GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute: %s\n", attr->name); -- cgit v1.2.3 From 6d653d742772ad70b3264a3a1ad373dd1ed1e371 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Fri, 20 Oct 2017 16:30:11 +0200 Subject: -fix make --- src/identity-provider/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/identity-provider/Makefile.am b/src/identity-provider/Makefile.am index a4b3f565d..6a56b2e91 100644 --- a/src/identity-provider/Makefile.am +++ b/src/identity-provider/Makefile.am @@ -106,7 +106,7 @@ gnunet_idp_SOURCES = \ gnunet_idp_LDADD = \ $(top_builddir)/src/util/libgnunetutil.la \ $(top_builddir)/src/namestore/libgnunetnamestore.la \ - $(top_builddir)/src/identity-provider/libgnunetidentityprovider.la \ + libgnunetidentityprovider.la \ $(top_builddir)/src/identity/libgnunetidentity.la \ $(GN_LIBINTL) -- cgit v1.2.3 From abce261f08edee5fe8d49da9dbb4512a7e3052c6 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Wed, 25 Oct 2017 14:07:38 +0200 Subject: -add dockerfile --- Dockerfile | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 000000000..e753c5b91 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,55 @@ +from fedora:26 + +# Install the required build tools +RUN dnf -y update && dnf -y install which git automake texinfo gettext-devel autoconf libtool libtool-ltdl-devel libidn-devel libunistring-devel glpk libextractor-devel libmicrohttpd-devel gnutls libgcrypt-devel jansson-devel sqlite-devel npm + +WORKDIR /usr/src + +# Install gnurl from source at version gnurl-7.54.0 +RUN git clone https://git.taler.net/gnurl.git --branch gnurl-7.54.0 +WORKDIR /usr/src/gnurl +RUN autoreconf -i +RUN ./configure --enable-ipv6 --with-gnutls --without-libssh2 \ +--without-libmetalink --without-winidn --without-librtmp \ +--without-nghttp2 --without-nss --without-cyassl \ +--without-polarssl --without-ssl --without-winssl \ +--without-darwinssl --disable-sspi --disable-ntlm-wb --disable-ldap \ +--disable-rtsp --disable-dict --disable-telnet --disable-tftp \ +--disable-pop3 --disable-imap --disable-smtp --disable-gopher \ +--disable-file --disable-ftp --disable-smb +RUN make install +WORKDIR /usr/src + +RUN dnf -y install wget flex bison + +# Install libpbc +RUN wget https://crypto.stanford.edu/pbc/files/pbc-0.5.14.tar.gz +RUN tar xvzpf pbc-0.5.14.tar.gz +WORKDIR /usr/src/pbc-0.5.14 +RUN ./configure --prefix=/usr +RUN make install +WORKDIR /usr/src + +RUN dnf -y install glib2-devel + +# Install libbswabe +RUN git clone https://github.com/schanzen/libgabe.git +WORKDIR /usr/src/libgabe +RUN ./configure --prefix=/usr +RUN make install + +# Install WebUI +WORKDIR /usr/src/ +RUN git clone https://github.com/schanzen/gnunet-webui.git +WORKDIR /usr/src/gnunet-webui +RUN git checkout gnuidentity + +RUN ./bootstrap +RUN ./configure --prefix=/usr/local +RUN make +RUN make install + +RUN groupadd gnunetdns +RUN adduser --system -m --home-dir /var/lib/gnunet gnunet +RUN chown gnunet:gnunet /var/lib/gnunet +RUN echo '[arm]\nSYSTEM_ONLY = YES\nUSER_ONLY = NO\n' > /etc/gnunet.conf -- cgit v1.2.3 From 6f902e916af6ed95f6966ecdf3a6f478c157e569 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Wed, 25 Oct 2017 14:12:54 +0200 Subject: -fix docker --- Dockerfile | 3 + po/POTFILES.in | 125 ++-- po/de.po | 1736 ++++++++++++++++++++++++++++++------------------------ po/es.po | 1776 ++++++++++++++++++++++++++++++------------------------- po/fr.po | 1722 ++++++++++++++++++++++++++++++------------------------ po/sv.po | 1735 ++++++++++++++++++++++++++++++------------------------ po/vi.po | 1785 +++++++++++++++++++++++++++++++------------------------- po/zh_CN.po | 1728 ++++++++++++++++++++++++++++++------------------------ 8 files changed, 5859 insertions(+), 4751 deletions(-) diff --git a/Dockerfile b/Dockerfile index e753c5b91..375c76c4b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -44,6 +44,9 @@ RUN git clone https://github.com/schanzen/gnunet-webui.git WORKDIR /usr/src/gnunet-webui RUN git checkout gnuidentity +RUN mkdir /usr/src/gnunet +WORKDIR /usr/src/gnunet +ADD . . RUN ./bootstrap RUN ./configure --prefix=/usr/local RUN make diff --git a/po/POTFILES.in b/po/POTFILES.in index a0b222eea..3444e321b 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -3,13 +3,21 @@ src/arm/arm_monitor_api.c src/arm/gnunet-arm.c src/arm/gnunet-service-arm.c src/arm/mockup-service.c +src/ats-tests/ats-testing-experiment.c +src/ats-tests/ats-testing-log.c +src/ats-tests/ats-testing-preferences.c +src/ats-tests/ats-testing-traffic.c +src/ats-tests/ats-testing.c +src/ats-tests/gnunet-ats-sim.c +src/ats-tests/gnunet-solver-eval.c +src/ats-tool/gnunet-ats.c src/ats/ats_api_connectivity.c src/ats/ats_api_performance.c src/ats/ats_api_scanner.c src/ats/ats_api_scheduling.c src/ats/gnunet-ats-solver-eval.c -src/ats/gnunet-service-ats_addresses.c src/ats/gnunet-service-ats.c +src/ats/gnunet-service-ats_addresses.c src/ats/gnunet-service-ats_connectivity.c src/ats/gnunet-service-ats_normalization.c src/ats/gnunet-service-ats_performance.c @@ -20,14 +28,6 @@ src/ats/gnunet-service-ats_scheduling.c src/ats/plugin_ats_mlp.c src/ats/plugin_ats_proportional.c src/ats/plugin_ats_ril.c -src/ats-tests/ats-testing.c -src/ats-tests/ats-testing-experiment.c -src/ats-tests/ats-testing-log.c -src/ats-tests/ats-testing-preferences.c -src/ats-tests/ats-testing-traffic.c -src/ats-tests/gnunet-ats-sim.c -src/ats-tests/gnunet-solver-eval.c -src/ats-tool/gnunet-ats.c src/auction/gnunet-auction-create.c src/auction/gnunet-auction-info.c src/auction/gnunet-auction-join.c @@ -39,8 +39,8 @@ src/block/plugin_block_test.c src/cadet/cadet_api.c src/cadet/cadet_test_lib.c src/cadet/desirability_table.c -src/cadet/gnunet-cadet.c src/cadet/gnunet-cadet-profiler.c +src/cadet/gnunet-cadet.c src/cadet/gnunet-service-cadet.c src/cadet/gnunet-service-cadet_channel.c src/cadet/gnunet-service-cadet_connection.c @@ -56,15 +56,15 @@ src/consensus/gnunet-service-consensus.c src/consensus/plugin_block_consensus.c src/conversation/conversation_api.c src/conversation/conversation_api_call.c -src/conversation/gnunet-conversation.c src/conversation/gnunet-conversation-test.c -src/conversation/gnunet_gst.c -src/conversation/gnunet_gst_test.c -src/conversation/gnunet-helper-audio-playback.c +src/conversation/gnunet-conversation.c src/conversation/gnunet-helper-audio-playback-gst.c -src/conversation/gnunet-helper-audio-record.c +src/conversation/gnunet-helper-audio-playback.c src/conversation/gnunet-helper-audio-record-gst.c +src/conversation/gnunet-helper-audio-record.c src/conversation/gnunet-service-conversation.c +src/conversation/gnunet_gst.c +src/conversation/gnunet_gst_test.c src/conversation/microphone.c src/conversation/plugin_gnsrecord_conversation.c src/conversation/speaker.c @@ -101,7 +101,6 @@ src/dht/dht_api.c src/dht/dht_test_lib.c src/dht/gnunet-dht-get.c src/dht/gnunet-dht-monitor.c -src/dht/gnunet_dht_profiler.c src/dht/gnunet-dht-put.c src/dht/gnunet-service-dht.c src/dht/gnunet-service-dht_clients.c @@ -110,6 +109,7 @@ src/dht/gnunet-service-dht_hello.c src/dht/gnunet-service-dht_neighbours.c src/dht/gnunet-service-dht_nse.c src/dht/gnunet-service-dht_routing.c +src/dht/gnunet_dht_profiler.c src/dht/plugin_block_dht.c src/dns/dns_api.c src/dns/dnsparser.c @@ -124,8 +124,8 @@ src/dv/gnunet-dv.c src/dv/gnunet-service-dv.c src/dv/plugin_transport_dv.c src/exit/gnunet-daemon-exit.c -src/exit/gnunet-helper-exit.c src/exit/gnunet-helper-exit-windows.c +src/exit/gnunet-helper-exit.c src/fragmentation/defragmentation.c src/fragmentation/fragmentation.c src/fs/fs_api.c @@ -150,8 +150,8 @@ src/fs/gnunet-auto-share.c src/fs/gnunet-daemon-fsprofiler.c src/fs/gnunet-directory.c src/fs/gnunet-download.c -src/fs/gnunet-fs.c src/fs/gnunet-fs-profiler.c +src/fs/gnunet-fs.c src/fs/gnunet-helper-fs-publish.c src/fs/gnunet-publish.c src/fs/gnunet-search.c @@ -169,10 +169,10 @@ src/fs/plugin_block_fs.c src/gns/gns_api.c src/gns/gnunet-bcd.c src/gns/gnunet-dns2gns.c -src/gns/gnunet-gns.c src/gns/gnunet-gns-helper-service-w32.c src/gns/gnunet-gns-import.c src/gns/gnunet-gns-proxy.c +src/gns/gnunet-gns.c src/gns/gnunet-service-gns.c src/gns/gnunet-service-gns_interceptor.c src/gns/gnunet-service-gns_resolver.c @@ -181,42 +181,43 @@ src/gns/nss/nss_gns_query.c src/gns/plugin_block_gns.c src/gns/plugin_gnsrecord_gns.c src/gns/plugin_rest_gns.c +src/gns/w32nsp-install.c +src/gns/w32nsp-resolve.c +src/gns/w32nsp-uninstall.c +src/gns/w32nsp.c src/gnsrecord/gnsrecord.c src/gnsrecord/gnsrecord_crypto.c src/gnsrecord/gnsrecord_misc.c src/gnsrecord/gnsrecord_serialization.c src/gnsrecord/plugin_gnsrecord_dns.c -src/gns/w32nsp.c -src/gns/w32nsp-install.c -src/gns/w32nsp-resolve.c -src/gns/w32nsp-uninstall.c src/hello/address.c src/hello/gnunet-hello.c src/hello/hello.c src/hostlist/gnunet-daemon-hostlist.c src/hostlist/gnunet-daemon-hostlist_client.c src/hostlist/gnunet-daemon-hostlist_server.c +src/identity-provider/gnunet-idp.c +src/identity-provider/gnunet-service-identity-provider.c +src/identity-provider/identity_attribute.c +src/identity-provider/identity_provider_api.c +src/identity-provider/jwt.c +src/identity-provider/plugin_gnsrecord_identity_provider.c +src/identity-provider/plugin_identity_provider_sqlite.c +src/identity-provider/plugin_rest_identity_provider.c src/identity/gnunet-identity.c src/identity/gnunet-service-identity.c src/identity/identity_api.c src/identity/identity_api_lookup.c -src/identity/plugin_gnsrecord_identity.c src/identity/plugin_rest_identity.c -src/identity-provider/gnunet-identity-token.c -src/identity-provider/gnunet-idp.c -src/identity-provider/gnunet-service-identity-provider.c -src/identity-provider/identity_provider_api.c -src/identity-provider/identity_token.c -src/identity-provider/plugin_rest_identity_provider.c +src/json/json.c +src/json/json_generator.c +src/json/json_helper.c +src/json/json_mhd.c src/jsonapi/jsonapi.c src/jsonapi/jsonapi_document.c src/jsonapi/jsonapi_error.c src/jsonapi/jsonapi_relationship.c src/jsonapi/jsonapi_resource.c -src/json/json.c -src/json/json_generator.c -src/json/json_helper.c -src/json/json_mhd.c src/multicast/gnunet-multicast.c src/multicast/gnunet-service-multicast.c src/multicast/multicast_api.c @@ -230,8 +231,8 @@ src/namecache/namecache_api.c src/namecache/plugin_namecache_flat.c src/namecache/plugin_namecache_postgres.c src/namecache/plugin_namecache_sqlite.c -src/namestore/gnunet-namestore.c src/namestore/gnunet-namestore-fcfsd.c +src/namestore/gnunet-namestore.c src/namestore/gnunet-service-namestore.c src/namestore/namestore_api.c src/namestore/namestore_api_monitor.c @@ -246,10 +247,10 @@ src/nat-auto/gnunet-service-nat-auto.c src/nat-auto/gnunet-service-nat-auto_legacy.c src/nat-auto/nat_auto_api.c src/nat-auto/nat_auto_api_test.c -src/nat/gnunet-helper-nat-client.c src/nat/gnunet-helper-nat-client-windows.c -src/nat/gnunet-helper-nat-server.c +src/nat/gnunet-helper-nat-client.c src/nat/gnunet-helper-nat-server-windows.c +src/nat/gnunet-helper-nat-server.c src/nat/gnunet-nat.c src/nat/gnunet-service-nat.c src/nat/gnunet-service-nat_externalip.c @@ -258,15 +259,15 @@ src/nat/gnunet-service-nat_mini.c src/nat/gnunet-service-nat_stun.c src/nat/nat_api.c src/nat/nat_api_stun.c -src/nse/gnunet-nse.c src/nse/gnunet-nse-profiler.c +src/nse/gnunet-nse.c src/nse/gnunet-service-nse.c src/nse/nse_api.c +src/peerinfo-tool/gnunet-peerinfo.c +src/peerinfo-tool/gnunet-peerinfo_plugins.c src/peerinfo/gnunet-service-peerinfo.c src/peerinfo/peerinfo_api.c src/peerinfo/peerinfo_api_notify.c -src/peerinfo-tool/gnunet-peerinfo.c -src/peerinfo-tool/gnunet-peerinfo_plugins.c src/peerstore/gnunet-peerstore.c src/peerstore/gnunet-service-peerstore.c src/peerstore/peerstore_api.c @@ -318,13 +319,13 @@ src/rps/gnunet-service-rps_peers.c src/rps/gnunet-service-rps_sampler.c src/rps/gnunet-service-rps_sampler_elem.c src/rps/gnunet-service-rps_view.c -src/rps/rps_api.c src/rps/rps-test_util.c +src/rps/rps_api.c src/scalarproduct/gnunet-scalarproduct.c -src/scalarproduct/gnunet-service-scalarproduct_alice.c -src/scalarproduct/gnunet-service-scalarproduct_bob.c src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c src/scalarproduct/gnunet-service-scalarproduct-ecc_bob.c +src/scalarproduct/gnunet-service-scalarproduct_alice.c +src/scalarproduct/gnunet-service-scalarproduct_bob.c src/scalarproduct/scalarproduct_api.c src/secretsharing/gnunet-secretsharing-profiler.c src/secretsharing/gnunet-service-secretsharing.c @@ -351,15 +352,16 @@ src/statistics/gnunet-statistics.c src/statistics/statistics_api.c src/template/gnunet-service-template.c src/template/gnunet-template.c +src/testbed-logger/gnunet-service-testbed-logger.c +src/testbed-logger/testbed_logger_api.c src/testbed/generate-underlay-topology.c src/testbed/gnunet-daemon-latency-logger.c src/testbed/gnunet-daemon-testbed-blacklist.c src/testbed/gnunet-daemon-testbed-underlay.c src/testbed/gnunet-helper-testbed.c -src/testbed/gnunet_mpi_test.c src/testbed/gnunet-service-test-barriers.c -src/testbed/gnunet-service-testbed_barriers.c src/testbed/gnunet-service-testbed.c +src/testbed/gnunet-service-testbed_barriers.c src/testbed/gnunet-service-testbed_cache.c src/testbed/gnunet-service-testbed_connectionpool.c src/testbed/gnunet-service-testbed_cpustatus.c @@ -367,20 +369,19 @@ src/testbed/gnunet-service-testbed_links.c src/testbed/gnunet-service-testbed_meminfo.c src/testbed/gnunet-service-testbed_oc.c src/testbed/gnunet-service-testbed_peers.c -src/testbed/gnunet_testbed_mpi_spawn.c src/testbed/gnunet-testbed-profiler.c -src/testbed-logger/gnunet-service-testbed-logger.c -src/testbed-logger/testbed_logger_api.c -src/testbed/testbed_api_barriers.c +src/testbed/gnunet_mpi_test.c +src/testbed/gnunet_testbed_mpi_spawn.c src/testbed/testbed_api.c +src/testbed/testbed_api_barriers.c src/testbed/testbed_api_hosts.c src/testbed/testbed_api_operations.c src/testbed/testbed_api_peers.c src/testbed/testbed_api_sd.c src/testbed/testbed_api_services.c src/testbed/testbed_api_statistics.c -src/testbed/testbed_api_testbed.c src/testbed/testbed_api_test.c +src/testbed/testbed_api_testbed.c src/testbed/testbed_api_topology.c src/testbed/testbed_api_underlay.c src/testing/gnunet-testing.c @@ -389,34 +390,39 @@ src/testing/testing.c src/topology/friends.c src/topology/gnunet-daemon-topology.c src/transport/gnunet-helper-transport-bluetooth.c -src/transport/gnunet-helper-transport-wlan.c src/transport/gnunet-helper-transport-wlan-dummy.c -src/transport/gnunet-service-transport_ats.c +src/transport/gnunet-helper-transport-wlan.c src/transport/gnunet-service-transport.c +src/transport/gnunet-service-transport_ats.c src/transport/gnunet-service-transport_hello.c src/transport/gnunet-service-transport_manipulation.c src/transport/gnunet-service-transport_neighbours.c src/transport/gnunet-service-transport_plugins.c src/transport/gnunet-service-transport_validation.c -src/transport/gnunet-transport.c src/transport/gnunet-transport-certificate-creation.c src/transport/gnunet-transport-profiler.c src/transport/gnunet-transport-wlan-receiver.c src/transport/gnunet-transport-wlan-sender.c +src/transport/gnunet-transport.c src/transport/plugin_transport_http_client.c src/transport/plugin_transport_http_common.c src/transport/plugin_transport_http_server.c src/transport/plugin_transport_smtp.c src/transport/plugin_transport_tcp.c src/transport/plugin_transport_template.c -src/transport/plugin_transport_udp_broadcasting.c src/transport/plugin_transport_udp.c +src/transport/plugin_transport_udp_broadcasting.c src/transport/plugin_transport_unix.c src/transport/plugin_transport_wlan.c src/transport/tcp_connection_legacy.c src/transport/tcp_server_legacy.c src/transport/tcp_server_mst_legacy.c src/transport/tcp_service_legacy.c +src/transport/transport-testing-filenames.c +src/transport/transport-testing-loggers.c +src/transport/transport-testing-main.c +src/transport/transport-testing-send.c +src/transport/transport-testing.c src/transport/transport_api_address_to_string.c src/transport/transport_api_blacklist.c src/transport/transport_api_core.c @@ -425,11 +431,6 @@ src/transport/transport_api_manipulation.c src/transport/transport_api_monitor_peers.c src/transport/transport_api_monitor_plugins.c src/transport/transport_api_offer_hello.c -src/transport/transport-testing.c -src/transport/transport-testing-filenames.c -src/transport/transport-testing-loggers.c -src/transport/transport-testing-main.c -src/transport/transport-testing-send.c src/tun/regex.c src/tun/tun.c src/util/bandwidth.c @@ -443,8 +444,8 @@ src/util/configuration_loader.c src/util/container_bloomfilter.c src/util/container_heap.c src/util/container_meta_data.c -src/util/container_multihashmap32.c src/util/container_multihashmap.c +src/util/container_multihashmap32.c src/util/container_multipeermap.c src/util/container_multishortmap.c src/util/crypto_abe.c @@ -464,8 +465,8 @@ src/util/crypto_symmetric.c src/util/disk.c src/util/getopt.c src/util/getopt_helpers.c -src/util/gnunet-config.c src/util/gnunet-config-diff.c +src/util/gnunet-config.c src/util/gnunet-ecc.c src/util/gnunet-helper-w32-console.c src/util/gnunet-resolver.c @@ -496,8 +497,8 @@ src/util/time.c src/util/w32cat.c src/util/win.c src/util/winproc.c -src/vpn/gnunet-helper-vpn.c src/vpn/gnunet-helper-vpn-windows.c +src/vpn/gnunet-helper-vpn.c src/vpn/gnunet-service-vpn.c src/vpn/gnunet-vpn.c src/vpn/vpn_api.c diff --git a/po/de.po b/po/de.po index fde327308..f6be3a735 100644 --- a/po/de.po +++ b/po/de.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: gnunet 0.10.1\n" "Report-Msgid-Bugs-To: gnunet-developers@mail.gnu.org\n" -"POT-Creation-Date: 2017-03-31 19:22-0500\n" +"POT-Creation-Date: 2017-10-20 15:14+0000\n" "PO-Revision-Date: 2015-03-08 16:16+0100\n" "Last-Translator: Mario Blättermann \n" "Language-Team: German \n" @@ -272,7 +272,7 @@ msgid "Have neither PORT nor UNIXPATH for service `%s', but one is required\n" msgstr "" #: src/arm/gnunet-service-arm.c:513 -#: src/transport/plugin_transport_http_server.c:2621 +#: src/transport/plugin_transport_http_server.c:2684 #: src/transport/plugin_transport_tcp.c:1259 #: src/transport/tcp_service_legacy.c:696 src/util/service.c:782 #, c-format @@ -280,7 +280,7 @@ msgid "Failed to resolve `%s': %s\n" msgstr "»%s« konnte nicht aufgelöst werden: %s\n" #: src/arm/gnunet-service-arm.c:532 -#: src/transport/plugin_transport_http_server.c:2639 +#: src/transport/plugin_transport_http_server.c:2702 #: src/transport/plugin_transport_tcp.c:1278 #: src/transport/tcp_service_legacy.c:715 src/util/service.c:802 #, fuzzy, c-format @@ -353,133 +353,14 @@ msgstr "" msgid "Initiating shutdown as requested by client.\n" msgstr "" -#: src/ats/gnunet-ats-solver-eval.c:2781 src/ats/gnunet-ats-solver-eval.c:2822 -#, c-format -msgid "" -"Could not load quota for network `%s': `%s', assigning default bandwidth " -"%llu\n" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:2799 -#, c-format -msgid "" -"No outbound quota configured for network `%s', assigning default bandwidth " -"%llu\n" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:2840 -#, c-format -msgid "" -"No outbound quota configure for network `%s', assigning default bandwidth " -"%llu\n" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:3294 -#: src/ats-tests/gnunet-solver-eval.c:939 -msgid "solver to use" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:3299 -#: src/ats-tests/gnunet-solver-eval.c:945 -#: src/ats-tests/gnunet-solver-eval.c:950 -msgid "experiment to use" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:3306 -msgid "print logging" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:3311 -msgid "save logging to disk" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:3316 -msgid "disable normalization" -msgstr "" - -#: src/ats/gnunet-service-ats_plugins.c:304 -#, c-format -msgid "" -"Could not load %s quota for network `%s': `%s', assigning default bandwidth " -"%llu\n" -msgstr "" - -#: src/ats/gnunet-service-ats_plugins.c:314 -#, c-format -msgid "%s quota configured for network `%s' is %llu\n" -msgstr "" - -#: src/ats/gnunet-service-ats_plugins.c:359 -#, c-format -msgid "" -"No %s-quota configured for network `%s', assigning default bandwidth %llu\n" -msgstr "" - -#: src/ats/gnunet-service-ats_plugins.c:451 -#, fuzzy, c-format -msgid "Failed to initialize solver `%s'!\n" -msgstr "SQLite Datenbank konnte nicht initialisiert werden.\n" - -#: src/ats/plugin_ats_mlp.c:1274 -msgid "Problem size too large, cannot allocate memory!\n" -msgstr "" - -#: src/ats/plugin_ats_mlp.c:1869 -#, fuzzy, c-format -msgid "Adding address for peer `%s' multiple times\n" -msgstr "Adresse des Knotens `%s' konnte nicht ermittelt werden.\n" - -#: src/ats/plugin_ats_mlp.c:1913 -#, fuzzy, c-format -msgid "Updating address property for peer `%s' %p not added before\n" -msgstr "Adresse des Knotens `%s' konnte nicht ermittelt werden.\n" - -#: src/ats/plugin_ats_mlp.c:2475 -msgid "" -"MLP solver is not optimizing for anything, changing to feasibility check\n" -msgstr "" - -#: src/ats/plugin_ats_mlp.c:2515 src/ats/plugin_ats_mlp.c:2532 -#: src/ats/plugin_ats_mlp.c:2564 src/ats/plugin_ats_mlp.c:2582 -#: src/ats/plugin_ats_mlp.c:2601 src/ats/plugin_ats_proportional.c:1141 -#: src/ats/plugin_ats_ril.c:2612 src/ats/plugin_ats_ril.c:2629 -#: src/ats/plugin_ats_ril.c:2646 src/ats/plugin_ats_ril.c:2663 -#: src/ats/plugin_ats_ril.c:2680 src/ats/plugin_ats_ril.c:2697 -#: src/ats/plugin_ats_ril.c:2714 src/ats/plugin_ats_ril.c:2731 -#, fuzzy, c-format -msgid "Invalid %s configuration %f \n" -msgstr "Konfiguration konnte nicht aus %s geladen werden\n" - -#: src/ats/plugin_ats_mlp.c:2670 -#, c-format -msgid "" -"Adjusting inconsistent outbound quota configuration for network `%s', is " -"%llu must be at least %llu\n" -msgstr "" - -#: src/ats/plugin_ats_mlp.c:2679 -#, c-format -msgid "" -"Adjusting inconsistent inbound quota configuration for network `%s', is %llu " -"must be at least %llu\n" -msgstr "" - -#: src/ats/plugin_ats_mlp.c:2689 -#, c-format -msgid "" -"Adjusting outbound quota configuration for network `%s'from %llu to %.0f\n" -msgstr "" - -#: src/ats/plugin_ats_mlp.c:2698 -#, c-format -msgid "" -"Adjusting inbound quota configuration for network `%s' from %llu to %.0f\n" -msgstr "" +#: src/ats-tests/ats-testing-log.c:837 +msgid "Stop logging\n" +msgstr "Protokollierung stoppen\n" -#: src/ats/plugin_ats_proportional.c:1164 +#: src/ats-tests/ats-testing-log.c:892 #, fuzzy, c-format -msgid "Invalid %s configuration %f\n" -msgstr " gconfig\tGTK Konfiguration\n" +msgid "Start logging `%s'\n" +msgstr "Collection `%s' begonnen.\n" #: src/ats-tests/ats-testing.c:422 #, c-format @@ -491,15 +372,6 @@ msgstr "" msgid "Failed to connect master peer [%u] with slave [%u]\n" msgstr "Es konnte keine Verbindung mit gnunetd hergestellt werden.\n" -#: src/ats-tests/ats-testing-log.c:837 -msgid "Stop logging\n" -msgstr "Protokollierung stoppen\n" - -#: src/ats-tests/ats-testing-log.c:892 -#, fuzzy, c-format -msgid "Start logging `%s'\n" -msgstr "Collection `%s' begonnen.\n" - #: src/ats-tests/gnunet-ats-sim.c:90 #, c-format msgid "" @@ -507,6 +379,15 @@ msgid "" "= %u KiB/s\n" msgstr "" +#: src/ats-tests/gnunet-solver-eval.c:939 src/ats/gnunet-ats-solver-eval.c:3294 +msgid "solver to use" +msgstr "" + +#: src/ats-tests/gnunet-solver-eval.c:945 +#: src/ats-tests/gnunet-solver-eval.c:950 src/ats/gnunet-ats-solver-eval.c:3299 +msgid "experiment to use" +msgstr "" + #: src/ats-tool/gnunet-ats.c:307 #, c-format msgid "%u address resolutions had a timeout\n" @@ -624,6 +505,123 @@ msgstr "" msgid "Print information about ATS state" msgstr "Informationen über andere GNUnet Knoten ausgeben." +#: src/ats/gnunet-ats-solver-eval.c:2781 src/ats/gnunet-ats-solver-eval.c:2822 +#, c-format +msgid "" +"Could not load quota for network `%s': `%s', assigning default bandwidth " +"%llu\n" +msgstr "" + +#: src/ats/gnunet-ats-solver-eval.c:2799 +#, c-format +msgid "" +"No outbound quota configured for network `%s', assigning default bandwidth " +"%llu\n" +msgstr "" + +#: src/ats/gnunet-ats-solver-eval.c:2840 +#, c-format +msgid "" +"No outbound quota configure for network `%s', assigning default bandwidth " +"%llu\n" +msgstr "" + +#: src/ats/gnunet-ats-solver-eval.c:3306 +msgid "print logging" +msgstr "" + +#: src/ats/gnunet-ats-solver-eval.c:3311 +msgid "save logging to disk" +msgstr "" + +#: src/ats/gnunet-ats-solver-eval.c:3316 +msgid "disable normalization" +msgstr "" + +#: src/ats/gnunet-service-ats_plugins.c:304 +#, c-format +msgid "" +"Could not load %s quota for network `%s': `%s', assigning default bandwidth " +"%llu\n" +msgstr "" + +#: src/ats/gnunet-service-ats_plugins.c:314 +#, c-format +msgid "%s quota configured for network `%s' is %llu\n" +msgstr "" + +#: src/ats/gnunet-service-ats_plugins.c:359 +#, c-format +msgid "" +"No %s-quota configured for network `%s', assigning default bandwidth %llu\n" +msgstr "" + +#: src/ats/gnunet-service-ats_plugins.c:451 +#, fuzzy, c-format +msgid "Failed to initialize solver `%s'!\n" +msgstr "SQLite Datenbank konnte nicht initialisiert werden.\n" + +#: src/ats/plugin_ats_mlp.c:1274 +msgid "Problem size too large, cannot allocate memory!\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:1869 +#, fuzzy, c-format +msgid "Adding address for peer `%s' multiple times\n" +msgstr "Adresse des Knotens `%s' konnte nicht ermittelt werden.\n" + +#: src/ats/plugin_ats_mlp.c:1913 +#, fuzzy, c-format +msgid "Updating address property for peer `%s' %p not added before\n" +msgstr "Adresse des Knotens `%s' konnte nicht ermittelt werden.\n" + +#: src/ats/plugin_ats_mlp.c:2475 +msgid "" +"MLP solver is not optimizing for anything, changing to feasibility check\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:2515 src/ats/plugin_ats_mlp.c:2532 +#: src/ats/plugin_ats_mlp.c:2564 src/ats/plugin_ats_mlp.c:2582 +#: src/ats/plugin_ats_mlp.c:2601 src/ats/plugin_ats_proportional.c:1141 +#: src/ats/plugin_ats_ril.c:2612 src/ats/plugin_ats_ril.c:2629 +#: src/ats/plugin_ats_ril.c:2646 src/ats/plugin_ats_ril.c:2663 +#: src/ats/plugin_ats_ril.c:2680 src/ats/plugin_ats_ril.c:2697 +#: src/ats/plugin_ats_ril.c:2714 src/ats/plugin_ats_ril.c:2731 +#, fuzzy, c-format +msgid "Invalid %s configuration %f \n" +msgstr "Konfiguration konnte nicht aus %s geladen werden\n" + +#: src/ats/plugin_ats_mlp.c:2670 +#, c-format +msgid "" +"Adjusting inconsistent outbound quota configuration for network `%s', is " +"%llu must be at least %llu\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:2679 +#, c-format +msgid "" +"Adjusting inconsistent inbound quota configuration for network `%s', is %llu " +"must be at least %llu\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:2689 +#, c-format +msgid "" +"Adjusting outbound quota configuration for network `%s'from %llu to %.0f\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:2698 +#, c-format +msgid "" +"Adjusting inbound quota configuration for network `%s' from %llu to %.0f\n" +msgstr "" + +#: src/ats/plugin_ats_proportional.c:1164 +#, fuzzy, c-format +msgid "Invalid %s configuration %f\n" +msgstr " gconfig\tGTK Konfiguration\n" + #: src/auction/gnunet-auction-create.c:163 msgid "description of the item to be sold" msgstr "" @@ -769,6 +767,28 @@ msgstr "Ausführlicherer Modus (empfangene Werte ausgeben)" msgid "Connection to conversation service lost, trying to reconnect\n" msgstr "" +#: src/conversation/gnunet-conversation-test.c:119 +#, c-format +msgid "" +"\n" +"End of transmission. Have a GNU day.\n" +msgstr "" + +#: src/conversation/gnunet-conversation-test.c:145 +#, c-format +msgid "" +"\n" +"We are now playing your recording back. If you can hear it, your audio " +"settings are working..." +msgstr "" + +#: src/conversation/gnunet-conversation-test.c:210 +#, c-format +msgid "" +"We will now be recording you for %s. After that time, the recording will be " +"played back to you..." +msgstr "" + #: src/conversation/gnunet-conversation.c:269 #, c-format msgid "Incoming call from `%s'. Please /accept %u or /cancel %u the call.\n" @@ -1026,30 +1046,8 @@ msgstr "" msgid "Enables having a conversation with other GNUnet users." msgstr "" -#: src/conversation/gnunet-conversation-test.c:119 -#, c-format -msgid "" -"\n" -"End of transmission. Have a GNU day.\n" -msgstr "" - -#: src/conversation/gnunet-conversation-test.c:145 -#, c-format -msgid "" -"\n" -"We are now playing your recording back. If you can hear it, your audio " -"settings are working..." -msgstr "" - -#: src/conversation/gnunet-conversation-test.c:210 -#, c-format -msgid "" -"We will now be recording you for %s. After that time, the recording will be " -"played back to you..." -msgstr "" - -#: src/conversation/gnunet_gst.c:622 #: src/conversation/gnunet-helper-audio-playback-gst.c:356 +#: src/conversation/gnunet_gst.c:622 #, c-format msgid "Read error from STDIN: %d %s\n" msgstr "Fehler beim Lesen aus STDIN: %d %s\n" @@ -1174,6 +1172,11 @@ msgstr "ogg_stream_init() fehlgeschlagen.\n" msgid "Failed to allocate %u bytes for second packet\n" msgstr "UDP-Sockets können nicht geöffnet werden\n" +#: src/conversation/gnunet-service-conversation.c:1276 +#, fuzzy, c-format +msgid "Could not open line, port %s already in use!\n" +msgstr "Verbindung zum %s-Dienst ist fehlgeschlagen!\n" + #: src/conversation/microphone.c:119 msgid "Could not start record audio helper\n" msgstr "" @@ -1463,8 +1466,138 @@ msgstr "# Bytes empfangen über TCP" msgid "# updates to my type map" msgstr "" +#: src/credential/credential_misc.c:88 +#, fuzzy, c-format +msgid "Unable to parse CRED record string `%s'\n" +msgstr "Fehler beim Speichern der Konfigurationsdatei `%s':" + +#: src/credential/gnunet-credential.c:278 src/namestore/gnunet-namestore.c:776 +#: src/namestore/plugin_rest_namestore.c:1009 +#, fuzzy, c-format +msgid "Ego `%s' not known to identity service\n" +msgstr "`%s': unbekannter Dienst: %s\n" + +#: src/credential/gnunet-credential.c:294 +#: src/credential/gnunet-credential.c:446 +#, c-format +msgid "Issuer public key `%s' is not well-formed\n" +msgstr "" + +#: src/credential/gnunet-credential.c:375 +#: src/credential/gnunet-credential.c:435 +#, fuzzy, c-format +msgid "Issuer public key not well-formed\n" +msgstr "Ungültiger Parameter: `%s'\n" + +#: src/credential/gnunet-credential.c:386 +#: src/credential/gnunet-credential.c:455 +#, fuzzy, c-format +msgid "Failed to connect to CREDENTIAL\n" +msgstr "Es konnte keine Verbindung mit gnunetd hergestellt werden.\n" + +#: src/credential/gnunet-credential.c:392 +#, c-format +msgid "You must provide issuer the attribute\n" +msgstr "" + +#: src/credential/gnunet-credential.c:399 +#, fuzzy, c-format +msgid "ego required\n" +msgstr "Gültiger Typ ist erforderlich\n" + +#: src/credential/gnunet-credential.c:415 +#, c-format +msgid "Subject public key needed\n" +msgstr "" + +#: src/credential/gnunet-credential.c:426 +#, c-format +msgid "Subject public key `%s' is not well-formed\n" +msgstr "" + +#: src/credential/gnunet-credential.c:461 +#, c-format +msgid "You must provide issuer and subject attributes\n" +msgstr "" + +#: src/credential/gnunet-credential.c:511 +#, fuzzy, c-format +msgid "Issuer ego required\n" +msgstr "Gültiger Typ ist erforderlich\n" + +#: src/credential/gnunet-credential.c:523 +#, c-format +msgid "Please specify name to lookup, subject key and issuer key!\n" +msgstr "" + +#: src/credential/gnunet-credential.c:543 +msgid "create credential" +msgstr "" + +#: src/credential/gnunet-credential.c:547 +msgid "verify credential against attribute" +msgstr "" + +#: src/credential/gnunet-credential.c:552 +#, fuzzy +msgid "The public key of the subject to lookup the credential for" +msgstr "Die Priorität des Inhalts angeben" + +#: src/credential/gnunet-credential.c:557 +msgid "The name of the credential presented by the subject" +msgstr "" + +#: src/credential/gnunet-credential.c:562 +msgid "The public key of the authority to verify the credential against" +msgstr "" + +#: src/credential/gnunet-credential.c:567 +msgid "The ego to use" +msgstr "" + +#: src/credential/gnunet-credential.c:572 +msgid "The issuer attribute to verify against or to issue" +msgstr "" + +#: src/credential/gnunet-credential.c:577 +msgid "The time to live for the credential" +msgstr "" + +#: src/credential/gnunet-credential.c:581 +msgid "collect credentials" +msgstr "" + +#: src/credential/gnunet-credential.c:595 +#, fuzzy +msgid "GNUnet credential resolver tool" +msgstr "GNUnet Netzwerk Topologie tracen." + +#: src/credential/gnunet-service-credential.c:1204 +#: src/gns/gnunet-gns-helper-service-w32.c:727 src/gns/gnunet-gns.c:355 +#, fuzzy, c-format +msgid "Failed to connect to GNS\n" +msgstr "Es konnte keine Verbindung mit gnunetd hergestellt werden.\n" + +#: src/credential/gnunet-service-credential.c:1210 +#: src/namestore/gnunet-namestore-fcfsd.c:1034 +#: src/namestore/gnunet-namestore.c:802 +#: src/namestore/plugin_rest_namestore.c:1022 +#, fuzzy, c-format +msgid "Failed to connect to namestore\n" +msgstr "Es konnte keine Verbindung mit gnunetd hergestellt werden.\n" + +#: src/credential/plugin_gnsrecord_credential.c:186 +#, fuzzy, c-format +msgid "Unable to parse ATTR record string `%s'\n" +msgstr "Fehler beim Speichern der Konfigurationsdatei `%s':" + +#: src/credential/plugin_rest_credential.c:1155 src/gns/plugin_rest_gns.c:668 +#, fuzzy +msgid "GNS REST API initialized\n" +msgstr " Verbindung fehlgeschlagen\n" + #: src/datacache/datacache.c:119 src/datacache/datacache.c:294 -#: src/datastore/gnunet-service-datastore.c:775 +#: src/datastore/gnunet-service-datastore.c:757 msgid "# bytes stored" msgstr "# gespeicherte Bytes" @@ -1506,13 +1639,12 @@ msgstr "" #: src/datacache/plugin_datacache_sqlite.c:113 #: src/datacache/plugin_datacache_sqlite.c:122 -#: src/datastore/plugin_datastore_mysql.c:980 +#: src/datastore/plugin_datastore_mysql.c:892 #: src/datastore/plugin_datastore_sqlite.c:58 -#: src/datastore/plugin_datastore_sqlite.c:66 src/my/my.c:80 src/my/my.c:92 -#: src/mysql/mysql.c:42 src/mysql/mysql.c:49 -#: src/namecache/plugin_namecache_postgres.c:53 +#: src/datastore/plugin_datastore_sqlite.c:66 +#: src/identity-provider/plugin_identity_provider_sqlite.c:52 src/my/my.c:80 +#: src/my/my.c:92 src/mysql/mysql.c:42 src/mysql/mysql.c:49 #: src/namecache/plugin_namecache_sqlite.c:53 -#: src/namestore/plugin_namestore_postgres.c:53 #: src/namestore/plugin_namestore_sqlite.c:53 #: src/peerstore/plugin_peerstore_sqlite.c:52 #: src/psycstore/plugin_psycstore_mysql.c:62 @@ -1521,14 +1653,15 @@ msgstr "" #: src/testbed/gnunet-daemon-testbed-underlay.c:56 #: src/testbed/testbed_api_hosts.c:69 src/util/crypto_ecc.c:52 #: src/util/crypto_ecc_setup.c:41 src/util/crypto_mpi.c:39 -#: src/include/gnunet_common.h:720 src/include/gnunet_common.h:729 +#: src/include/gnunet_common.h:735 src/include/gnunet_common.h:744 #: src/scalarproduct/scalarproduct.h:35 #, c-format msgid "`%s' failed at %s:%d with error: %s\n" msgstr "»%s« schlug bei %s:%d mit dem Fehler %s fehl\n" #: src/datacache/plugin_datacache_sqlite.c:817 -#: src/datastore/plugin_datastore_sqlite.c:475 +#: src/datastore/plugin_datastore_sqlite.c:456 +#: src/identity-provider/plugin_identity_provider_sqlite.c:336 #: src/namecache/plugin_namecache_sqlite.c:296 #: src/namestore/plugin_namestore_sqlite.c:355 msgid "Tried to close sqlite without finalizing all prepared statements.\n" @@ -1596,23 +1729,74 @@ msgstr "" msgid "# GET requests executed" msgstr "# ausgeführte GET-Anfragen" -#: src/datastore/gnunet-datastore.c:113 +#: src/datastore/gnunet-datastore.c:189 +#, c-format +msgid "Dumped % records\n" +msgstr "" + +#: src/datastore/gnunet-datastore.c:217 src/datastore/gnunet-datastore.c:229 +#, c-format +msgid "Short write to file: %zd bytes expecting %zd\n" +msgstr "" + +#: src/datastore/gnunet-datastore.c:261 +#, fuzzy +msgid "Error queueing datastore GET operation\n" +msgstr "Fehler beim Anlegen des Benutzers" + +#: src/datastore/gnunet-datastore.c:287 src/datastore/gnunet-datastore.c:412 +#, fuzzy, c-format +msgid "Unable to open dump file: %s\n" +msgstr "Zustellung der Nachricht `%s' fehlgeschlagen.\n" + +#: src/datastore/gnunet-datastore.c:326 #, c-format msgid "Failed to store item: %s, aborting\n" msgstr "Objekt konnte nicht gespeichert werden: %s, Abbruch\n" -#: src/datastore/gnunet-datastore.c:209 +#: src/datastore/gnunet-datastore.c:340 #, c-format -msgid "Cannot use the same configuration for source and destination\n" +msgid "Inserted % records\n" msgstr "" -#: src/datastore/gnunet-datastore.c:256 -msgid "" -"specifies the configuration to use to access an alternative datastore; will " -"merge that datastore into our current datastore" +#: src/datastore/gnunet-datastore.c:349 src/datastore/gnunet-datastore.c:363 +#, c-format +msgid "Short read from file: %zd bytes expecting %zd\n" +msgstr "" + +#: src/datastore/gnunet-datastore.c:389 +#, fuzzy +msgid "Error queueing datastore PUT operation\n" +msgstr "Fehler beim Anlegen des Benutzers" + +#: src/datastore/gnunet-datastore.c:432 +msgid "Input file is not of a supported format\n" +msgstr "" + +#: src/datastore/gnunet-datastore.c:458 +#, fuzzy +msgid "Failed connecting to the datastore.\n" +msgstr "Es konnte keine Verbindung mit gnunetd hergestellt werden." + +#: src/datastore/gnunet-datastore.c:470 +#, c-format +msgid "Please choose at least one operation: %s, %s\n" +msgstr "" + +#: src/datastore/gnunet-datastore.c:493 +msgid "Dump all records from the datastore" +msgstr "" + +#: src/datastore/gnunet-datastore.c:497 +#, fuzzy +msgid "Insert records into the datastore" +msgstr "# bytes in der Datenbank" + +#: src/datastore/gnunet-datastore.c:502 +msgid "File to dump or insert" msgstr "" -#: src/datastore/gnunet-datastore.c:265 +#: src/datastore/gnunet-datastore.c:511 #, fuzzy msgid "Manipulate GNUnet datastore" msgstr "sqlite Datenspeicher" @@ -1655,8 +1839,8 @@ msgstr "" #: src/datastore/gnunet-service-datastore.c:634 #: src/datastore/gnunet-service-datastore.c:689 -#: src/datastore/gnunet-service-datastore.c:977 -#: src/datastore/gnunet-service-datastore.c:1633 +#: src/datastore/gnunet-service-datastore.c:837 +#: src/datastore/gnunet-service-datastore.c:1469 msgid "# reserved" msgstr "" @@ -1664,147 +1848,148 @@ msgstr "" msgid "Could not find matching reservation" msgstr "" -#: src/datastore/gnunet-service-datastore.c:792 +#: src/datastore/gnunet-service-datastore.c:773 #, c-format msgid "Need %llu bytes more space (%llu allowed, using %llu)\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1026 +#: src/datastore/gnunet-service-datastore.c:876 #, fuzzy msgid "# GET requests received" msgstr "# Client Trace-Anfragen empfangen" -#: src/datastore/gnunet-service-datastore.c:1058 +#: src/datastore/gnunet-service-datastore.c:907 #, fuzzy msgid "# GET KEY requests received" msgstr "# Client Trace-Anfragen empfangen" -#: src/datastore/gnunet-service-datastore.c:1071 +#: src/datastore/gnunet-service-datastore.c:920 msgid "# requests filtered by bloomfilter" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1108 +#: src/datastore/gnunet-service-datastore.c:956 #, fuzzy msgid "# GET REPLICATION requests received" msgstr "# Client Trace-Anfragen empfangen" -#: src/datastore/gnunet-service-datastore.c:1141 +#: src/datastore/gnunet-service-datastore.c:989 #, fuzzy msgid "# GET ZERO ANONYMITY requests received" msgstr "# Client Trace-Anfragen empfangen" -#: src/datastore/gnunet-service-datastore.c:1190 +#: src/datastore/gnunet-service-datastore.c:1036 msgid "Content not found" msgstr "Kein Inhalt gefunden" -#: src/datastore/gnunet-service-datastore.c:1199 +#: src/datastore/gnunet-service-datastore.c:1043 msgid "# bytes removed (explicit request)" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1246 +#: src/datastore/gnunet-service-datastore.c:1088 #, fuzzy msgid "# REMOVE requests received" msgstr "# Client Trace-Anfragen empfangen" -#: src/datastore/gnunet-service-datastore.c:1301 +#: src/datastore/gnunet-service-datastore.c:1137 #, c-format msgid "" "Datastore payload must have been inaccurate (%lld < %lld). Recomputing it.\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1307 -#: src/datastore/gnunet-service-datastore.c:1482 +#: src/datastore/gnunet-service-datastore.c:1143 +#: src/datastore/gnunet-service-datastore.c:1318 #, c-format msgid "New payload: %lld\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1361 +#: src/datastore/gnunet-service-datastore.c:1197 #, c-format msgid "Loading `%s' datastore plugin\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1373 +#: src/datastore/gnunet-service-datastore.c:1209 #, fuzzy, c-format msgid "Failed to load datastore plugin for `%s'\n" msgstr "Anwendung `%s' konnte nicht initialisiert werden.\n" -#: src/datastore/gnunet-service-datastore.c:1433 +#: src/datastore/gnunet-service-datastore.c:1269 msgid "Bloomfilter construction complete.\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1489 +#: src/datastore/gnunet-service-datastore.c:1325 msgid "Rebuilding bloomfilter. Please be patient.\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1500 +#: src/datastore/gnunet-service-datastore.c:1336 msgid "Plugin does not support get_keys function. Please fix!\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1670 +#: src/datastore/gnunet-service-datastore.c:1506 #, fuzzy, c-format msgid "# bytes used in file-sharing datastore `%s'" msgstr "# bytes erlaubt in der Datenbank" -#: src/datastore/gnunet-service-datastore.c:1686 +#: src/datastore/gnunet-service-datastore.c:1522 msgid "# quota" msgstr "# Kontingent" -#: src/datastore/gnunet-service-datastore.c:1691 +#: src/datastore/gnunet-service-datastore.c:1527 msgid "# cache size" msgstr "# Zwischenspeichergröße" -#: src/datastore/gnunet-service-datastore.c:1707 +#: src/datastore/gnunet-service-datastore.c:1543 #, c-format msgid "Could not use specified filename `%s' for bloomfilter.\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1725 -#: src/datastore/gnunet-service-datastore.c:1741 +#: src/datastore/gnunet-service-datastore.c:1561 +#: src/datastore/gnunet-service-datastore.c:1577 #, fuzzy, c-format msgid "Failed to remove bogus bloomfilter file `%s'\n" msgstr "Datei wurde als `%s' gespeichert.\n" -#: src/datastore/gnunet-service-datastore.c:1773 +#: src/datastore/gnunet-service-datastore.c:1609 msgid "Failed to initialize bloomfilter.\n" msgstr "Bloomfilter konnte nicht initialisiert werden.\n" -#: src/datastore/plugin_datastore_heap.c:769 +#: src/datastore/plugin_datastore_heap.c:893 msgid "Heap database running\n" msgstr "Heap-Datenbank läuft\n" -#: src/datastore/plugin_datastore_mysql.c:377 -#: src/datastore/plugin_datastore_sqlite.c:590 +#: src/datastore/plugin_datastore_mysql.c:371 +#: src/datastore/plugin_datastore_mysql.c:423 +#: src/datastore/plugin_datastore_mysql.c:1075 +msgid "MySQL statement run failure" +msgstr "" + +#: src/datastore/plugin_datastore_mysql.c:410 +#: src/datastore/plugin_datastore_sqlite.c:626 #, fuzzy msgid "Data too large" msgstr "Anzahl der Werte" -#: src/datastore/plugin_datastore_mysql.c:393 -msgid "MySQL statement run failure" -msgstr "" - -#: src/datastore/plugin_datastore_mysql.c:936 +#: src/datastore/plugin_datastore_mysql.c:848 #, fuzzy, c-format msgid "`%s' for `%s' failed at %s:%d with error: %s\n" msgstr "`%s' an `%s' schlug fehl bei %s:%d mit dem Fehler: %s\n" -#: src/datastore/plugin_datastore_mysql.c:1208 +#: src/datastore/plugin_datastore_mysql.c:1180 #: src/psycstore/plugin_psycstore_mysql.c:1936 msgid "Mysql database running\n" msgstr "MySQL-Datenbank läuft\n" -#: src/datastore/plugin_datastore_postgres.c:345 +#: src/datastore/plugin_datastore_postgres.c:274 +#: src/datastore/plugin_datastore_postgres.c:891 msgid "Postgress exec failure" msgstr "" -#: src/datastore/plugin_datastore_postgres.c:866 +#: src/datastore/plugin_datastore_postgres.c:852 #, fuzzy msgid "Failed to drop table from database.\n" msgstr "Fehler beim Binden an UDP Port %d.\n" -#: src/datastore/plugin_datastore_postgres.c:903 -#: src/namecache/plugin_namecache_postgres.c:398 -#: src/namestore/plugin_namestore_postgres.c:571 -#: src/psycstore/plugin_psycstore_postgres.c:1721 +#: src/datastore/plugin_datastore_postgres.c:950 +#: src/psycstore/plugin_psycstore_postgres.c:1506 msgid "Postgres database running\n" msgstr "PostgreSQL-Datenbank läuft\n" @@ -1816,7 +2001,8 @@ msgstr "PostgreSQL-Datenbank läuft\n" msgid "`%s' failed at %s:%u with error: %s" msgstr "`%s' schlug bei %s:%d mit dem Fehler %s fehl\n" -#: src/datastore/plugin_datastore_sqlite.c:281 +#: src/datastore/plugin_datastore_sqlite.c:271 +#: src/identity-provider/plugin_identity_provider_sqlite.c:212 #: src/namecache/plugin_namecache_sqlite.c:194 #: src/namestore/plugin_namestore_sqlite.c:222 #: src/peerstore/plugin_peerstore_sqlite.c:535 @@ -1825,24 +2011,29 @@ msgstr "`%s' schlug bei %s:%d mit dem Fehler %s fehl\n" msgid "Unable to initialize SQLite: %s.\n" msgstr "SQLite-Datenbank konnte nicht initialisiert werden: %s.\n" -#: src/datastore/plugin_datastore_sqlite.c:1234 +#: src/datastore/plugin_datastore_sqlite.c:577 +msgid "sqlite bind failure" +msgstr "" + +#: src/datastore/plugin_datastore_sqlite.c:1259 msgid "sqlite version to old to determine size, assuming zero\n" msgstr "" -#: src/datastore/plugin_datastore_sqlite.c:1268 +#: src/datastore/plugin_datastore_sqlite.c:1293 #, c-format msgid "" "Using sqlite page utilization to estimate payload (%llu pages of size %llu " "bytes)\n" msgstr "" -#: src/datastore/plugin_datastore_sqlite.c:1312 +#: src/datastore/plugin_datastore_sqlite.c:1337 +#: src/identity-provider/plugin_identity_provider_sqlite.c:711 #: src/namecache/plugin_namecache_sqlite.c:603 #: src/namestore/plugin_namestore_sqlite.c:802 msgid "Sqlite database running\n" msgstr "Sqlite-Datenbank läuft\n" -#: src/datastore/plugin_datastore_template.c:259 +#: src/datastore/plugin_datastore_template.c:253 msgid "Template database running\n" msgstr "" @@ -1903,52 +2094,6 @@ msgstr "" msgid "Prints all packets that go through the DHT." msgstr "" -#: src/dht/gnunet_dht_profiler.c:1161 -#: src/testbed/gnunet-testbed-profiler.c:255 -#, c-format -msgid "Exiting as the number of peers is %u\n" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1188 -#, fuzzy -msgid "number of peers to start" -msgstr "Anzahl an Durchläufen" - -#: src/dht/gnunet_dht_profiler.c:1194 -msgid "" -"maximum number of times we try to search for successor circle formation (0 " -"for R5N)" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1200 src/nse/gnunet-nse-profiler.c:853 -#: src/testbed/gnunet-testbed-profiler.c:305 -msgid "name of the file with the login information for the testbed" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1206 -msgid "delay between rounds for collecting statistics (default: 30 sec)" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1212 -msgid "delay to start doing PUTs (default: 1 sec)" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1218 -msgid "delay to start doing GETs (default: 5 min)" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1223 -msgid "replication degree for DHT PUTs" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1230 -msgid "timeout for DHT PUT and GET requests (default: 1 min)" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1248 -msgid "Measure quality and performance of the DHT service." -msgstr "" - #: src/dht/gnunet-dht-put.c:120 msgid "PUT request sent with key" msgstr "" @@ -2215,6 +2360,51 @@ msgstr "" msgid "# DHT requests combined" msgstr "# dht Anfragen weitergeleitet" +#: src/dht/gnunet_dht_profiler.c:1161 src/testbed/gnunet-testbed-profiler.c:255 +#, c-format +msgid "Exiting as the number of peers is %u\n" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1188 +#, fuzzy +msgid "number of peers to start" +msgstr "Anzahl an Durchläufen" + +#: src/dht/gnunet_dht_profiler.c:1194 +msgid "" +"maximum number of times we try to search for successor circle formation (0 " +"for R5N)" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1200 src/nse/gnunet-nse-profiler.c:853 +#: src/testbed/gnunet-testbed-profiler.c:305 +msgid "name of the file with the login information for the testbed" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1206 +msgid "delay between rounds for collecting statistics (default: 30 sec)" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1212 +msgid "delay to start doing PUTs (default: 1 sec)" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1218 +msgid "delay to start doing GETs (default: 5 min)" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1223 +msgid "replication degree for DHT PUTs" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1230 +msgid "timeout for DHT PUT and GET requests (default: 1 min)" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1248 +msgid "Measure quality and performance of the DHT service." +msgstr "" + #: src/dht/plugin_block_dht.c:187 #, fuzzy, c-format msgid "Block not of type %u\n" @@ -2546,7 +2736,7 @@ msgstr "" msgid "No useful service enabled. Exiting.\n" msgstr "" -#: src/exit/gnunet-daemon-exit.c:3969 +#: src/exit/gnunet-daemon-exit.c:3970 msgid "Daemon to run to provide an IP exit node for the VPN" msgstr "" @@ -3199,15 +3389,6 @@ msgid "" "chk/...)" msgstr "" -#: src/fs/gnunet-fs.c:119 -msgid "print a list of all indexed files" -msgstr "" - -#: src/fs/gnunet-fs.c:130 -#, fuzzy -msgid "Special file-sharing operations" -msgstr "Alle Optionen anzeigen" - #: src/fs/gnunet-fs-profiler.c:211 msgid "run the experiment with COUNT peers" msgstr "" @@ -3224,6 +3405,15 @@ msgstr "" msgid "run a testbed to measure file-sharing performance" msgstr "" +#: src/fs/gnunet-fs.c:119 +msgid "print a list of all indexed files" +msgstr "" + +#: src/fs/gnunet-fs.c:130 +#, fuzzy +msgid "Special file-sharing operations" +msgstr "Alle Optionen anzeigen" + #: src/fs/gnunet-publish.c:219 src/fs/gnunet-publish.c:231 #, c-format msgid "Publishing `%s' at %llu/%llu (%s remaining)\n" @@ -3923,22 +4113,11 @@ msgstr "" msgid "GNUnet DNS-to-GNS proxy (a DNS server)" msgstr "" -#: src/gns/gnunet-gns.c:235 src/gns/plugin_rest_gns.c:346 -#, c-format -msgid "Invalid typename specified, assuming `ANY'\n" -msgstr "" - -#: src/gns/gnunet-gns.c:252 -#, c-format -msgid "Please specify name to lookup!\n" -msgstr "" - -#: src/gns/gnunet-gns.c:276 -#, c-format -msgid "Ego for `%s' not found, cannot perform lookup.\n" +#: src/gns/gnunet-gns-helper-service-w32.c:602 +msgid "Not ready to process requests, lacking ego data\n" msgstr "" -#: src/gns/gnunet-gns.c:315 src/gns/gnunet-gns-helper-service-w32.c:701 +#: src/gns/gnunet-gns-helper-service-w32.c:701 src/gns/gnunet-gns.c:315 #: src/gns/plugin_rest_gns.c:422 #, c-format msgid "" @@ -3946,56 +4125,12 @@ msgid "" "gns-import.sh?\n" msgstr "" -#: src/gns/gnunet-gns.c:355 src/gns/gnunet-gns-helper-service-w32.c:727 -#, fuzzy, c-format -msgid "Failed to connect to GNS\n" -msgstr "Es konnte keine Verbindung mit gnunetd hergestellt werden.\n" - -#: src/gns/gnunet-gns.c:374 -#, c-format -msgid "Public key `%s' is not well-formed\n" -msgstr "" - -#: src/gns/gnunet-gns.c:428 -msgid "Lookup a record for the given name" -msgstr "" - -#: src/gns/gnunet-gns.c:434 -#, fuzzy -msgid "Specify the type of the record to lookup" -msgstr "Die Priorität des Inhalts angeben" - -#: src/gns/gnunet-gns.c:440 -msgid "Specify timeout for the lookup" -msgstr "" - -#: src/gns/gnunet-gns.c:445 -msgid "No unneeded output" -msgstr "" - -#: src/gns/gnunet-gns.c:451 -msgid "Specify the public key of the zone to lookup the record in" -msgstr "" - -#: src/gns/gnunet-gns.c:457 -msgid "Specify the name of the ego of the zone to lookup the record in" -msgstr "" - -#: src/gns/gnunet-gns.c:476 -#, fuzzy -msgid "GNUnet GNS resolver tool" -msgstr "GNUnet Netzwerk Topologie tracen." - -#: src/gns/gnunet-gns-helper-service-w32.c:602 -msgid "Not ready to process requests, lacking ego data\n" -msgstr "" - #: src/gns/gnunet-gns-helper-service-w32.c:739 #, fuzzy, c-format msgid "Failed to connect to identity service\n" msgstr "Es konnte keine Verbindung mit gnunetd hergestellt werden.\n" -#: src/gns/gnunet-gns-import.c:489 +#: src/gns/gnunet-gns-import.c:452 msgid "This program will import some GNS authorities into your GNS namestore." msgstr "" @@ -4103,30 +4238,80 @@ msgstr "" msgid "No ego configured for `%s`\n" msgstr "" -#: src/gns/gnunet-gns-proxy.c:3226 -#, fuzzy, c-format -msgid "Failed to load SSL/TLS key and certificate from `%s'\n" -msgstr "Fehler beim Lesen der Freunde-Liste von `%s'\n" - -#: src/gns/gnunet-gns-proxy.c:3269 -msgid "listen on specified port (default: 7777)" +#: src/gns/gnunet-gns-proxy.c:3226 +#, fuzzy, c-format +msgid "Failed to load SSL/TLS key and certificate from `%s'\n" +msgstr "Fehler beim Lesen der Freunde-Liste von `%s'\n" + +#: src/gns/gnunet-gns-proxy.c:3269 +msgid "listen on specified port (default: 7777)" +msgstr "" + +#: src/gns/gnunet-gns-proxy.c:3275 +msgid "pem file to use as CA" +msgstr "" + +#: src/gns/gnunet-gns-proxy.c:3300 +msgid "GNUnet GNS proxy" +msgstr "" + +#: src/gns/gnunet-gns.c:235 src/gns/plugin_rest_gns.c:346 +#, c-format +msgid "Invalid typename specified, assuming `ANY'\n" +msgstr "" + +#: src/gns/gnunet-gns.c:252 +#, c-format +msgid "Please specify name to lookup!\n" +msgstr "" + +#: src/gns/gnunet-gns.c:276 +#, c-format +msgid "Ego for `%s' not found, cannot perform lookup.\n" +msgstr "" + +#: src/gns/gnunet-gns.c:374 +#, c-format +msgid "Public key `%s' is not well-formed\n" +msgstr "" + +#: src/gns/gnunet-gns.c:428 +msgid "Lookup a record for the given name" +msgstr "" + +#: src/gns/gnunet-gns.c:434 +#, fuzzy +msgid "Specify the type of the record to lookup" +msgstr "Die Priorität des Inhalts angeben" + +#: src/gns/gnunet-gns.c:440 +msgid "Specify timeout for the lookup" +msgstr "" + +#: src/gns/gnunet-gns.c:445 +msgid "No unneeded output" msgstr "" -#: src/gns/gnunet-gns-proxy.c:3275 -msgid "pem file to use as CA" +#: src/gns/gnunet-gns.c:451 +msgid "Specify the public key of the zone to lookup the record in" msgstr "" -#: src/gns/gnunet-gns-proxy.c:3300 -msgid "GNUnet GNS proxy" +#: src/gns/gnunet-gns.c:457 +msgid "Specify the name of the ego of the zone to lookup the record in" msgstr "" +#: src/gns/gnunet-gns.c:476 +#, fuzzy +msgid "GNUnet GNS resolver tool" +msgstr "GNUnet Netzwerk Topologie tracen." + #: src/gns/gnunet-service-gns.c:442 #, fuzzy msgid "Failed to connect to the namecache!\n" msgstr "Es konnte keine Verbindung mit gnunetd hergestellt werden.\n" #: src/gns/gnunet-service-gns.c:461 -#: src/zonemaster/gnunet-service-zonemaster.c:741 +#: src/zonemaster/gnunet-service-zonemaster.c:742 #, fuzzy msgid "Could not connect to DHT!\n" msgstr "Verbindung zu gnunetd konnte nicht hergestellt werden.\n" @@ -4185,45 +4370,35 @@ msgstr "" msgid "Hostname `%s' is not well-formed, resolution fails\n" msgstr "" -#: src/gns/plugin_gnsrecord_gns.c:203 +#: src/gns/plugin_gnsrecord_gns.c:179 #, c-format msgid "Unable to parse PKEY record `%s'\n" msgstr "" -#: src/gns/plugin_gnsrecord_gns.c:232 +#: src/gns/plugin_gnsrecord_gns.c:208 #, fuzzy, c-format msgid "Unable to parse GNS2DNS record `%s'\n" msgstr "Dateiformat fehlerhaft (kein GNUnet Verzeichnis?)\n" -#: src/gns/plugin_gnsrecord_gns.c:253 +#: src/gns/plugin_gnsrecord_gns.c:229 #, c-format msgid "Failed to serialize GNS2DNS record with value `%s'\n" msgstr "" -#: src/gns/plugin_gnsrecord_gns.c:276 +#: src/gns/plugin_gnsrecord_gns.c:252 #, fuzzy, c-format msgid "Unable to parse VPN record string `%s'\n" msgstr "Fehler beim Speichern der Konfigurationsdatei `%s':" -#: src/gns/plugin_gnsrecord_gns.c:312 +#: src/gns/plugin_gnsrecord_gns.c:288 #, fuzzy, c-format msgid "Unable to parse BOX record string `%s'\n" msgstr "Fehler beim Speichern der Konfigurationsdatei `%s':" -#: src/gns/plugin_gnsrecord_gns.c:360 -#, fuzzy, c-format -msgid "Unable to parse REVERSE record string `%s'\n" -msgstr "Fehler beim Speichern der Konfigurationsdatei `%s':" - #: src/gns/plugin_rest_gns.c:384 msgid "Ego for not found, cannot perform lookup.\n" msgstr "" -#: src/gns/plugin_rest_gns.c:668 -#, fuzzy -msgid "GNS REST API initialized\n" -msgstr " Verbindung fehlgeschlagen\n" - #: src/gnsrecord/plugin_gnsrecord_dns.c:359 #, c-format msgid "Unable to parse IPv4 address `%s'\n" @@ -4655,6 +4830,53 @@ msgstr "»%s« ist keine gültige IP-Adresse.\n" msgid "Could not start hostlist HTTP server on port %u\n" msgstr "Der Transportdienst auf Port %d konnte nicht gestartet werden.\n" +#: src/identity-provider/gnunet-idp.c:348 +#, fuzzy +msgid "Ego is required\n" +msgstr "Option `%s' macht keinen Sinn ohne die Option `%s'.\n" + +#: src/identity-provider/gnunet-idp.c:370 +msgid "Add attribute" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:376 +msgid "Attribute value" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:381 +msgid "Ego" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:386 +msgid "Audience (relying party)" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:390 +msgid "List attributes for Ego" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:395 +msgid "Issue a ticket" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:400 +msgid "Consume a ticket" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:405 +msgid "Revoke a ticket" +msgstr "" + +#: src/identity-provider/identity_provider_api.c:429 +#, fuzzy +msgid "failed to store record\n" +msgstr "Zustellung der Nachricht `%s' fehlgeschlagen.\n" + +#: src/identity-provider/plugin_rest_identity_provider.c:1175 +#, fuzzy +msgid "Identity Provider REST API initialized\n" +msgstr " Verbindung fehlgeschlagen\n" + #: src/identity/gnunet-identity.c:179 #, fuzzy, c-format msgid "Failed to create ego: %s\n" @@ -4742,33 +4964,10 @@ msgstr "Fehler beim Speichern der Konfigurationsdatei `%s':" msgid "Failed to create directory `%s' for storing egos\n" msgstr "Dateiformat fehlerhaft (kein GNUnet Verzeichnis?)\n" -#: src/identity/plugin_rest_identity.c:967 +#: src/identity/plugin_rest_identity.c:964 msgid "Identity REST API initialized\n" msgstr "" -#: src/identity-provider/gnunet-identity-token.c:66 -#, fuzzy -msgid "Option `-t' is required\n" -msgstr "Option `%s' macht keinen Sinn ohne die Option `%s'.\n" - -#: src/identity-provider/gnunet-identity-token.c:77 -#, fuzzy, c-format -msgid "Token `%s' is malformed\n" -msgstr "Schlüssel »%s« ist gültig\n" - -#: src/identity-provider/gnunet-identity-token.c:166 -msgid "GNUid token" -msgstr "" - -#: src/identity-provider/gnunet-identity-token.c:171 -msgid "Print token contents" -msgstr "" - -#: src/identity-provider/plugin_rest_identity_provider.c:1166 -#, fuzzy -msgid "Identity Token REST API initialized\n" -msgstr " Verbindung fehlgeschlagen\n" - #: src/json/json.c:119 #, fuzzy, c-format msgid "Failed to parse JSON in option `%s': %s (%s)\n" @@ -4870,11 +5069,65 @@ msgstr "Zustellung der Nachricht `%s' fehlgeschlagen.\n" msgid "flat plugin running\n" msgstr "Sqlite-Datenbank läuft\n" -#: src/namecache/plugin_namecache_postgres.c:90 -#: src/namestore/plugin_namestore_postgres.c:97 +#: src/namestore/gnunet-namestore-fcfsd.c:508 +#, fuzzy, c-format +msgid "Unsupported form value `%s'\n" +msgstr "Kommando `%s' wird nicht unterstützt. Vorgang wird abgebrochen.\n" + +#: src/namestore/gnunet-namestore-fcfsd.c:535 +#, fuzzy, c-format +msgid "Failed to create record for domain `%s': %s\n" +msgstr "Fehler beim Lesen der Freunde-Liste von `%s'\n" + +#: src/namestore/gnunet-namestore-fcfsd.c:555 +msgid "Error when mapping zone to name\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:585 +#, c-format +msgid "Found existing name `%s' for the given key\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:662 +#, c-format +msgid "Found %u existing records for domain `%s'\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:718 +#, fuzzy, c-format +msgid "Failed to create page for `%s'\n" +msgstr "Fehler beim Aktualisieren der Daten des Moduls `%s'\n" + +#: src/namestore/gnunet-namestore-fcfsd.c:734 +#, fuzzy, c-format +msgid "Failed to setup post processor for `%s'\n" +msgstr "Fehler beim Aktualisieren der Daten des Moduls `%s'\n" + +#: src/namestore/gnunet-namestore-fcfsd.c:770 +msgid "Domain name must not contain `.'\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:778 +msgid "Domain name must not contain `+'\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:974 +msgid "No ego configured for `fcfsd` subsystem\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:1000 #, fuzzy -msgid "Failed to create indices\n" -msgstr "Zustellung der Nachricht `%s' fehlgeschlagen.\n" +msgid "Failed to start HTTP server\n" +msgstr "Fehler beim Senden einer `%s' Anfrage an den SMTP Server.\n" + +#: src/namestore/gnunet-namestore-fcfsd.c:1042 +#, fuzzy +msgid "Failed to connect to identity\n" +msgstr "Es konnte keine Verbindung mit gnunetd hergestellt werden.\n" + +#: src/namestore/gnunet-namestore-fcfsd.c:1074 +msgid "GNU Name System First Come First Serve name registration service" +msgstr "" #: src/namestore/gnunet-namestore.c:301 #, c-format @@ -4882,13 +5135,13 @@ msgid "Adding record failed: %s\n" msgstr "" #: src/namestore/gnunet-namestore.c:330 -#: src/namestore/plugin_rest_namestore.c:562 +#: src/namestore/plugin_rest_namestore.c:567 #, c-format msgid "Deleting record failed, record does not exist%s%s\n" msgstr "" #: src/namestore/gnunet-namestore.c:337 -#: src/namestore/plugin_rest_namestore.c:571 +#: src/namestore/plugin_rest_namestore.c:576 #, c-format msgid "Deleting record failed%s%s\n" msgstr "" @@ -4906,7 +5159,7 @@ msgid "Records already exist under `%s', cannot add `%s' record.\n" msgstr "" #: src/namestore/gnunet-namestore.c:698 -#: src/namestore/plugin_rest_namestore.c:597 +#: src/namestore/plugin_rest_namestore.c:602 #, c-format msgid "There are no records under label `%s' that could be deleted.\n" msgstr "" @@ -4917,24 +5170,11 @@ msgid "" "There are no records under label `%s' that match the request for deletion.\n" msgstr "" -#: src/namestore/gnunet-namestore.c:776 -#: src/namestore/plugin_rest_namestore.c:1004 -#, fuzzy, c-format -msgid "Ego `%s' not known to identity service\n" -msgstr "`%s': unbekannter Dienst: %s\n" - #: src/namestore/gnunet-namestore.c:791 #, c-format msgid "No options given\n" msgstr "" -#: src/namestore/gnunet-namestore.c:802 -#: src/namestore/gnunet-namestore-fcfsd.c:1034 -#: src/namestore/plugin_rest_namestore.c:1017 -#, fuzzy -msgid "Failed to connect to namestore\n" -msgstr "Es konnte keine Verbindung mit gnunetd hergestellt werden.\n" - #: src/namestore/gnunet-namestore.c:810 src/namestore/gnunet-namestore.c:819 #: src/namestore/gnunet-namestore.c:838 src/namestore/gnunet-namestore.c:861 #: src/namestore/gnunet-namestore.c:915 @@ -4948,14 +5188,14 @@ msgid "add" msgstr "" #: src/namestore/gnunet-namestore.c:829 -#: src/namestore/plugin_rest_namestore.c:671 +#: src/namestore/plugin_rest_namestore.c:676 #, fuzzy, c-format msgid "Unsupported type `%s'\n" msgstr "Kommando `%s' wird nicht unterstützt. Vorgang wird abgebrochen.\n" #: src/namestore/gnunet-namestore.c:851 -#: src/namestore/plugin_rest_namestore.c:689 -#: src/namestore/plugin_rest_namestore.c:729 +#: src/namestore/plugin_rest_namestore.c:694 +#: src/namestore/plugin_rest_namestore.c:734 #, fuzzy, c-format msgid "Value `%s' invalid for record type `%s'\n" msgstr "%s: Symbolwert `%s' ist ungültig für %s\n" @@ -4974,8 +5214,7 @@ msgstr "" msgid "Invalid public key for reverse lookup `%s'\n" msgstr "" -#: src/namestore/gnunet-namestore.c:979 -#: src/peerinfo-tool/gnunet-peerinfo.c:775 +#: src/namestore/gnunet-namestore.c:979 src/peerinfo-tool/gnunet-peerinfo.c:775 #, fuzzy, c-format msgid "Invalid URI `%s'\n" msgstr "Ungültiger Parameter: `%s'\n" @@ -4986,13 +5225,13 @@ msgid "Invalid nick `%s'\n" msgstr "Ungültiger Parameter: `%s'\n" #: src/namestore/gnunet-namestore.c:1051 -#: src/namestore/plugin_rest_namestore.c:1047 +#: src/namestore/plugin_rest_namestore.c:1052 #, c-format msgid "No default ego configured in identity service\n" msgstr "" #: src/namestore/gnunet-namestore.c:1108 -#: src/namestore/plugin_rest_namestore.c:1143 +#: src/namestore/plugin_rest_namestore.c:1148 #, fuzzy, c-format msgid "Cannot connect to identity service\n" msgstr "Verbindung zu %u.%u.%u.%u:%u fehlgeschlagen: %s\n" @@ -5052,67 +5291,7 @@ msgstr "" msgid "name of the ego controlling the zone" msgstr "" -#: src/namestore/gnunet-namestore-fcfsd.c:508 -#, fuzzy, c-format -msgid "Unsupported form value `%s'\n" -msgstr "Kommando `%s' wird nicht unterstützt. Vorgang wird abgebrochen.\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:535 -#, fuzzy, c-format -msgid "Failed to create record for domain `%s': %s\n" -msgstr "Fehler beim Lesen der Freunde-Liste von `%s'\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:555 -msgid "Error when mapping zone to name\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:585 -#, c-format -msgid "Found existing name `%s' for the given key\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:662 -#, c-format -msgid "Found %u existing records for domain `%s'\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:718 -#, fuzzy, c-format -msgid "Failed to create page for `%s'\n" -msgstr "Fehler beim Aktualisieren der Daten des Moduls `%s'\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:734 -#, fuzzy, c-format -msgid "Failed to setup post processor for `%s'\n" -msgstr "Fehler beim Aktualisieren der Daten des Moduls `%s'\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:770 -msgid "Domain name must not contain `.'\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:778 -msgid "Domain name must not contain `+'\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:974 -msgid "No ego configured for `fcfsd` subsystem\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:1000 -#, fuzzy -msgid "Failed to start HTTP server\n" -msgstr "Fehler beim Senden einer `%s' Anfrage an den SMTP Server.\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:1042 -#, fuzzy -msgid "Failed to connect to identity\n" -msgstr "Es konnte keine Verbindung mit gnunetd hergestellt werden.\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:1074 -msgid "GNU Name System First Come First Serve name registration service" -msgstr "" - -#: src/namestore/gnunet-service-namestore.c:612 +#: src/namestore/gnunet-service-namestore.c:615 #, c-format msgid "Failed to replicate block in namecache: %s\n" msgstr "" @@ -5126,7 +5305,7 @@ msgstr "" msgid "flat file database running\n" msgstr "Sqlite-Datenbank läuft\n" -#: src/namestore/plugin_rest_namestore.c:1188 +#: src/namestore/plugin_rest_namestore.c:1193 #, fuzzy msgid "Namestore REST API initialized\n" msgstr " Verbindung fehlgeschlagen\n" @@ -5416,10 +5595,6 @@ msgstr "Kommando `%s' wurde nicht gefunden!\n" msgid "`upnpc' command not found\n" msgstr "Kommando `%s' wurde nicht gefunden!\n" -#: src/nse/gnunet-nse.c:122 -msgid "Show network size estimates from NSE service." -msgstr "" - #: src/nse/gnunet-nse-profiler.c:842 msgid "limit to the number of connections to NSE services, 0 for none" msgstr "" @@ -5440,71 +5615,18 @@ msgstr "" msgid "delay between rounds" msgstr "" -#: src/nse/gnunet-nse-profiler.c:886 -msgid "Measure quality and performance of the NSE service." -msgstr "" - -#: src/nse/gnunet-service-nse.c:1534 -#: src/revocation/gnunet-service-revocation.c:838 src/util/gnunet-scrypt.c:276 -msgid "Value is too large.\n" -msgstr "" - -#: src/peerinfo/gnunet-service-peerinfo.c:178 -#, fuzzy, c-format -msgid "Removing expired address of transport `%s'\n" -msgstr "Verfügbare(r) Transport(e): %s\n" - -#: src/peerinfo/gnunet-service-peerinfo.c:310 -#, fuzzy, c-format -msgid "Failed to parse HELLO in file `%s': %s\n" -msgstr "Datei wurde als `%s' gespeichert.\n" - -#: src/peerinfo/gnunet-service-peerinfo.c:331 -#: src/peerinfo/gnunet-service-peerinfo.c:362 -#, fuzzy, c-format -msgid "Failed to parse HELLO in file `%s'\n" -msgstr "Datei wurde als `%s' gespeichert.\n" - -#: src/peerinfo/gnunet-service-peerinfo.c:446 -msgid "# peers known" -msgstr "" - -#: src/peerinfo/gnunet-service-peerinfo.c:489 -#, c-format -msgid "" -"File `%s' in directory `%s' does not match naming convention. Removed.\n" -msgstr "" -"Die Datei »%s« im Verzeichnis »%s« entspricht nicht der Namenskonvention. " -"Die Datei wurde entfernt.\n" - -#: src/peerinfo/gnunet-service-peerinfo.c:655 -#, fuzzy, c-format -msgid "Scanning directory `%s'\n" -msgstr "==> Verzeichnis `%s':\n" - -#: src/peerinfo/gnunet-service-peerinfo.c:663 -#, fuzzy, c-format -msgid "Still no peers found in `%s'!\n" -msgstr "Dienst `%s' konnte nicht ordentlich entladen werden!\n" - -#: src/peerinfo/gnunet-service-peerinfo.c:1076 -#, fuzzy, c-format -msgid "Cleaning up directory `%s'\n" -msgstr "==> Verzeichnis `%s':\n" - -#: src/peerinfo/gnunet-service-peerinfo.c:1405 -#, c-format -msgid "Importing HELLOs from `%s'\n" +#: src/nse/gnunet-nse-profiler.c:886 +msgid "Measure quality and performance of the NSE service." msgstr "" -#: src/peerinfo/gnunet-service-peerinfo.c:1418 -msgid "Skipping import of included HELLOs\n" +#: src/nse/gnunet-nse.c:122 +msgid "Show network size estimates from NSE service." msgstr "" -#: src/peerinfo/peerinfo_api.c:220 -#, fuzzy -msgid "Failed to receive response from `PEERINFO' service." -msgstr "Fehler beim Empfangen der Antwort von gnunetd auf die `%s' Nachricht\n" +#: src/nse/gnunet-service-nse.c:1534 +#: src/revocation/gnunet-service-revocation.c:838 src/util/gnunet-scrypt.c:276 +msgid "Value is too large.\n" +msgstr "" #: src/peerinfo-tool/gnunet-peerinfo.c:239 #, fuzzy, c-format @@ -5596,6 +5718,63 @@ msgstr "Teste Transport(e) %s\n" msgid "Failed to load transport plugin for `%s'\n" msgstr "Anwendung `%s' konnte nicht initialisiert werden.\n" +#: src/peerinfo/gnunet-service-peerinfo.c:178 +#, fuzzy, c-format +msgid "Removing expired address of transport `%s'\n" +msgstr "Verfügbare(r) Transport(e): %s\n" + +#: src/peerinfo/gnunet-service-peerinfo.c:310 +#, fuzzy, c-format +msgid "Failed to parse HELLO in file `%s': %s\n" +msgstr "Datei wurde als `%s' gespeichert.\n" + +#: src/peerinfo/gnunet-service-peerinfo.c:331 +#: src/peerinfo/gnunet-service-peerinfo.c:362 +#, fuzzy, c-format +msgid "Failed to parse HELLO in file `%s'\n" +msgstr "Datei wurde als `%s' gespeichert.\n" + +#: src/peerinfo/gnunet-service-peerinfo.c:446 +msgid "# peers known" +msgstr "" + +#: src/peerinfo/gnunet-service-peerinfo.c:489 +#, c-format +msgid "" +"File `%s' in directory `%s' does not match naming convention. Removed.\n" +msgstr "" +"Die Datei »%s« im Verzeichnis »%s« entspricht nicht der Namenskonvention. " +"Die Datei wurde entfernt.\n" + +#: src/peerinfo/gnunet-service-peerinfo.c:655 +#, fuzzy, c-format +msgid "Scanning directory `%s'\n" +msgstr "==> Verzeichnis `%s':\n" + +#: src/peerinfo/gnunet-service-peerinfo.c:663 +#, fuzzy, c-format +msgid "Still no peers found in `%s'!\n" +msgstr "Dienst `%s' konnte nicht ordentlich entladen werden!\n" + +#: src/peerinfo/gnunet-service-peerinfo.c:1076 +#, fuzzy, c-format +msgid "Cleaning up directory `%s'\n" +msgstr "==> Verzeichnis `%s':\n" + +#: src/peerinfo/gnunet-service-peerinfo.c:1405 +#, c-format +msgid "Importing HELLOs from `%s'\n" +msgstr "" + +#: src/peerinfo/gnunet-service-peerinfo.c:1418 +msgid "Skipping import of included HELLOs\n" +msgstr "" + +#: src/peerinfo/peerinfo_api.c:220 +#, fuzzy +msgid "Failed to receive response from `PEERINFO' service." +msgstr "Fehler beim Empfangen der Antwort von gnunetd auf die `%s' Nachricht\n" + #: src/peerstore/gnunet-peerstore.c:91 msgid "peerstore" msgstr "" @@ -5644,15 +5823,10 @@ msgstr "" msgid "Unable to create indices: %s.\n" msgstr "Zustellung der Nachricht `%s' fehlgeschlagen.\n" -#: src/postgres/postgres.c:67 -#, fuzzy, c-format -msgid "`%s:%s' failed at %s:%d with error: %s\n" -msgstr "`%s' schlug bei %s:%d mit dem Fehler %s fehl\n" - -#: src/postgres/postgres.c:192 +#: src/pq/pq_prepare.c:80 #, fuzzy, c-format -msgid "Unable to connect to Postgres database '%s': %s\n" -msgstr "Fehler beim Anlegen des Benutzerkontos:" +msgid "PQprepare (`%s' as `%s') failed with error: %s\n" +msgstr "`%s' an `%s' schlug fehl bei %s:%d mit dem Fehler: %s\n" #: src/psycstore/gnunet-service-psycstore.c:249 #, fuzzy @@ -5832,56 +6006,56 @@ msgstr "" msgid "Daemon to announce regular expressions for the peer using cadet." msgstr "" -#: src/regex/gnunet-regex-profiler.c:1314 +#: src/regex/gnunet-regex-profiler.c:1386 msgid "No configuration file given. Exiting\n" msgstr "Keine Konfigurationsdatei angegeben. Abbruch\n" -#: src/regex/gnunet-regex-profiler.c:1355 +#: src/regex/gnunet-regex-profiler.c:1427 #: src/regex/gnunet-regex-simulation-profiler.c:630 #, c-format msgid "No policy directory specified on command line. Exiting.\n" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1361 +#: src/regex/gnunet-regex-profiler.c:1433 #: src/regex/gnunet-regex-simulation-profiler.c:638 #, c-format msgid "Specified policies directory does not exist. Exiting.\n" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1368 +#: src/regex/gnunet-regex-profiler.c:1440 #, c-format msgid "No files found in `%s'\n" msgstr "Keine Dateien in »%s« gefunden\n" -#: src/regex/gnunet-regex-profiler.c:1377 +#: src/regex/gnunet-regex-profiler.c:1449 msgid "No search strings file given. Exiting.\n" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1397 +#: src/regex/gnunet-regex-profiler.c:1469 msgid "Error loading search strings. Exiting.\n" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1485 +#: src/regex/gnunet-regex-profiler.c:1557 msgid "name of the file for writing statistics" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1491 +#: src/regex/gnunet-regex-profiler.c:1563 msgid "wait TIMEOUT before ending the experiment" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1497 +#: src/regex/gnunet-regex-profiler.c:1569 msgid "directory with policy files" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1504 +#: src/regex/gnunet-regex-profiler.c:1576 msgid "name of file with input strings" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1510 +#: src/regex/gnunet-regex-profiler.c:1582 msgid "name of file with hosts' names" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1523 +#: src/regex/gnunet-regex-profiler.c:1595 msgid "Profiler for regex" msgstr "" @@ -6110,10 +6284,10 @@ msgstr "" msgid "Calculate the Vectorproduct with a GNUnet peer." msgstr "" -#: src/scalarproduct/gnunet-service-scalarproduct_alice.c:1407 -#: src/scalarproduct/gnunet-service-scalarproduct_bob.c:1345 -#: src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c:1180 +#: src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c:1172 #: src/scalarproduct/gnunet-service-scalarproduct-ecc_bob.c:1063 +#: src/scalarproduct/gnunet-service-scalarproduct_alice.c:1401 +#: src/scalarproduct/gnunet-service-scalarproduct_bob.c:1345 #, fuzzy msgid "Connect to CADET failed\n" msgstr " Verbindung fehlgeschlagen\n" @@ -6138,7 +6312,7 @@ msgstr "" msgid "also profile decryption" msgstr "" -#: src/set/gnunet-service-set.c:1948 +#: src/set/gnunet-service-set.c:1989 #, fuzzy msgid "Could not connect to CADET service\n" msgstr "Verbindung zum %s-Dienst ist fehlgeschlagen!\n" @@ -6198,113 +6372,113 @@ msgstr "" msgid "say good-bye and leave somebody else's place" msgstr "" -#: src/social/gnunet-social.c:1227 src/social/gnunet-social.c:1232 +#: src/social/gnunet-social.c:1227 msgid "create a place" msgstr "" -#: src/social/gnunet-social.c:1237 +#: src/social/gnunet-social.c:1232 msgid "destroy a place we were hosting" msgstr "" -#: src/social/gnunet-social.c:1242 +#: src/social/gnunet-social.c:1237 msgid "enter somebody else's place" msgstr "" -#: src/social/gnunet-social.c:1248 +#: src/social/gnunet-social.c:1243 msgid "find state matching name prefix" msgstr "" -#: src/social/gnunet-social.c:1253 +#: src/social/gnunet-social.c:1248 msgid "replay history of messages up to the given --limit" msgstr "" -#: src/social/gnunet-social.c:1258 +#: src/social/gnunet-social.c:1253 msgid "reconnect to a previously created place" msgstr "" -#: src/social/gnunet-social.c:1263 +#: src/social/gnunet-social.c:1258 msgid "publish something to a place we are hosting" msgstr "" -#: src/social/gnunet-social.c:1268 +#: src/social/gnunet-social.c:1263 msgid "reconnect to a previously entered place" msgstr "" -#: src/social/gnunet-social.c:1273 +#: src/social/gnunet-social.c:1268 msgid "search for state matching exact name" msgstr "" -#: src/social/gnunet-social.c:1278 +#: src/social/gnunet-social.c:1273 msgid "submit something to somebody's place" msgstr "" -#: src/social/gnunet-social.c:1283 +#: src/social/gnunet-social.c:1278 msgid "list of egos and subscribed places" msgstr "" -#: src/social/gnunet-social.c:1288 +#: src/social/gnunet-social.c:1283 msgid "extract and replay history between message IDs --start and --until" msgstr "" -#: src/social/gnunet-social.c:1297 +#: src/social/gnunet-social.c:1292 msgid "application ID to use when connecting" msgstr "" -#: src/social/gnunet-social.c:1303 +#: src/social/gnunet-social.c:1298 msgid "message body or state value" msgstr "" -#: src/social/gnunet-social.c:1309 +#: src/social/gnunet-social.c:1304 #, fuzzy msgid "name or public key of ego" msgstr "Ungültiger Parameter: `%s'\n" -#: src/social/gnunet-social.c:1314 +#: src/social/gnunet-social.c:1309 msgid "wait for incoming messages" msgstr "" -#: src/social/gnunet-social.c:1320 +#: src/social/gnunet-social.c:1315 msgid "GNS name" msgstr "" -#: src/social/gnunet-social.c:1326 +#: src/social/gnunet-social.c:1321 msgid "peer ID for --guest-enter" msgstr "" -#: src/social/gnunet-social.c:1332 +#: src/social/gnunet-social.c:1327 msgid "name (key) to query from state" msgstr "" -#: src/social/gnunet-social.c:1338 +#: src/social/gnunet-social.c:1333 msgid "method name" msgstr "" -#: src/social/gnunet-social.c:1344 +#: src/social/gnunet-social.c:1339 #, fuzzy msgid "number of messages to replay from history" msgstr "Anzahl an Durchläufen" -#: src/social/gnunet-social.c:1350 +#: src/social/gnunet-social.c:1345 msgid "key address of place" msgstr "" -#: src/social/gnunet-social.c:1356 +#: src/social/gnunet-social.c:1351 msgid "start message ID for history replay" msgstr "" -#: src/social/gnunet-social.c:1361 +#: src/social/gnunet-social.c:1356 msgid "respond to entry requests by admitting all guests" msgstr "" -#: src/social/gnunet-social.c:1367 +#: src/social/gnunet-social.c:1362 msgid "end message ID for history replay" msgstr "" -#: src/social/gnunet-social.c:1372 +#: src/social/gnunet-social.c:1367 msgid "respond to entry requests by refusing all guests" msgstr "" -#: src/social/gnunet-social.c:1382 +#: src/social/gnunet-social.c:1377 msgid "" "gnunet-social - Interact with the social service: enter/leave, send/receive " "messages, access history and state.\n" @@ -6497,7 +6671,7 @@ msgid "" msgstr "" #: src/testbed/gnunet-daemon-testbed-underlay.c:231 src/testing/list-keys.c:46 -#: src/testing/testing.c:288 src/util/gnunet-ecc.c:298 +#: src/testing/testing.c:288 src/util/gnunet-ecc.c:301 #, c-format msgid "Incorrect hostkey file format: %s\n" msgstr "" @@ -6567,6 +6741,17 @@ msgstr "" msgid "%.s Unknown result code." msgstr "" +#: src/testbed/gnunet-testbed-profiler.c:290 +msgid "tolerate COUNT number of continious timeout failures" +msgstr "" + +#: src/testbed/gnunet-testbed-profiler.c:295 +msgid "" +"run profiler in non-interactive mode where upon testbed setup the profiler " +"does not wait for a keystroke but continues to run until a termination " +"signal is received" +msgstr "" + #: src/testbed/gnunet_testbed_mpi_spawn.c:118 #, fuzzy msgid "Waiting for child to exit.\n" @@ -6579,17 +6764,6 @@ msgstr "" msgid "Spawning process `%s'\n" msgstr "Ungültige Antwort auf `%s'.\n" -#: src/testbed/gnunet-testbed-profiler.c:290 -msgid "tolerate COUNT number of continious timeout failures" -msgstr "" - -#: src/testbed/gnunet-testbed-profiler.c:295 -msgid "" -"run profiler in non-interactive mode where upon testbed setup the profiler " -"does not wait for a keystroke but continues to run until a termination " -"signal is received" -msgstr "" - #: src/testbed/testbed_api.c:410 #, fuzzy, c-format msgid "Adding host %u failed with error: %s\n" @@ -6882,10 +7056,6 @@ msgstr "# HELLO-Meldungen empfangen" msgid "GNUnet topology control" msgstr "" -#: src/transport/gnunet-service-transport_ats.c:141 -msgid "# Addresses given to ATS" -msgstr "" - #: src/transport/gnunet-service-transport.c:448 msgid "# messages dropped due to slow client" msgstr "" @@ -6930,6 +7100,10 @@ msgstr "" msgid "Transport service is lacking key configuration settings. Exiting.\n" msgstr "" +#: src/transport/gnunet-service-transport_ats.c:141 +msgid "# Addresses given to ATS" +msgstr "" + #: src/transport/gnunet-service-transport_hello.c:195 msgid "# refreshed my HELLO" msgstr "" @@ -7251,6 +7425,43 @@ msgstr "" msgid "# validations succeeded" msgstr "" +#: src/transport/gnunet-transport-profiler.c:219 +#, c-format +msgid "%llu B in %llu ms == %.2f KB/s!\n" +msgstr "" + +#: src/transport/gnunet-transport-profiler.c:617 +msgid "send data to peer" +msgstr "" + +#: src/transport/gnunet-transport-profiler.c:621 +#, fuzzy +msgid "receive data from peer" +msgstr "# Bytes des Typs %d empfangen" + +#: src/transport/gnunet-transport-profiler.c:626 +msgid "iterations" +msgstr "" + +#: src/transport/gnunet-transport-profiler.c:631 +#, fuzzy +msgid "number of messages to send" +msgstr "Anzahl an Durchläufen" + +#: src/transport/gnunet-transport-profiler.c:636 +msgid "message size to use" +msgstr "" + +#: src/transport/gnunet-transport-profiler.c:641 +#: src/transport/gnunet-transport.c:1462 +msgid "peer identity" +msgstr "" + +#: src/transport/gnunet-transport-profiler.c:652 +#: src/transport/gnunet-transport.c:1482 +msgid "Direct access to transport service." +msgstr "Direkter Zugriff auf den Transportdienst" + #: src/transport/gnunet-transport.c:413 #, c-format msgid "Transmitted %llu bytes/s (%llu bytes in %s)\n" @@ -7383,11 +7594,6 @@ msgstr "" msgid "do not resolve hostnames" msgstr "Keine Rechnernamen auflösen" -#: src/transport/gnunet-transport.c:1462 -#: src/transport/gnunet-transport-profiler.c:641 -msgid "peer identity" -msgstr "" - #: src/transport/gnunet-transport.c:1466 msgid "monitor plugin sessions" msgstr "" @@ -7396,41 +7602,9 @@ msgstr "" msgid "send data for benchmarking to the other peer (until CTRL-C)" msgstr "" -#: src/transport/gnunet-transport.c:1482 -#: src/transport/gnunet-transport-profiler.c:652 -msgid "Direct access to transport service." -msgstr "Direkter Zugriff auf den Transportdienst" - -#: src/transport/gnunet-transport-profiler.c:219 -#, c-format -msgid "%llu B in %llu ms == %.2f KB/s!\n" -msgstr "" - -#: src/transport/gnunet-transport-profiler.c:617 -msgid "send data to peer" -msgstr "" - -#: src/transport/gnunet-transport-profiler.c:621 -#, fuzzy -msgid "receive data from peer" -msgstr "# Bytes des Typs %d empfangen" - -#: src/transport/gnunet-transport-profiler.c:626 -msgid "iterations" -msgstr "" - -#: src/transport/gnunet-transport-profiler.c:631 -#, fuzzy -msgid "number of messages to send" -msgstr "Anzahl an Durchläufen" - -#: src/transport/gnunet-transport-profiler.c:636 -msgid "message size to use" -msgstr "" - #: src/transport/plugin_transport_http_client.c:1474 -#: src/transport/plugin_transport_http_server.c:2249 -#: src/transport/plugin_transport_http_server.c:3463 +#: src/transport/plugin_transport_http_server.c:2312 +#: src/transport/plugin_transport_http_server.c:3526 #: src/transport/plugin_transport_tcp.c:3890 #: src/transport/plugin_transport_tcp.c:3897 msgid "TCP_STEALTH not supported on this platform.\n" @@ -7442,13 +7616,13 @@ msgid "Could not initialize curl multi handle, failed to start %s plugin!\n" msgstr "" #: src/transport/plugin_transport_http_client.c:2164 -#: src/transport/plugin_transport_http_server.c:3178 +#: src/transport/plugin_transport_http_server.c:3241 #, fuzzy, c-format msgid "Shutting down plugin `%s'\n" msgstr "Collection `%s' begonnen.\n" #: src/transport/plugin_transport_http_client.c:2181 -#: src/transport/plugin_transport_http_server.c:3248 +#: src/transport/plugin_transport_http_server.c:3311 #, fuzzy, c-format msgid "Shutdown for plugin `%s' complete\n" msgstr "GNUnet wurde erfolgreich heruntergefahren.\n" @@ -7458,103 +7632,103 @@ msgstr "GNUnet wurde erfolgreich heruntergefahren.\n" msgid "Maximum number of requests is %u\n" msgstr "Maximale Anzahl der Verbindungen ist %u\n" -#: src/transport/plugin_transport_http_server.c:1727 +#: src/transport/plugin_transport_http_server.c:1756 #, c-format msgid "" "Access from connection %p (%u of %u) for `%s' `%s' url `%s' with upload data " "size %u\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:1967 +#: src/transport/plugin_transport_http_server.c:2028 #, c-format msgid "Accepting connection (%u of %u) from `%s'\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:1975 +#: src/transport/plugin_transport_http_server.c:2036 #, c-format msgid "" "Server reached maximum number connections (%u), rejecting new connection\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2125 +#: src/transport/plugin_transport_http_server.c:2186 msgid "" "Could not create a new TLS certificate, program `gnunet-transport-" "certificate-creation' could not be started!\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2148 +#: src/transport/plugin_transport_http_server.c:2209 #, c-format msgid "No usable TLS certificate found and creating one at `%s/%s' failed!\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2275 +#: src/transport/plugin_transport_http_server.c:2338 msgid "Could not load or create server certificate! Loading plugin failed!\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2587 +#: src/transport/plugin_transport_http_server.c:2650 msgid "Require valid port number for service in configuration!\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2752 +#: src/transport/plugin_transport_http_server.c:2815 #, c-format msgid "Found %u addresses to report to NAT service\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2838 +#: src/transport/plugin_transport_http_server.c:2901 #: src/transport/plugin_transport_udp.c:3622 msgid "Disabling IPv6 since it is not supported on this system!\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2944 +#: src/transport/plugin_transport_http_server.c:3007 #, c-format msgid "IPv4 support is %s\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2959 +#: src/transport/plugin_transport_http_server.c:3022 #, c-format msgid "IPv6 support is %s\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2965 +#: src/transport/plugin_transport_http_server.c:3028 msgid "Neither IPv4 nor IPv6 are enabled! Fix in configuration\n" msgstr "" "Weder IPv4 noch IPv6 sind aktiviert! Bearbeiten Sie die Konfiguration\n" -#: src/transport/plugin_transport_http_server.c:2976 +#: src/transport/plugin_transport_http_server.c:3039 msgid "Port is required! Fix in configuration\n" msgstr "Port ist erforderlich! Bearbeiten Sie die Konfiguration\n" -#: src/transport/plugin_transport_http_server.c:2982 +#: src/transport/plugin_transport_http_server.c:3045 #, c-format msgid "Using port %u\n" msgstr "Port %u wird verwendet\n" -#: src/transport/plugin_transport_http_server.c:3001 +#: src/transport/plugin_transport_http_server.c:3064 #, c-format msgid "Specific IPv4 address `%s' in configuration file is invalid!\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:3036 +#: src/transport/plugin_transport_http_server.c:3099 #, c-format msgid "Specific IPv6 address `%s' in configuration file is invalid!\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:3111 +#: src/transport/plugin_transport_http_server.c:3174 #, c-format msgid "Using external hostname `%s'\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:3132 +#: src/transport/plugin_transport_http_server.c:3195 #, fuzzy, c-format msgid "Notifying transport only about hostname `%s'\n" msgstr "Teste Transport(e) %s\n" -#: src/transport/plugin_transport_http_server.c:3149 +#: src/transport/plugin_transport_http_server.c:3212 #, c-format msgid "Maximum number of connections is %u\n" msgstr "Maximale Anzahl der Verbindungen ist %u\n" -#: src/transport/plugin_transport_http_server.c:3475 +#: src/transport/plugin_transport_http_server.c:3538 msgid "Unable to compile URL regex\n" msgstr "" @@ -7700,21 +7874,6 @@ msgstr "" msgid "TCP transport advertises itself as being on port %llu\n" msgstr "" -#: src/transport/plugin_transport_udp_broadcasting.c:168 -#, fuzzy -msgid "# Multicast HELLO beacons received via UDP" -msgstr "# Bytes empfangen über TCP" - -#: src/transport/plugin_transport_udp_broadcasting.c:548 -msgid "" -"Disabling HELLO broadcasting due to friend-to-friend only configuration!\n" -msgstr "" - -#: src/transport/plugin_transport_udp_broadcasting.c:565 -#, fuzzy, c-format -msgid "Failed to set IPv4 broadcast option for broadcast socket on port %d\n" -msgstr "Der Transportdienst auf Port %d konnte nicht gestartet werden.\n" - #: src/transport/plugin_transport_udp.c:3366 #, c-format msgid "" @@ -7762,6 +7921,21 @@ msgstr "»%s« ist keine gültige IP-Adresse.\n" msgid "Failed to create UDP network sockets\n" msgstr "UDP-Sockets können nicht geöffnet werden\n" +#: src/transport/plugin_transport_udp_broadcasting.c:168 +#, fuzzy +msgid "# Multicast HELLO beacons received via UDP" +msgstr "# Bytes empfangen über TCP" + +#: src/transport/plugin_transport_udp_broadcasting.c:548 +msgid "" +"Disabling HELLO broadcasting due to friend-to-friend only configuration!\n" +msgstr "" + +#: src/transport/plugin_transport_udp_broadcasting.c:565 +#, fuzzy, c-format +msgid "Failed to set IPv4 broadcast option for broadcast socket on port %d\n" +msgstr "Der Transportdienst auf Port %d konnte nicht gestartet werden.\n" + #: src/transport/plugin_transport_unix.c:1403 #, c-format msgid "Cannot create path to `%s'\n" @@ -7875,7 +8049,7 @@ msgid "" "`GNUNET_SERVER_receive_done' after %s\n" msgstr "" -#: src/transport/tcp_service_legacy.c:339 src/util/service.c:2337 +#: src/transport/tcp_service_legacy.c:339 src/util/service.c:2336 #, c-format msgid "Unknown address family %d\n" msgstr "" @@ -7920,51 +8094,51 @@ msgstr "Es konnte keine Verbindung mit gnunetd hergestellt werden.\n" msgid "Service `%s' runs at %s\n" msgstr "Dienst »%s« läuft auf %s\n" -#: src/transport/tcp_service_legacy.c:1251 src/util/service.c:1501 +#: src/transport/tcp_service_legacy.c:1251 src/util/service.c:1500 msgid "Service process failed to initialize\n" msgstr "" -#: src/transport/tcp_service_legacy.c:1255 src/util/service.c:1505 +#: src/transport/tcp_service_legacy.c:1255 src/util/service.c:1504 msgid "Service process could not initialize server function\n" msgstr "" -#: src/transport/tcp_service_legacy.c:1259 src/util/service.c:1509 +#: src/transport/tcp_service_legacy.c:1259 src/util/service.c:1508 msgid "Service process failed to report status\n" msgstr "" #: src/transport/tcp_service_legacy.c:1313 src/util/disk.c:1488 -#: src/util/service.c:1379 +#: src/util/service.c:1378 #, fuzzy, c-format msgid "Cannot obtain information about user `%s': %s\n" msgstr "Fehler beim Speichern der Konfigurationsdatei: `%s': %s.\n" -#: src/transport/tcp_service_legacy.c:1314 src/util/service.c:1381 +#: src/transport/tcp_service_legacy.c:1314 src/util/service.c:1380 msgid "No such user" msgstr "" -#: src/transport/tcp_service_legacy.c:1327 src/util/service.c:1400 +#: src/transport/tcp_service_legacy.c:1327 src/util/service.c:1399 #, c-format msgid "Cannot change user/group to `%s': %s\n" msgstr "Benutzer/Gruppe kann nicht zu »%s« geändert werden: %s\n" -#: src/transport/tcp_service_legacy.c:1398 src/util/service.c:1728 +#: src/transport/tcp_service_legacy.c:1398 src/util/service.c:1727 msgid "do daemonize (detach from terminal)" msgstr "" #: src/transport/tcp_service_legacy.c:1448 src/util/program.c:244 -#: src/util/service.c:1791 +#: src/util/service.c:1790 #, fuzzy, c-format msgid "Malformed configuration file `%s', exit ...\n" msgstr "Konfigurationsdatei `%s' wurde erzeugt.\n" #: src/transport/tcp_service_legacy.c:1458 src/util/program.c:261 -#: src/util/service.c:1802 +#: src/util/service.c:1801 #, fuzzy msgid "Malformed configuration, exit ...\n" msgstr "GNUnet Konfiguration" #: src/transport/tcp_service_legacy.c:1463 src/util/program.c:256 -#: src/util/service.c:1808 +#: src/util/service.c:1807 #, fuzzy, c-format msgid "Could not access configuration file `%s'\n" msgstr "Konfigurationsdatei `%s' konnte nicht geparst werden.\n" @@ -8008,55 +8182,55 @@ msgstr "" msgid "Need a non-empty hostname for service `%s'.\n" msgstr "" -#: src/util/common_logging.c:256 src/util/common_logging.c:1129 +#: src/util/common_logging.c:259 src/util/common_logging.c:1132 msgid "DEBUG" msgstr "DEBUG" -#: src/util/common_logging.c:258 src/util/common_logging.c:1127 +#: src/util/common_logging.c:261 src/util/common_logging.c:1130 msgid "INFO" msgstr "INFO" -#: src/util/common_logging.c:260 src/util/common_logging.c:1125 +#: src/util/common_logging.c:263 src/util/common_logging.c:1128 msgid "MESSAGE" msgstr "" -#: src/util/common_logging.c:262 src/util/common_logging.c:1123 +#: src/util/common_logging.c:265 src/util/common_logging.c:1126 msgid "WARNING" msgstr "WARNUNG" -#: src/util/common_logging.c:264 src/util/common_logging.c:1121 +#: src/util/common_logging.c:267 src/util/common_logging.c:1124 msgid "ERROR" msgstr "FEHLER" -#: src/util/common_logging.c:266 src/util/common_logging.c:1131 +#: src/util/common_logging.c:269 src/util/common_logging.c:1134 msgid "NONE" msgstr "" -#: src/util/common_logging.c:879 +#: src/util/common_logging.c:882 #, c-format msgid "Message `%.*s' repeated %u times in the last %s\n" msgstr "" -#: src/util/common_logging.c:1132 +#: src/util/common_logging.c:1135 msgid "INVALID" msgstr "" -#: src/util/common_logging.c:1302 +#: src/util/common_logging.c:1326 msgid "unknown address" msgstr "Unbekannte Adresse" -#: src/util/common_logging.c:1344 +#: src/util/common_logging.c:1368 msgid "invalid address" msgstr "Ungültige Adresse" -#: src/util/common_logging.c:1362 +#: src/util/common_logging.c:1386 #, fuzzy, c-format msgid "Configuration fails to specify option `%s' in section `%s'!\n" msgstr "" "Die Konfigurationsdatei muss in der Sektion `%s' unter `%s' ein Verzeichnis " "angeben, in dem FS Daten gespeichert werden.\n" -#: src/util/common_logging.c:1383 +#: src/util/common_logging.c:1407 #, fuzzy, c-format msgid "" "Configuration specifies invalid value for option `%s' in section `%s': %s\n" @@ -8064,34 +8238,34 @@ msgstr "" "Die Konfigurationsdatei muss in der Sektion `%s' unter `%s' ein Verzeichnis " "angeben, in dem FS Daten gespeichert werden.\n" -#: src/util/configuration.c:286 +#: src/util/configuration.c:296 #, fuzzy, c-format msgid "Syntax error while deserializing in line %u\n" msgstr "Syntaxfehler in Konfigurationsdatei `%s' in Zeile %d.\n" -#: src/util/configuration.c:344 +#: src/util/configuration.c:355 #, fuzzy, c-format msgid "Error while reading file `%s'\n" msgstr "Konfigurationsdatei `%s' konnte nicht geöffnet werden.\n" -#: src/util/configuration.c:1017 +#: src/util/configuration.c:1034 #, c-format msgid "" "Configuration value '%s' for '%s' in section '%s' is not in set of legal " "choices\n" msgstr "" -#: src/util/configuration.c:1136 +#: src/util/configuration.c:1153 #, c-format msgid "Recursive expansion suspected, aborting $-expansion for term `%s'\n" msgstr "" -#: src/util/configuration.c:1169 +#: src/util/configuration.c:1186 #, c-format msgid "Missing closing `%s' in option `%s'\n" msgstr "" -#: src/util/configuration.c:1237 +#: src/util/configuration.c:1254 #, c-format msgid "" "Failed to expand `%s' in `%s' as it is neither found in [PATHS] nor defined " @@ -8125,32 +8299,32 @@ msgstr "RSA Signaturüberprüfung fehlgeschlagen bei %s:%d: %s\n" msgid "EdDSA signature verification failed at %s:%d: %s\n" msgstr "RSA Signaturüberprüfung fehlgeschlagen bei %s:%d: %s\n" -#: src/util/crypto_ecc_setup.c:122 src/util/crypto_ecc_setup.c:160 -#: src/util/crypto_ecc_setup.c:278 src/util/crypto_ecc_setup.c:316 +#: src/util/crypto_ecc_setup.c:122 src/util/crypto_ecc_setup.c:161 +#: src/util/crypto_ecc_setup.c:279 src/util/crypto_ecc_setup.c:317 #, fuzzy, c-format msgid "Could not acquire lock on file `%s': %s...\n" msgstr "PID konnte nicht in Datei `%s' geschrieben werden: %s.\n" -#: src/util/crypto_ecc_setup.c:127 src/util/crypto_ecc_setup.c:283 +#: src/util/crypto_ecc_setup.c:128 src/util/crypto_ecc_setup.c:284 #, fuzzy msgid "Creating a new private key. This may take a while.\n" msgstr "Ein neuer Hostkey wird erzeugt (dies kann eine Weile dauern).\n" -#: src/util/crypto_ecc_setup.c:164 src/util/crypto_ecc_setup.c:320 +#: src/util/crypto_ecc_setup.c:165 src/util/crypto_ecc_setup.c:322 msgid "This may be ok if someone is currently generating a private key.\n" msgstr "" -#: src/util/crypto_ecc_setup.c:194 src/util/crypto_ecc_setup.c:350 +#: src/util/crypto_ecc_setup.c:195 src/util/crypto_ecc_setup.c:352 #, c-format msgid "" "When trying to read key file `%s' I found %u bytes but I need at least %u.\n" msgstr "" -#: src/util/crypto_ecc_setup.c:198 src/util/crypto_ecc_setup.c:354 +#: src/util/crypto_ecc_setup.c:199 src/util/crypto_ecc_setup.c:356 msgid "This may be ok if someone is currently generating a key.\n" msgstr "" -#: src/util/crypto_ecc_setup.c:413 +#: src/util/crypto_ecc_setup.c:415 #, fuzzy msgid "Could not load peer's private key\n" msgstr "Anwendung `%s' konnte nicht initialisiert werden.\n" @@ -8344,22 +8518,22 @@ msgstr "" msgid "Manipulate GNUnet configuration files" msgstr "GNUnet-Konfigurationsdateien bearbeiten" -#: src/util/gnunet-ecc.c:84 +#: src/util/gnunet-ecc.c:89 #, c-format msgid "Failed to open `%s': %s\n" msgstr "»%s« kann nicht geöffnet werden: %s\n" -#: src/util/gnunet-ecc.c:120 +#: src/util/gnunet-ecc.c:125 #, c-format msgid "Generating %u keys like %s, please wait" msgstr "" -#: src/util/gnunet-ecc.c:133 +#: src/util/gnunet-ecc.c:138 #, c-format msgid "Generating %u keys, please wait" msgstr "" -#: src/util/gnunet-ecc.c:174 +#: src/util/gnunet-ecc.c:179 #, c-format msgid "" "\n" @@ -8368,7 +8542,7 @@ msgstr "" "\n" "Schreiben in »%s« nicht möglich: %s\n" -#: src/util/gnunet-ecc.c:184 +#: src/util/gnunet-ecc.c:189 #, c-format msgid "" "\n" @@ -8377,53 +8551,57 @@ msgstr "" "\n" "Abgeschlossen!\n" -#: src/util/gnunet-ecc.c:187 +#: src/util/gnunet-ecc.c:192 #, c-format msgid "" "\n" "Error, %u keys not generated\n" msgstr "" -#: src/util/gnunet-ecc.c:280 +#: src/util/gnunet-ecc.c:283 #, fuzzy, c-format msgid "Hostkeys file `%s' not found\n" msgstr "Kommando `%s' wurde nicht gefunden!\n" -#: src/util/gnunet-ecc.c:291 +#: src/util/gnunet-ecc.c:294 #, c-format msgid "Hostkeys file `%s' is empty\n" msgstr "" -#: src/util/gnunet-ecc.c:313 +#: src/util/gnunet-ecc.c:316 #, fuzzy, c-format msgid "Could not read hostkey file: %s\n" msgstr "PID konnte nicht in Datei `%s' geschrieben werden: %s.\n" -#: src/util/gnunet-ecc.c:364 +#: src/util/gnunet-ecc.c:367 msgid "No hostkey file specified on command line\n" msgstr "" -#: src/util/gnunet-ecc.c:416 +#: src/util/gnunet-ecc.c:425 msgid "list keys included in a file (for testing)" msgstr "" -#: src/util/gnunet-ecc.c:421 +#: src/util/gnunet-ecc.c:430 msgid "number of keys to list included in a file (for testing)" msgstr "" -#: src/util/gnunet-ecc.c:426 +#: src/util/gnunet-ecc.c:435 msgid "create COUNT public-private key pairs (for testing)" msgstr "" -#: src/util/gnunet-ecc.c:430 +#: src/util/gnunet-ecc.c:439 msgid "print the public key in ASCII format" msgstr "" -#: src/util/gnunet-ecc.c:434 +#: src/util/gnunet-ecc.c:443 +msgid "print the public key in HEX format" +msgstr "" + +#: src/util/gnunet-ecc.c:447 msgid "print examples of ECC operations (used for compatibility testing)" msgstr "" -#: src/util/gnunet-ecc.c:449 +#: src/util/gnunet-ecc.c:463 msgid "Manipulate GNUnet private ECC key files" msgstr "" @@ -8515,7 +8693,7 @@ msgstr "Verbindung zu %u.%u.%u.%u:%u fehlgeschlagen: %s\n" msgid "Unable to shorten unix path `%s' while keeping name unique\n" msgstr "" -#: src/util/network.c:1793 src/util/network.c:1969 +#: src/util/network.c:1793 src/util/network.c:1977 #, c-format msgid "" "Fatal internal logic error, process hangs in `%s' (abort with CTRL-C)!\n" @@ -8569,7 +8747,7 @@ msgstr "`%s' fehlgeschlagen für die Bibliothek `%s'. Ort: %s:%d. Fehler: %s\n" msgid "Could not determine plugin installation path.\n" msgstr "Öffentliche IP-Adresse konnte nicht ermittelt werden.\n" -#: src/util/resolver_api.c:204 +#: src/util/resolver_api.c:203 #, c-format msgid "" "Missing `%s' for `%s' in configuration, DNS resolution will be unavailable.\n" @@ -8584,33 +8762,33 @@ msgstr "" "Sie müssen für `%s' in der Sektion `%s' der Konfigurationsdatei eine " "positive Zahl angeben.\n" -#: src/util/resolver_api.c:815 +#: src/util/resolver_api.c:826 #, fuzzy, c-format msgid "Timeout trying to resolve hostname `%s'.\n" msgstr "Fehler beim Lesen der Freunde-Liste von `%s'\n" -#: src/util/resolver_api.c:827 +#: src/util/resolver_api.c:839 #, c-format msgid "Timeout trying to resolve IP address `%s'.\n" msgstr "" -#: src/util/resolver_api.c:1004 +#: src/util/resolver_api.c:1023 #, fuzzy msgid "Resolver not configured correctly.\n" msgstr "Standarddienst »%s« ist nicht korrekt eingerichtet!\n" -#: src/util/resolver_api.c:1086 src/util/resolver_api.c:1107 -#: src/util/resolver_api.c:1121 +#: src/util/resolver_api.c:1109 src/util/resolver_api.c:1132 +#: src/util/resolver_api.c:1146 #, fuzzy, c-format msgid "Could not resolve our FQDN: %s\n" msgstr "`%s' konnte nicht aufgelöst werden: %s\n" -#: src/util/service.c:1306 +#: src/util/service.c:1305 msgid "" "Could not bind to any of the ports I was supposed to, refusing to run!\n" msgstr "" -#: src/util/service.c:2082 +#: src/util/service.c:2081 #, c-format msgid "" "Processing code for message of type %u did not call " @@ -8685,63 +8863,63 @@ msgstr "Tage" msgid "end of time" msgstr "" -#: src/util/strings.c:1269 +#: src/util/strings.c:1270 msgid "IPv6 address did not start with `['\n" msgstr "IPv6-Adresse beginnt nicht mit »[«\n" -#: src/util/strings.c:1277 +#: src/util/strings.c:1278 msgid "IPv6 address did contain ':' to separate port number\n" msgstr "IPv6-Adresse enthält kein »:« zur Abtrennung der Portnummer\n" -#: src/util/strings.c:1283 +#: src/util/strings.c:1284 msgid "IPv6 address did contain ']' before ':' to separate port number\n" msgstr "IPv6-Adresse enthält kein »]« vor »:« zur Abtrennung der Portnummer\n" -#: src/util/strings.c:1290 +#: src/util/strings.c:1291 msgid "IPv6 address did contain a valid port number after the last ':'\n" msgstr "IPv6-Adresse enthält keine gültige Portnummer nach dem letzten »:«\n" -#: src/util/strings.c:1299 +#: src/util/strings.c:1300 #, fuzzy, c-format msgid "Invalid IPv6 address `%s': %s\n" msgstr "Ungültige Antwort auf `%s' von `%s'\n" -#: src/util/strings.c:1571 src/util/strings.c:1587 +#: src/util/strings.c:1572 src/util/strings.c:1588 msgid "Port not in range\n" msgstr "Port außerhalb des Bereichs\n" -#: src/util/strings.c:1596 +#: src/util/strings.c:1597 #, c-format msgid "Malformed port policy `%s'\n" msgstr "" -#: src/util/strings.c:1679 src/util/strings.c:1710 src/util/strings.c:1758 -#: src/util/strings.c:1779 +#: src/util/strings.c:1680 src/util/strings.c:1711 src/util/strings.c:1759 +#: src/util/strings.c:1780 #, c-format msgid "Invalid format for IP: `%s'\n" msgstr "Ungültiges Format für IP: »%s«\n" -#: src/util/strings.c:1736 +#: src/util/strings.c:1737 #, c-format msgid "Invalid network notation ('/%d' is not legal in IPv4 CIDR)." msgstr "Ungültige Netzwerk-Notation ('/%d ist nicht gültig in IPv4 CIDR)." -#: src/util/strings.c:1788 +#: src/util/strings.c:1789 #, fuzzy, c-format msgid "Invalid format: `%s'\n" msgstr "Ungültiges Format für IP: `%s'\n" -#: src/util/strings.c:1840 +#: src/util/strings.c:1841 #, c-format msgid "Invalid network notation (does not end with ';': `%s')\n" msgstr "Ungültige Netzwerk-Notation (endet nicht mit »;«: »%s«)\n" -#: src/util/strings.c:1890 +#: src/util/strings.c:1891 #, fuzzy, c-format msgid "Wrong format `%s' for netmask\n" msgstr "Falsches Format `%s' für Netzmaske: %s\n" -#: src/util/strings.c:1921 +#: src/util/strings.c:1922 #, fuzzy, c-format msgid "Wrong format `%s' for network\n" msgstr "Falsches Format `%s' für Netzwerk: %s\n" @@ -8920,27 +9098,43 @@ msgstr "Dienst wird über UDP angeboten" msgid "Setup tunnels via VPN." msgstr "Tunnel über VPN einrichten." -#: src/zonemaster/gnunet-service-zonemaster.c:705 +#: src/zonemaster/gnunet-service-zonemaster.c:706 #, fuzzy msgid "Failed to connect to the namestore!\n" msgstr "Es konnte keine Verbindung mit gnunetd hergestellt werden.\n" -#: src/include/gnunet_common.h:674 src/include/gnunet_common.h:681 -#: src/include/gnunet_common.h:691 src/include/gnunet_common.h:699 +#: src/include/gnunet_common.h:689 src/include/gnunet_common.h:696 +#: src/include/gnunet_common.h:706 src/include/gnunet_common.h:714 #, fuzzy, c-format msgid "Assertion failed at %s:%d.\n" msgstr "`%s' schlug fehl bei %s:%d mit dem Fehler: `%s'.\n" -#: src/include/gnunet_common.h:711 +#: src/include/gnunet_common.h:726 #, fuzzy, c-format msgid "External protocol violation detected at %s:%d.\n" msgstr "Protokollverletzung auf Socket. Kommando erwartet.\n" -#: src/include/gnunet_common.h:738 src/include/gnunet_common.h:747 +#: src/include/gnunet_common.h:753 src/include/gnunet_common.h:762 #, fuzzy, c-format msgid "`%s' failed on file `%s' at %s:%d with error: %s\n" msgstr "`%s' schlug bei Datei `%s' fehl. Ort: %s:%d. Fehler: %s\n" +#, fuzzy +#~ msgid "Token `%s' is malformed\n" +#~ msgstr "Schlüssel »%s« ist gültig\n" + +#, fuzzy +#~ msgid "Failed to create indices\n" +#~ msgstr "Zustellung der Nachricht `%s' fehlgeschlagen.\n" + +#, fuzzy +#~ msgid "`%s:%s' failed at %s:%d with error: %s\n" +#~ msgstr "`%s' schlug bei %s:%d mit dem Fehler %s fehl\n" + +#, fuzzy +#~ msgid "Unable to connect to Postgres database '%s': %s\n" +#~ msgstr "Fehler beim Anlegen des Benutzerkontos:" + #, fuzzy #~ msgid "Misconfiguration (can not connect to the ARM service)" #~ msgstr "" @@ -8968,10 +9162,6 @@ msgstr "`%s' schlug bei Datei `%s' fehl. Ort: %s:%d. Fehler: %s\n" #~ msgid "verbose output" #~ msgstr "Ausführliche Ausgabe" -#, fuzzy -#~ msgid "Specify the public key of the zone to reverse lookup a name for" -#~ msgstr "Die Priorität des Inhalts angeben" - #, fuzzy #~ msgid "# UPDATE requests executed" #~ msgstr "# dht Anfragen weitergeleitet" @@ -9053,10 +9243,6 @@ msgstr "`%s' schlug bei Datei `%s' fehl. Ort: %s:%d. Fehler: %s\n" #~ msgid "# transmission request failures" #~ msgstr "# Klartext PONG Nachrichten empfangen" -#, fuzzy -#~ msgid "# bytes sent to datastore" -#~ msgstr "# bytes in der Datenbank" - #, fuzzy #~ msgid "Failed to receive status response from database." #~ msgstr "" @@ -9281,10 +9467,6 @@ msgstr "`%s' schlug bei Datei `%s' fehl. Ort: %s:%d. Fehler: %s\n" #~ msgid "Timeout transmitting iteration request to `SENSOR' service." #~ msgstr "Fehler beim Senden einer `%s' Anfrage an den SMTP Server.\n" -#, fuzzy -#~ msgid "Error reading sensor version\n" -#~ msgstr "Fehler beim Anlegen des Benutzers" - #, fuzzy #~ msgid "Error reading sensor category\n" #~ msgstr "Fehler beim Anlegen des Benutzers" diff --git a/po/es.po b/po/es.po index 090f097d2..c4ede04a3 100644 --- a/po/es.po +++ b/po/es.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: gnunet 0.9.5a\n" "Report-Msgid-Bugs-To: gnunet-developers@mail.gnu.org\n" -"POT-Creation-Date: 2017-03-31 19:22-0500\n" +"POT-Creation-Date: 2017-10-20 15:14+0000\n" "PO-Revision-Date: 2013-02-23 17:50+0100\n" "Last-Translator: Miguel Ángel Arruga Vivas \n" "Language-Team: Spanish \n" @@ -288,7 +288,7 @@ msgstr "" "uno es necesario\n" #: src/arm/gnunet-service-arm.c:513 -#: src/transport/plugin_transport_http_server.c:2621 +#: src/transport/plugin_transport_http_server.c:2684 #: src/transport/plugin_transport_tcp.c:1259 #: src/transport/tcp_service_legacy.c:696 src/util/service.c:782 #, c-format @@ -296,7 +296,7 @@ msgid "Failed to resolve `%s': %s\n" msgstr "Se produjo un fallo al resolver «%s»: %s\n" #: src/arm/gnunet-service-arm.c:532 -#: src/transport/plugin_transport_http_server.c:2639 +#: src/transport/plugin_transport_http_server.c:2702 #: src/transport/plugin_transport_tcp.c:1278 #: src/transport/tcp_service_legacy.c:715 src/util/service.c:802 #, c-format @@ -376,152 +376,14 @@ msgstr "El servicio «%s» finalizó con estado %s/%d, se reiniciará en %llu ms msgid "Initiating shutdown as requested by client.\n" msgstr "Iniciando apagado bajo petición del cliente.\n" -#: src/ats/gnunet-ats-solver-eval.c:2781 src/ats/gnunet-ats-solver-eval.c:2822 -#, c-format -msgid "" -"Could not load quota for network `%s': `%s', assigning default bandwidth " -"%llu\n" -msgstr "" -"No se pudieron cargar las cuotas para la red «%s»: «%s», asignando el ancho " -"de banda predeterminado %llu\n" - -#: src/ats/gnunet-ats-solver-eval.c:2799 -#, c-format -msgid "" -"No outbound quota configured for network `%s', assigning default bandwidth " -"%llu\n" -msgstr "" -"No hay configurada una cuota de salida para la red «%s», asignando el ancho " -"de banda predeterminado %llu\n" - -#: src/ats/gnunet-ats-solver-eval.c:2840 -#, c-format -msgid "" -"No outbound quota configure for network `%s', assigning default bandwidth " -"%llu\n" -msgstr "" -"No hay configurada una cuota de salida para la red «%s», asignando el ancho " -"de banda predeterminado %llu\n" - -#: src/ats/gnunet-ats-solver-eval.c:3294 -#: src/ats-tests/gnunet-solver-eval.c:939 -#, fuzzy -msgid "solver to use" -msgstr "valor a establecer" - -#: src/ats/gnunet-ats-solver-eval.c:3299 -#: src/ats-tests/gnunet-solver-eval.c:945 -#: src/ats-tests/gnunet-solver-eval.c:950 -msgid "experiment to use" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:3306 -#, fuzzy -msgid "print logging" -msgstr "Iniciando descarga «%s».\n" - -#: src/ats/gnunet-ats-solver-eval.c:3311 -msgid "save logging to disk" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:3316 -msgid "disable normalization" -msgstr "" - -#: src/ats/gnunet-service-ats_plugins.c:304 -#, fuzzy, c-format -msgid "" -"Could not load %s quota for network `%s': `%s', assigning default bandwidth " -"%llu\n" -msgstr "" -"No se pudieron cargar las cuotas para la red «%s»: «%s», asignando el ancho " -"de banda predeterminado %llu\n" - -# Miguel: "Inbound" lo he traducido como entrada en todo el texto. -#: src/ats/gnunet-service-ats_plugins.c:314 -#, fuzzy, c-format -msgid "%s quota configured for network `%s' is %llu\n" -msgstr "La cuota de entrada configurada para la red «%s» es %llu\n" - -#: src/ats/gnunet-service-ats_plugins.c:359 -#, fuzzy, c-format -msgid "" -"No %s-quota configured for network `%s', assigning default bandwidth %llu\n" -msgstr "" -"No hay configurada una cuota de salida para la red «%s», asignando el ancho " -"de banda predeterminado %llu\n" - -#: src/ats/gnunet-service-ats_plugins.c:451 -#, fuzzy, c-format -msgid "Failed to initialize solver `%s'!\n" -msgstr "¡No se puede inicializar el resolvedor!\n" - -#: src/ats/plugin_ats_mlp.c:1274 -msgid "Problem size too large, cannot allocate memory!\n" -msgstr "" - -#: src/ats/plugin_ats_mlp.c:1869 -#, fuzzy, c-format -msgid "Adding address for peer `%s' multiple times\n" -msgstr "Añadiendo «%s» sin direcciones para el par «%s»\n" - -#: src/ats/plugin_ats_mlp.c:1913 -#, fuzzy, c-format -msgid "Updating address property for peer `%s' %p not added before\n" -msgstr "Añadiendo «%s» sin direcciones para el par «%s»\n" - -#: src/ats/plugin_ats_mlp.c:2475 -msgid "" -"MLP solver is not optimizing for anything, changing to feasibility check\n" -msgstr "" - -#: src/ats/plugin_ats_mlp.c:2515 src/ats/plugin_ats_mlp.c:2532 -#: src/ats/plugin_ats_mlp.c:2564 src/ats/plugin_ats_mlp.c:2582 -#: src/ats/plugin_ats_mlp.c:2601 src/ats/plugin_ats_proportional.c:1141 -#: src/ats/plugin_ats_ril.c:2612 src/ats/plugin_ats_ril.c:2629 -#: src/ats/plugin_ats_ril.c:2646 src/ats/plugin_ats_ril.c:2663 -#: src/ats/plugin_ats_ril.c:2680 src/ats/plugin_ats_ril.c:2697 -#: src/ats/plugin_ats_ril.c:2714 src/ats/plugin_ats_ril.c:2731 -#, fuzzy, c-format -msgid "Invalid %s configuration %f \n" -msgstr "Se produjo un fallo al cargar la configuración de %s\n" - -#: src/ats/plugin_ats_mlp.c:2670 -#, fuzzy, c-format -msgid "" -"Adjusting inconsistent outbound quota configuration for network `%s', is " -"%llu must be at least %llu\n" -msgstr "" -"No hay configurada una cuota de salida para la red «%s», asignando el ancho " -"de banda predeterminado %llu\n" - -#: src/ats/plugin_ats_mlp.c:2679 -#, fuzzy, c-format -msgid "" -"Adjusting inconsistent inbound quota configuration for network `%s', is %llu " -"must be at least %llu\n" +#: src/ats-tests/ats-testing-log.c:837 +msgid "Stop logging\n" msgstr "" -"No hay configuración de cuota de entrada para la red '%s', asignando el " -"ancho de banda predeterminado (%llu)\n" -# Miguel: "Outbound" lo he traducido como salida en todo el texto. -#: src/ats/plugin_ats_mlp.c:2689 -#, fuzzy, c-format -msgid "" -"Adjusting outbound quota configuration for network `%s'from %llu to %.0f\n" -msgstr "La cuota de salida configurada para la red «%s» es %llu\n" - -# Miguel: "Outbound" lo he traducido como salida en todo el texto. -#: src/ats/plugin_ats_mlp.c:2698 -#, fuzzy, c-format -msgid "" -"Adjusting inbound quota configuration for network `%s' from %llu to %.0f\n" -msgstr "La cuota de salida configurada para la red «%s» es %llu\n" - -#: src/ats/plugin_ats_proportional.c:1164 +#: src/ats-tests/ats-testing-log.c:892 #, fuzzy, c-format -msgid "Invalid %s configuration %f\n" -msgstr "Se produjo un fallo al cargar la configuración de %s\n" +msgid "Start logging `%s'\n" +msgstr "Iniciando descarga «%s».\n" #: src/ats-tests/ats-testing.c:422 #, c-format @@ -533,15 +395,6 @@ msgstr "" msgid "Failed to connect master peer [%u] with slave [%u]\n" msgstr "Fallo al conectar a gnunetd.\n" -#: src/ats-tests/ats-testing-log.c:837 -msgid "Stop logging\n" -msgstr "" - -#: src/ats-tests/ats-testing-log.c:892 -#, fuzzy, c-format -msgid "Start logging `%s'\n" -msgstr "Iniciando descarga «%s».\n" - #: src/ats-tests/gnunet-ats-sim.c:90 #, c-format msgid "" @@ -549,6 +402,16 @@ msgid "" "= %u KiB/s\n" msgstr "" +#: src/ats-tests/gnunet-solver-eval.c:939 src/ats/gnunet-ats-solver-eval.c:3294 +#, fuzzy +msgid "solver to use" +msgstr "valor a establecer" + +#: src/ats-tests/gnunet-solver-eval.c:945 +#: src/ats-tests/gnunet-solver-eval.c:950 src/ats/gnunet-ats-solver-eval.c:3299 +msgid "experiment to use" +msgstr "" + # Miguel: ¿Como podría traducir "resolutions" y "resolve"? # Son difíciles de no calcar, puesto que no conozco como expresar # el concepto de obtener una dirección a partir de un nombre @@ -683,6 +546,141 @@ msgstr "salida prolija (incluye las propiedades de direcciones del ATS)" msgid "Print information about ATS state" msgstr "Imprime información acerca del estado del ATS" +#: src/ats/gnunet-ats-solver-eval.c:2781 src/ats/gnunet-ats-solver-eval.c:2822 +#, c-format +msgid "" +"Could not load quota for network `%s': `%s', assigning default bandwidth " +"%llu\n" +msgstr "" +"No se pudieron cargar las cuotas para la red «%s»: «%s», asignando el ancho " +"de banda predeterminado %llu\n" + +#: src/ats/gnunet-ats-solver-eval.c:2799 +#, c-format +msgid "" +"No outbound quota configured for network `%s', assigning default bandwidth " +"%llu\n" +msgstr "" +"No hay configurada una cuota de salida para la red «%s», asignando el ancho " +"de banda predeterminado %llu\n" + +#: src/ats/gnunet-ats-solver-eval.c:2840 +#, c-format +msgid "" +"No outbound quota configure for network `%s', assigning default bandwidth " +"%llu\n" +msgstr "" +"No hay configurada una cuota de salida para la red «%s», asignando el ancho " +"de banda predeterminado %llu\n" + +#: src/ats/gnunet-ats-solver-eval.c:3306 +#, fuzzy +msgid "print logging" +msgstr "Iniciando descarga «%s».\n" + +#: src/ats/gnunet-ats-solver-eval.c:3311 +msgid "save logging to disk" +msgstr "" + +#: src/ats/gnunet-ats-solver-eval.c:3316 +msgid "disable normalization" +msgstr "" + +#: src/ats/gnunet-service-ats_plugins.c:304 +#, fuzzy, c-format +msgid "" +"Could not load %s quota for network `%s': `%s', assigning default bandwidth " +"%llu\n" +msgstr "" +"No se pudieron cargar las cuotas para la red «%s»: «%s», asignando el ancho " +"de banda predeterminado %llu\n" + +# Miguel: "Inbound" lo he traducido como entrada en todo el texto. +#: src/ats/gnunet-service-ats_plugins.c:314 +#, fuzzy, c-format +msgid "%s quota configured for network `%s' is %llu\n" +msgstr "La cuota de entrada configurada para la red «%s» es %llu\n" + +#: src/ats/gnunet-service-ats_plugins.c:359 +#, fuzzy, c-format +msgid "" +"No %s-quota configured for network `%s', assigning default bandwidth %llu\n" +msgstr "" +"No hay configurada una cuota de salida para la red «%s», asignando el ancho " +"de banda predeterminado %llu\n" + +#: src/ats/gnunet-service-ats_plugins.c:451 +#, fuzzy, c-format +msgid "Failed to initialize solver `%s'!\n" +msgstr "¡No se puede inicializar el resolvedor!\n" + +#: src/ats/plugin_ats_mlp.c:1274 +msgid "Problem size too large, cannot allocate memory!\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:1869 +#, fuzzy, c-format +msgid "Adding address for peer `%s' multiple times\n" +msgstr "Añadiendo «%s» sin direcciones para el par «%s»\n" + +#: src/ats/plugin_ats_mlp.c:1913 +#, fuzzy, c-format +msgid "Updating address property for peer `%s' %p not added before\n" +msgstr "Añadiendo «%s» sin direcciones para el par «%s»\n" + +#: src/ats/plugin_ats_mlp.c:2475 +msgid "" +"MLP solver is not optimizing for anything, changing to feasibility check\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:2515 src/ats/plugin_ats_mlp.c:2532 +#: src/ats/plugin_ats_mlp.c:2564 src/ats/plugin_ats_mlp.c:2582 +#: src/ats/plugin_ats_mlp.c:2601 src/ats/plugin_ats_proportional.c:1141 +#: src/ats/plugin_ats_ril.c:2612 src/ats/plugin_ats_ril.c:2629 +#: src/ats/plugin_ats_ril.c:2646 src/ats/plugin_ats_ril.c:2663 +#: src/ats/plugin_ats_ril.c:2680 src/ats/plugin_ats_ril.c:2697 +#: src/ats/plugin_ats_ril.c:2714 src/ats/plugin_ats_ril.c:2731 +#, fuzzy, c-format +msgid "Invalid %s configuration %f \n" +msgstr "Se produjo un fallo al cargar la configuración de %s\n" + +#: src/ats/plugin_ats_mlp.c:2670 +#, fuzzy, c-format +msgid "" +"Adjusting inconsistent outbound quota configuration for network `%s', is " +"%llu must be at least %llu\n" +msgstr "" +"No hay configurada una cuota de salida para la red «%s», asignando el ancho " +"de banda predeterminado %llu\n" + +#: src/ats/plugin_ats_mlp.c:2679 +#, fuzzy, c-format +msgid "" +"Adjusting inconsistent inbound quota configuration for network `%s', is %llu " +"must be at least %llu\n" +msgstr "" +"No hay configuración de cuota de entrada para la red '%s', asignando el " +"ancho de banda predeterminado (%llu)\n" + +# Miguel: "Outbound" lo he traducido como salida en todo el texto. +#: src/ats/plugin_ats_mlp.c:2689 +#, fuzzy, c-format +msgid "" +"Adjusting outbound quota configuration for network `%s'from %llu to %.0f\n" +msgstr "La cuota de salida configurada para la red «%s» es %llu\n" + +# Miguel: "Outbound" lo he traducido como salida en todo el texto. +#: src/ats/plugin_ats_mlp.c:2698 +#, fuzzy, c-format +msgid "" +"Adjusting inbound quota configuration for network `%s' from %llu to %.0f\n" +msgstr "La cuota de salida configurada para la red «%s» es %llu\n" + +#: src/ats/plugin_ats_proportional.c:1164 +#, fuzzy, c-format +msgid "Invalid %s configuration %f\n" +msgstr "Se produjo un fallo al cargar la configuración de %s\n" + #: src/auction/gnunet-auction-create.c:163 msgid "description of the item to be sold" msgstr "" @@ -834,6 +832,28 @@ msgid "Connection to conversation service lost, trying to reconnect\n" msgstr "" "El cliente se desconectó del servicio principal, tratando de reconectar.\n" +#: src/conversation/gnunet-conversation-test.c:119 +#, c-format +msgid "" +"\n" +"End of transmission. Have a GNU day.\n" +msgstr "" + +#: src/conversation/gnunet-conversation-test.c:145 +#, c-format +msgid "" +"\n" +"We are now playing your recording back. If you can hear it, your audio " +"settings are working..." +msgstr "" + +#: src/conversation/gnunet-conversation-test.c:210 +#, c-format +msgid "" +"We will now be recording you for %s. After that time, the recording will be " +"played back to you..." +msgstr "" + #: src/conversation/gnunet-conversation.c:269 #, c-format msgid "Incoming call from `%s'. Please /accept %u or /cancel %u the call.\n" @@ -1092,30 +1112,8 @@ msgstr "" msgid "Enables having a conversation with other GNUnet users." msgstr "" -#: src/conversation/gnunet-conversation-test.c:119 -#, c-format -msgid "" -"\n" -"End of transmission. Have a GNU day.\n" -msgstr "" - -#: src/conversation/gnunet-conversation-test.c:145 -#, c-format -msgid "" -"\n" -"We are now playing your recording back. If you can hear it, your audio " -"settings are working..." -msgstr "" - -#: src/conversation/gnunet-conversation-test.c:210 -#, c-format -msgid "" -"We will now be recording you for %s. After that time, the recording will be " -"played back to you..." -msgstr "" - -#: src/conversation/gnunet_gst.c:622 #: src/conversation/gnunet-helper-audio-playback-gst.c:356 +#: src/conversation/gnunet_gst.c:622 #, c-format msgid "Read error from STDIN: %d %s\n" msgstr "" @@ -1247,6 +1245,11 @@ msgid "Failed to allocate %u bytes for second packet\n" msgstr "" "Se produjo un fallo al alojar las direcciones IP para el nuevo destino\n" +#: src/conversation/gnunet-service-conversation.c:1276 +#, fuzzy, c-format +msgid "Could not open line, port %s already in use!\n" +msgstr "¡No se pudo conectar al servicio %s!\n" + #: src/conversation/microphone.c:119 #, fuzzy msgid "Could not start record audio helper\n" @@ -1534,8 +1537,140 @@ msgstr "# mapas de tipos recibidos" msgid "# updates to my type map" msgstr "# actualizaciones de mi mapa de tipos" +#: src/credential/credential_misc.c:88 +#, fuzzy, c-format +msgid "Unable to parse CRED record string `%s'\n" +msgstr "No se pudo procesar la cadena de registro VPN «%s»\n" + +#: src/credential/gnunet-credential.c:278 src/namestore/gnunet-namestore.c:776 +#: src/namestore/plugin_rest_namestore.c:1009 +#, fuzzy, c-format +msgid "Ego `%s' not known to identity service\n" +msgstr "'%s': servicio desconocido: %s\n" + +#: src/credential/gnunet-credential.c:294 +#: src/credential/gnunet-credential.c:446 +#, fuzzy, c-format +msgid "Issuer public key `%s' is not well-formed\n" +msgstr "El bloque del tipo %u está mal formado\n" + +#: src/credential/gnunet-credential.c:375 +#: src/credential/gnunet-credential.c:435 +#, fuzzy, c-format +msgid "Issuer public key not well-formed\n" +msgstr "El bloque del tipo %u está mal formado\n" + +#: src/credential/gnunet-credential.c:386 +#: src/credential/gnunet-credential.c:455 +#, fuzzy, c-format +msgid "Failed to connect to CREDENTIAL\n" +msgstr "Se produjo un fallo al conectar con GNS\n" + +#: src/credential/gnunet-credential.c:392 +#, c-format +msgid "You must provide issuer the attribute\n" +msgstr "" + +#: src/credential/gnunet-credential.c:399 +#, fuzzy, c-format +msgid "ego required\n" +msgstr "Tipo requerido\n" + +#: src/credential/gnunet-credential.c:415 +#, c-format +msgid "Subject public key needed\n" +msgstr "" + +#: src/credential/gnunet-credential.c:426 +#, fuzzy, c-format +msgid "Subject public key `%s' is not well-formed\n" +msgstr "El bloque del tipo %u está mal formado\n" + +#: src/credential/gnunet-credential.c:461 +#, c-format +msgid "You must provide issuer and subject attributes\n" +msgstr "" + +#: src/credential/gnunet-credential.c:511 +#, fuzzy, c-format +msgid "Issuer ego required\n" +msgstr "Tipo requerido\n" + +#: src/credential/gnunet-credential.c:523 +#, c-format +msgid "Please specify name to lookup, subject key and issuer key!\n" +msgstr "" + +#: src/credential/gnunet-credential.c:543 +msgid "create credential" +msgstr "" + +#: src/credential/gnunet-credential.c:547 +msgid "verify credential against attribute" +msgstr "" + +#: src/credential/gnunet-credential.c:552 +#, fuzzy +msgid "The public key of the subject to lookup the credential for" +msgstr "Especificar el tipo del registro a buscar" + +#: src/credential/gnunet-credential.c:557 +msgid "The name of the credential presented by the subject" +msgstr "" + +#: src/credential/gnunet-credential.c:562 +#, fuzzy +msgid "The public key of the authority to verify the credential against" +msgstr "Especificar el tipo del registro a buscar" + +#: src/credential/gnunet-credential.c:567 +#, fuzzy +msgid "The ego to use" +msgstr "tamaño del mensaje" + +#: src/credential/gnunet-credential.c:572 +msgid "The issuer attribute to verify against or to issue" +msgstr "" + +#: src/credential/gnunet-credential.c:577 +msgid "The time to live for the credential" +msgstr "" + +#: src/credential/gnunet-credential.c:581 +msgid "collect credentials" +msgstr "" + +#: src/credential/gnunet-credential.c:595 +#, fuzzy +msgid "GNUnet credential resolver tool" +msgstr "Herramienta de acceso GNUnet GNS" + +#: src/credential/gnunet-service-credential.c:1204 +#: src/gns/gnunet-gns-helper-service-w32.c:727 src/gns/gnunet-gns.c:355 +#, c-format +msgid "Failed to connect to GNS\n" +msgstr "Se produjo un fallo al conectar con GNS\n" + +#: src/credential/gnunet-service-credential.c:1210 +#: src/namestore/gnunet-namestore-fcfsd.c:1034 +#: src/namestore/gnunet-namestore.c:802 +#: src/namestore/plugin_rest_namestore.c:1022 +#, c-format +msgid "Failed to connect to namestore\n" +msgstr "Se produjo un fallo al conectar con el almacén de nombres\n" + +#: src/credential/plugin_gnsrecord_credential.c:186 +#, fuzzy, c-format +msgid "Unable to parse ATTR record string `%s'\n" +msgstr "No se pudo procesar la cadena de registro TLSA «%s»\n" + +#: src/credential/plugin_rest_credential.c:1155 src/gns/plugin_rest_gns.c:668 +#, fuzzy +msgid "GNS REST API initialized\n" +msgstr "Conexión fallida\n" + #: src/datacache/datacache.c:119 src/datacache/datacache.c:294 -#: src/datastore/gnunet-service-datastore.c:775 +#: src/datastore/gnunet-service-datastore.c:757 msgid "# bytes stored" msgstr "# bytes almacenados" @@ -1578,13 +1713,12 @@ msgstr "Caché de datos de montículo (heap) ejecutándose\n" #: src/datacache/plugin_datacache_sqlite.c:113 #: src/datacache/plugin_datacache_sqlite.c:122 -#: src/datastore/plugin_datastore_mysql.c:980 +#: src/datastore/plugin_datastore_mysql.c:892 #: src/datastore/plugin_datastore_sqlite.c:58 -#: src/datastore/plugin_datastore_sqlite.c:66 src/my/my.c:80 src/my/my.c:92 -#: src/mysql/mysql.c:42 src/mysql/mysql.c:49 -#: src/namecache/plugin_namecache_postgres.c:53 +#: src/datastore/plugin_datastore_sqlite.c:66 +#: src/identity-provider/plugin_identity_provider_sqlite.c:52 src/my/my.c:80 +#: src/my/my.c:92 src/mysql/mysql.c:42 src/mysql/mysql.c:49 #: src/namecache/plugin_namecache_sqlite.c:53 -#: src/namestore/plugin_namestore_postgres.c:53 #: src/namestore/plugin_namestore_sqlite.c:53 #: src/peerstore/plugin_peerstore_sqlite.c:52 #: src/psycstore/plugin_psycstore_mysql.c:62 @@ -1593,14 +1727,15 @@ msgstr "Caché de datos de montículo (heap) ejecutándose\n" #: src/testbed/gnunet-daemon-testbed-underlay.c:56 #: src/testbed/testbed_api_hosts.c:69 src/util/crypto_ecc.c:52 #: src/util/crypto_ecc_setup.c:41 src/util/crypto_mpi.c:39 -#: src/include/gnunet_common.h:720 src/include/gnunet_common.h:729 +#: src/include/gnunet_common.h:735 src/include/gnunet_common.h:744 #: src/scalarproduct/scalarproduct.h:35 #, c-format msgid "`%s' failed at %s:%d with error: %s\n" msgstr "«%s» falló en %s: %d con el error: %s\n" #: src/datacache/plugin_datacache_sqlite.c:817 -#: src/datastore/plugin_datastore_sqlite.c:475 +#: src/datastore/plugin_datastore_sqlite.c:456 +#: src/identity-provider/plugin_identity_provider_sqlite.c:336 #: src/namecache/plugin_namecache_sqlite.c:296 #: src/namestore/plugin_namestore_sqlite.c:355 msgid "Tried to close sqlite without finalizing all prepared statements.\n" @@ -1665,23 +1800,75 @@ msgstr "# peticiones «GET ZERO ANONYMITY» ejecutadas" msgid "# GET requests executed" msgstr "# peticiones «GET» ejecutadas" -#: src/datastore/gnunet-datastore.c:113 +#: src/datastore/gnunet-datastore.c:189 +#, c-format +msgid "Dumped % records\n" +msgstr "" + +#: src/datastore/gnunet-datastore.c:217 src/datastore/gnunet-datastore.c:229 +#, c-format +msgid "Short write to file: %zd bytes expecting %zd\n" +msgstr "" + +#: src/datastore/gnunet-datastore.c:261 +#, fuzzy +msgid "Error queueing datastore GET operation\n" +msgstr "Error leyendo «%s»: %s" + +#: src/datastore/gnunet-datastore.c:287 src/datastore/gnunet-datastore.c:412 +#, fuzzy, c-format +msgid "Unable to open dump file: %s\n" +msgstr "Se produjo un fallo al crear los índices\n" + +#: src/datastore/gnunet-datastore.c:326 #, fuzzy, c-format msgid "Failed to store item: %s, aborting\n" msgstr "Se produjo un fallo al abrir «%s» para escritura" -#: src/datastore/gnunet-datastore.c:209 +#: src/datastore/gnunet-datastore.c:340 +#, fuzzy, c-format +msgid "Inserted % records\n" +msgstr "establece registros de clase A" + +#: src/datastore/gnunet-datastore.c:349 src/datastore/gnunet-datastore.c:363 #, c-format -msgid "Cannot use the same configuration for source and destination\n" +msgid "Short read from file: %zd bytes expecting %zd\n" msgstr "" -#: src/datastore/gnunet-datastore.c:256 -msgid "" -"specifies the configuration to use to access an alternative datastore; will " -"merge that datastore into our current datastore" +#: src/datastore/gnunet-datastore.c:389 +#, fuzzy +msgid "Error queueing datastore PUT operation\n" +msgstr "Error leyendo «%s»: %s" + +#: src/datastore/gnunet-datastore.c:432 +msgid "Input file is not of a supported format\n" +msgstr "" + +#: src/datastore/gnunet-datastore.c:458 +#, fuzzy +msgid "Failed connecting to the datastore.\n" +msgstr "Se produjo un fallo al conectar con el almacén de datos." + +#: src/datastore/gnunet-datastore.c:470 +#, fuzzy, c-format +msgid "Please choose at least one operation: %s, %s\n" +msgstr "Por favor, seleccione una operación: %s o %s o %s o %s o %s\n" + +#: src/datastore/gnunet-datastore.c:493 +#, fuzzy +msgid "Dump all records from the datastore" +msgstr "Buscar el registro para el nombre dado" + +#: src/datastore/gnunet-datastore.c:497 +#, fuzzy +msgid "Insert records into the datastore" +msgstr "# bytes mandados al almacén de datos" + +#: src/datastore/gnunet-datastore.c:502 +msgid "File to dump or insert" msgstr "" -#: src/datastore/gnunet-datastore.c:265 +#: src/datastore/gnunet-datastore.c:511 #, fuzzy msgid "Manipulate GNUnet datastore" msgstr "Manipular ficheros de configuración de GNUnet" @@ -1730,8 +1917,8 @@ msgstr "Espacio insuficiente para satisfacer la petición" #: src/datastore/gnunet-service-datastore.c:634 #: src/datastore/gnunet-service-datastore.c:689 -#: src/datastore/gnunet-service-datastore.c:977 -#: src/datastore/gnunet-service-datastore.c:1633 +#: src/datastore/gnunet-service-datastore.c:837 +#: src/datastore/gnunet-service-datastore.c:1469 msgid "# reserved" msgstr "# reservado" @@ -1739,47 +1926,47 @@ msgstr "# reservado" msgid "Could not find matching reservation" msgstr "No se pudo encontrar una reserva coincidente" -#: src/datastore/gnunet-service-datastore.c:792 +#: src/datastore/gnunet-service-datastore.c:773 #, c-format msgid "Need %llu bytes more space (%llu allowed, using %llu)\n" msgstr "" "Se necesitan %llu bytes más de espacio (%llu permitidos, usando %llu)\n" -#: src/datastore/gnunet-service-datastore.c:1026 +#: src/datastore/gnunet-service-datastore.c:876 msgid "# GET requests received" msgstr "# peticiones «GET» recibidas" -#: src/datastore/gnunet-service-datastore.c:1058 +#: src/datastore/gnunet-service-datastore.c:907 #, fuzzy msgid "# GET KEY requests received" msgstr "# peticiones «GET» recibidas" -#: src/datastore/gnunet-service-datastore.c:1071 +#: src/datastore/gnunet-service-datastore.c:920 msgid "# requests filtered by bloomfilter" msgstr "# peticiones filtradas por el «bloomfilter»" -#: src/datastore/gnunet-service-datastore.c:1108 +#: src/datastore/gnunet-service-datastore.c:956 msgid "# GET REPLICATION requests received" msgstr "# peticiones «GET REPLICATION» recibidas" -#: src/datastore/gnunet-service-datastore.c:1141 +#: src/datastore/gnunet-service-datastore.c:989 msgid "# GET ZERO ANONYMITY requests received" msgstr "# peticiones «GET ZERO ANONYMITY» recibidas" -#: src/datastore/gnunet-service-datastore.c:1190 +#: src/datastore/gnunet-service-datastore.c:1036 msgid "Content not found" msgstr "Contenido no encontrado" -#: src/datastore/gnunet-service-datastore.c:1199 +#: src/datastore/gnunet-service-datastore.c:1043 msgid "# bytes removed (explicit request)" msgstr "# bytes eliminados (petición explícita)" -#: src/datastore/gnunet-service-datastore.c:1246 +#: src/datastore/gnunet-service-datastore.c:1088 msgid "# REMOVE requests received" msgstr "# peticiones «REMOVE» recibidas" # Miguel: ¿Cómo traducir «payload»? ¿Código cargado? -#: src/datastore/gnunet-service-datastore.c:1301 +#: src/datastore/gnunet-service-datastore.c:1137 #, fuzzy, c-format msgid "" "Datastore payload must have been inaccurate (%lld < %lld). Recomputing it.\n" @@ -1787,102 +1974,103 @@ msgstr "" "El «payload» del almacén de datos es impreciso (%lld < %lld). Intentando " "repararlo.\n" -#: src/datastore/gnunet-service-datastore.c:1307 -#: src/datastore/gnunet-service-datastore.c:1482 +#: src/datastore/gnunet-service-datastore.c:1143 +#: src/datastore/gnunet-service-datastore.c:1318 #, c-format msgid "New payload: %lld\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1361 +#: src/datastore/gnunet-service-datastore.c:1197 #, c-format msgid "Loading `%s' datastore plugin\n" msgstr "Cargando el módulo del almacén de datos «%s»\n" -#: src/datastore/gnunet-service-datastore.c:1373 +#: src/datastore/gnunet-service-datastore.c:1209 #, c-format msgid "Failed to load datastore plugin for `%s'\n" msgstr "" "Se produjo un fallo al inicializar el módulo del almacén de datos para «%s»\n" -#: src/datastore/gnunet-service-datastore.c:1433 +#: src/datastore/gnunet-service-datastore.c:1269 msgid "Bloomfilter construction complete.\n" msgstr "Construcción de «bloomfilter» completa.\n" -#: src/datastore/gnunet-service-datastore.c:1489 +#: src/datastore/gnunet-service-datastore.c:1325 msgid "Rebuilding bloomfilter. Please be patient.\n" msgstr "Reconstruyendo «bloomfilter». Por favor, tenga paciencia.\n" -#: src/datastore/gnunet-service-datastore.c:1500 +#: src/datastore/gnunet-service-datastore.c:1336 msgid "Plugin does not support get_keys function. Please fix!\n" msgstr "El módulo no soporta la función «get_keys». Por favor, corríjalo.\n" -#: src/datastore/gnunet-service-datastore.c:1670 +#: src/datastore/gnunet-service-datastore.c:1506 #, c-format msgid "# bytes used in file-sharing datastore `%s'" msgstr "# bytes usados en el almacén de ficheros compartidos «%s»" -#: src/datastore/gnunet-service-datastore.c:1686 +#: src/datastore/gnunet-service-datastore.c:1522 msgid "# quota" msgstr "# cuota" -#: src/datastore/gnunet-service-datastore.c:1691 +#: src/datastore/gnunet-service-datastore.c:1527 msgid "# cache size" msgstr "# tamaño de la caché" -#: src/datastore/gnunet-service-datastore.c:1707 +#: src/datastore/gnunet-service-datastore.c:1543 #, c-format msgid "Could not use specified filename `%s' for bloomfilter.\n" msgstr "" "No se pudo usar el nombre de fichero especificado «%s» para «bloomfilter».\n" -#: src/datastore/gnunet-service-datastore.c:1725 -#: src/datastore/gnunet-service-datastore.c:1741 +#: src/datastore/gnunet-service-datastore.c:1561 +#: src/datastore/gnunet-service-datastore.c:1577 #, c-format msgid "Failed to remove bogus bloomfilter file `%s'\n" msgstr "" "Se produjo un fallo al borrar el fichero de configuración defectuoso de " "«bloomfilter» «%s»:\n" -#: src/datastore/gnunet-service-datastore.c:1773 +#: src/datastore/gnunet-service-datastore.c:1609 msgid "Failed to initialize bloomfilter.\n" msgstr "Se produjo un fallo al inicializar «bloomfilter».\n" -#: src/datastore/plugin_datastore_heap.c:769 +#: src/datastore/plugin_datastore_heap.c:893 msgid "Heap database running\n" msgstr "Base de datos de montículo ejecutándose\n" -#: src/datastore/plugin_datastore_mysql.c:377 -#: src/datastore/plugin_datastore_sqlite.c:590 +#: src/datastore/plugin_datastore_mysql.c:371 +#: src/datastore/plugin_datastore_mysql.c:423 +#: src/datastore/plugin_datastore_mysql.c:1075 +msgid "MySQL statement run failure" +msgstr "" + +#: src/datastore/plugin_datastore_mysql.c:410 +#: src/datastore/plugin_datastore_sqlite.c:626 #, fuzzy msgid "Data too large" msgstr "número de valores" -#: src/datastore/plugin_datastore_mysql.c:393 -msgid "MySQL statement run failure" -msgstr "" - -#: src/datastore/plugin_datastore_mysql.c:936 +#: src/datastore/plugin_datastore_mysql.c:848 #, c-format msgid "`%s' for `%s' failed at %s:%d with error: %s\n" msgstr "«%s» para «%s» falló en %s: %d con error: %s\n" -#: src/datastore/plugin_datastore_mysql.c:1208 +#: src/datastore/plugin_datastore_mysql.c:1180 #: src/psycstore/plugin_psycstore_mysql.c:1936 msgid "Mysql database running\n" msgstr "Base de datos Mysql ejecutándose\n" -#: src/datastore/plugin_datastore_postgres.c:345 +#: src/datastore/plugin_datastore_postgres.c:274 +#: src/datastore/plugin_datastore_postgres.c:891 msgid "Postgress exec failure" msgstr "" -#: src/datastore/plugin_datastore_postgres.c:866 +#: src/datastore/plugin_datastore_postgres.c:852 msgid "Failed to drop table from database.\n" msgstr "Se produjo un fallo al borrar una tabla de la base de datos.\n" -#: src/datastore/plugin_datastore_postgres.c:903 -#: src/namecache/plugin_namecache_postgres.c:398 -#: src/namestore/plugin_namestore_postgres.c:571 -#: src/psycstore/plugin_psycstore_postgres.c:1721 +#: src/datastore/plugin_datastore_postgres.c:950 +#: src/psycstore/plugin_psycstore_postgres.c:1506 msgid "Postgres database running\n" msgstr "Base de datos Postgres ejecutándose\n" @@ -1894,7 +2082,8 @@ msgstr "Base de datos Postgres ejecutándose\n" msgid "`%s' failed at %s:%u with error: %s" msgstr "«%s» falló en %s:%u con el error: %s" -#: src/datastore/plugin_datastore_sqlite.c:281 +#: src/datastore/plugin_datastore_sqlite.c:271 +#: src/identity-provider/plugin_identity_provider_sqlite.c:212 #: src/namecache/plugin_namecache_sqlite.c:194 #: src/namestore/plugin_namestore_sqlite.c:222 #: src/peerstore/plugin_peerstore_sqlite.c:535 @@ -1903,14 +2092,18 @@ msgstr "«%s» falló en %s:%u con el error: %s" msgid "Unable to initialize SQLite: %s.\n" msgstr "Imposible inicializar SQLite: %s.\n" +#: src/datastore/plugin_datastore_sqlite.c:577 +msgid "sqlite bind failure" +msgstr "" + # to should be too, i think -#: src/datastore/plugin_datastore_sqlite.c:1234 +#: src/datastore/plugin_datastore_sqlite.c:1259 msgid "sqlite version to old to determine size, assuming zero\n" msgstr "" "la versión de sqlite es muy antigua para determinar el tamaño, se asume " "cero\n" -#: src/datastore/plugin_datastore_sqlite.c:1268 +#: src/datastore/plugin_datastore_sqlite.c:1293 #, c-format msgid "" "Using sqlite page utilization to estimate payload (%llu pages of size %llu " @@ -1919,13 +2112,14 @@ msgstr "" "Usando la utilización de páginas de sqlite para estimar el «payload» (%llu " "páginas de %llu bytes de tamaño)\n" -#: src/datastore/plugin_datastore_sqlite.c:1312 +#: src/datastore/plugin_datastore_sqlite.c:1337 +#: src/identity-provider/plugin_identity_provider_sqlite.c:711 #: src/namecache/plugin_namecache_sqlite.c:603 #: src/namestore/plugin_namestore_sqlite.c:802 msgid "Sqlite database running\n" msgstr "Base de datos sqlite ejecutándose\n" -#: src/datastore/plugin_datastore_template.c:259 +#: src/datastore/plugin_datastore_template.c:253 msgid "Template database running\n" msgstr "Base de datos de plantilla ejecutándose\n" @@ -1989,54 +2183,6 @@ msgstr "ser prolijo (imprime información de progreso)" msgid "Prints all packets that go through the DHT." msgstr "Imprime todos los paquetes que pasan por la DHT." -#: src/dht/gnunet_dht_profiler.c:1161 -#: src/testbed/gnunet-testbed-profiler.c:255 -#, fuzzy, c-format -msgid "Exiting as the number of peers is %u\n" -msgstr "El número máximo de conexiones es %u\n" - -#: src/dht/gnunet_dht_profiler.c:1188 -msgid "number of peers to start" -msgstr "número de pares para empezar" - -#: src/dht/gnunet_dht_profiler.c:1194 -msgid "" -"maximum number of times we try to search for successor circle formation (0 " -"for R5N)" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1200 src/nse/gnunet-nse-profiler.c:853 -#: src/testbed/gnunet-testbed-profiler.c:305 -msgid "name of the file with the login information for the testbed" -msgstr "" -"nombre del fichero con la información de acceso usada para la batería de " -"pruebas" - -#: src/dht/gnunet_dht_profiler.c:1206 -msgid "delay between rounds for collecting statistics (default: 30 sec)" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1212 -msgid "delay to start doing PUTs (default: 1 sec)" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1218 -msgid "delay to start doing GETs (default: 5 min)" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1223 -msgid "replication degree for DHT PUTs" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1230 -msgid "timeout for DHT PUT and GET requests (default: 1 min)" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1248 -#, fuzzy -msgid "Measure quality and performance of the DHT service." -msgstr "Medir la calidad y rendimiento del servicio NSE." - #: src/dht/gnunet-dht-put.c:120 msgid "PUT request sent with key" msgstr "Petición «PUT» enviada con clave" @@ -2303,6 +2449,53 @@ msgstr "# Entradas añadidas a la tabla de encaminamiento" msgid "# DHT requests combined" msgstr "# Peticiones a la DHT combinadas" +#: src/dht/gnunet_dht_profiler.c:1161 src/testbed/gnunet-testbed-profiler.c:255 +#, fuzzy, c-format +msgid "Exiting as the number of peers is %u\n" +msgstr "El número máximo de conexiones es %u\n" + +#: src/dht/gnunet_dht_profiler.c:1188 +msgid "number of peers to start" +msgstr "número de pares para empezar" + +#: src/dht/gnunet_dht_profiler.c:1194 +msgid "" +"maximum number of times we try to search for successor circle formation (0 " +"for R5N)" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1200 src/nse/gnunet-nse-profiler.c:853 +#: src/testbed/gnunet-testbed-profiler.c:305 +msgid "name of the file with the login information for the testbed" +msgstr "" +"nombre del fichero con la información de acceso usada para la batería de " +"pruebas" + +#: src/dht/gnunet_dht_profiler.c:1206 +msgid "delay between rounds for collecting statistics (default: 30 sec)" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1212 +msgid "delay to start doing PUTs (default: 1 sec)" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1218 +msgid "delay to start doing GETs (default: 5 min)" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1223 +msgid "replication degree for DHT PUTs" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1230 +msgid "timeout for DHT PUT and GET requests (default: 1 min)" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1248 +#, fuzzy +msgid "Measure quality and performance of the DHT service." +msgstr "Medir la calidad y rendimiento del servicio NSE." + #: src/dht/plugin_block_dht.c:187 #, c-format msgid "Block not of type %u\n" @@ -2646,7 +2839,7 @@ msgstr "«%s» debe ser instalado con SUID, se niega a arrancar\n" msgid "No useful service enabled. Exiting.\n" msgstr "Ningún servicio útil habilitado. Saliendo.\n" -#: src/exit/gnunet-daemon-exit.c:3969 +#: src/exit/gnunet-daemon-exit.c:3970 msgid "Daemon to run to provide an IP exit node for the VPN" msgstr "Demonio a ejecutar para obtener un nodo de salida IP para la VPN" @@ -3325,14 +3518,6 @@ msgstr "" "Descargar ficheros de GNUnet usando una URI GNUnet CHK o LOC (gnunet://fs/" "chk/...)" -#: src/fs/gnunet-fs.c:119 -msgid "print a list of all indexed files" -msgstr "imprimir una lista de todos los ficheros indexados" - -#: src/fs/gnunet-fs.c:130 -msgid "Special file-sharing operations" -msgstr "Operaciones especiales de compartición de ficheros" - #: src/fs/gnunet-fs-profiler.c:211 msgid "run the experiment with COUNT peers" msgstr "ejecuta el experimento con «COUNT» pares" @@ -3353,6 +3538,14 @@ msgstr "" "ejecuta una batería de pruebas para medir el rendimiento de la compartición " "de ficheros" +#: src/fs/gnunet-fs.c:119 +msgid "print a list of all indexed files" +msgstr "imprimir una lista de todos los ficheros indexados" + +#: src/fs/gnunet-fs.c:130 +msgid "Special file-sharing operations" +msgstr "Operaciones especiales de compartición de ficheros" + #: src/fs/gnunet-publish.c:219 src/fs/gnunet-publish.c:231 #, c-format msgid "Publishing `%s' at %llu/%llu (%s remaining)\n" @@ -4049,22 +4242,11 @@ msgstr "" msgid "GNUnet DNS-to-GNS proxy (a DNS server)" msgstr "Pasarela GNUnet DNS-a-GNS (un servidor DNS)" -#: src/gns/gnunet-gns.c:235 src/gns/plugin_rest_gns.c:346 -#, c-format -msgid "Invalid typename specified, assuming `ANY'\n" -msgstr "" - -#: src/gns/gnunet-gns.c:252 -#, c-format -msgid "Please specify name to lookup!\n" -msgstr "" - -#: src/gns/gnunet-gns.c:276 -#, c-format -msgid "Ego for `%s' not found, cannot perform lookup.\n" +#: src/gns/gnunet-gns-helper-service-w32.c:602 +msgid "Not ready to process requests, lacking ego data\n" msgstr "" -#: src/gns/gnunet-gns.c:315 src/gns/gnunet-gns-helper-service-w32.c:701 +#: src/gns/gnunet-gns-helper-service-w32.c:701 src/gns/gnunet-gns.c:315 #: src/gns/plugin_rest_gns.c:422 #, c-format msgid "" @@ -4072,58 +4254,12 @@ msgid "" "gns-import.sh?\n" msgstr "" -#: src/gns/gnunet-gns.c:355 src/gns/gnunet-gns-helper-service-w32.c:727 -#, c-format -msgid "Failed to connect to GNS\n" -msgstr "Se produjo un fallo al conectar con GNS\n" - -#: src/gns/gnunet-gns.c:374 -#, c-format -msgid "Public key `%s' is not well-formed\n" -msgstr "" - -#: src/gns/gnunet-gns.c:428 -msgid "Lookup a record for the given name" -msgstr "Buscar el registro para el nombre dado" - -#: src/gns/gnunet-gns.c:434 -msgid "Specify the type of the record to lookup" -msgstr "Especificar el tipo del registro a buscar" - -#: src/gns/gnunet-gns.c:440 -#, fuzzy -msgid "Specify timeout for the lookup" -msgstr "Especificar el tipo del registro a buscar" - -#: src/gns/gnunet-gns.c:445 -msgid "No unneeded output" -msgstr "Sin salida innecesaria" - -#: src/gns/gnunet-gns.c:451 -#, fuzzy -msgid "Specify the public key of the zone to lookup the record in" -msgstr "Especificar el tipo del registro a buscar" - -#: src/gns/gnunet-gns.c:457 -#, fuzzy -msgid "Specify the name of the ego of the zone to lookup the record in" -msgstr "Especificar el tipo del registro a buscar" - -#: src/gns/gnunet-gns.c:476 -#, fuzzy -msgid "GNUnet GNS resolver tool" -msgstr "Herramienta de acceso GNUnet GNS" - -#: src/gns/gnunet-gns-helper-service-w32.c:602 -msgid "Not ready to process requests, lacking ego data\n" -msgstr "" - #: src/gns/gnunet-gns-helper-service-w32.c:739 #, fuzzy, c-format msgid "Failed to connect to identity service\n" msgstr "Fallo al conectar a gnunetd.\n" -#: src/gns/gnunet-gns-import.c:489 +#: src/gns/gnunet-gns-import.c:452 msgid "This program will import some GNS authorities into your GNS namestore." msgstr "" @@ -4241,13 +4377,65 @@ msgstr "Se produjo un fallo al leer la lista de amigos de «%s»\n" msgid "listen on specified port (default: 7777)" msgstr "escuchar en el puerto especificado (predeterminado: 7777)" -#: src/gns/gnunet-gns-proxy.c:3275 -msgid "pem file to use as CA" -msgstr "fichero pem para usar como autoridad de certificación (CA)" +#: src/gns/gnunet-gns-proxy.c:3275 +msgid "pem file to use as CA" +msgstr "fichero pem para usar como autoridad de certificación (CA)" + +#: src/gns/gnunet-gns-proxy.c:3300 +msgid "GNUnet GNS proxy" +msgstr "Proxy GNUnet GNS" + +#: src/gns/gnunet-gns.c:235 src/gns/plugin_rest_gns.c:346 +#, c-format +msgid "Invalid typename specified, assuming `ANY'\n" +msgstr "" + +#: src/gns/gnunet-gns.c:252 +#, c-format +msgid "Please specify name to lookup!\n" +msgstr "" + +#: src/gns/gnunet-gns.c:276 +#, c-format +msgid "Ego for `%s' not found, cannot perform lookup.\n" +msgstr "" + +#: src/gns/gnunet-gns.c:374 +#, c-format +msgid "Public key `%s' is not well-formed\n" +msgstr "" + +#: src/gns/gnunet-gns.c:428 +msgid "Lookup a record for the given name" +msgstr "Buscar el registro para el nombre dado" + +#: src/gns/gnunet-gns.c:434 +msgid "Specify the type of the record to lookup" +msgstr "Especificar el tipo del registro a buscar" + +#: src/gns/gnunet-gns.c:440 +#, fuzzy +msgid "Specify timeout for the lookup" +msgstr "Especificar el tipo del registro a buscar" + +#: src/gns/gnunet-gns.c:445 +msgid "No unneeded output" +msgstr "Sin salida innecesaria" + +#: src/gns/gnunet-gns.c:451 +#, fuzzy +msgid "Specify the public key of the zone to lookup the record in" +msgstr "Especificar el tipo del registro a buscar" + +#: src/gns/gnunet-gns.c:457 +#, fuzzy +msgid "Specify the name of the ego of the zone to lookup the record in" +msgstr "Especificar el tipo del registro a buscar" -#: src/gns/gnunet-gns-proxy.c:3300 -msgid "GNUnet GNS proxy" -msgstr "Proxy GNUnet GNS" +#: src/gns/gnunet-gns.c:476 +#, fuzzy +msgid "GNUnet GNS resolver tool" +msgstr "Herramienta de acceso GNUnet GNS" #: src/gns/gnunet-service-gns.c:442 #, fuzzy @@ -4255,7 +4443,7 @@ msgid "Failed to connect to the namecache!\n" msgstr "¡Se produjo un fallo al conectar con el almacén de nombres!\n" #: src/gns/gnunet-service-gns.c:461 -#: src/zonemaster/gnunet-service-zonemaster.c:741 +#: src/zonemaster/gnunet-service-zonemaster.c:742 msgid "Could not connect to DHT!\n" msgstr "¡No se pudo conectar a la DHT!\n" @@ -4313,47 +4501,37 @@ msgstr "" msgid "Hostname `%s' is not well-formed, resolution fails\n" msgstr "" -#: src/gns/plugin_gnsrecord_gns.c:203 +#: src/gns/plugin_gnsrecord_gns.c:179 #, c-format msgid "Unable to parse PKEY record `%s'\n" msgstr "No se pudo procesar el registro PKEY «%s»\n" -#: src/gns/plugin_gnsrecord_gns.c:232 +#: src/gns/plugin_gnsrecord_gns.c:208 #, fuzzy, c-format msgid "Unable to parse GNS2DNS record `%s'\n" msgstr "No se pudo procesar el registro SOA «%s»\n" -#: src/gns/plugin_gnsrecord_gns.c:253 +#: src/gns/plugin_gnsrecord_gns.c:229 #, fuzzy, c-format msgid "Failed to serialize GNS2DNS record with value `%s'\n" msgstr "" "Se produjo un fallo al escribir el directorio con los resultados de búsqueda " "de «%s»\n" -#: src/gns/plugin_gnsrecord_gns.c:276 +#: src/gns/plugin_gnsrecord_gns.c:252 #, c-format msgid "Unable to parse VPN record string `%s'\n" msgstr "No se pudo procesar la cadena de registro VPN «%s»\n" -#: src/gns/plugin_gnsrecord_gns.c:312 +#: src/gns/plugin_gnsrecord_gns.c:288 #, fuzzy, c-format msgid "Unable to parse BOX record string `%s'\n" msgstr "No se pudo procesar la cadena de registro VPN «%s»\n" -#: src/gns/plugin_gnsrecord_gns.c:360 -#, fuzzy, c-format -msgid "Unable to parse REVERSE record string `%s'\n" -msgstr "No se pudo procesar la cadena de registro VPN «%s»\n" - #: src/gns/plugin_rest_gns.c:384 msgid "Ego for not found, cannot perform lookup.\n" msgstr "" -#: src/gns/plugin_rest_gns.c:668 -#, fuzzy -msgid "GNS REST API initialized\n" -msgstr "Conexión fallida\n" - #: src/gnsrecord/plugin_gnsrecord_dns.c:359 #, c-format msgid "Unable to parse IPv4 address `%s'\n" @@ -4816,6 +4994,53 @@ msgid "Could not start hostlist HTTP server on port %u\n" msgstr "" "No se pudo arrancar un servidor de listas de máquinas HTTP en el puerto %u\n" +#: src/identity-provider/gnunet-idp.c:348 +#, fuzzy +msgid "Ego is required\n" +msgstr "Las opción «%s» o «%s» es necesaria.\n" + +#: src/identity-provider/gnunet-idp.c:370 +msgid "Add attribute" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:376 +msgid "Attribute value" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:381 +msgid "Ego" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:386 +msgid "Audience (relying party)" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:390 +msgid "List attributes for Ego" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:395 +msgid "Issue a ticket" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:400 +msgid "Consume a ticket" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:405 +msgid "Revoke a ticket" +msgstr "" + +#: src/identity-provider/identity_provider_api.c:429 +#, fuzzy +msgid "failed to store record\n" +msgstr "El almacén de nombres no pudo añadir el registro\n" + +#: src/identity-provider/plugin_rest_identity_provider.c:1175 +#, fuzzy +msgid "Identity Provider REST API initialized\n" +msgstr "Conexión fallida\n" + #: src/identity/gnunet-identity.c:179 #, fuzzy, c-format msgid "Failed to create ego: %s\n" @@ -4910,34 +5135,11 @@ msgstr "Se produjo un fallo al borrar el fichero de configuración %s\n" msgid "Failed to create directory `%s' for storing egos\n" msgstr "Se produjo un fallo al leer el directorio «%s»\n" -#: src/identity/plugin_rest_identity.c:967 +#: src/identity/plugin_rest_identity.c:964 #, fuzzy msgid "Identity REST API initialized\n" msgstr "Conexión fallida\n" -#: src/identity-provider/gnunet-identity-token.c:66 -#, fuzzy -msgid "Option `-t' is required\n" -msgstr "Las opción «%s» o «%s» es necesaria.\n" - -#: src/identity-provider/gnunet-identity-token.c:77 -#, fuzzy, c-format -msgid "Token `%s' is malformed\n" -msgstr "El bloque del tipo %u está mal formado\n" - -#: src/identity-provider/gnunet-identity-token.c:166 -msgid "GNUid token" -msgstr "" - -#: src/identity-provider/gnunet-identity-token.c:171 -msgid "Print token contents" -msgstr "" - -#: src/identity-provider/plugin_rest_identity_provider.c:1166 -#, fuzzy -msgid "Identity Token REST API initialized\n" -msgstr "Conexión fallida\n" - #: src/json/json.c:119 #, fuzzy, c-format msgid "Failed to parse JSON in option `%s': %s (%s)\n" @@ -5040,10 +5242,66 @@ msgstr "Se produjo un fallo al crear los índices\n" msgid "flat plugin running\n" msgstr "Base de datos sqlite ejecutándose\n" -#: src/namecache/plugin_namecache_postgres.c:90 -#: src/namestore/plugin_namestore_postgres.c:97 -msgid "Failed to create indices\n" -msgstr "Se produjo un fallo al crear los índices\n" +# form?? +#: src/namestore/gnunet-namestore-fcfsd.c:508 +#, c-format +msgid "Unsupported form value `%s'\n" +msgstr "Forma de valor no soportada «%s»\n" + +#: src/namestore/gnunet-namestore-fcfsd.c:535 +#, c-format +msgid "Failed to create record for domain `%s': %s\n" +msgstr "Se produjo un fallo al crear un registro para el dominio «%s»: %s\n" + +#: src/namestore/gnunet-namestore-fcfsd.c:555 +msgid "Error when mapping zone to name\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:585 +#, c-format +msgid "Found existing name `%s' for the given key\n" +msgstr "Encontrado nombre «%s» para la clave dada\n" + +#: src/namestore/gnunet-namestore-fcfsd.c:662 +#, c-format +msgid "Found %u existing records for domain `%s'\n" +msgstr "Encontrados %u registros para el dominio «%s»\n" + +#: src/namestore/gnunet-namestore-fcfsd.c:718 +#, c-format +msgid "Failed to create page for `%s'\n" +msgstr "Se produjo un fallo al crear la página para «%s»\n" + +#: src/namestore/gnunet-namestore-fcfsd.c:734 +#, c-format +msgid "Failed to setup post processor for `%s'\n" +msgstr "Se produjo un fallo al configurar el post-procesador para «%s»\n" + +#: src/namestore/gnunet-namestore-fcfsd.c:770 +msgid "Domain name must not contain `.'\n" +msgstr "El nombre de dominio no puede contener «.»\n" + +#: src/namestore/gnunet-namestore-fcfsd.c:778 +msgid "Domain name must not contain `+'\n" +msgstr "El nombre de dominio no puede contener «+»\n" + +#: src/namestore/gnunet-namestore-fcfsd.c:974 +msgid "No ego configured for `fcfsd` subsystem\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:1000 +msgid "Failed to start HTTP server\n" +msgstr "Se produjo un fallo al iniciar el servidor HTTP\n" + +#: src/namestore/gnunet-namestore-fcfsd.c:1042 +#, fuzzy +msgid "Failed to connect to identity\n" +msgstr "Se produjo un fallo al conectar con GNS\n" + +#: src/namestore/gnunet-namestore-fcfsd.c:1074 +#, fuzzy +msgid "GNU Name System First Come First Serve name registration service" +msgstr "Servicio de registro GNUnet GNS primero en llegar, primero en servirse" #: src/namestore/gnunet-namestore.c:301 #, c-format @@ -5051,13 +5309,13 @@ msgid "Adding record failed: %s\n" msgstr "No se pudo añadir el registro: %s\n" #: src/namestore/gnunet-namestore.c:330 -#: src/namestore/plugin_rest_namestore.c:562 +#: src/namestore/plugin_rest_namestore.c:567 #, fuzzy, c-format msgid "Deleting record failed, record does not exist%s%s\n" msgstr "No se pudo borrar el registro: %s\n" #: src/namestore/gnunet-namestore.c:337 -#: src/namestore/plugin_rest_namestore.c:571 +#: src/namestore/plugin_rest_namestore.c:576 #, fuzzy, c-format msgid "Deleting record failed%s%s\n" msgstr "No se pudo borrar el registro: %s\n" @@ -5075,7 +5333,7 @@ msgid "Records already exist under `%s', cannot add `%s' record.\n" msgstr "" #: src/namestore/gnunet-namestore.c:698 -#: src/namestore/plugin_rest_namestore.c:597 +#: src/namestore/plugin_rest_namestore.c:602 #, c-format msgid "There are no records under label `%s' that could be deleted.\n" msgstr "" @@ -5086,23 +5344,11 @@ msgid "" "There are no records under label `%s' that match the request for deletion.\n" msgstr "" -#: src/namestore/gnunet-namestore.c:776 -#: src/namestore/plugin_rest_namestore.c:1004 -#, fuzzy, c-format -msgid "Ego `%s' not known to identity service\n" -msgstr "'%s': servicio desconocido: %s\n" - #: src/namestore/gnunet-namestore.c:791 #, c-format msgid "No options given\n" msgstr "No se han proporcionado opciones\n" -#: src/namestore/gnunet-namestore.c:802 -#: src/namestore/gnunet-namestore-fcfsd.c:1034 -#: src/namestore/plugin_rest_namestore.c:1017 -msgid "Failed to connect to namestore\n" -msgstr "Se produjo un fallo al conectar con el almacén de nombres\n" - #: src/namestore/gnunet-namestore.c:810 src/namestore/gnunet-namestore.c:819 #: src/namestore/gnunet-namestore.c:838 src/namestore/gnunet-namestore.c:861 #: src/namestore/gnunet-namestore.c:915 @@ -5116,14 +5362,14 @@ msgid "add" msgstr "añadir" #: src/namestore/gnunet-namestore.c:829 -#: src/namestore/plugin_rest_namestore.c:671 +#: src/namestore/plugin_rest_namestore.c:676 #, c-format msgid "Unsupported type `%s'\n" msgstr "Tipo no soportado «%s»\n" #: src/namestore/gnunet-namestore.c:851 -#: src/namestore/plugin_rest_namestore.c:689 -#: src/namestore/plugin_rest_namestore.c:729 +#: src/namestore/plugin_rest_namestore.c:694 +#: src/namestore/plugin_rest_namestore.c:734 #, c-format msgid "Value `%s' invalid for record type `%s'\n" msgstr "Valor «%s» no válido para el tipo de registro «%s»\n" @@ -5142,8 +5388,7 @@ msgstr "borrar" msgid "Invalid public key for reverse lookup `%s'\n" msgstr "Parámetro no válido «%s»\n" -#: src/namestore/gnunet-namestore.c:979 -#: src/peerinfo-tool/gnunet-peerinfo.c:775 +#: src/namestore/gnunet-namestore.c:979 src/peerinfo-tool/gnunet-peerinfo.c:775 #, c-format msgid "Invalid URI `%s'\n" msgstr "URI no válida: «%s»\n" @@ -5154,13 +5399,13 @@ msgid "Invalid nick `%s'\n" msgstr "URI no válida: «%s»\n" #: src/namestore/gnunet-namestore.c:1051 -#: src/namestore/plugin_rest_namestore.c:1047 +#: src/namestore/plugin_rest_namestore.c:1052 #, fuzzy, c-format msgid "No default ego configured in identity service\n" msgstr "'%s': servicio desconocido: %s\n" #: src/namestore/gnunet-namestore.c:1108 -#: src/namestore/plugin_rest_namestore.c:1143 +#: src/namestore/plugin_rest_namestore.c:1148 #, fuzzy, c-format msgid "Cannot connect to identity service\n" msgstr "¡No se pudo conectar al servicio %s!\n" @@ -5226,68 +5471,7 @@ msgstr "" msgid "name of the ego controlling the zone" msgstr "nombre de la sección a la que acceder" -# form?? -#: src/namestore/gnunet-namestore-fcfsd.c:508 -#, c-format -msgid "Unsupported form value `%s'\n" -msgstr "Forma de valor no soportada «%s»\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:535 -#, c-format -msgid "Failed to create record for domain `%s': %s\n" -msgstr "Se produjo un fallo al crear un registro para el dominio «%s»: %s\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:555 -msgid "Error when mapping zone to name\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:585 -#, c-format -msgid "Found existing name `%s' for the given key\n" -msgstr "Encontrado nombre «%s» para la clave dada\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:662 -#, c-format -msgid "Found %u existing records for domain `%s'\n" -msgstr "Encontrados %u registros para el dominio «%s»\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:718 -#, c-format -msgid "Failed to create page for `%s'\n" -msgstr "Se produjo un fallo al crear la página para «%s»\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:734 -#, c-format -msgid "Failed to setup post processor for `%s'\n" -msgstr "Se produjo un fallo al configurar el post-procesador para «%s»\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:770 -msgid "Domain name must not contain `.'\n" -msgstr "El nombre de dominio no puede contener «.»\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:778 -msgid "Domain name must not contain `+'\n" -msgstr "El nombre de dominio no puede contener «+»\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:974 -msgid "No ego configured for `fcfsd` subsystem\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:1000 -msgid "Failed to start HTTP server\n" -msgstr "Se produjo un fallo al iniciar el servidor HTTP\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:1042 -#, fuzzy -msgid "Failed to connect to identity\n" -msgstr "Se produjo un fallo al conectar con GNS\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:1074 -#, fuzzy -msgid "GNU Name System First Come First Serve name registration service" -msgstr "Servicio de registro GNUnet GNS primero en llegar, primero en servirse" - -#: src/namestore/gnunet-service-namestore.c:612 +#: src/namestore/gnunet-service-namestore.c:615 #, fuzzy, c-format msgid "Failed to replicate block in namecache: %s\n" msgstr "Se produjo un fallo al crear el espacio de nombres «%s»\n" @@ -5302,7 +5486,7 @@ msgstr "El almacén de nombres no pudo añadir el registro\n" msgid "flat file database running\n" msgstr "Base de datos de plantilla ejecutándose\n" -#: src/namestore/plugin_rest_namestore.c:1188 +#: src/namestore/plugin_rest_namestore.c:1193 #, fuzzy msgid "Namestore REST API initialized\n" msgstr "Conexión fallida\n" @@ -5602,11 +5786,6 @@ msgstr "comando «external-ip» no encontrado\n" msgid "`upnpc' command not found\n" msgstr "comando «upnpc» no encontrado\n" -#: src/nse/gnunet-nse.c:122 -#, fuzzy -msgid "Show network size estimates from NSE service." -msgstr "# Estimaciones del tamaño de red recibidas" - #: src/nse/gnunet-nse-profiler.c:842 msgid "limit to the number of connections to NSE services, 0 for none" msgstr "límite al número de conexiones a servicios NSE, 0 para ilimitadas" @@ -5632,69 +5811,15 @@ msgstr "retraso entre rondas" msgid "Measure quality and performance of the NSE service." msgstr "Medir la calidad y rendimiento del servicio NSE." -#: src/nse/gnunet-service-nse.c:1534 -#: src/revocation/gnunet-service-revocation.c:838 src/util/gnunet-scrypt.c:276 -msgid "Value is too large.\n" -msgstr "" - -#: src/peerinfo/gnunet-service-peerinfo.c:178 -#, c-format -msgid "Removing expired address of transport `%s'\n" -msgstr "Eliminando dirección de transporte «%s»\n" - -#: src/peerinfo/gnunet-service-peerinfo.c:310 -#, fuzzy, c-format -msgid "Failed to parse HELLO in file `%s': %s\n" -msgstr "Se produjo un fallo al procesar «HELLO» en el fichero «%s»\n" - -#: src/peerinfo/gnunet-service-peerinfo.c:331 -#: src/peerinfo/gnunet-service-peerinfo.c:362 -#, fuzzy, c-format -msgid "Failed to parse HELLO in file `%s'\n" -msgstr "Se produjo un fallo al procesar «HELLO» en el fichero «%s»\n" - -#: src/peerinfo/gnunet-service-peerinfo.c:446 -msgid "# peers known" -msgstr "# pares conocidos" - -#: src/peerinfo/gnunet-service-peerinfo.c:489 -#, c-format -msgid "" -"File `%s' in directory `%s' does not match naming convention. Removed.\n" -msgstr "" -"El fichero «%s» en el directorio «%s» no sigue la convención de nombres. " -"Eliminado.\n" - -#: src/peerinfo/gnunet-service-peerinfo.c:655 -#, fuzzy, c-format -msgid "Scanning directory `%s'\n" -msgstr "Escaneando directorio «%s».\n" - -#: src/peerinfo/gnunet-service-peerinfo.c:663 -#, c-format -msgid "Still no peers found in `%s'!\n" -msgstr "¡Aún no se han encontrado pares en «%s»!\n" - -#: src/peerinfo/gnunet-service-peerinfo.c:1076 -#, fuzzy, c-format -msgid "Cleaning up directory `%s'\n" -msgstr "Escaneando directorio «%s».\n" - -#: src/peerinfo/gnunet-service-peerinfo.c:1405 -#, c-format -msgid "Importing HELLOs from `%s'\n" -msgstr "Importando HELLO de «%s»\n" - -#: src/peerinfo/gnunet-service-peerinfo.c:1418 -msgid "Skipping import of included HELLOs\n" -msgstr "" +#: src/nse/gnunet-nse.c:122 +#, fuzzy +msgid "Show network size estimates from NSE service." +msgstr "# Estimaciones del tamaño de red recibidas" -# Miguel: "Failed to receive" también aquí está traducido como -# "no se obtuvo respuesta" por claridad. -#: src/peerinfo/peerinfo_api.c:220 -msgid "Failed to receive response from `PEERINFO' service." +#: src/nse/gnunet-service-nse.c:1534 +#: src/revocation/gnunet-service-revocation.c:838 src/util/gnunet-scrypt.c:276 +msgid "Value is too large.\n" msgstr "" -"No se obtuvo respuesta del servicio de información de pares (PEERINFO)." #: src/peerinfo-tool/gnunet-peerinfo.c:239 #, fuzzy, c-format @@ -5785,6 +5910,65 @@ msgstr "Cargando el módulo de transporte «%s»\n" msgid "Failed to load transport plugin for `%s'\n" msgstr "Se produjo un fallo al cargar el módulo del transporte para «%s»\n" +#: src/peerinfo/gnunet-service-peerinfo.c:178 +#, c-format +msgid "Removing expired address of transport `%s'\n" +msgstr "Eliminando dirección de transporte «%s»\n" + +#: src/peerinfo/gnunet-service-peerinfo.c:310 +#, fuzzy, c-format +msgid "Failed to parse HELLO in file `%s': %s\n" +msgstr "Se produjo un fallo al procesar «HELLO» en el fichero «%s»\n" + +#: src/peerinfo/gnunet-service-peerinfo.c:331 +#: src/peerinfo/gnunet-service-peerinfo.c:362 +#, fuzzy, c-format +msgid "Failed to parse HELLO in file `%s'\n" +msgstr "Se produjo un fallo al procesar «HELLO» en el fichero «%s»\n" + +#: src/peerinfo/gnunet-service-peerinfo.c:446 +msgid "# peers known" +msgstr "# pares conocidos" + +#: src/peerinfo/gnunet-service-peerinfo.c:489 +#, c-format +msgid "" +"File `%s' in directory `%s' does not match naming convention. Removed.\n" +msgstr "" +"El fichero «%s» en el directorio «%s» no sigue la convención de nombres. " +"Eliminado.\n" + +#: src/peerinfo/gnunet-service-peerinfo.c:655 +#, fuzzy, c-format +msgid "Scanning directory `%s'\n" +msgstr "Escaneando directorio «%s».\n" + +#: src/peerinfo/gnunet-service-peerinfo.c:663 +#, c-format +msgid "Still no peers found in `%s'!\n" +msgstr "¡Aún no se han encontrado pares en «%s»!\n" + +#: src/peerinfo/gnunet-service-peerinfo.c:1076 +#, fuzzy, c-format +msgid "Cleaning up directory `%s'\n" +msgstr "Escaneando directorio «%s».\n" + +#: src/peerinfo/gnunet-service-peerinfo.c:1405 +#, c-format +msgid "Importing HELLOs from `%s'\n" +msgstr "Importando HELLO de «%s»\n" + +#: src/peerinfo/gnunet-service-peerinfo.c:1418 +msgid "Skipping import of included HELLOs\n" +msgstr "" + +# Miguel: "Failed to receive" también aquí está traducido como +# "no se obtuvo respuesta" por claridad. +#: src/peerinfo/peerinfo_api.c:220 +msgid "Failed to receive response from `PEERINFO' service." +msgstr "" +"No se obtuvo respuesta del servicio de información de pares (PEERINFO)." + #: src/peerstore/gnunet-peerstore.c:91 msgid "peerstore" msgstr "" @@ -5834,15 +6018,10 @@ msgstr "Error leyendo de «%s»: %s\n" msgid "Unable to create indices: %s.\n" msgstr "Se produjo un fallo al crear los índices\n" -#: src/postgres/postgres.c:67 -#, fuzzy, c-format -msgid "`%s:%s' failed at %s:%d with error: %s\n" -msgstr "«%s:%s» falló en %s:%d con error: %s" - -#: src/postgres/postgres.c:192 +#: src/pq/pq_prepare.c:80 #, fuzzy, c-format -msgid "Unable to connect to Postgres database '%s': %s\n" -msgstr "Imposible guardar el fichero de configuración '%s':" +msgid "PQprepare (`%s' as `%s') failed with error: %s\n" +msgstr "«%s» para «%s» falló en %s: %d con error: %s\n" #: src/psycstore/gnunet-service-psycstore.c:249 #, fuzzy @@ -6019,11 +6198,11 @@ msgstr "" msgid "Daemon to announce regular expressions for the peer using cadet." msgstr "Demonio para anunciar expresiones regulares para el par usando mesh." -#: src/regex/gnunet-regex-profiler.c:1314 +#: src/regex/gnunet-regex-profiler.c:1386 msgid "No configuration file given. Exiting\n" msgstr "No se ha introducido ningún fichero de configuración. Saliendo\n" -#: src/regex/gnunet-regex-profiler.c:1355 +#: src/regex/gnunet-regex-profiler.c:1427 #: src/regex/gnunet-regex-simulation-profiler.c:630 #, c-format msgid "No policy directory specified on command line. Exiting.\n" @@ -6031,51 +6210,51 @@ msgstr "" "No se ha especificado una política de directorios en la línea de comandos. " "Saliendo.\n" -#: src/regex/gnunet-regex-profiler.c:1361 +#: src/regex/gnunet-regex-profiler.c:1433 #: src/regex/gnunet-regex-simulation-profiler.c:638 #, c-format msgid "Specified policies directory does not exist. Exiting.\n" msgstr "Las políticas de directorio especificadas no existen. Saliendo.\n" -#: src/regex/gnunet-regex-profiler.c:1368 +#: src/regex/gnunet-regex-profiler.c:1440 #, c-format msgid "No files found in `%s'\n" msgstr "No se han encontrado ficheros en «%s»\n" -#: src/regex/gnunet-regex-profiler.c:1377 +#: src/regex/gnunet-regex-profiler.c:1449 msgid "No search strings file given. Exiting.\n" msgstr "No se ha proporcionado un fichero de cadenas de búsqueda. Saliendo.\n" -#: src/regex/gnunet-regex-profiler.c:1397 +#: src/regex/gnunet-regex-profiler.c:1469 msgid "Error loading search strings. Exiting.\n" msgstr "Error cargando cadenas de búsqueda. Saliendo.\n" -#: src/regex/gnunet-regex-profiler.c:1485 +#: src/regex/gnunet-regex-profiler.c:1557 msgid "name of the file for writing statistics" msgstr "nombre del fichero para escribir las estadísticas" -#: src/regex/gnunet-regex-profiler.c:1491 +#: src/regex/gnunet-regex-profiler.c:1563 #, fuzzy msgid "wait TIMEOUT before ending the experiment" msgstr "" "esperar «TIMEOUT» antes de considerar que una coincidencia de cadenas como " "fallida" -#: src/regex/gnunet-regex-profiler.c:1497 +#: src/regex/gnunet-regex-profiler.c:1569 msgid "directory with policy files" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1504 +#: src/regex/gnunet-regex-profiler.c:1576 #, fuzzy msgid "name of file with input strings" msgstr "nombre del fichero para escribir las estadísticas" -#: src/regex/gnunet-regex-profiler.c:1510 +#: src/regex/gnunet-regex-profiler.c:1582 #, fuzzy msgid "name of file with hosts' names" msgstr "nombre del fichero para escribir las estadísticas" -#: src/regex/gnunet-regex-profiler.c:1523 +#: src/regex/gnunet-regex-profiler.c:1595 msgid "Profiler for regex" msgstr "Perfilador para expresiones regulares." @@ -6312,10 +6491,10 @@ msgstr "" msgid "Calculate the Vectorproduct with a GNUnet peer." msgstr "" -#: src/scalarproduct/gnunet-service-scalarproduct_alice.c:1407 -#: src/scalarproduct/gnunet-service-scalarproduct_bob.c:1345 -#: src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c:1180 +#: src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c:1172 #: src/scalarproduct/gnunet-service-scalarproduct-ecc_bob.c:1063 +#: src/scalarproduct/gnunet-service-scalarproduct_alice.c:1401 +#: src/scalarproduct/gnunet-service-scalarproduct_bob.c:1345 #, fuzzy msgid "Connect to CADET failed\n" msgstr "Conexión fallida (¿bug?)\n" @@ -6340,7 +6519,7 @@ msgstr "" msgid "also profile decryption" msgstr "" -#: src/set/gnunet-service-set.c:1948 +#: src/set/gnunet-service-set.c:1989 #, fuzzy msgid "Could not connect to CADET service\n" msgstr "¡No se pudo conectar al servicio %s!\n" @@ -6401,116 +6580,116 @@ msgstr "" msgid "say good-bye and leave somebody else's place" msgstr "" -#: src/social/gnunet-social.c:1227 src/social/gnunet-social.c:1232 +#: src/social/gnunet-social.c:1227 msgid "create a place" msgstr "" -#: src/social/gnunet-social.c:1237 +#: src/social/gnunet-social.c:1232 msgid "destroy a place we were hosting" msgstr "" -#: src/social/gnunet-social.c:1242 +#: src/social/gnunet-social.c:1237 msgid "enter somebody else's place" msgstr "" -#: src/social/gnunet-social.c:1248 +#: src/social/gnunet-social.c:1243 msgid "find state matching name prefix" msgstr "" -#: src/social/gnunet-social.c:1253 +#: src/social/gnunet-social.c:1248 msgid "replay history of messages up to the given --limit" msgstr "" -#: src/social/gnunet-social.c:1258 +#: src/social/gnunet-social.c:1253 msgid "reconnect to a previously created place" msgstr "" -#: src/social/gnunet-social.c:1263 +#: src/social/gnunet-social.c:1258 msgid "publish something to a place we are hosting" msgstr "" -#: src/social/gnunet-social.c:1268 +#: src/social/gnunet-social.c:1263 msgid "reconnect to a previously entered place" msgstr "" -#: src/social/gnunet-social.c:1273 +#: src/social/gnunet-social.c:1268 msgid "search for state matching exact name" msgstr "" -#: src/social/gnunet-social.c:1278 +#: src/social/gnunet-social.c:1273 msgid "submit something to somebody's place" msgstr "" -#: src/social/gnunet-social.c:1283 +#: src/social/gnunet-social.c:1278 msgid "list of egos and subscribed places" msgstr "" -#: src/social/gnunet-social.c:1288 +#: src/social/gnunet-social.c:1283 msgid "extract and replay history between message IDs --start and --until" msgstr "" -#: src/social/gnunet-social.c:1297 +#: src/social/gnunet-social.c:1292 msgid "application ID to use when connecting" msgstr "" -#: src/social/gnunet-social.c:1303 +#: src/social/gnunet-social.c:1298 msgid "message body or state value" msgstr "" -#: src/social/gnunet-social.c:1309 +#: src/social/gnunet-social.c:1304 #, fuzzy msgid "name or public key of ego" msgstr "Parámetro no válido «%s»\n" -#: src/social/gnunet-social.c:1314 +#: src/social/gnunet-social.c:1309 #, fuzzy msgid "wait for incoming messages" msgstr "Falló al entregar el mensaje '%s'.\n" -#: src/social/gnunet-social.c:1320 +#: src/social/gnunet-social.c:1315 #, fuzzy msgid "GNS name" msgstr "Mostrar el _nombre" -#: src/social/gnunet-social.c:1326 +#: src/social/gnunet-social.c:1321 msgid "peer ID for --guest-enter" msgstr "" -#: src/social/gnunet-social.c:1332 +#: src/social/gnunet-social.c:1327 msgid "name (key) to query from state" msgstr "" -#: src/social/gnunet-social.c:1338 +#: src/social/gnunet-social.c:1333 #, fuzzy msgid "method name" msgstr "Mostrar el _nombre" -#: src/social/gnunet-social.c:1344 +#: src/social/gnunet-social.c:1339 #, fuzzy msgid "number of messages to replay from history" msgstr "número de mensajes a usar por iteración" -#: src/social/gnunet-social.c:1350 +#: src/social/gnunet-social.c:1345 msgid "key address of place" msgstr "" -#: src/social/gnunet-social.c:1356 +#: src/social/gnunet-social.c:1351 msgid "start message ID for history replay" msgstr "" -#: src/social/gnunet-social.c:1361 +#: src/social/gnunet-social.c:1356 msgid "respond to entry requests by admitting all guests" msgstr "" -#: src/social/gnunet-social.c:1367 +#: src/social/gnunet-social.c:1362 msgid "end message ID for history replay" msgstr "" -#: src/social/gnunet-social.c:1372 +#: src/social/gnunet-social.c:1367 msgid "respond to entry requests by refusing all guests" msgstr "" -#: src/social/gnunet-social.c:1382 +#: src/social/gnunet-social.c:1377 msgid "" "gnunet-social - Interact with the social service: enter/leave, send/receive " "messages, access history and state.\n" @@ -6703,7 +6882,7 @@ msgid "" msgstr "" #: src/testbed/gnunet-daemon-testbed-underlay.c:231 src/testing/list-keys.c:46 -#: src/testing/testing.c:288 src/util/gnunet-ecc.c:298 +#: src/testing/testing.c:288 src/util/gnunet-ecc.c:301 #, c-format msgid "Incorrect hostkey file format: %s\n" msgstr "El fichero de máquinas no tiene el formato correcto: %s\n" @@ -6777,16 +6956,6 @@ msgstr "Petición ignorada porque el ARM se está apagando.\n" msgid "%.s Unknown result code." msgstr "Código de respuesta del ARM desconocido.\n" -#: src/testbed/gnunet_testbed_mpi_spawn.c:118 -#, fuzzy -msgid "Waiting for child to exit.\n" -msgstr "Esperando a los pares para conectar (%u ciclos restantes)...\n" - -#: src/testbed/gnunet_testbed_mpi_spawn.c:241 -#, fuzzy, c-format -msgid "Spawning process `%s'\n" -msgstr "Iniciando el proceso auxiliar (HELPER) «%s»\n" - #: src/testbed/gnunet-testbed-profiler.c:290 msgid "tolerate COUNT number of continious timeout failures" msgstr "tolerar un número «COUNT» de continuas expiraciones de plazo" @@ -6798,6 +6967,16 @@ msgid "" "signal is received" msgstr "" +#: src/testbed/gnunet_testbed_mpi_spawn.c:118 +#, fuzzy +msgid "Waiting for child to exit.\n" +msgstr "Esperando a los pares para conectar (%u ciclos restantes)...\n" + +#: src/testbed/gnunet_testbed_mpi_spawn.c:241 +#, fuzzy, c-format +msgid "Spawning process `%s'\n" +msgstr "Iniciando el proceso auxiliar (HELPER) «%s»\n" + #: src/testbed/testbed_api.c:410 #, c-format msgid "Adding host %u failed with error: %s\n" @@ -7118,10 +7297,6 @@ msgstr "# mensajes «HELLO» recibidos" msgid "GNUnet topology control" msgstr "" -#: src/transport/gnunet-service-transport_ats.c:141 -msgid "# Addresses given to ATS" -msgstr "" - #: src/transport/gnunet-service-transport.c:448 msgid "# messages dropped due to slow client" msgstr "# mensajes omitidos debido a un cliente lento" @@ -7170,6 +7345,10 @@ msgstr "" "El servicio de transporte carece de opciones de configuración de clave. " "Saliendo.\n" +#: src/transport/gnunet-service-transport_ats.c:141 +msgid "# Addresses given to ATS" +msgstr "" + #: src/transport/gnunet-service-transport_hello.c:195 msgid "# refreshed my HELLO" msgstr "# refrescos de mi «HELLO»" @@ -7506,6 +7685,45 @@ msgstr "# Mensajes PONG omitidos, firma expirada" msgid "# validations succeeded" msgstr "# revalidaciones de direcciones iniciadas" +#: src/transport/gnunet-transport-profiler.c:219 +#, c-format +msgid "%llu B in %llu ms == %.2f KB/s!\n" +msgstr "" + +#: src/transport/gnunet-transport-profiler.c:617 +msgid "send data to peer" +msgstr "" + +#: src/transport/gnunet-transport-profiler.c:621 +#, fuzzy +msgid "receive data from peer" +msgstr "# respuestas recibidas de otros pares" + +#: src/transport/gnunet-transport-profiler.c:626 +#, fuzzy +msgid "iterations" +msgstr "Otras configuraciones" + +#: src/transport/gnunet-transport-profiler.c:631 +#, fuzzy +msgid "number of messages to send" +msgstr "número de mensajes a usar por iteración" + +#: src/transport/gnunet-transport-profiler.c:636 +#, fuzzy +msgid "message size to use" +msgstr "tamaño del mensaje" + +#: src/transport/gnunet-transport-profiler.c:641 +#: src/transport/gnunet-transport.c:1462 +msgid "peer identity" +msgstr "identidad del par" + +#: src/transport/gnunet-transport-profiler.c:652 +#: src/transport/gnunet-transport.c:1482 +msgid "Direct access to transport service." +msgstr "Acceso directo al servicio de transporte." + #: src/transport/gnunet-transport.c:413 #, c-format msgid "Transmitted %llu bytes/s (%llu bytes in %s)\n" @@ -7649,11 +7867,6 @@ msgstr "" msgid "do not resolve hostnames" msgstr "no resolver nombres de máquinas" -#: src/transport/gnunet-transport.c:1462 -#: src/transport/gnunet-transport-profiler.c:641 -msgid "peer identity" -msgstr "identidad del par" - #: src/transport/gnunet-transport.c:1466 #, fuzzy msgid "monitor plugin sessions" @@ -7663,43 +7876,9 @@ msgstr "# sesiones wlan pendientes" msgid "send data for benchmarking to the other peer (until CTRL-C)" msgstr "enviar data para prueba a otro par (hasta CTRL-C)" -#: src/transport/gnunet-transport.c:1482 -#: src/transport/gnunet-transport-profiler.c:652 -msgid "Direct access to transport service." -msgstr "Acceso directo al servicio de transporte." - -#: src/transport/gnunet-transport-profiler.c:219 -#, c-format -msgid "%llu B in %llu ms == %.2f KB/s!\n" -msgstr "" - -#: src/transport/gnunet-transport-profiler.c:617 -msgid "send data to peer" -msgstr "" - -#: src/transport/gnunet-transport-profiler.c:621 -#, fuzzy -msgid "receive data from peer" -msgstr "# respuestas recibidas de otros pares" - -#: src/transport/gnunet-transport-profiler.c:626 -#, fuzzy -msgid "iterations" -msgstr "Otras configuraciones" - -#: src/transport/gnunet-transport-profiler.c:631 -#, fuzzy -msgid "number of messages to send" -msgstr "número de mensajes a usar por iteración" - -#: src/transport/gnunet-transport-profiler.c:636 -#, fuzzy -msgid "message size to use" -msgstr "tamaño del mensaje" - #: src/transport/plugin_transport_http_client.c:1474 -#: src/transport/plugin_transport_http_server.c:2249 -#: src/transport/plugin_transport_http_server.c:3463 +#: src/transport/plugin_transport_http_server.c:2312 +#: src/transport/plugin_transport_http_server.c:3526 #: src/transport/plugin_transport_tcp.c:3890 #: src/transport/plugin_transport_tcp.c:3897 msgid "TCP_STEALTH not supported on this platform.\n" @@ -7713,13 +7892,13 @@ msgstr "" "módulo %s!\n" #: src/transport/plugin_transport_http_client.c:2164 -#: src/transport/plugin_transport_http_server.c:3178 +#: src/transport/plugin_transport_http_server.c:3241 #, c-format msgid "Shutting down plugin `%s'\n" msgstr "Finalizando el módulo «%s»\n" #: src/transport/plugin_transport_http_client.c:2181 -#: src/transport/plugin_transport_http_server.c:3248 +#: src/transport/plugin_transport_http_server.c:3311 #, c-format msgid "Shutdown for plugin `%s' complete\n" msgstr "Finalización del módulo «%s» completa\n" @@ -7729,7 +7908,7 @@ msgstr "Finalización del módulo «%s» completa\n" msgid "Maximum number of requests is %u\n" msgstr "El número máximo de conexiones es %u\n" -#: src/transport/plugin_transport_http_server.c:1727 +#: src/transport/plugin_transport_http_server.c:1756 #, c-format msgid "" "Access from connection %p (%u of %u) for `%s' `%s' url `%s' with upload data " @@ -7738,12 +7917,12 @@ msgstr "" "Acceso desde la conexión %p (%u de %u) para «%s» «%s» URL «%s» con tamaño de " "los datos de subida %u\n" -#: src/transport/plugin_transport_http_server.c:1967 +#: src/transport/plugin_transport_http_server.c:2028 #, c-format msgid "Accepting connection (%u of %u) from `%s'\n" msgstr "Aceptando conexión (%u de %u) desde «%s»\n" -#: src/transport/plugin_transport_http_server.c:1975 +#: src/transport/plugin_transport_http_server.c:2036 #, c-format msgid "" "Server reached maximum number connections (%u), rejecting new connection\n" @@ -7751,7 +7930,7 @@ msgstr "" "El servidor ha alcanzado el número máximo de conexiones (%u), rechazando " "nueva conexión\n" -#: src/transport/plugin_transport_http_server.c:2125 +#: src/transport/plugin_transport_http_server.c:2186 msgid "" "Could not create a new TLS certificate, program `gnunet-transport-" "certificate-creation' could not be started!\n" @@ -7759,84 +7938,84 @@ msgstr "" "¡No se pudo crear un certificado TLS nuevo, el programa «gnunet-transport-" "certificate-creation» no pudo ser iniciado!\n" -#: src/transport/plugin_transport_http_server.c:2148 +#: src/transport/plugin_transport_http_server.c:2209 #, fuzzy, c-format msgid "No usable TLS certificate found and creating one at `%s/%s' failed!\n" msgstr "" "¡No se encontró ningún certificado TLS útil y se produjo un fallo al crear " "uno!\n" -#: src/transport/plugin_transport_http_server.c:2275 +#: src/transport/plugin_transport_http_server.c:2338 msgid "Could not load or create server certificate! Loading plugin failed!\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2587 +#: src/transport/plugin_transport_http_server.c:2650 msgid "Require valid port number for service in configuration!\n" msgstr "¡Se necesita un puerto válido para el servicio en la configuración!\n" -#: src/transport/plugin_transport_http_server.c:2752 +#: src/transport/plugin_transport_http_server.c:2815 #, c-format msgid "Found %u addresses to report to NAT service\n" msgstr "Encontradas %u direcciones para comunicar al servicio NAT\n" -#: src/transport/plugin_transport_http_server.c:2838 +#: src/transport/plugin_transport_http_server.c:2901 #: src/transport/plugin_transport_udp.c:3622 msgid "Disabling IPv6 since it is not supported on this system!\n" msgstr "¡Deshabilitando IPv6 ya que no está soportado en este sistema!\n" -#: src/transport/plugin_transport_http_server.c:2944 +#: src/transport/plugin_transport_http_server.c:3007 #, c-format msgid "IPv4 support is %s\n" msgstr "El soporte IPv4 es %s\n" -#: src/transport/plugin_transport_http_server.c:2959 +#: src/transport/plugin_transport_http_server.c:3022 #, c-format msgid "IPv6 support is %s\n" msgstr "El soporte IPv6 es %s\n" -#: src/transport/plugin_transport_http_server.c:2965 +#: src/transport/plugin_transport_http_server.c:3028 msgid "Neither IPv4 nor IPv6 are enabled! Fix in configuration\n" msgstr "¡Ni IPv4 ni IPv6 están habilitadas! Corrija la configuración\n" -#: src/transport/plugin_transport_http_server.c:2976 +#: src/transport/plugin_transport_http_server.c:3039 msgid "Port is required! Fix in configuration\n" msgstr "¡El puerto es necesario! Corrija la configuración\n" -#: src/transport/plugin_transport_http_server.c:2982 +#: src/transport/plugin_transport_http_server.c:3045 #, c-format msgid "Using port %u\n" msgstr "Usando puerto %u\n" -#: src/transport/plugin_transport_http_server.c:3001 +#: src/transport/plugin_transport_http_server.c:3064 #, c-format msgid "Specific IPv4 address `%s' in configuration file is invalid!\n" msgstr "" "¡La dirección IPv4 «%s» especificada en el fichero de configuración no es " "válida!\n" -#: src/transport/plugin_transport_http_server.c:3036 +#: src/transport/plugin_transport_http_server.c:3099 #, c-format msgid "Specific IPv6 address `%s' in configuration file is invalid!\n" msgstr "" "¡La dirección IPv6 «%s» especificada en el fichero de configuración no es " "válida!\n" -#: src/transport/plugin_transport_http_server.c:3111 +#: src/transport/plugin_transport_http_server.c:3174 #, c-format msgid "Using external hostname `%s'\n" msgstr "Usando nombre de máquina externo «%s»\n" -#: src/transport/plugin_transport_http_server.c:3132 +#: src/transport/plugin_transport_http_server.c:3195 #, c-format msgid "Notifying transport only about hostname `%s'\n" msgstr "Notificando al transporte sólo el nombre de máquina «%s»\n" -#: src/transport/plugin_transport_http_server.c:3149 +#: src/transport/plugin_transport_http_server.c:3212 #, c-format msgid "Maximum number of connections is %u\n" msgstr "El número máximo de conexiones es %u\n" -#: src/transport/plugin_transport_http_server.c:3475 +#: src/transport/plugin_transport_http_server.c:3538 #, fuzzy msgid "Unable to compile URL regex\n" msgstr "¡Imposible obtener «HELLO» del par!\n" @@ -7981,23 +8160,6 @@ msgstr "Transporte TCP no escuchando en ningún puerto (únicamente cliente)\n" msgid "TCP transport advertises itself as being on port %llu\n" msgstr "El transporte TCP anuncia que está en el puerto %llu\n" -#: src/transport/plugin_transport_udp_broadcasting.c:168 -#, fuzzy -msgid "# Multicast HELLO beacons received via UDP" -msgstr "# beacons HELLO multicast IPv6 recibidos vía UDP" - -#: src/transport/plugin_transport_udp_broadcasting.c:548 -msgid "" -"Disabling HELLO broadcasting due to friend-to-friend only configuration!\n" -msgstr "" - -#: src/transport/plugin_transport_udp_broadcasting.c:565 -#, c-format -msgid "Failed to set IPv4 broadcast option for broadcast socket on port %d\n" -msgstr "" -"Se produjo un fallo al establecer la opción de «broadcast» IPv4 para el " -"«socket» en el puerto %d\n" - #: src/transport/plugin_transport_udp.c:3366 #, c-format msgid "" @@ -8052,6 +8214,23 @@ msgstr "«%s» no es una dirección IP válida.\n" msgid "Failed to create UDP network sockets\n" msgstr "Se produjo un fallo al crear una nueva firma" +#: src/transport/plugin_transport_udp_broadcasting.c:168 +#, fuzzy +msgid "# Multicast HELLO beacons received via UDP" +msgstr "# beacons HELLO multicast IPv6 recibidos vía UDP" + +#: src/transport/plugin_transport_udp_broadcasting.c:548 +msgid "" +"Disabling HELLO broadcasting due to friend-to-friend only configuration!\n" +msgstr "" + +#: src/transport/plugin_transport_udp_broadcasting.c:565 +#, c-format +msgid "Failed to set IPv4 broadcast option for broadcast socket on port %d\n" +msgstr "" +"Se produjo un fallo al establecer la opción de «broadcast» IPv4 para el " +"«socket» en el puerto %d\n" + #: src/transport/plugin_transport_unix.c:1403 #, fuzzy, c-format msgid "Cannot create path to `%s'\n" @@ -8171,7 +8350,7 @@ msgstr "" "El código de procesado para el mensaje del tipo %u no llamó a " "«GNUNET_SERVER_receive_done» después de %s\n" -#: src/transport/tcp_service_legacy.c:339 src/util/service.c:2337 +#: src/transport/tcp_service_legacy.c:339 src/util/service.c:2336 #, c-format msgid "Unknown address family %d\n" msgstr "Familia de direcciones %d desconocida\n" @@ -8220,52 +8399,52 @@ msgstr "Se produjo un fallo al inciar «%s» en «%s»\n" msgid "Service `%s' runs at %s\n" msgstr "El servicio «%s» se ejecuta en %s\n" -#: src/transport/tcp_service_legacy.c:1251 src/util/service.c:1501 +#: src/transport/tcp_service_legacy.c:1251 src/util/service.c:1500 msgid "Service process failed to initialize\n" msgstr "No se pudo inicializar el proceso del servicio\n" -#: src/transport/tcp_service_legacy.c:1255 src/util/service.c:1505 +#: src/transport/tcp_service_legacy.c:1255 src/util/service.c:1504 msgid "Service process could not initialize server function\n" msgstr "" "No se pudo inicializar la función del servidor en el proceso del servicio\n" -#: src/transport/tcp_service_legacy.c:1259 src/util/service.c:1509 +#: src/transport/tcp_service_legacy.c:1259 src/util/service.c:1508 msgid "Service process failed to report status\n" msgstr "El proceso del servicio no devolvió un estado\n" #: src/transport/tcp_service_legacy.c:1313 src/util/disk.c:1488 -#: src/util/service.c:1379 +#: src/util/service.c:1378 #, c-format msgid "Cannot obtain information about user `%s': %s\n" msgstr "No se pudo obtener información acerca del usuario «%s»: %s\n" -#: src/transport/tcp_service_legacy.c:1314 src/util/service.c:1381 +#: src/transport/tcp_service_legacy.c:1314 src/util/service.c:1380 msgid "No such user" msgstr "No existe tal usuario" -#: src/transport/tcp_service_legacy.c:1327 src/util/service.c:1400 +#: src/transport/tcp_service_legacy.c:1327 src/util/service.c:1399 #, c-format msgid "Cannot change user/group to `%s': %s\n" msgstr "Imposible cambiar el usuario/grupo a «%s»: %s\n" -#: src/transport/tcp_service_legacy.c:1398 src/util/service.c:1728 +#: src/transport/tcp_service_legacy.c:1398 src/util/service.c:1727 msgid "do daemonize (detach from terminal)" msgstr "demonizar (desasociar del terminal)" #: src/transport/tcp_service_legacy.c:1448 src/util/program.c:244 -#: src/util/service.c:1791 +#: src/util/service.c:1790 #, fuzzy, c-format msgid "Malformed configuration file `%s', exit ...\n" msgstr "Se produjo un fallo al borrar el fichero de configuración %s\n" #: src/transport/tcp_service_legacy.c:1458 src/util/program.c:261 -#: src/util/service.c:1802 +#: src/util/service.c:1801 #, fuzzy msgid "Malformed configuration, exit ...\n" msgstr "Se produjo un fallo al borrar el fichero de configuración %s\n" #: src/transport/tcp_service_legacy.c:1463 src/util/program.c:256 -#: src/util/service.c:1808 +#: src/util/service.c:1807 #, c-format msgid "Could not access configuration file `%s'\n" msgstr "No se pudo acceder al fichero de configuración «%s»\n" @@ -8309,53 +8488,53 @@ msgstr "Se produjo un fallo al deserializar los metadatos «%s»" msgid "Need a non-empty hostname for service `%s'.\n" msgstr "Se necesita un nombre de máquina no vacío para el servicio «%s».\n" -#: src/util/common_logging.c:256 src/util/common_logging.c:1129 +#: src/util/common_logging.c:259 src/util/common_logging.c:1132 msgid "DEBUG" msgstr "DEPURACIÓN" -#: src/util/common_logging.c:258 src/util/common_logging.c:1127 +#: src/util/common_logging.c:261 src/util/common_logging.c:1130 msgid "INFO" msgstr "INFORMACIÓN" -#: src/util/common_logging.c:260 src/util/common_logging.c:1125 +#: src/util/common_logging.c:263 src/util/common_logging.c:1128 msgid "MESSAGE" msgstr "MENSAJE" -#: src/util/common_logging.c:262 src/util/common_logging.c:1123 +#: src/util/common_logging.c:265 src/util/common_logging.c:1126 msgid "WARNING" msgstr "PELIGRO" -#: src/util/common_logging.c:264 src/util/common_logging.c:1121 +#: src/util/common_logging.c:267 src/util/common_logging.c:1124 msgid "ERROR" msgstr "ERROR" -#: src/util/common_logging.c:266 src/util/common_logging.c:1131 +#: src/util/common_logging.c:269 src/util/common_logging.c:1134 msgid "NONE" msgstr "NINGUNO" -#: src/util/common_logging.c:879 +#: src/util/common_logging.c:882 #, c-format msgid "Message `%.*s' repeated %u times in the last %s\n" msgstr "Mensaje `%.*s» repetido %u veces en el último %s\n" -#: src/util/common_logging.c:1132 +#: src/util/common_logging.c:1135 msgid "INVALID" msgstr "NO VÁLIDO" -#: src/util/common_logging.c:1302 +#: src/util/common_logging.c:1326 msgid "unknown address" msgstr "dirección desconocida" -#: src/util/common_logging.c:1344 +#: src/util/common_logging.c:1368 msgid "invalid address" msgstr "dirección no válida" -#: src/util/common_logging.c:1362 +#: src/util/common_logging.c:1386 #, c-format msgid "Configuration fails to specify option `%s' in section `%s'!\n" msgstr "¡La configuración no especifica la opción «%s» en la sección «%s»!\n" -#: src/util/common_logging.c:1383 +#: src/util/common_logging.c:1407 #, c-format msgid "" "Configuration specifies invalid value for option `%s' in section `%s': %s\n" @@ -8363,17 +8542,17 @@ msgstr "" "La configuración especifica un valor no válido en la opción «%s» de la " "sección «%s»: %s\n" -#: src/util/configuration.c:286 +#: src/util/configuration.c:296 #, c-format msgid "Syntax error while deserializing in line %u\n" msgstr "Error de sintaxis en la línea %u mientras se deserializaba\n" -#: src/util/configuration.c:344 +#: src/util/configuration.c:355 #, fuzzy, c-format msgid "Error while reading file `%s'\n" msgstr "Error decodificando clave %u\n" -#: src/util/configuration.c:1017 +#: src/util/configuration.c:1034 #, c-format msgid "" "Configuration value '%s' for '%s' in section '%s' is not in set of legal " @@ -8382,17 +8561,17 @@ msgstr "" "El valor de configuración «%s» para «%s» de la sección «%s» no está dentro " "de las opciones legales\n" -#: src/util/configuration.c:1136 +#: src/util/configuration.c:1153 #, c-format msgid "Recursive expansion suspected, aborting $-expansion for term `%s'\n" msgstr "" -#: src/util/configuration.c:1169 +#: src/util/configuration.c:1186 #, fuzzy, c-format msgid "Missing closing `%s' in option `%s'\n" msgstr "Falta la opción «%s» para la operación «%s»\n" -#: src/util/configuration.c:1237 +#: src/util/configuration.c:1254 #, c-format msgid "" "Failed to expand `%s' in `%s' as it is neither found in [PATHS] nor defined " @@ -8428,23 +8607,23 @@ msgstr "La verificación de la firma RSA fallo en %s:%d: %s\n" msgid "EdDSA signature verification failed at %s:%d: %s\n" msgstr "La verificación de la firma RSA fallo en %s:%d: %s\n" -#: src/util/crypto_ecc_setup.c:122 src/util/crypto_ecc_setup.c:160 -#: src/util/crypto_ecc_setup.c:278 src/util/crypto_ecc_setup.c:316 +#: src/util/crypto_ecc_setup.c:122 src/util/crypto_ecc_setup.c:161 +#: src/util/crypto_ecc_setup.c:279 src/util/crypto_ecc_setup.c:317 #, c-format msgid "Could not acquire lock on file `%s': %s...\n" msgstr "No se pudo bloquear el fichero «%s»: %s...\n" -#: src/util/crypto_ecc_setup.c:127 src/util/crypto_ecc_setup.c:283 +#: src/util/crypto_ecc_setup.c:128 src/util/crypto_ecc_setup.c:284 msgid "Creating a new private key. This may take a while.\n" msgstr "Generando una clave privada nueva. Esto puede tomar un tiempo.\n" -#: src/util/crypto_ecc_setup.c:164 src/util/crypto_ecc_setup.c:320 +#: src/util/crypto_ecc_setup.c:165 src/util/crypto_ecc_setup.c:322 msgid "This may be ok if someone is currently generating a private key.\n" msgstr "" "Esto puede estar bien si alguien está actualmente generando una clave " "privada.\n" -#: src/util/crypto_ecc_setup.c:194 src/util/crypto_ecc_setup.c:350 +#: src/util/crypto_ecc_setup.c:195 src/util/crypto_ecc_setup.c:352 #, c-format msgid "" "When trying to read key file `%s' I found %u bytes but I need at least %u.\n" @@ -8452,13 +8631,13 @@ msgstr "" "Cuando se intentaba leer el fichero de claves «%s» se encontraron %u bytes " "pero al menos %u son necesarios.\n" -#: src/util/crypto_ecc_setup.c:198 src/util/crypto_ecc_setup.c:354 +#: src/util/crypto_ecc_setup.c:199 src/util/crypto_ecc_setup.c:356 msgid "This may be ok if someone is currently generating a key.\n" msgstr "" "Esto puede ser correcto si alguien está actualmente generando una clave de " "máquina.\n" -#: src/util/crypto_ecc_setup.c:413 +#: src/util/crypto_ecc_setup.c:415 #, fuzzy msgid "Could not load peer's private key\n" msgstr "No se pudo acceder a la clave de máquina.\n" @@ -8651,22 +8830,22 @@ msgstr "" msgid "Manipulate GNUnet configuration files" msgstr "Manipular ficheros de configuración de GNUnet" -#: src/util/gnunet-ecc.c:84 +#: src/util/gnunet-ecc.c:89 #, c-format msgid "Failed to open `%s': %s\n" msgstr "Se produjo un fallo al abrir «%s»: %s\n" -#: src/util/gnunet-ecc.c:120 +#: src/util/gnunet-ecc.c:125 #, fuzzy, c-format msgid "Generating %u keys like %s, please wait" msgstr "Generando %u claves, por favor, espere" -#: src/util/gnunet-ecc.c:133 +#: src/util/gnunet-ecc.c:138 #, c-format msgid "Generating %u keys, please wait" msgstr "Generando %u claves, por favor, espere" -#: src/util/gnunet-ecc.c:174 +#: src/util/gnunet-ecc.c:179 #, c-format msgid "" "\n" @@ -8675,60 +8854,65 @@ msgstr "" "\n" "Se produjo un fallo al escribir en «%s»: %s\n" -#: src/util/gnunet-ecc.c:184 +#: src/util/gnunet-ecc.c:189 #, fuzzy, c-format msgid "" "\n" "Finished!\n" msgstr "¡Finalizado!\n" -#: src/util/gnunet-ecc.c:187 +#: src/util/gnunet-ecc.c:192 #, c-format msgid "" "\n" "Error, %u keys not generated\n" msgstr "" -#: src/util/gnunet-ecc.c:280 +#: src/util/gnunet-ecc.c:283 #, fuzzy, c-format msgid "Hostkeys file `%s' not found\n" msgstr "El fichero de máquinas %s no fue encontrado\n" -#: src/util/gnunet-ecc.c:291 +#: src/util/gnunet-ecc.c:294 #, fuzzy, c-format msgid "Hostkeys file `%s' is empty\n" msgstr "El archivo de amigos «%s» está vacío.\n" -#: src/util/gnunet-ecc.c:313 +#: src/util/gnunet-ecc.c:316 #, fuzzy, c-format msgid "Could not read hostkey file: %s\n" msgstr "¡No se puede leer el fichero de claves de máquina!\n" -#: src/util/gnunet-ecc.c:364 +#: src/util/gnunet-ecc.c:367 msgid "No hostkey file specified on command line\n" msgstr "No se ha especificado la clave de máquina en la línea de comandos\n" -#: src/util/gnunet-ecc.c:416 +#: src/util/gnunet-ecc.c:425 msgid "list keys included in a file (for testing)" msgstr "" -#: src/util/gnunet-ecc.c:421 +#: src/util/gnunet-ecc.c:430 msgid "number of keys to list included in a file (for testing)" msgstr "" -#: src/util/gnunet-ecc.c:426 +#: src/util/gnunet-ecc.c:435 msgid "create COUNT public-private key pairs (for testing)" msgstr "crea «COUNT» pares de claves pública-privada (para pruebas)" -#: src/util/gnunet-ecc.c:430 +#: src/util/gnunet-ecc.c:439 msgid "print the public key in ASCII format" msgstr "imprime la clave pública en formato ASCII" -#: src/util/gnunet-ecc.c:434 +#: src/util/gnunet-ecc.c:443 +#, fuzzy +msgid "print the public key in HEX format" +msgstr "imprime la clave pública en formato ASCII" + +#: src/util/gnunet-ecc.c:447 msgid "print examples of ECC operations (used for compatibility testing)" msgstr "" -#: src/util/gnunet-ecc.c:449 +#: src/util/gnunet-ecc.c:463 msgid "Manipulate GNUnet private ECC key files" msgstr "Manipular los ficheros de clave privada ECC de GNUnet" @@ -8823,7 +9007,7 @@ msgstr "Error escribiendo a «%s»: %s\n" msgid "Unable to shorten unix path `%s' while keeping name unique\n" msgstr "Imposible acortar la ruta unix «%s» manteniendo el nombre único\n" -#: src/util/network.c:1793 src/util/network.c:1969 +#: src/util/network.c:1793 src/util/network.c:1977 #, c-format msgid "" "Fatal internal logic error, process hangs in `%s' (abort with CTRL-C)!\n" @@ -8879,7 +9063,7 @@ msgstr "Falló «%s» para la biblioteca «%s» con error: %s\n" msgid "Could not determine plugin installation path.\n" msgstr "No se pudo determinar la ruta de instalación de los módulos.\n" -#: src/util/resolver_api.c:204 +#: src/util/resolver_api.c:203 #, c-format msgid "" "Missing `%s' for `%s' in configuration, DNS resolution will be unavailable.\n" @@ -8894,12 +9078,12 @@ msgstr "" "¡Se debe especificar «%s» o una dirección numérica IP para «%s» de «%s» en " "la configuración!\n" -#: src/util/resolver_api.c:815 +#: src/util/resolver_api.c:826 #, c-format msgid "Timeout trying to resolve hostname `%s'.\n" msgstr "Expiración de plazo intentando resolver el nombre de máquina «%s».\n" -#: src/util/resolver_api.c:827 +#: src/util/resolver_api.c:839 #, c-format msgid "Timeout trying to resolve IP address `%s'.\n" msgstr "Expiración de plazo intentando resolver la dirección IP «%s».\n" @@ -8907,24 +9091,24 @@ msgstr "Expiración de plazo intentando resolver la dirección IP «%s».\n" # Miguel: He traducido "default" por "predeterminado", la locución # "por defecto" no tiene sentido en sitios como este y he tratado # de ser consistente. -#: src/util/resolver_api.c:1004 +#: src/util/resolver_api.c:1023 #, fuzzy msgid "Resolver not configured correctly.\n" msgstr "¡El servicio predeterminado «%s» no está configurado correctamente!\n" -#: src/util/resolver_api.c:1086 src/util/resolver_api.c:1107 -#: src/util/resolver_api.c:1121 +#: src/util/resolver_api.c:1109 src/util/resolver_api.c:1132 +#: src/util/resolver_api.c:1146 #, fuzzy, c-format msgid "Could not resolve our FQDN: %s\n" msgstr "" "No se pudo resolver nuestro nombre de dominio cualificado (FQDN) : %s\n" -#: src/util/service.c:1306 +#: src/util/service.c:1305 msgid "" "Could not bind to any of the ports I was supposed to, refusing to run!\n" msgstr "" -#: src/util/service.c:2082 +#: src/util/service.c:2081 #, fuzzy, c-format msgid "" "Processing code for message of type %u did not call " @@ -9003,67 +9187,67 @@ msgstr "días" msgid "end of time" msgstr "fin del plazo" -#: src/util/strings.c:1269 +#: src/util/strings.c:1270 msgid "IPv6 address did not start with `['\n" msgstr "La dirección IPv6 no empezaba con «[»\n" -#: src/util/strings.c:1277 +#: src/util/strings.c:1278 msgid "IPv6 address did contain ':' to separate port number\n" msgstr "La dirección IPv6 contenía «:» para separar el número de puerto\n" -#: src/util/strings.c:1283 +#: src/util/strings.c:1284 msgid "IPv6 address did contain ']' before ':' to separate port number\n" msgstr "" "La dirección IPv6 contenía «]» antes de «:» para separar el número de " "puerto\n" -#: src/util/strings.c:1290 +#: src/util/strings.c:1291 msgid "IPv6 address did contain a valid port number after the last ':'\n" msgstr "" "La dirección IPv6 contenía un número de puerto válido después del último " "«:»\n" -#: src/util/strings.c:1299 +#: src/util/strings.c:1300 #, c-format msgid "Invalid IPv6 address `%s': %s\n" msgstr "Dirección IPv6 «%s» no válida: %s\n" -#: src/util/strings.c:1571 src/util/strings.c:1587 +#: src/util/strings.c:1572 src/util/strings.c:1588 msgid "Port not in range\n" msgstr "" -#: src/util/strings.c:1596 +#: src/util/strings.c:1597 #, fuzzy, c-format msgid "Malformed port policy `%s'\n" msgstr "Se produjo un fallo al iniciar el servicio «%s»\n" -#: src/util/strings.c:1679 src/util/strings.c:1710 src/util/strings.c:1758 -#: src/util/strings.c:1779 +#: src/util/strings.c:1680 src/util/strings.c:1711 src/util/strings.c:1759 +#: src/util/strings.c:1780 #, c-format msgid "Invalid format for IP: `%s'\n" msgstr "Formato no válido para la IP: «%s»\n" -#: src/util/strings.c:1736 +#: src/util/strings.c:1737 #, c-format msgid "Invalid network notation ('/%d' is not legal in IPv4 CIDR)." msgstr "Notación de red no válida («/%d» no es válido en IPv4 CIDR)." -#: src/util/strings.c:1788 +#: src/util/strings.c:1789 #, fuzzy, c-format msgid "Invalid format: `%s'\n" msgstr "Formato de tiempo no válido «%s»\n" -#: src/util/strings.c:1840 +#: src/util/strings.c:1841 #, c-format msgid "Invalid network notation (does not end with ';': `%s')\n" msgstr "Notación de red no válida (no termina con «;»: «%s»)\n" -#: src/util/strings.c:1890 +#: src/util/strings.c:1891 #, c-format msgid "Wrong format `%s' for netmask\n" msgstr "Formato «%s» erroneo para máscara de red\n" -#: src/util/strings.c:1921 +#: src/util/strings.c:1922 #, c-format msgid "Wrong format `%s' for network\n" msgstr "Formato «%s» erroneo para red\n" @@ -9244,26 +9428,41 @@ msgstr "el servicio es ofrecido vía UDP" msgid "Setup tunnels via VPN." msgstr "Configurar túneles vía VPN." -#: src/zonemaster/gnunet-service-zonemaster.c:705 +#: src/zonemaster/gnunet-service-zonemaster.c:706 msgid "Failed to connect to the namestore!\n" msgstr "¡Se produjo un fallo al conectar con el almacén de nombres!\n" -#: src/include/gnunet_common.h:674 src/include/gnunet_common.h:681 -#: src/include/gnunet_common.h:691 src/include/gnunet_common.h:699 +#: src/include/gnunet_common.h:689 src/include/gnunet_common.h:696 +#: src/include/gnunet_common.h:706 src/include/gnunet_common.h:714 #, c-format msgid "Assertion failed at %s:%d.\n" msgstr "Aserción fallida en %s:%d.\n" -#: src/include/gnunet_common.h:711 +#: src/include/gnunet_common.h:726 #, c-format msgid "External protocol violation detected at %s:%d.\n" msgstr "Violación externa del protocolo detectada en %s:%d.\n" -#: src/include/gnunet_common.h:738 src/include/gnunet_common.h:747 +#: src/include/gnunet_common.h:753 src/include/gnunet_common.h:762 #, c-format msgid "`%s' failed on file `%s' at %s:%d with error: %s\n" msgstr "«%s» falló en el fichero «%s» en %s:%d con el error: %s\n" +#, fuzzy +#~ msgid "Token `%s' is malformed\n" +#~ msgstr "El bloque del tipo %u está mal formado\n" + +#~ msgid "Failed to create indices\n" +#~ msgstr "Se produjo un fallo al crear los índices\n" + +#, fuzzy +#~ msgid "`%s:%s' failed at %s:%d with error: %s\n" +#~ msgstr "«%s:%s» falló en %s:%d con error: %s" + +#, fuzzy +#~ msgid "Unable to connect to Postgres database '%s': %s\n" +#~ msgstr "Imposible guardar el fichero de configuración '%s':" + #, fuzzy #~ msgid "Misconfiguration (can not connect to the ARM service)" #~ msgstr "¡Se produjo un fallo al conectar con el servicio dv!\n" @@ -9473,9 +9672,6 @@ msgstr "«%s» falló en el fichero «%s» en %s:%d con el error: %s\n" #~ msgid "# transmission request failures" #~ msgstr "# fallos en peticiones de transmisión" -#~ msgid "# bytes sent to datastore" -#~ msgstr "# bytes mandados al almacén de datos" - #~ msgid "Failed to receive status response from database." #~ msgstr "" #~ "Se produjo un fallo al recibir el estado de respuesta de la base de datos." @@ -9856,10 +10052,6 @@ msgstr "«%s» falló en el fichero «%s» en %s:%d con el error: %s\n" #~ "Petición de transmisión de iteración de expiración al servicio de " #~ "información de pares (PEERINFO)." -#, fuzzy -#~ msgid "Error reading sensor version\n" -#~ msgstr "Error leyendo «%s»: %s" - #, fuzzy #~ msgid "Error reading sensor category\n" #~ msgstr "Error leyendo «%s»: %s" diff --git a/po/fr.po b/po/fr.po index ef1361425..be24a2c35 100644 --- a/po/fr.po +++ b/po/fr.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: gnunet 0.10.1\n" "Report-Msgid-Bugs-To: gnunet-developers@mail.gnu.org\n" -"POT-Creation-Date: 2017-03-31 19:22-0500\n" +"POT-Creation-Date: 2017-10-20 15:14+0000\n" "PO-Revision-Date: 2015-12-24 01:20+0100\n" "Last-Translator: Stéphane Aulery \n" "Language-Team: French \n" @@ -267,7 +267,7 @@ msgid "Have neither PORT nor UNIXPATH for service `%s', but one is required\n" msgstr "" #: src/arm/gnunet-service-arm.c:513 -#: src/transport/plugin_transport_http_server.c:2621 +#: src/transport/plugin_transport_http_server.c:2684 #: src/transport/plugin_transport_tcp.c:1259 #: src/transport/tcp_service_legacy.c:696 src/util/service.c:782 #, c-format @@ -275,7 +275,7 @@ msgid "Failed to resolve `%s': %s\n" msgstr "Résolution de « %s » échouée : %s\n" #: src/arm/gnunet-service-arm.c:532 -#: src/transport/plugin_transport_http_server.c:2639 +#: src/transport/plugin_transport_http_server.c:2702 #: src/transport/plugin_transport_tcp.c:1278 #: src/transport/tcp_service_legacy.c:715 src/util/service.c:802 #, c-format @@ -348,133 +348,14 @@ msgstr "" msgid "Initiating shutdown as requested by client.\n" msgstr "" -#: src/ats/gnunet-ats-solver-eval.c:2781 src/ats/gnunet-ats-solver-eval.c:2822 -#, c-format -msgid "" -"Could not load quota for network `%s': `%s', assigning default bandwidth " -"%llu\n" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:2799 -#, c-format -msgid "" -"No outbound quota configured for network `%s', assigning default bandwidth " -"%llu\n" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:2840 -#, c-format -msgid "" -"No outbound quota configure for network `%s', assigning default bandwidth " -"%llu\n" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:3294 -#: src/ats-tests/gnunet-solver-eval.c:939 -msgid "solver to use" -msgstr "solveur utilisé" - -#: src/ats/gnunet-ats-solver-eval.c:3299 -#: src/ats-tests/gnunet-solver-eval.c:945 -#: src/ats-tests/gnunet-solver-eval.c:950 -msgid "experiment to use" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:3306 -msgid "print logging" -msgstr "afficher le journal" - -#: src/ats/gnunet-ats-solver-eval.c:3311 -msgid "save logging to disk" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:3316 -msgid "disable normalization" -msgstr "" - -#: src/ats/gnunet-service-ats_plugins.c:304 -#, c-format -msgid "" -"Could not load %s quota for network `%s': `%s', assigning default bandwidth " -"%llu\n" -msgstr "" - -#: src/ats/gnunet-service-ats_plugins.c:314 -#, c-format -msgid "%s quota configured for network `%s' is %llu\n" -msgstr "" - -#: src/ats/gnunet-service-ats_plugins.c:359 -#, c-format -msgid "" -"No %s-quota configured for network `%s', assigning default bandwidth %llu\n" -msgstr "" - -#: src/ats/gnunet-service-ats_plugins.c:451 -#, c-format -msgid "Failed to initialize solver `%s'!\n" -msgstr "" - -#: src/ats/plugin_ats_mlp.c:1274 -msgid "Problem size too large, cannot allocate memory!\n" -msgstr "" - -#: src/ats/plugin_ats_mlp.c:1869 -#, c-format -msgid "Adding address for peer `%s' multiple times\n" -msgstr "" - -#: src/ats/plugin_ats_mlp.c:1913 -#, c-format -msgid "Updating address property for peer `%s' %p not added before\n" -msgstr "" - -#: src/ats/plugin_ats_mlp.c:2475 -msgid "" -"MLP solver is not optimizing for anything, changing to feasibility check\n" -msgstr "" - -#: src/ats/plugin_ats_mlp.c:2515 src/ats/plugin_ats_mlp.c:2532 -#: src/ats/plugin_ats_mlp.c:2564 src/ats/plugin_ats_mlp.c:2582 -#: src/ats/plugin_ats_mlp.c:2601 src/ats/plugin_ats_proportional.c:1141 -#: src/ats/plugin_ats_ril.c:2612 src/ats/plugin_ats_ril.c:2629 -#: src/ats/plugin_ats_ril.c:2646 src/ats/plugin_ats_ril.c:2663 -#: src/ats/plugin_ats_ril.c:2680 src/ats/plugin_ats_ril.c:2697 -#: src/ats/plugin_ats_ril.c:2714 src/ats/plugin_ats_ril.c:2731 -#, fuzzy, c-format -msgid "Invalid %s configuration %f \n" -msgstr "fornat invalide : « %s »\n" - -#: src/ats/plugin_ats_mlp.c:2670 -#, c-format -msgid "" -"Adjusting inconsistent outbound quota configuration for network `%s', is " -"%llu must be at least %llu\n" -msgstr "" - -#: src/ats/plugin_ats_mlp.c:2679 -#, c-format -msgid "" -"Adjusting inconsistent inbound quota configuration for network `%s', is %llu " -"must be at least %llu\n" -msgstr "" - -#: src/ats/plugin_ats_mlp.c:2689 -#, c-format -msgid "" -"Adjusting outbound quota configuration for network `%s'from %llu to %.0f\n" -msgstr "" +#: src/ats-tests/ats-testing-log.c:837 +msgid "Stop logging\n" +msgstr "Arrêter la journalisation\n" -#: src/ats/plugin_ats_mlp.c:2698 +#: src/ats-tests/ats-testing-log.c:892 #, c-format -msgid "" -"Adjusting inbound quota configuration for network `%s' from %llu to %.0f\n" -msgstr "" - -#: src/ats/plugin_ats_proportional.c:1164 -#, fuzzy, c-format -msgid "Invalid %s configuration %f\n" -msgstr "fornat invalide : « %s »\n" +msgid "Start logging `%s'\n" +msgstr "Démarrer la journalisation « %s »\n" #: src/ats-tests/ats-testing.c:422 #, c-format @@ -486,15 +367,6 @@ msgstr "" msgid "Failed to connect master peer [%u] with slave [%u]\n" msgstr "" -#: src/ats-tests/ats-testing-log.c:837 -msgid "Stop logging\n" -msgstr "Arrêter la journalisation\n" - -#: src/ats-tests/ats-testing-log.c:892 -#, c-format -msgid "Start logging `%s'\n" -msgstr "Démarrer la journalisation « %s »\n" - #: src/ats-tests/gnunet-ats-sim.c:90 #, c-format msgid "" @@ -502,6 +374,15 @@ msgid "" "= %u KiB/s\n" msgstr "" +#: src/ats-tests/gnunet-solver-eval.c:939 src/ats/gnunet-ats-solver-eval.c:3294 +msgid "solver to use" +msgstr "solveur utilisé" + +#: src/ats-tests/gnunet-solver-eval.c:945 +#: src/ats-tests/gnunet-solver-eval.c:950 src/ats/gnunet-ats-solver-eval.c:3299 +msgid "experiment to use" +msgstr "" + #: src/ats-tool/gnunet-ats.c:307 #, c-format msgid "%u address resolutions had a timeout\n" @@ -617,6 +498,123 @@ msgstr "" msgid "Print information about ATS state" msgstr "" +#: src/ats/gnunet-ats-solver-eval.c:2781 src/ats/gnunet-ats-solver-eval.c:2822 +#, c-format +msgid "" +"Could not load quota for network `%s': `%s', assigning default bandwidth " +"%llu\n" +msgstr "" + +#: src/ats/gnunet-ats-solver-eval.c:2799 +#, c-format +msgid "" +"No outbound quota configured for network `%s', assigning default bandwidth " +"%llu\n" +msgstr "" + +#: src/ats/gnunet-ats-solver-eval.c:2840 +#, c-format +msgid "" +"No outbound quota configure for network `%s', assigning default bandwidth " +"%llu\n" +msgstr "" + +#: src/ats/gnunet-ats-solver-eval.c:3306 +msgid "print logging" +msgstr "afficher le journal" + +#: src/ats/gnunet-ats-solver-eval.c:3311 +msgid "save logging to disk" +msgstr "" + +#: src/ats/gnunet-ats-solver-eval.c:3316 +msgid "disable normalization" +msgstr "" + +#: src/ats/gnunet-service-ats_plugins.c:304 +#, c-format +msgid "" +"Could not load %s quota for network `%s': `%s', assigning default bandwidth " +"%llu\n" +msgstr "" + +#: src/ats/gnunet-service-ats_plugins.c:314 +#, c-format +msgid "%s quota configured for network `%s' is %llu\n" +msgstr "" + +#: src/ats/gnunet-service-ats_plugins.c:359 +#, c-format +msgid "" +"No %s-quota configured for network `%s', assigning default bandwidth %llu\n" +msgstr "" + +#: src/ats/gnunet-service-ats_plugins.c:451 +#, c-format +msgid "Failed to initialize solver `%s'!\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:1274 +msgid "Problem size too large, cannot allocate memory!\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:1869 +#, c-format +msgid "Adding address for peer `%s' multiple times\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:1913 +#, c-format +msgid "Updating address property for peer `%s' %p not added before\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:2475 +msgid "" +"MLP solver is not optimizing for anything, changing to feasibility check\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:2515 src/ats/plugin_ats_mlp.c:2532 +#: src/ats/plugin_ats_mlp.c:2564 src/ats/plugin_ats_mlp.c:2582 +#: src/ats/plugin_ats_mlp.c:2601 src/ats/plugin_ats_proportional.c:1141 +#: src/ats/plugin_ats_ril.c:2612 src/ats/plugin_ats_ril.c:2629 +#: src/ats/plugin_ats_ril.c:2646 src/ats/plugin_ats_ril.c:2663 +#: src/ats/plugin_ats_ril.c:2680 src/ats/plugin_ats_ril.c:2697 +#: src/ats/plugin_ats_ril.c:2714 src/ats/plugin_ats_ril.c:2731 +#, fuzzy, c-format +msgid "Invalid %s configuration %f \n" +msgstr "fornat invalide : « %s »\n" + +#: src/ats/plugin_ats_mlp.c:2670 +#, c-format +msgid "" +"Adjusting inconsistent outbound quota configuration for network `%s', is " +"%llu must be at least %llu\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:2679 +#, c-format +msgid "" +"Adjusting inconsistent inbound quota configuration for network `%s', is %llu " +"must be at least %llu\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:2689 +#, c-format +msgid "" +"Adjusting outbound quota configuration for network `%s'from %llu to %.0f\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:2698 +#, c-format +msgid "" +"Adjusting inbound quota configuration for network `%s' from %llu to %.0f\n" +msgstr "" + +#: src/ats/plugin_ats_proportional.c:1164 +#, fuzzy, c-format +msgid "Invalid %s configuration %f\n" +msgstr "fornat invalide : « %s »\n" + #: src/auction/gnunet-auction-create.c:163 msgid "description of the item to be sold" msgstr "" @@ -755,6 +753,28 @@ msgstr "" msgid "Connection to conversation service lost, trying to reconnect\n" msgstr "" +#: src/conversation/gnunet-conversation-test.c:119 +#, c-format +msgid "" +"\n" +"End of transmission. Have a GNU day.\n" +msgstr "" + +#: src/conversation/gnunet-conversation-test.c:145 +#, c-format +msgid "" +"\n" +"We are now playing your recording back. If you can hear it, your audio " +"settings are working..." +msgstr "" + +#: src/conversation/gnunet-conversation-test.c:210 +#, c-format +msgid "" +"We will now be recording you for %s. After that time, the recording will be " +"played back to you..." +msgstr "" + #: src/conversation/gnunet-conversation.c:269 #, c-format msgid "Incoming call from `%s'. Please /accept %u or /cancel %u the call.\n" @@ -1008,30 +1028,8 @@ msgstr "" msgid "Enables having a conversation with other GNUnet users." msgstr "" -#: src/conversation/gnunet-conversation-test.c:119 -#, c-format -msgid "" -"\n" -"End of transmission. Have a GNU day.\n" -msgstr "" - -#: src/conversation/gnunet-conversation-test.c:145 -#, c-format -msgid "" -"\n" -"We are now playing your recording back. If you can hear it, your audio " -"settings are working..." -msgstr "" - -#: src/conversation/gnunet-conversation-test.c:210 -#, c-format -msgid "" -"We will now be recording you for %s. After that time, the recording will be " -"played back to you..." -msgstr "" - -#: src/conversation/gnunet_gst.c:622 #: src/conversation/gnunet-helper-audio-playback-gst.c:356 +#: src/conversation/gnunet_gst.c:622 #, c-format msgid "Read error from STDIN: %d %s\n" msgstr "" @@ -1155,6 +1153,11 @@ msgstr "ogg_stream_init() échoué.\n" msgid "Failed to allocate %u bytes for second packet\n" msgstr "" +#: src/conversation/gnunet-service-conversation.c:1276 +#, c-format +msgid "Could not open line, port %s already in use!\n" +msgstr "" + #: src/conversation/microphone.c:119 msgid "Could not start record audio helper\n" msgstr "" @@ -1409,17 +1412,144 @@ msgstr "" msgid "# valid typemap confirmations received" msgstr "" -#: src/core/gnunet-service-core_typemap.c:169 -#: src/core/gnunet-service-core_typemap.c:181 -msgid "# type maps received" +#: src/core/gnunet-service-core_typemap.c:169 +#: src/core/gnunet-service-core_typemap.c:181 +msgid "# type maps received" +msgstr "" + +#: src/core/gnunet-service-core_typemap.c:212 +msgid "# updates to my type map" +msgstr "" + +#: src/credential/credential_misc.c:88 +#, c-format +msgid "Unable to parse CRED record string `%s'\n" +msgstr "" + +#: src/credential/gnunet-credential.c:278 src/namestore/gnunet-namestore.c:776 +#: src/namestore/plugin_rest_namestore.c:1009 +#, c-format +msgid "Ego `%s' not known to identity service\n" +msgstr "" + +#: src/credential/gnunet-credential.c:294 +#: src/credential/gnunet-credential.c:446 +#, c-format +msgid "Issuer public key `%s' is not well-formed\n" +msgstr "" + +#: src/credential/gnunet-credential.c:375 +#: src/credential/gnunet-credential.c:435 +#, c-format +msgid "Issuer public key not well-formed\n" +msgstr "" + +#: src/credential/gnunet-credential.c:386 +#: src/credential/gnunet-credential.c:455 +#, fuzzy, c-format +msgid "Failed to connect to CREDENTIAL\n" +msgstr "Impossible d’ouvrir « %s ».\n" + +#: src/credential/gnunet-credential.c:392 +#, c-format +msgid "You must provide issuer the attribute\n" +msgstr "" + +#: src/credential/gnunet-credential.c:399 +#, c-format +msgid "ego required\n" +msgstr "" + +#: src/credential/gnunet-credential.c:415 +#, c-format +msgid "Subject public key needed\n" +msgstr "" + +#: src/credential/gnunet-credential.c:426 +#, c-format +msgid "Subject public key `%s' is not well-formed\n" +msgstr "" + +#: src/credential/gnunet-credential.c:461 +#, c-format +msgid "You must provide issuer and subject attributes\n" +msgstr "" + +#: src/credential/gnunet-credential.c:511 +#, c-format +msgid "Issuer ego required\n" +msgstr "" + +#: src/credential/gnunet-credential.c:523 +#, c-format +msgid "Please specify name to lookup, subject key and issuer key!\n" +msgstr "" + +#: src/credential/gnunet-credential.c:543 +msgid "create credential" +msgstr "" + +#: src/credential/gnunet-credential.c:547 +msgid "verify credential against attribute" +msgstr "" + +#: src/credential/gnunet-credential.c:552 +msgid "The public key of the subject to lookup the credential for" +msgstr "" + +#: src/credential/gnunet-credential.c:557 +msgid "The name of the credential presented by the subject" +msgstr "" + +#: src/credential/gnunet-credential.c:562 +msgid "The public key of the authority to verify the credential against" +msgstr "" + +#: src/credential/gnunet-credential.c:567 +msgid "The ego to use" +msgstr "" + +#: src/credential/gnunet-credential.c:572 +msgid "The issuer attribute to verify against or to issue" +msgstr "" + +#: src/credential/gnunet-credential.c:577 +msgid "The time to live for the credential" +msgstr "" + +#: src/credential/gnunet-credential.c:581 +msgid "collect credentials" +msgstr "" + +#: src/credential/gnunet-credential.c:595 +msgid "GNUnet credential resolver tool" +msgstr "" + +#: src/credential/gnunet-service-credential.c:1204 +#: src/gns/gnunet-gns-helper-service-w32.c:727 src/gns/gnunet-gns.c:355 +#, c-format +msgid "Failed to connect to GNS\n" +msgstr "" + +#: src/credential/gnunet-service-credential.c:1210 +#: src/namestore/gnunet-namestore-fcfsd.c:1034 +#: src/namestore/gnunet-namestore.c:802 +#: src/namestore/plugin_rest_namestore.c:1022 +#, c-format +msgid "Failed to connect to namestore\n" msgstr "" -#: src/core/gnunet-service-core_typemap.c:212 -msgid "# updates to my type map" +#: src/credential/plugin_gnsrecord_credential.c:186 +#, fuzzy, c-format +msgid "Unable to parse ATTR record string `%s'\n" +msgstr "Résolution de « %s » échouée\n" + +#: src/credential/plugin_rest_credential.c:1155 src/gns/plugin_rest_gns.c:668 +msgid "GNS REST API initialized\n" msgstr "" #: src/datacache/datacache.c:119 src/datacache/datacache.c:294 -#: src/datastore/gnunet-service-datastore.c:775 +#: src/datastore/gnunet-service-datastore.c:757 msgid "# bytes stored" msgstr "" @@ -1459,13 +1589,12 @@ msgstr "" #: src/datacache/plugin_datacache_sqlite.c:113 #: src/datacache/plugin_datacache_sqlite.c:122 -#: src/datastore/plugin_datastore_mysql.c:980 +#: src/datastore/plugin_datastore_mysql.c:892 #: src/datastore/plugin_datastore_sqlite.c:58 -#: src/datastore/plugin_datastore_sqlite.c:66 src/my/my.c:80 src/my/my.c:92 -#: src/mysql/mysql.c:42 src/mysql/mysql.c:49 -#: src/namecache/plugin_namecache_postgres.c:53 +#: src/datastore/plugin_datastore_sqlite.c:66 +#: src/identity-provider/plugin_identity_provider_sqlite.c:52 src/my/my.c:80 +#: src/my/my.c:92 src/mysql/mysql.c:42 src/mysql/mysql.c:49 #: src/namecache/plugin_namecache_sqlite.c:53 -#: src/namestore/plugin_namestore_postgres.c:53 #: src/namestore/plugin_namestore_sqlite.c:53 #: src/peerstore/plugin_peerstore_sqlite.c:52 #: src/psycstore/plugin_psycstore_mysql.c:62 @@ -1474,14 +1603,15 @@ msgstr "" #: src/testbed/gnunet-daemon-testbed-underlay.c:56 #: src/testbed/testbed_api_hosts.c:69 src/util/crypto_ecc.c:52 #: src/util/crypto_ecc_setup.c:41 src/util/crypto_mpi.c:39 -#: src/include/gnunet_common.h:720 src/include/gnunet_common.h:729 +#: src/include/gnunet_common.h:735 src/include/gnunet_common.h:744 #: src/scalarproduct/scalarproduct.h:35 #, c-format msgid "`%s' failed at %s:%d with error: %s\n" msgstr "" #: src/datacache/plugin_datacache_sqlite.c:817 -#: src/datastore/plugin_datastore_sqlite.c:475 +#: src/datastore/plugin_datastore_sqlite.c:456 +#: src/identity-provider/plugin_identity_provider_sqlite.c:336 #: src/namecache/plugin_namecache_sqlite.c:296 #: src/namestore/plugin_namestore_sqlite.c:355 msgid "Tried to close sqlite without finalizing all prepared statements.\n" @@ -1545,23 +1675,70 @@ msgstr "" msgid "# GET requests executed" msgstr "" -#: src/datastore/gnunet-datastore.c:113 +#: src/datastore/gnunet-datastore.c:189 +#, c-format +msgid "Dumped % records\n" +msgstr "" + +#: src/datastore/gnunet-datastore.c:217 src/datastore/gnunet-datastore.c:229 +#, c-format +msgid "Short write to file: %zd bytes expecting %zd\n" +msgstr "" + +#: src/datastore/gnunet-datastore.c:261 +msgid "Error queueing datastore GET operation\n" +msgstr "" + +#: src/datastore/gnunet-datastore.c:287 src/datastore/gnunet-datastore.c:412 +#, fuzzy, c-format +msgid "Unable to open dump file: %s\n" +msgstr "Résolution de « %s » échouée\n" + +#: src/datastore/gnunet-datastore.c:326 #, c-format msgid "Failed to store item: %s, aborting\n" msgstr "" -#: src/datastore/gnunet-datastore.c:209 +#: src/datastore/gnunet-datastore.c:340 #, c-format -msgid "Cannot use the same configuration for source and destination\n" +msgid "Inserted % records\n" msgstr "" -#: src/datastore/gnunet-datastore.c:256 -msgid "" -"specifies the configuration to use to access an alternative datastore; will " -"merge that datastore into our current datastore" +#: src/datastore/gnunet-datastore.c:349 src/datastore/gnunet-datastore.c:363 +#, c-format +msgid "Short read from file: %zd bytes expecting %zd\n" +msgstr "" + +#: src/datastore/gnunet-datastore.c:389 +msgid "Error queueing datastore PUT operation\n" +msgstr "" + +#: src/datastore/gnunet-datastore.c:432 +msgid "Input file is not of a supported format\n" +msgstr "" + +#: src/datastore/gnunet-datastore.c:458 +msgid "Failed connecting to the datastore.\n" +msgstr "" + +#: src/datastore/gnunet-datastore.c:470 +#, c-format +msgid "Please choose at least one operation: %s, %s\n" +msgstr "" + +#: src/datastore/gnunet-datastore.c:493 +msgid "Dump all records from the datastore" +msgstr "" + +#: src/datastore/gnunet-datastore.c:497 +msgid "Insert records into the datastore" msgstr "" -#: src/datastore/gnunet-datastore.c:265 +#: src/datastore/gnunet-datastore.c:502 +msgid "File to dump or insert" +msgstr "" + +#: src/datastore/gnunet-datastore.c:511 msgid "Manipulate GNUnet datastore" msgstr "" @@ -1603,8 +1780,8 @@ msgstr "" #: src/datastore/gnunet-service-datastore.c:634 #: src/datastore/gnunet-service-datastore.c:689 -#: src/datastore/gnunet-service-datastore.c:977 -#: src/datastore/gnunet-service-datastore.c:1633 +#: src/datastore/gnunet-service-datastore.c:837 +#: src/datastore/gnunet-service-datastore.c:1469 msgid "# reserved" msgstr "# réservé" @@ -1612,140 +1789,141 @@ msgstr "# réservé" msgid "Could not find matching reservation" msgstr "" -#: src/datastore/gnunet-service-datastore.c:792 +#: src/datastore/gnunet-service-datastore.c:773 #, c-format msgid "Need %llu bytes more space (%llu allowed, using %llu)\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1026 +#: src/datastore/gnunet-service-datastore.c:876 msgid "# GET requests received" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1058 +#: src/datastore/gnunet-service-datastore.c:907 msgid "# GET KEY requests received" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1071 +#: src/datastore/gnunet-service-datastore.c:920 msgid "# requests filtered by bloomfilter" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1108 +#: src/datastore/gnunet-service-datastore.c:956 msgid "# GET REPLICATION requests received" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1141 +#: src/datastore/gnunet-service-datastore.c:989 msgid "# GET ZERO ANONYMITY requests received" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1190 +#: src/datastore/gnunet-service-datastore.c:1036 msgid "Content not found" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1199 +#: src/datastore/gnunet-service-datastore.c:1043 msgid "# bytes removed (explicit request)" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1246 +#: src/datastore/gnunet-service-datastore.c:1088 msgid "# REMOVE requests received" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1301 +#: src/datastore/gnunet-service-datastore.c:1137 #, c-format msgid "" "Datastore payload must have been inaccurate (%lld < %lld). Recomputing it.\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1307 -#: src/datastore/gnunet-service-datastore.c:1482 +#: src/datastore/gnunet-service-datastore.c:1143 +#: src/datastore/gnunet-service-datastore.c:1318 #, c-format msgid "New payload: %lld\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1361 +#: src/datastore/gnunet-service-datastore.c:1197 #, c-format msgid "Loading `%s' datastore plugin\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1373 +#: src/datastore/gnunet-service-datastore.c:1209 #, c-format msgid "Failed to load datastore plugin for `%s'\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1433 +#: src/datastore/gnunet-service-datastore.c:1269 msgid "Bloomfilter construction complete.\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1489 +#: src/datastore/gnunet-service-datastore.c:1325 msgid "Rebuilding bloomfilter. Please be patient.\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1500 +#: src/datastore/gnunet-service-datastore.c:1336 msgid "Plugin does not support get_keys function. Please fix!\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1670 +#: src/datastore/gnunet-service-datastore.c:1506 #, c-format msgid "# bytes used in file-sharing datastore `%s'" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1686 +#: src/datastore/gnunet-service-datastore.c:1522 msgid "# quota" msgstr "# quota" -#: src/datastore/gnunet-service-datastore.c:1691 +#: src/datastore/gnunet-service-datastore.c:1527 msgid "# cache size" msgstr "# taille du cache" -#: src/datastore/gnunet-service-datastore.c:1707 +#: src/datastore/gnunet-service-datastore.c:1543 #, c-format msgid "Could not use specified filename `%s' for bloomfilter.\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1725 -#: src/datastore/gnunet-service-datastore.c:1741 +#: src/datastore/gnunet-service-datastore.c:1561 +#: src/datastore/gnunet-service-datastore.c:1577 #, c-format msgid "Failed to remove bogus bloomfilter file `%s'\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1773 +#: src/datastore/gnunet-service-datastore.c:1609 msgid "Failed to initialize bloomfilter.\n" msgstr "" -#: src/datastore/plugin_datastore_heap.c:769 +#: src/datastore/plugin_datastore_heap.c:893 msgid "Heap database running\n" msgstr "" -#: src/datastore/plugin_datastore_mysql.c:377 -#: src/datastore/plugin_datastore_sqlite.c:590 -msgid "Data too large" +#: src/datastore/plugin_datastore_mysql.c:371 +#: src/datastore/plugin_datastore_mysql.c:423 +#: src/datastore/plugin_datastore_mysql.c:1075 +msgid "MySQL statement run failure" msgstr "" -#: src/datastore/plugin_datastore_mysql.c:393 -msgid "MySQL statement run failure" +#: src/datastore/plugin_datastore_mysql.c:410 +#: src/datastore/plugin_datastore_sqlite.c:626 +msgid "Data too large" msgstr "" -#: src/datastore/plugin_datastore_mysql.c:936 +#: src/datastore/plugin_datastore_mysql.c:848 #, c-format msgid "`%s' for `%s' failed at %s:%d with error: %s\n" msgstr "" -#: src/datastore/plugin_datastore_mysql.c:1208 +#: src/datastore/plugin_datastore_mysql.c:1180 #: src/psycstore/plugin_psycstore_mysql.c:1936 msgid "Mysql database running\n" msgstr "" -#: src/datastore/plugin_datastore_postgres.c:345 +#: src/datastore/plugin_datastore_postgres.c:274 +#: src/datastore/plugin_datastore_postgres.c:891 msgid "Postgress exec failure" msgstr "" -#: src/datastore/plugin_datastore_postgres.c:866 +#: src/datastore/plugin_datastore_postgres.c:852 msgid "Failed to drop table from database.\n" msgstr "" -#: src/datastore/plugin_datastore_postgres.c:903 -#: src/namecache/plugin_namecache_postgres.c:398 -#: src/namestore/plugin_namestore_postgres.c:571 -#: src/psycstore/plugin_psycstore_postgres.c:1721 +#: src/datastore/plugin_datastore_postgres.c:950 +#: src/psycstore/plugin_psycstore_postgres.c:1506 msgid "Postgres database running\n" msgstr "" @@ -1757,7 +1935,8 @@ msgstr "" msgid "`%s' failed at %s:%u with error: %s" msgstr "" -#: src/datastore/plugin_datastore_sqlite.c:281 +#: src/datastore/plugin_datastore_sqlite.c:271 +#: src/identity-provider/plugin_identity_provider_sqlite.c:212 #: src/namecache/plugin_namecache_sqlite.c:194 #: src/namestore/plugin_namestore_sqlite.c:222 #: src/peerstore/plugin_peerstore_sqlite.c:535 @@ -1766,24 +1945,29 @@ msgstr "" msgid "Unable to initialize SQLite: %s.\n" msgstr "" -#: src/datastore/plugin_datastore_sqlite.c:1234 +#: src/datastore/plugin_datastore_sqlite.c:577 +msgid "sqlite bind failure" +msgstr "" + +#: src/datastore/plugin_datastore_sqlite.c:1259 msgid "sqlite version to old to determine size, assuming zero\n" msgstr "" -#: src/datastore/plugin_datastore_sqlite.c:1268 +#: src/datastore/plugin_datastore_sqlite.c:1293 #, c-format msgid "" "Using sqlite page utilization to estimate payload (%llu pages of size %llu " "bytes)\n" msgstr "" -#: src/datastore/plugin_datastore_sqlite.c:1312 +#: src/datastore/plugin_datastore_sqlite.c:1337 +#: src/identity-provider/plugin_identity_provider_sqlite.c:711 #: src/namecache/plugin_namecache_sqlite.c:603 #: src/namestore/plugin_namestore_sqlite.c:802 msgid "Sqlite database running\n" msgstr "" -#: src/datastore/plugin_datastore_template.c:259 +#: src/datastore/plugin_datastore_template.c:253 msgid "Template database running\n" msgstr "" @@ -1846,52 +2030,6 @@ msgstr "" msgid "Prints all packets that go through the DHT." msgstr "" -#: src/dht/gnunet_dht_profiler.c:1161 -#: src/testbed/gnunet-testbed-profiler.c:255 -#, c-format -msgid "Exiting as the number of peers is %u\n" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1188 -#, fuzzy -msgid "number of peers to start" -msgstr "nombre de valeurs" - -#: src/dht/gnunet_dht_profiler.c:1194 -msgid "" -"maximum number of times we try to search for successor circle formation (0 " -"for R5N)" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1200 src/nse/gnunet-nse-profiler.c:853 -#: src/testbed/gnunet-testbed-profiler.c:305 -msgid "name of the file with the login information for the testbed" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1206 -msgid "delay between rounds for collecting statistics (default: 30 sec)" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1212 -msgid "delay to start doing PUTs (default: 1 sec)" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1218 -msgid "delay to start doing GETs (default: 5 min)" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1223 -msgid "replication degree for DHT PUTs" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1230 -msgid "timeout for DHT PUT and GET requests (default: 1 min)" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1248 -msgid "Measure quality and performance of the DHT service." -msgstr "" - #: src/dht/gnunet-dht-put.c:120 msgid "PUT request sent with key" msgstr "" @@ -2141,6 +2279,51 @@ msgstr "" msgid "# DHT requests combined" msgstr "" +#: src/dht/gnunet_dht_profiler.c:1161 src/testbed/gnunet-testbed-profiler.c:255 +#, c-format +msgid "Exiting as the number of peers is %u\n" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1188 +#, fuzzy +msgid "number of peers to start" +msgstr "nombre de valeurs" + +#: src/dht/gnunet_dht_profiler.c:1194 +msgid "" +"maximum number of times we try to search for successor circle formation (0 " +"for R5N)" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1200 src/nse/gnunet-nse-profiler.c:853 +#: src/testbed/gnunet-testbed-profiler.c:305 +msgid "name of the file with the login information for the testbed" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1206 +msgid "delay between rounds for collecting statistics (default: 30 sec)" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1212 +msgid "delay to start doing PUTs (default: 1 sec)" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1218 +msgid "delay to start doing GETs (default: 5 min)" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1223 +msgid "replication degree for DHT PUTs" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1230 +msgid "timeout for DHT PUT and GET requests (default: 1 min)" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1248 +msgid "Measure quality and performance of the DHT service." +msgstr "" + #: src/dht/plugin_block_dht.c:187 #, c-format msgid "Block not of type %u\n" @@ -2455,7 +2638,7 @@ msgstr "" msgid "No useful service enabled. Exiting.\n" msgstr "" -#: src/exit/gnunet-daemon-exit.c:3969 +#: src/exit/gnunet-daemon-exit.c:3970 msgid "Daemon to run to provide an IP exit node for the VPN" msgstr "" @@ -3074,14 +3257,6 @@ msgid "" "chk/...)" msgstr "" -#: src/fs/gnunet-fs.c:119 -msgid "print a list of all indexed files" -msgstr "" - -#: src/fs/gnunet-fs.c:130 -msgid "Special file-sharing operations" -msgstr "" - #: src/fs/gnunet-fs-profiler.c:211 msgid "run the experiment with COUNT peers" msgstr "" @@ -3098,6 +3273,14 @@ msgstr "" msgid "run a testbed to measure file-sharing performance" msgstr "" +#: src/fs/gnunet-fs.c:119 +msgid "print a list of all indexed files" +msgstr "" + +#: src/fs/gnunet-fs.c:130 +msgid "Special file-sharing operations" +msgstr "" + #: src/fs/gnunet-publish.c:219 src/fs/gnunet-publish.c:231 #, c-format msgid "Publishing `%s' at %llu/%llu (%s remaining)\n" @@ -3743,22 +3926,11 @@ msgstr "" msgid "GNUnet DNS-to-GNS proxy (a DNS server)" msgstr "" -#: src/gns/gnunet-gns.c:235 src/gns/plugin_rest_gns.c:346 -#, c-format -msgid "Invalid typename specified, assuming `ANY'\n" -msgstr "" - -#: src/gns/gnunet-gns.c:252 -#, c-format -msgid "Please specify name to lookup!\n" -msgstr "" - -#: src/gns/gnunet-gns.c:276 -#, c-format -msgid "Ego for `%s' not found, cannot perform lookup.\n" +#: src/gns/gnunet-gns-helper-service-w32.c:602 +msgid "Not ready to process requests, lacking ego data\n" msgstr "" -#: src/gns/gnunet-gns.c:315 src/gns/gnunet-gns-helper-service-w32.c:701 +#: src/gns/gnunet-gns-helper-service-w32.c:701 src/gns/gnunet-gns.c:315 #: src/gns/plugin_rest_gns.c:422 #, c-format msgid "" @@ -3766,54 +3938,12 @@ msgid "" "gns-import.sh?\n" msgstr "" -#: src/gns/gnunet-gns.c:355 src/gns/gnunet-gns-helper-service-w32.c:727 -#, c-format -msgid "Failed to connect to GNS\n" -msgstr "" - -#: src/gns/gnunet-gns.c:374 -#, c-format -msgid "Public key `%s' is not well-formed\n" -msgstr "" - -#: src/gns/gnunet-gns.c:428 -msgid "Lookup a record for the given name" -msgstr "" - -#: src/gns/gnunet-gns.c:434 -msgid "Specify the type of the record to lookup" -msgstr "" - -#: src/gns/gnunet-gns.c:440 -msgid "Specify timeout for the lookup" -msgstr "" - -#: src/gns/gnunet-gns.c:445 -msgid "No unneeded output" -msgstr "" - -#: src/gns/gnunet-gns.c:451 -msgid "Specify the public key of the zone to lookup the record in" -msgstr "" - -#: src/gns/gnunet-gns.c:457 -msgid "Specify the name of the ego of the zone to lookup the record in" -msgstr "" - -#: src/gns/gnunet-gns.c:476 -msgid "GNUnet GNS resolver tool" -msgstr "" - -#: src/gns/gnunet-gns-helper-service-w32.c:602 -msgid "Not ready to process requests, lacking ego data\n" -msgstr "" - #: src/gns/gnunet-gns-helper-service-w32.c:739 #, c-format msgid "Failed to connect to identity service\n" msgstr "" -#: src/gns/gnunet-gns-import.c:489 +#: src/gns/gnunet-gns-import.c:452 msgid "This program will import some GNS authorities into your GNS namestore." msgstr "" @@ -3896,45 +4026,93 @@ msgstr "" msgid "Failed to pass client to MHD\n" msgstr "" -#: src/gns/gnunet-gns-proxy.c:2704 +#: src/gns/gnunet-gns-proxy.c:2704 +#, c-format +msgid "Unsupported socks version %d\n" +msgstr "" + +#: src/gns/gnunet-gns-proxy.c:2733 +#, c-format +msgid "Unsupported socks command %d\n" +msgstr "" + +#: src/gns/gnunet-gns-proxy.c:2751 src/gns/gnunet-gns-proxy.c:2780 +msgid "SSL connection to plain IPv4 address requested\n" +msgstr "" + +#: src/gns/gnunet-gns-proxy.c:2830 +#, c-format +msgid "Unsupported socks address type %d\n" +msgstr "" + +#: src/gns/gnunet-gns-proxy.c:3165 src/gns/gnunet-service-gns.c:403 +#, c-format +msgid "No ego configured for `%s`\n" +msgstr "" + +#: src/gns/gnunet-gns-proxy.c:3226 +#, c-format +msgid "Failed to load SSL/TLS key and certificate from `%s'\n" +msgstr "" + +#: src/gns/gnunet-gns-proxy.c:3269 +msgid "listen on specified port (default: 7777)" +msgstr "" + +#: src/gns/gnunet-gns-proxy.c:3275 +msgid "pem file to use as CA" +msgstr "" + +#: src/gns/gnunet-gns-proxy.c:3300 +msgid "GNUnet GNS proxy" +msgstr "" + +#: src/gns/gnunet-gns.c:235 src/gns/plugin_rest_gns.c:346 +#, c-format +msgid "Invalid typename specified, assuming `ANY'\n" +msgstr "" + +#: src/gns/gnunet-gns.c:252 +#, c-format +msgid "Please specify name to lookup!\n" +msgstr "" + +#: src/gns/gnunet-gns.c:276 #, c-format -msgid "Unsupported socks version %d\n" +msgid "Ego for `%s' not found, cannot perform lookup.\n" msgstr "" -#: src/gns/gnunet-gns-proxy.c:2733 +#: src/gns/gnunet-gns.c:374 #, c-format -msgid "Unsupported socks command %d\n" +msgid "Public key `%s' is not well-formed\n" msgstr "" -#: src/gns/gnunet-gns-proxy.c:2751 src/gns/gnunet-gns-proxy.c:2780 -msgid "SSL connection to plain IPv4 address requested\n" +#: src/gns/gnunet-gns.c:428 +msgid "Lookup a record for the given name" msgstr "" -#: src/gns/gnunet-gns-proxy.c:2830 -#, c-format -msgid "Unsupported socks address type %d\n" +#: src/gns/gnunet-gns.c:434 +msgid "Specify the type of the record to lookup" msgstr "" -#: src/gns/gnunet-gns-proxy.c:3165 src/gns/gnunet-service-gns.c:403 -#, c-format -msgid "No ego configured for `%s`\n" +#: src/gns/gnunet-gns.c:440 +msgid "Specify timeout for the lookup" msgstr "" -#: src/gns/gnunet-gns-proxy.c:3226 -#, c-format -msgid "Failed to load SSL/TLS key and certificate from `%s'\n" +#: src/gns/gnunet-gns.c:445 +msgid "No unneeded output" msgstr "" -#: src/gns/gnunet-gns-proxy.c:3269 -msgid "listen on specified port (default: 7777)" +#: src/gns/gnunet-gns.c:451 +msgid "Specify the public key of the zone to lookup the record in" msgstr "" -#: src/gns/gnunet-gns-proxy.c:3275 -msgid "pem file to use as CA" +#: src/gns/gnunet-gns.c:457 +msgid "Specify the name of the ego of the zone to lookup the record in" msgstr "" -#: src/gns/gnunet-gns-proxy.c:3300 -msgid "GNUnet GNS proxy" +#: src/gns/gnunet-gns.c:476 +msgid "GNUnet GNS resolver tool" msgstr "" #: src/gns/gnunet-service-gns.c:442 @@ -3942,7 +4120,7 @@ msgid "Failed to connect to the namecache!\n" msgstr "" #: src/gns/gnunet-service-gns.c:461 -#: src/zonemaster/gnunet-service-zonemaster.c:741 +#: src/zonemaster/gnunet-service-zonemaster.c:742 msgid "Could not connect to DHT!\n" msgstr "" @@ -3997,44 +4175,35 @@ msgstr "" msgid "Hostname `%s' is not well-formed, resolution fails\n" msgstr "" -#: src/gns/plugin_gnsrecord_gns.c:203 +#: src/gns/plugin_gnsrecord_gns.c:179 #, c-format msgid "Unable to parse PKEY record `%s'\n" msgstr "" -#: src/gns/plugin_gnsrecord_gns.c:232 +#: src/gns/plugin_gnsrecord_gns.c:208 #, c-format msgid "Unable to parse GNS2DNS record `%s'\n" msgstr "" -#: src/gns/plugin_gnsrecord_gns.c:253 +#: src/gns/plugin_gnsrecord_gns.c:229 #, c-format msgid "Failed to serialize GNS2DNS record with value `%s'\n" msgstr "" -#: src/gns/plugin_gnsrecord_gns.c:276 +#: src/gns/plugin_gnsrecord_gns.c:252 #, c-format msgid "Unable to parse VPN record string `%s'\n" msgstr "" -#: src/gns/plugin_gnsrecord_gns.c:312 +#: src/gns/plugin_gnsrecord_gns.c:288 #, c-format msgid "Unable to parse BOX record string `%s'\n" msgstr "" -#: src/gns/plugin_gnsrecord_gns.c:360 -#, c-format -msgid "Unable to parse REVERSE record string `%s'\n" -msgstr "" - #: src/gns/plugin_rest_gns.c:384 msgid "Ego for not found, cannot perform lookup.\n" msgstr "" -#: src/gns/plugin_rest_gns.c:668 -msgid "GNS REST API initialized\n" -msgstr "" - #: src/gnsrecord/plugin_gnsrecord_dns.c:359 #, c-format msgid "Unable to parse IPv4 address `%s'\n" @@ -4454,6 +4623,51 @@ msgstr "" msgid "Could not start hostlist HTTP server on port %u\n" msgstr "" +#: src/identity-provider/gnunet-idp.c:348 +msgid "Ego is required\n" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:370 +msgid "Add attribute" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:376 +msgid "Attribute value" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:381 +msgid "Ego" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:386 +msgid "Audience (relying party)" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:390 +msgid "List attributes for Ego" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:395 +msgid "Issue a ticket" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:400 +msgid "Consume a ticket" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:405 +msgid "Revoke a ticket" +msgstr "" + +#: src/identity-provider/identity_provider_api.c:429 +#, fuzzy +msgid "failed to store record\n" +msgstr "Échec du démarrage de %s\n" + +#: src/identity-provider/plugin_rest_identity_provider.c:1175 +msgid "Identity Provider REST API initialized\n" +msgstr "" + #: src/identity/gnunet-identity.c:179 #, c-format msgid "Failed to create ego: %s\n" @@ -4541,31 +4755,10 @@ msgstr "" msgid "Failed to create directory `%s' for storing egos\n" msgstr "" -#: src/identity/plugin_rest_identity.c:967 +#: src/identity/plugin_rest_identity.c:964 msgid "Identity REST API initialized\n" msgstr "" -#: src/identity-provider/gnunet-identity-token.c:66 -msgid "Option `-t' is required\n" -msgstr "" - -#: src/identity-provider/gnunet-identity-token.c:77 -#, c-format -msgid "Token `%s' is malformed\n" -msgstr "" - -#: src/identity-provider/gnunet-identity-token.c:166 -msgid "GNUid token" -msgstr "" - -#: src/identity-provider/gnunet-identity-token.c:171 -msgid "Print token contents" -msgstr "" - -#: src/identity-provider/plugin_rest_identity_provider.c:1166 -msgid "Identity Token REST API initialized\n" -msgstr "" - #: src/json/json.c:119 #, fuzzy, c-format msgid "Failed to parse JSON in option `%s': %s (%s)\n" @@ -4663,9 +4856,62 @@ msgstr "Résolution de « %s » échouée\n" msgid "flat plugin running\n" msgstr "" -#: src/namecache/plugin_namecache_postgres.c:90 -#: src/namestore/plugin_namestore_postgres.c:97 -msgid "Failed to create indices\n" +#: src/namestore/gnunet-namestore-fcfsd.c:508 +#, c-format +msgid "Unsupported form value `%s'\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:535 +#, c-format +msgid "Failed to create record for domain `%s': %s\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:555 +msgid "Error when mapping zone to name\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:585 +#, c-format +msgid "Found existing name `%s' for the given key\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:662 +#, c-format +msgid "Found %u existing records for domain `%s'\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:718 +#, c-format +msgid "Failed to create page for `%s'\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:734 +#, c-format +msgid "Failed to setup post processor for `%s'\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:770 +msgid "Domain name must not contain `.'\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:778 +msgid "Domain name must not contain `+'\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:974 +msgid "No ego configured for `fcfsd` subsystem\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:1000 +msgid "Failed to start HTTP server\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:1042 +msgid "Failed to connect to identity\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:1074 +msgid "GNU Name System First Come First Serve name registration service" msgstr "" #: src/namestore/gnunet-namestore.c:301 @@ -4674,13 +4920,13 @@ msgid "Adding record failed: %s\n" msgstr "" #: src/namestore/gnunet-namestore.c:330 -#: src/namestore/plugin_rest_namestore.c:562 +#: src/namestore/plugin_rest_namestore.c:567 #, c-format msgid "Deleting record failed, record does not exist%s%s\n" msgstr "" #: src/namestore/gnunet-namestore.c:337 -#: src/namestore/plugin_rest_namestore.c:571 +#: src/namestore/plugin_rest_namestore.c:576 #, c-format msgid "Deleting record failed%s%s\n" msgstr "" @@ -4698,7 +4944,7 @@ msgid "Records already exist under `%s', cannot add `%s' record.\n" msgstr "" #: src/namestore/gnunet-namestore.c:698 -#: src/namestore/plugin_rest_namestore.c:597 +#: src/namestore/plugin_rest_namestore.c:602 #, c-format msgid "There are no records under label `%s' that could be deleted.\n" msgstr "" @@ -4709,23 +4955,11 @@ msgid "" "There are no records under label `%s' that match the request for deletion.\n" msgstr "" -#: src/namestore/gnunet-namestore.c:776 -#: src/namestore/plugin_rest_namestore.c:1004 -#, c-format -msgid "Ego `%s' not known to identity service\n" -msgstr "" - #: src/namestore/gnunet-namestore.c:791 #, c-format msgid "No options given\n" msgstr "" -#: src/namestore/gnunet-namestore.c:802 -#: src/namestore/gnunet-namestore-fcfsd.c:1034 -#: src/namestore/plugin_rest_namestore.c:1017 -msgid "Failed to connect to namestore\n" -msgstr "" - #: src/namestore/gnunet-namestore.c:810 src/namestore/gnunet-namestore.c:819 #: src/namestore/gnunet-namestore.c:838 src/namestore/gnunet-namestore.c:861 #: src/namestore/gnunet-namestore.c:915 @@ -4739,14 +4973,14 @@ msgid "add" msgstr "ajouter" #: src/namestore/gnunet-namestore.c:829 -#: src/namestore/plugin_rest_namestore.c:671 +#: src/namestore/plugin_rest_namestore.c:676 #, c-format msgid "Unsupported type `%s'\n" msgstr "" #: src/namestore/gnunet-namestore.c:851 -#: src/namestore/plugin_rest_namestore.c:689 -#: src/namestore/plugin_rest_namestore.c:729 +#: src/namestore/plugin_rest_namestore.c:694 +#: src/namestore/plugin_rest_namestore.c:734 #, c-format msgid "Value `%s' invalid for record type `%s'\n" msgstr "" @@ -4765,8 +4999,7 @@ msgstr "supprimer" msgid "Invalid public key for reverse lookup `%s'\n" msgstr "" -#: src/namestore/gnunet-namestore.c:979 -#: src/peerinfo-tool/gnunet-peerinfo.c:775 +#: src/namestore/gnunet-namestore.c:979 src/peerinfo-tool/gnunet-peerinfo.c:775 #, c-format msgid "Invalid URI `%s'\n" msgstr "URI invalide « %s »\n" @@ -4777,13 +5010,13 @@ msgid "Invalid nick `%s'\n" msgstr "" #: src/namestore/gnunet-namestore.c:1051 -#: src/namestore/plugin_rest_namestore.c:1047 +#: src/namestore/plugin_rest_namestore.c:1052 #, c-format msgid "No default ego configured in identity service\n" msgstr "" #: src/namestore/gnunet-namestore.c:1108 -#: src/namestore/plugin_rest_namestore.c:1143 +#: src/namestore/plugin_rest_namestore.c:1148 #, c-format msgid "Cannot connect to identity service\n" msgstr "" @@ -4843,65 +5076,7 @@ msgstr "" msgid "name of the ego controlling the zone" msgstr "" -#: src/namestore/gnunet-namestore-fcfsd.c:508 -#, c-format -msgid "Unsupported form value `%s'\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:535 -#, c-format -msgid "Failed to create record for domain `%s': %s\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:555 -msgid "Error when mapping zone to name\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:585 -#, c-format -msgid "Found existing name `%s' for the given key\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:662 -#, c-format -msgid "Found %u existing records for domain `%s'\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:718 -#, c-format -msgid "Failed to create page for `%s'\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:734 -#, c-format -msgid "Failed to setup post processor for `%s'\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:770 -msgid "Domain name must not contain `.'\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:778 -msgid "Domain name must not contain `+'\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:974 -msgid "No ego configured for `fcfsd` subsystem\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:1000 -msgid "Failed to start HTTP server\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:1042 -msgid "Failed to connect to identity\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:1074 -msgid "GNU Name System First Come First Serve name registration service" -msgstr "" - -#: src/namestore/gnunet-service-namestore.c:612 +#: src/namestore/gnunet-service-namestore.c:615 #, c-format msgid "Failed to replicate block in namecache: %s\n" msgstr "" @@ -4914,7 +5089,7 @@ msgstr "" msgid "flat file database running\n" msgstr "" -#: src/namestore/plugin_rest_namestore.c:1188 +#: src/namestore/plugin_rest_namestore.c:1193 msgid "Namestore REST API initialized\n" msgstr "" @@ -5189,91 +5364,37 @@ msgstr "" msgid "`upnpc' command not found\n" msgstr "" -#: src/nse/gnunet-nse.c:122 -msgid "Show network size estimates from NSE service." -msgstr "" - -#: src/nse/gnunet-nse-profiler.c:842 -msgid "limit to the number of connections to NSE services, 0 for none" -msgstr "" - -#: src/nse/gnunet-nse-profiler.c:847 -msgid "name of the file for writing connection information and statistics" -msgstr "" - -#: src/nse/gnunet-nse-profiler.c:859 -msgid "name of the file for writing the main results" -msgstr "" - -#: src/nse/gnunet-nse-profiler.c:866 -msgid "Number of peers to run in each round, separated by commas" -msgstr "" - -#: src/nse/gnunet-nse-profiler.c:877 -msgid "delay between rounds" -msgstr "" - -#: src/nse/gnunet-nse-profiler.c:886 -msgid "Measure quality and performance of the NSE service." -msgstr "" - -#: src/nse/gnunet-service-nse.c:1534 -#: src/revocation/gnunet-service-revocation.c:838 src/util/gnunet-scrypt.c:276 -msgid "Value is too large.\n" -msgstr "" - -#: src/peerinfo/gnunet-service-peerinfo.c:178 -#, c-format -msgid "Removing expired address of transport `%s'\n" -msgstr "" - -#: src/peerinfo/gnunet-service-peerinfo.c:310 -#, c-format -msgid "Failed to parse HELLO in file `%s': %s\n" -msgstr "" - -#: src/peerinfo/gnunet-service-peerinfo.c:331 -#: src/peerinfo/gnunet-service-peerinfo.c:362 -#, c-format -msgid "Failed to parse HELLO in file `%s'\n" -msgstr "" - -#: src/peerinfo/gnunet-service-peerinfo.c:446 -msgid "# peers known" +#: src/nse/gnunet-nse-profiler.c:842 +msgid "limit to the number of connections to NSE services, 0 for none" msgstr "" -#: src/peerinfo/gnunet-service-peerinfo.c:489 -#, c-format -msgid "" -"File `%s' in directory `%s' does not match naming convention. Removed.\n" +#: src/nse/gnunet-nse-profiler.c:847 +msgid "name of the file for writing connection information and statistics" msgstr "" -#: src/peerinfo/gnunet-service-peerinfo.c:655 -#, c-format -msgid "Scanning directory `%s'\n" +#: src/nse/gnunet-nse-profiler.c:859 +msgid "name of the file for writing the main results" msgstr "" -#: src/peerinfo/gnunet-service-peerinfo.c:663 -#, c-format -msgid "Still no peers found in `%s'!\n" +#: src/nse/gnunet-nse-profiler.c:866 +msgid "Number of peers to run in each round, separated by commas" msgstr "" -#: src/peerinfo/gnunet-service-peerinfo.c:1076 -#, c-format -msgid "Cleaning up directory `%s'\n" +#: src/nse/gnunet-nse-profiler.c:877 +msgid "delay between rounds" msgstr "" -#: src/peerinfo/gnunet-service-peerinfo.c:1405 -#, c-format -msgid "Importing HELLOs from `%s'\n" +#: src/nse/gnunet-nse-profiler.c:886 +msgid "Measure quality and performance of the NSE service." msgstr "" -#: src/peerinfo/gnunet-service-peerinfo.c:1418 -msgid "Skipping import of included HELLOs\n" +#: src/nse/gnunet-nse.c:122 +msgid "Show network size estimates from NSE service." msgstr "" -#: src/peerinfo/peerinfo_api.c:220 -msgid "Failed to receive response from `PEERINFO' service." +#: src/nse/gnunet-service-nse.c:1534 +#: src/revocation/gnunet-service-revocation.c:838 src/util/gnunet-scrypt.c:276 +msgid "Value is too large.\n" msgstr "" #: src/peerinfo-tool/gnunet-peerinfo.c:239 @@ -5365,6 +5486,60 @@ msgstr "" msgid "Failed to load transport plugin for `%s'\n" msgstr "" +#: src/peerinfo/gnunet-service-peerinfo.c:178 +#, c-format +msgid "Removing expired address of transport `%s'\n" +msgstr "" + +#: src/peerinfo/gnunet-service-peerinfo.c:310 +#, c-format +msgid "Failed to parse HELLO in file `%s': %s\n" +msgstr "" + +#: src/peerinfo/gnunet-service-peerinfo.c:331 +#: src/peerinfo/gnunet-service-peerinfo.c:362 +#, c-format +msgid "Failed to parse HELLO in file `%s'\n" +msgstr "" + +#: src/peerinfo/gnunet-service-peerinfo.c:446 +msgid "# peers known" +msgstr "" + +#: src/peerinfo/gnunet-service-peerinfo.c:489 +#, c-format +msgid "" +"File `%s' in directory `%s' does not match naming convention. Removed.\n" +msgstr "" + +#: src/peerinfo/gnunet-service-peerinfo.c:655 +#, c-format +msgid "Scanning directory `%s'\n" +msgstr "" + +#: src/peerinfo/gnunet-service-peerinfo.c:663 +#, c-format +msgid "Still no peers found in `%s'!\n" +msgstr "" + +#: src/peerinfo/gnunet-service-peerinfo.c:1076 +#, c-format +msgid "Cleaning up directory `%s'\n" +msgstr "" + +#: src/peerinfo/gnunet-service-peerinfo.c:1405 +#, c-format +msgid "Importing HELLOs from `%s'\n" +msgstr "" + +#: src/peerinfo/gnunet-service-peerinfo.c:1418 +msgid "Skipping import of included HELLOs\n" +msgstr "" + +#: src/peerinfo/peerinfo_api.c:220 +msgid "Failed to receive response from `PEERINFO' service." +msgstr "" + #: src/peerstore/gnunet-peerstore.c:91 msgid "peerstore" msgstr "" @@ -5412,16 +5587,11 @@ msgstr "" msgid "Unable to create indices: %s.\n" msgstr "" -#: src/postgres/postgres.c:67 +#: src/pq/pq_prepare.c:80 #, c-format -msgid "`%s:%s' failed at %s:%d with error: %s\n" +msgid "PQprepare (`%s' as `%s') failed with error: %s\n" msgstr "" -#: src/postgres/postgres.c:192 -#, fuzzy, c-format -msgid "Unable to connect to Postgres database '%s': %s\n" -msgstr "Résolution de « %s » échouée\n" - #: src/psycstore/gnunet-service-psycstore.c:249 msgid "Failed to store membership information!\n" msgstr "" @@ -5580,56 +5750,56 @@ msgstr "" msgid "Daemon to announce regular expressions for the peer using cadet." msgstr "" -#: src/regex/gnunet-regex-profiler.c:1314 +#: src/regex/gnunet-regex-profiler.c:1386 msgid "No configuration file given. Exiting\n" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1355 +#: src/regex/gnunet-regex-profiler.c:1427 #: src/regex/gnunet-regex-simulation-profiler.c:630 #, c-format msgid "No policy directory specified on command line. Exiting.\n" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1361 +#: src/regex/gnunet-regex-profiler.c:1433 #: src/regex/gnunet-regex-simulation-profiler.c:638 #, c-format msgid "Specified policies directory does not exist. Exiting.\n" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1368 +#: src/regex/gnunet-regex-profiler.c:1440 #, c-format msgid "No files found in `%s'\n" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1377 +#: src/regex/gnunet-regex-profiler.c:1449 msgid "No search strings file given. Exiting.\n" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1397 +#: src/regex/gnunet-regex-profiler.c:1469 msgid "Error loading search strings. Exiting.\n" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1485 +#: src/regex/gnunet-regex-profiler.c:1557 msgid "name of the file for writing statistics" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1491 +#: src/regex/gnunet-regex-profiler.c:1563 msgid "wait TIMEOUT before ending the experiment" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1497 +#: src/regex/gnunet-regex-profiler.c:1569 msgid "directory with policy files" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1504 +#: src/regex/gnunet-regex-profiler.c:1576 msgid "name of file with input strings" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1510 +#: src/regex/gnunet-regex-profiler.c:1582 msgid "name of file with hosts' names" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1523 +#: src/regex/gnunet-regex-profiler.c:1595 msgid "Profiler for regex" msgstr "" @@ -5851,10 +6021,10 @@ msgstr "" msgid "Calculate the Vectorproduct with a GNUnet peer." msgstr "" -#: src/scalarproduct/gnunet-service-scalarproduct_alice.c:1407 -#: src/scalarproduct/gnunet-service-scalarproduct_bob.c:1345 -#: src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c:1180 +#: src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c:1172 #: src/scalarproduct/gnunet-service-scalarproduct-ecc_bob.c:1063 +#: src/scalarproduct/gnunet-service-scalarproduct_alice.c:1401 +#: src/scalarproduct/gnunet-service-scalarproduct_bob.c:1345 msgid "Connect to CADET failed\n" msgstr "" @@ -5878,7 +6048,7 @@ msgstr "threshold" msgid "also profile decryption" msgstr "" -#: src/set/gnunet-service-set.c:1948 +#: src/set/gnunet-service-set.c:1989 #, fuzzy msgid "Could not connect to CADET service\n" msgstr "Impossible d’ouvrir « %s ».\n" @@ -5935,112 +6105,112 @@ msgstr "" msgid "say good-bye and leave somebody else's place" msgstr "" -#: src/social/gnunet-social.c:1227 src/social/gnunet-social.c:1232 +#: src/social/gnunet-social.c:1227 msgid "create a place" msgstr "" -#: src/social/gnunet-social.c:1237 +#: src/social/gnunet-social.c:1232 msgid "destroy a place we were hosting" msgstr "" -#: src/social/gnunet-social.c:1242 +#: src/social/gnunet-social.c:1237 msgid "enter somebody else's place" msgstr "" -#: src/social/gnunet-social.c:1248 +#: src/social/gnunet-social.c:1243 msgid "find state matching name prefix" msgstr "" -#: src/social/gnunet-social.c:1253 +#: src/social/gnunet-social.c:1248 msgid "replay history of messages up to the given --limit" msgstr "" -#: src/social/gnunet-social.c:1258 +#: src/social/gnunet-social.c:1253 msgid "reconnect to a previously created place" msgstr "" -#: src/social/gnunet-social.c:1263 +#: src/social/gnunet-social.c:1258 msgid "publish something to a place we are hosting" msgstr "" -#: src/social/gnunet-social.c:1268 +#: src/social/gnunet-social.c:1263 msgid "reconnect to a previously entered place" msgstr "" -#: src/social/gnunet-social.c:1273 +#: src/social/gnunet-social.c:1268 msgid "search for state matching exact name" msgstr "" -#: src/social/gnunet-social.c:1278 +#: src/social/gnunet-social.c:1273 msgid "submit something to somebody's place" msgstr "" -#: src/social/gnunet-social.c:1283 +#: src/social/gnunet-social.c:1278 msgid "list of egos and subscribed places" msgstr "" -#: src/social/gnunet-social.c:1288 +#: src/social/gnunet-social.c:1283 msgid "extract and replay history between message IDs --start and --until" msgstr "" -#: src/social/gnunet-social.c:1297 +#: src/social/gnunet-social.c:1292 msgid "application ID to use when connecting" msgstr "" -#: src/social/gnunet-social.c:1303 +#: src/social/gnunet-social.c:1298 msgid "message body or state value" msgstr "" -#: src/social/gnunet-social.c:1309 +#: src/social/gnunet-social.c:1304 msgid "name or public key of ego" msgstr "" -#: src/social/gnunet-social.c:1314 +#: src/social/gnunet-social.c:1309 msgid "wait for incoming messages" msgstr "" -#: src/social/gnunet-social.c:1320 +#: src/social/gnunet-social.c:1315 msgid "GNS name" msgstr "" -#: src/social/gnunet-social.c:1326 +#: src/social/gnunet-social.c:1321 msgid "peer ID for --guest-enter" msgstr "" -#: src/social/gnunet-social.c:1332 +#: src/social/gnunet-social.c:1327 msgid "name (key) to query from state" msgstr "" -#: src/social/gnunet-social.c:1338 +#: src/social/gnunet-social.c:1333 msgid "method name" msgstr "" -#: src/social/gnunet-social.c:1344 +#: src/social/gnunet-social.c:1339 #, fuzzy msgid "number of messages to replay from history" msgstr "nombre de valeurs" -#: src/social/gnunet-social.c:1350 +#: src/social/gnunet-social.c:1345 msgid "key address of place" msgstr "" -#: src/social/gnunet-social.c:1356 +#: src/social/gnunet-social.c:1351 msgid "start message ID for history replay" msgstr "" -#: src/social/gnunet-social.c:1361 +#: src/social/gnunet-social.c:1356 msgid "respond to entry requests by admitting all guests" msgstr "" -#: src/social/gnunet-social.c:1367 +#: src/social/gnunet-social.c:1362 msgid "end message ID for history replay" msgstr "" -#: src/social/gnunet-social.c:1372 +#: src/social/gnunet-social.c:1367 msgid "respond to entry requests by refusing all guests" msgstr "" -#: src/social/gnunet-social.c:1382 +#: src/social/gnunet-social.c:1377 msgid "" "gnunet-social - Interact with the social service: enter/leave, send/receive " "messages, access history and state.\n" @@ -6230,7 +6400,7 @@ msgid "" msgstr "" #: src/testbed/gnunet-daemon-testbed-underlay.c:231 src/testing/list-keys.c:46 -#: src/testing/testing.c:288 src/util/gnunet-ecc.c:298 +#: src/testing/testing.c:288 src/util/gnunet-ecc.c:301 #, c-format msgid "Incorrect hostkey file format: %s\n" msgstr "" @@ -6300,15 +6470,6 @@ msgstr "" msgid "%.s Unknown result code." msgstr "%.s Code d'erreur inconnu" -#: src/testbed/gnunet_testbed_mpi_spawn.c:118 -msgid "Waiting for child to exit.\n" -msgstr "" - -#: src/testbed/gnunet_testbed_mpi_spawn.c:241 -#, c-format -msgid "Spawning process `%s'\n" -msgstr "" - #: src/testbed/gnunet-testbed-profiler.c:290 msgid "tolerate COUNT number of continious timeout failures" msgstr "" @@ -6320,6 +6481,15 @@ msgid "" "signal is received" msgstr "" +#: src/testbed/gnunet_testbed_mpi_spawn.c:118 +msgid "Waiting for child to exit.\n" +msgstr "" + +#: src/testbed/gnunet_testbed_mpi_spawn.c:241 +#, c-format +msgid "Spawning process `%s'\n" +msgstr "" + #: src/testbed/testbed_api.c:410 #, c-format msgid "Adding host %u failed with error: %s\n" @@ -6607,10 +6777,6 @@ msgstr "" msgid "GNUnet topology control" msgstr "" -#: src/transport/gnunet-service-transport_ats.c:141 -msgid "# Addresses given to ATS" -msgstr "" - #: src/transport/gnunet-service-transport.c:448 msgid "# messages dropped due to slow client" msgstr "" @@ -6655,6 +6821,10 @@ msgstr "" msgid "Transport service is lacking key configuration settings. Exiting.\n" msgstr "" +#: src/transport/gnunet-service-transport_ats.c:141 +msgid "# Addresses given to ATS" +msgstr "" + #: src/transport/gnunet-service-transport_hello.c:195 msgid "# refreshed my HELLO" msgstr "" @@ -6956,6 +7126,42 @@ msgstr "" msgid "# validations succeeded" msgstr "" +#: src/transport/gnunet-transport-profiler.c:219 +#, c-format +msgid "%llu B in %llu ms == %.2f KB/s!\n" +msgstr "" + +#: src/transport/gnunet-transport-profiler.c:617 +msgid "send data to peer" +msgstr "" + +#: src/transport/gnunet-transport-profiler.c:621 +msgid "receive data from peer" +msgstr "" + +#: src/transport/gnunet-transport-profiler.c:626 +msgid "iterations" +msgstr "" + +#: src/transport/gnunet-transport-profiler.c:631 +#, fuzzy +msgid "number of messages to send" +msgstr "nombre de valeurs" + +#: src/transport/gnunet-transport-profiler.c:636 +msgid "message size to use" +msgstr "" + +#: src/transport/gnunet-transport-profiler.c:641 +#: src/transport/gnunet-transport.c:1462 +msgid "peer identity" +msgstr "" + +#: src/transport/gnunet-transport-profiler.c:652 +#: src/transport/gnunet-transport.c:1482 +msgid "Direct access to transport service." +msgstr "" + #: src/transport/gnunet-transport.c:413 #, c-format msgid "Transmitted %llu bytes/s (%llu bytes in %s)\n" @@ -7084,11 +7290,6 @@ msgstr "" msgid "do not resolve hostnames" msgstr "" -#: src/transport/gnunet-transport.c:1462 -#: src/transport/gnunet-transport-profiler.c:641 -msgid "peer identity" -msgstr "" - #: src/transport/gnunet-transport.c:1466 msgid "monitor plugin sessions" msgstr "" @@ -7097,40 +7298,9 @@ msgstr "" msgid "send data for benchmarking to the other peer (until CTRL-C)" msgstr "" -#: src/transport/gnunet-transport.c:1482 -#: src/transport/gnunet-transport-profiler.c:652 -msgid "Direct access to transport service." -msgstr "" - -#: src/transport/gnunet-transport-profiler.c:219 -#, c-format -msgid "%llu B in %llu ms == %.2f KB/s!\n" -msgstr "" - -#: src/transport/gnunet-transport-profiler.c:617 -msgid "send data to peer" -msgstr "" - -#: src/transport/gnunet-transport-profiler.c:621 -msgid "receive data from peer" -msgstr "" - -#: src/transport/gnunet-transport-profiler.c:626 -msgid "iterations" -msgstr "" - -#: src/transport/gnunet-transport-profiler.c:631 -#, fuzzy -msgid "number of messages to send" -msgstr "nombre de valeurs" - -#: src/transport/gnunet-transport-profiler.c:636 -msgid "message size to use" -msgstr "" - #: src/transport/plugin_transport_http_client.c:1474 -#: src/transport/plugin_transport_http_server.c:2249 -#: src/transport/plugin_transport_http_server.c:3463 +#: src/transport/plugin_transport_http_server.c:2312 +#: src/transport/plugin_transport_http_server.c:3526 #: src/transport/plugin_transport_tcp.c:3890 #: src/transport/plugin_transport_tcp.c:3897 msgid "TCP_STEALTH not supported on this platform.\n" @@ -7142,13 +7312,13 @@ msgid "Could not initialize curl multi handle, failed to start %s plugin!\n" msgstr "" #: src/transport/plugin_transport_http_client.c:2164 -#: src/transport/plugin_transport_http_server.c:3178 +#: src/transport/plugin_transport_http_server.c:3241 #, c-format msgid "Shutting down plugin `%s'\n" msgstr "" #: src/transport/plugin_transport_http_client.c:2181 -#: src/transport/plugin_transport_http_server.c:3248 +#: src/transport/plugin_transport_http_server.c:3311 #, c-format msgid "Shutdown for plugin `%s' complete\n" msgstr "" @@ -7158,102 +7328,102 @@ msgstr "" msgid "Maximum number of requests is %u\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:1727 +#: src/transport/plugin_transport_http_server.c:1756 #, c-format msgid "" "Access from connection %p (%u of %u) for `%s' `%s' url `%s' with upload data " "size %u\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:1967 +#: src/transport/plugin_transport_http_server.c:2028 #, c-format msgid "Accepting connection (%u of %u) from `%s'\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:1975 +#: src/transport/plugin_transport_http_server.c:2036 #, c-format msgid "" "Server reached maximum number connections (%u), rejecting new connection\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2125 +#: src/transport/plugin_transport_http_server.c:2186 msgid "" "Could not create a new TLS certificate, program `gnunet-transport-" "certificate-creation' could not be started!\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2148 +#: src/transport/plugin_transport_http_server.c:2209 #, c-format msgid "No usable TLS certificate found and creating one at `%s/%s' failed!\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2275 +#: src/transport/plugin_transport_http_server.c:2338 msgid "Could not load or create server certificate! Loading plugin failed!\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2587 +#: src/transport/plugin_transport_http_server.c:2650 msgid "Require valid port number for service in configuration!\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2752 +#: src/transport/plugin_transport_http_server.c:2815 #, c-format msgid "Found %u addresses to report to NAT service\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2838 +#: src/transport/plugin_transport_http_server.c:2901 #: src/transport/plugin_transport_udp.c:3622 msgid "Disabling IPv6 since it is not supported on this system!\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2944 +#: src/transport/plugin_transport_http_server.c:3007 #, c-format msgid "IPv4 support is %s\n" msgstr "Prise en charge d’IPv4 %s\n" -#: src/transport/plugin_transport_http_server.c:2959 +#: src/transport/plugin_transport_http_server.c:3022 #, c-format msgid "IPv6 support is %s\n" msgstr "Prise en charge d’IPv6 %s\n" -#: src/transport/plugin_transport_http_server.c:2965 +#: src/transport/plugin_transport_http_server.c:3028 msgid "Neither IPv4 nor IPv6 are enabled! Fix in configuration\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2976 +#: src/transport/plugin_transport_http_server.c:3039 msgid "Port is required! Fix in configuration\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2982 +#: src/transport/plugin_transport_http_server.c:3045 #, c-format msgid "Using port %u\n" msgstr "Utilisation du port %u\n" -#: src/transport/plugin_transport_http_server.c:3001 +#: src/transport/plugin_transport_http_server.c:3064 #, c-format msgid "Specific IPv4 address `%s' in configuration file is invalid!\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:3036 +#: src/transport/plugin_transport_http_server.c:3099 #, c-format msgid "Specific IPv6 address `%s' in configuration file is invalid!\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:3111 +#: src/transport/plugin_transport_http_server.c:3174 #, c-format msgid "Using external hostname `%s'\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:3132 +#: src/transport/plugin_transport_http_server.c:3195 #, c-format msgid "Notifying transport only about hostname `%s'\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:3149 +#: src/transport/plugin_transport_http_server.c:3212 #, c-format msgid "Maximum number of connections is %u\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:3475 +#: src/transport/plugin_transport_http_server.c:3538 msgid "Unable to compile URL regex\n" msgstr "" @@ -7393,20 +7563,6 @@ msgstr "" msgid "TCP transport advertises itself as being on port %llu\n" msgstr "" -#: src/transport/plugin_transport_udp_broadcasting.c:168 -msgid "# Multicast HELLO beacons received via UDP" -msgstr "" - -#: src/transport/plugin_transport_udp_broadcasting.c:548 -msgid "" -"Disabling HELLO broadcasting due to friend-to-friend only configuration!\n" -msgstr "" - -#: src/transport/plugin_transport_udp_broadcasting.c:565 -#, c-format -msgid "Failed to set IPv4 broadcast option for broadcast socket on port %d\n" -msgstr "" - #: src/transport/plugin_transport_udp.c:3366 #, c-format msgid "" @@ -7453,6 +7609,20 @@ msgstr "adresse invalide" msgid "Failed to create UDP network sockets\n" msgstr "" +#: src/transport/plugin_transport_udp_broadcasting.c:168 +msgid "# Multicast HELLO beacons received via UDP" +msgstr "" + +#: src/transport/plugin_transport_udp_broadcasting.c:548 +msgid "" +"Disabling HELLO broadcasting due to friend-to-friend only configuration!\n" +msgstr "" + +#: src/transport/plugin_transport_udp_broadcasting.c:565 +#, c-format +msgid "Failed to set IPv4 broadcast option for broadcast socket on port %d\n" +msgstr "" + #: src/transport/plugin_transport_unix.c:1403 #, c-format msgid "Cannot create path to `%s'\n" @@ -7557,7 +7727,7 @@ msgid "" "`GNUNET_SERVER_receive_done' after %s\n" msgstr "" -#: src/transport/tcp_service_legacy.c:339 src/util/service.c:2337 +#: src/transport/tcp_service_legacy.c:339 src/util/service.c:2336 #, c-format msgid "Unknown address family %d\n" msgstr "" @@ -7602,50 +7772,50 @@ msgstr "" msgid "Service `%s' runs at %s\n" msgstr "" -#: src/transport/tcp_service_legacy.c:1251 src/util/service.c:1501 +#: src/transport/tcp_service_legacy.c:1251 src/util/service.c:1500 msgid "Service process failed to initialize\n" msgstr "" -#: src/transport/tcp_service_legacy.c:1255 src/util/service.c:1505 +#: src/transport/tcp_service_legacy.c:1255 src/util/service.c:1504 msgid "Service process could not initialize server function\n" msgstr "" -#: src/transport/tcp_service_legacy.c:1259 src/util/service.c:1509 +#: src/transport/tcp_service_legacy.c:1259 src/util/service.c:1508 msgid "Service process failed to report status\n" msgstr "" #: src/transport/tcp_service_legacy.c:1313 src/util/disk.c:1488 -#: src/util/service.c:1379 +#: src/util/service.c:1378 #, c-format msgid "Cannot obtain information about user `%s': %s\n" msgstr "" -#: src/transport/tcp_service_legacy.c:1314 src/util/service.c:1381 +#: src/transport/tcp_service_legacy.c:1314 src/util/service.c:1380 msgid "No such user" msgstr "Aucun utilisateur trouvé" -#: src/transport/tcp_service_legacy.c:1327 src/util/service.c:1400 +#: src/transport/tcp_service_legacy.c:1327 src/util/service.c:1399 #, c-format msgid "Cannot change user/group to `%s': %s\n" msgstr "" -#: src/transport/tcp_service_legacy.c:1398 src/util/service.c:1728 +#: src/transport/tcp_service_legacy.c:1398 src/util/service.c:1727 msgid "do daemonize (detach from terminal)" msgstr "" #: src/transport/tcp_service_legacy.c:1448 src/util/program.c:244 -#: src/util/service.c:1791 +#: src/util/service.c:1790 #, c-format msgid "Malformed configuration file `%s', exit ...\n" msgstr "" #: src/transport/tcp_service_legacy.c:1458 src/util/program.c:261 -#: src/util/service.c:1802 +#: src/util/service.c:1801 msgid "Malformed configuration, exit ...\n" msgstr "" #: src/transport/tcp_service_legacy.c:1463 src/util/program.c:256 -#: src/util/service.c:1808 +#: src/util/service.c:1807 #, c-format msgid "Could not access configuration file `%s'\n" msgstr "" @@ -7689,86 +7859,86 @@ msgstr "" msgid "Need a non-empty hostname for service `%s'.\n" msgstr "" -#: src/util/common_logging.c:256 src/util/common_logging.c:1129 +#: src/util/common_logging.c:259 src/util/common_logging.c:1132 msgid "DEBUG" msgstr "DEBUG" -#: src/util/common_logging.c:258 src/util/common_logging.c:1127 +#: src/util/common_logging.c:261 src/util/common_logging.c:1130 msgid "INFO" msgstr "INFO" -#: src/util/common_logging.c:260 src/util/common_logging.c:1125 +#: src/util/common_logging.c:263 src/util/common_logging.c:1128 msgid "MESSAGE" msgstr "" -#: src/util/common_logging.c:262 src/util/common_logging.c:1123 +#: src/util/common_logging.c:265 src/util/common_logging.c:1126 msgid "WARNING" msgstr "AVERTISSEMENT" -#: src/util/common_logging.c:264 src/util/common_logging.c:1121 +#: src/util/common_logging.c:267 src/util/common_logging.c:1124 msgid "ERROR" msgstr "ERREUR" -#: src/util/common_logging.c:266 src/util/common_logging.c:1131 +#: src/util/common_logging.c:269 src/util/common_logging.c:1134 msgid "NONE" msgstr "AUCUN" -#: src/util/common_logging.c:879 +#: src/util/common_logging.c:882 #, c-format msgid "Message `%.*s' repeated %u times in the last %s\n" msgstr "" -#: src/util/common_logging.c:1132 +#: src/util/common_logging.c:1135 msgid "INVALID" msgstr "INVALIDE" -#: src/util/common_logging.c:1302 +#: src/util/common_logging.c:1326 msgid "unknown address" msgstr "adresse inconnue" -#: src/util/common_logging.c:1344 +#: src/util/common_logging.c:1368 msgid "invalid address" msgstr "adresse invalide" -#: src/util/common_logging.c:1362 +#: src/util/common_logging.c:1386 #, c-format msgid "Configuration fails to specify option `%s' in section `%s'!\n" msgstr "" -#: src/util/common_logging.c:1383 +#: src/util/common_logging.c:1407 #, c-format msgid "" "Configuration specifies invalid value for option `%s' in section `%s': %s\n" msgstr "" -#: src/util/configuration.c:286 +#: src/util/configuration.c:296 #, c-format msgid "Syntax error while deserializing in line %u\n" msgstr "" -#: src/util/configuration.c:344 +#: src/util/configuration.c:355 #, fuzzy, c-format msgid "Error while reading file `%s'\n" msgstr "Erreur de lecture : « %s » : %s" -#: src/util/configuration.c:1017 +#: src/util/configuration.c:1034 #, c-format msgid "" "Configuration value '%s' for '%s' in section '%s' is not in set of legal " "choices\n" msgstr "" -#: src/util/configuration.c:1136 +#: src/util/configuration.c:1153 #, c-format msgid "Recursive expansion suspected, aborting $-expansion for term `%s'\n" msgstr "" -#: src/util/configuration.c:1169 +#: src/util/configuration.c:1186 #, c-format msgid "Missing closing `%s' in option `%s'\n" msgstr "" -#: src/util/configuration.c:1237 +#: src/util/configuration.c:1254 #, c-format msgid "" "Failed to expand `%s' in `%s' as it is neither found in [PATHS] nor defined " @@ -7802,31 +7972,31 @@ msgstr "" msgid "EdDSA signature verification failed at %s:%d: %s\n" msgstr "" -#: src/util/crypto_ecc_setup.c:122 src/util/crypto_ecc_setup.c:160 -#: src/util/crypto_ecc_setup.c:278 src/util/crypto_ecc_setup.c:316 +#: src/util/crypto_ecc_setup.c:122 src/util/crypto_ecc_setup.c:161 +#: src/util/crypto_ecc_setup.c:279 src/util/crypto_ecc_setup.c:317 #, c-format msgid "Could not acquire lock on file `%s': %s...\n" msgstr "" -#: src/util/crypto_ecc_setup.c:127 src/util/crypto_ecc_setup.c:283 +#: src/util/crypto_ecc_setup.c:128 src/util/crypto_ecc_setup.c:284 msgid "Creating a new private key. This may take a while.\n" msgstr "" -#: src/util/crypto_ecc_setup.c:164 src/util/crypto_ecc_setup.c:320 +#: src/util/crypto_ecc_setup.c:165 src/util/crypto_ecc_setup.c:322 msgid "This may be ok if someone is currently generating a private key.\n" msgstr "" -#: src/util/crypto_ecc_setup.c:194 src/util/crypto_ecc_setup.c:350 +#: src/util/crypto_ecc_setup.c:195 src/util/crypto_ecc_setup.c:352 #, c-format msgid "" "When trying to read key file `%s' I found %u bytes but I need at least %u.\n" msgstr "" -#: src/util/crypto_ecc_setup.c:198 src/util/crypto_ecc_setup.c:354 +#: src/util/crypto_ecc_setup.c:199 src/util/crypto_ecc_setup.c:356 msgid "This may be ok if someone is currently generating a key.\n" msgstr "" -#: src/util/crypto_ecc_setup.c:413 +#: src/util/crypto_ecc_setup.c:415 msgid "Could not load peer's private key\n" msgstr "" @@ -8014,29 +8184,29 @@ msgstr "" msgid "Manipulate GNUnet configuration files" msgstr "" -#: src/util/gnunet-ecc.c:84 +#: src/util/gnunet-ecc.c:89 #, c-format msgid "Failed to open `%s': %s\n" msgstr "" -#: src/util/gnunet-ecc.c:120 +#: src/util/gnunet-ecc.c:125 #, c-format msgid "Generating %u keys like %s, please wait" msgstr "" -#: src/util/gnunet-ecc.c:133 +#: src/util/gnunet-ecc.c:138 #, c-format msgid "Generating %u keys, please wait" msgstr "" -#: src/util/gnunet-ecc.c:174 +#: src/util/gnunet-ecc.c:179 #, c-format msgid "" "\n" "Failed to write to `%s': %s\n" msgstr "" -#: src/util/gnunet-ecc.c:184 +#: src/util/gnunet-ecc.c:189 #, c-format msgid "" "\n" @@ -8045,53 +8215,57 @@ msgstr "" "\n" "Terminé !\n" -#: src/util/gnunet-ecc.c:187 +#: src/util/gnunet-ecc.c:192 #, c-format msgid "" "\n" "Error, %u keys not generated\n" msgstr "" -#: src/util/gnunet-ecc.c:280 +#: src/util/gnunet-ecc.c:283 #, c-format msgid "Hostkeys file `%s' not found\n" msgstr "" -#: src/util/gnunet-ecc.c:291 +#: src/util/gnunet-ecc.c:294 #, c-format msgid "Hostkeys file `%s' is empty\n" msgstr "" -#: src/util/gnunet-ecc.c:313 +#: src/util/gnunet-ecc.c:316 #, c-format msgid "Could not read hostkey file: %s\n" msgstr "" -#: src/util/gnunet-ecc.c:364 +#: src/util/gnunet-ecc.c:367 msgid "No hostkey file specified on command line\n" msgstr "" -#: src/util/gnunet-ecc.c:416 +#: src/util/gnunet-ecc.c:425 msgid "list keys included in a file (for testing)" msgstr "" -#: src/util/gnunet-ecc.c:421 +#: src/util/gnunet-ecc.c:430 msgid "number of keys to list included in a file (for testing)" msgstr "" -#: src/util/gnunet-ecc.c:426 +#: src/util/gnunet-ecc.c:435 msgid "create COUNT public-private key pairs (for testing)" msgstr "" -#: src/util/gnunet-ecc.c:430 +#: src/util/gnunet-ecc.c:439 msgid "print the public key in ASCII format" msgstr "" -#: src/util/gnunet-ecc.c:434 +#: src/util/gnunet-ecc.c:443 +msgid "print the public key in HEX format" +msgstr "" + +#: src/util/gnunet-ecc.c:447 msgid "print examples of ECC operations (used for compatibility testing)" msgstr "" -#: src/util/gnunet-ecc.c:449 +#: src/util/gnunet-ecc.c:463 msgid "Manipulate GNUnet private ECC key files" msgstr "" @@ -8183,7 +8357,7 @@ msgstr "" msgid "Unable to shorten unix path `%s' while keeping name unique\n" msgstr "" -#: src/util/network.c:1793 src/util/network.c:1969 +#: src/util/network.c:1793 src/util/network.c:1977 #, c-format msgid "" "Fatal internal logic error, process hangs in `%s' (abort with CTRL-C)!\n" @@ -8235,7 +8409,7 @@ msgstr "" msgid "Could not determine plugin installation path.\n" msgstr "" -#: src/util/resolver_api.c:204 +#: src/util/resolver_api.c:203 #, c-format msgid "" "Missing `%s' for `%s' in configuration, DNS resolution will be unavailable.\n" @@ -8248,32 +8422,32 @@ msgid "" "resolution will be unavailable.\n" msgstr "" -#: src/util/resolver_api.c:815 +#: src/util/resolver_api.c:826 #, c-format msgid "Timeout trying to resolve hostname `%s'.\n" msgstr "" -#: src/util/resolver_api.c:827 +#: src/util/resolver_api.c:839 #, c-format msgid "Timeout trying to resolve IP address `%s'.\n" msgstr "" -#: src/util/resolver_api.c:1004 +#: src/util/resolver_api.c:1023 msgid "Resolver not configured correctly.\n" msgstr "" -#: src/util/resolver_api.c:1086 src/util/resolver_api.c:1107 -#: src/util/resolver_api.c:1121 +#: src/util/resolver_api.c:1109 src/util/resolver_api.c:1132 +#: src/util/resolver_api.c:1146 #, fuzzy, c-format msgid "Could not resolve our FQDN: %s\n" msgstr "Résolution de « %s » échouée : %s\n" -#: src/util/service.c:1306 +#: src/util/service.c:1305 msgid "" "Could not bind to any of the ports I was supposed to, refusing to run!\n" msgstr "" -#: src/util/service.c:2082 +#: src/util/service.c:2081 #, c-format msgid "" "Processing code for message of type %u did not call " @@ -8348,63 +8522,63 @@ msgstr "jours" msgid "end of time" msgstr "fin du temps" -#: src/util/strings.c:1269 +#: src/util/strings.c:1270 msgid "IPv6 address did not start with `['\n" msgstr "" -#: src/util/strings.c:1277 +#: src/util/strings.c:1278 msgid "IPv6 address did contain ':' to separate port number\n" msgstr "" -#: src/util/strings.c:1283 +#: src/util/strings.c:1284 msgid "IPv6 address did contain ']' before ':' to separate port number\n" msgstr "" -#: src/util/strings.c:1290 +#: src/util/strings.c:1291 msgid "IPv6 address did contain a valid port number after the last ':'\n" msgstr "" -#: src/util/strings.c:1299 +#: src/util/strings.c:1300 #, c-format msgid "Invalid IPv6 address `%s': %s\n" msgstr "" -#: src/util/strings.c:1571 src/util/strings.c:1587 +#: src/util/strings.c:1572 src/util/strings.c:1588 msgid "Port not in range\n" msgstr "" -#: src/util/strings.c:1596 +#: src/util/strings.c:1597 #, c-format msgid "Malformed port policy `%s'\n" msgstr "" -#: src/util/strings.c:1679 src/util/strings.c:1710 src/util/strings.c:1758 -#: src/util/strings.c:1779 +#: src/util/strings.c:1680 src/util/strings.c:1711 src/util/strings.c:1759 +#: src/util/strings.c:1780 #, c-format msgid "Invalid format for IP: `%s'\n" msgstr "" -#: src/util/strings.c:1736 +#: src/util/strings.c:1737 #, c-format msgid "Invalid network notation ('/%d' is not legal in IPv4 CIDR)." msgstr "" -#: src/util/strings.c:1788 +#: src/util/strings.c:1789 #, c-format msgid "Invalid format: `%s'\n" msgstr "fornat invalide : « %s »\n" -#: src/util/strings.c:1840 +#: src/util/strings.c:1841 #, c-format msgid "Invalid network notation (does not end with ';': `%s')\n" msgstr "" -#: src/util/strings.c:1890 +#: src/util/strings.c:1891 #, c-format msgid "Wrong format `%s' for netmask\n" msgstr "" -#: src/util/strings.c:1921 +#: src/util/strings.c:1922 #, c-format msgid "Wrong format `%s' for network\n" msgstr "" @@ -8573,26 +8747,30 @@ msgstr "" msgid "Setup tunnels via VPN." msgstr "Configurer des tunnels via VPN." -#: src/zonemaster/gnunet-service-zonemaster.c:705 +#: src/zonemaster/gnunet-service-zonemaster.c:706 msgid "Failed to connect to the namestore!\n" msgstr "" -#: src/include/gnunet_common.h:674 src/include/gnunet_common.h:681 -#: src/include/gnunet_common.h:691 src/include/gnunet_common.h:699 +#: src/include/gnunet_common.h:689 src/include/gnunet_common.h:696 +#: src/include/gnunet_common.h:706 src/include/gnunet_common.h:714 #, c-format msgid "Assertion failed at %s:%d.\n" msgstr "" -#: src/include/gnunet_common.h:711 +#: src/include/gnunet_common.h:726 #, c-format msgid "External protocol violation detected at %s:%d.\n" msgstr "" -#: src/include/gnunet_common.h:738 src/include/gnunet_common.h:747 +#: src/include/gnunet_common.h:753 src/include/gnunet_common.h:762 #, c-format msgid "`%s' failed on file `%s' at %s:%d with error: %s\n" msgstr "" +#, fuzzy +#~ msgid "Unable to connect to Postgres database '%s': %s\n" +#~ msgstr "Résolution de « %s » échouée\n" + #~ msgid "ARM API is busy" #~ msgstr "API ARM occupé" @@ -8670,10 +8848,6 @@ msgstr "" #~ msgid "Failed to start resolver!\n" #~ msgstr "Échec du démarrage de %s\n" -#, fuzzy -#~ msgid "Failed to start NAT test for plugin `%s'\n" -#~ msgstr "Résolution de « %s » échouée\n" - #~ msgid "Benchmarking done\n" #~ msgstr "Benchmark terminé\n" diff --git a/po/sv.po b/po/sv.po index 3120e6594..f03bfb2b9 100644 --- a/po/sv.po +++ b/po/sv.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: GNUnet 0.7.0b\n" "Report-Msgid-Bugs-To: gnunet-developers@mail.gnu.org\n" -"POT-Creation-Date: 2017-03-31 19:22-0500\n" +"POT-Creation-Date: 2017-10-20 15:14+0000\n" "PO-Revision-Date: 2006-01-21 17:16+0100\n" "Last-Translator: Daniel Nylander \n" "Language-Team: Swedish \n" @@ -273,7 +273,7 @@ msgid "Have neither PORT nor UNIXPATH for service `%s', but one is required\n" msgstr "" #: src/arm/gnunet-service-arm.c:513 -#: src/transport/plugin_transport_http_server.c:2621 +#: src/transport/plugin_transport_http_server.c:2684 #: src/transport/plugin_transport_tcp.c:1259 #: src/transport/tcp_service_legacy.c:696 src/util/service.c:782 #, fuzzy, c-format @@ -281,7 +281,7 @@ msgid "Failed to resolve `%s': %s\n" msgstr "Misslyckades att leverera \"%s\" meddelande.\n" #: src/arm/gnunet-service-arm.c:532 -#: src/transport/plugin_transport_http_server.c:2639 +#: src/transport/plugin_transport_http_server.c:2702 #: src/transport/plugin_transport_tcp.c:1278 #: src/transport/tcp_service_legacy.c:715 src/util/service.c:802 #, fuzzy, c-format @@ -355,134 +355,14 @@ msgstr "" msgid "Initiating shutdown as requested by client.\n" msgstr "" -#: src/ats/gnunet-ats-solver-eval.c:2781 src/ats/gnunet-ats-solver-eval.c:2822 -#, c-format -msgid "" -"Could not load quota for network `%s': `%s', assigning default bandwidth " -"%llu\n" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:2799 -#, c-format -msgid "" -"No outbound quota configured for network `%s', assigning default bandwidth " -"%llu\n" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:2840 -#, c-format -msgid "" -"No outbound quota configure for network `%s', assigning default bandwidth " -"%llu\n" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:3294 -#: src/ats-tests/gnunet-solver-eval.c:939 -msgid "solver to use" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:3299 -#: src/ats-tests/gnunet-solver-eval.c:945 -#: src/ats-tests/gnunet-solver-eval.c:950 -msgid "experiment to use" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:3306 -#, fuzzy -msgid "print logging" -msgstr "Startade samling \"%s\".\n" - -#: src/ats/gnunet-ats-solver-eval.c:3311 -msgid "save logging to disk" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:3316 -msgid "disable normalization" -msgstr "" - -#: src/ats/gnunet-service-ats_plugins.c:304 -#, c-format -msgid "" -"Could not load %s quota for network `%s': `%s', assigning default bandwidth " -"%llu\n" -msgstr "" - -#: src/ats/gnunet-service-ats_plugins.c:314 -#, c-format -msgid "%s quota configured for network `%s' is %llu\n" -msgstr "" - -#: src/ats/gnunet-service-ats_plugins.c:359 -#, c-format -msgid "" -"No %s-quota configured for network `%s', assigning default bandwidth %llu\n" -msgstr "" - -#: src/ats/gnunet-service-ats_plugins.c:451 -#, fuzzy, c-format -msgid "Failed to initialize solver `%s'!\n" -msgstr "Kunde inte initiera SQLite.\n" - -#: src/ats/plugin_ats_mlp.c:1274 -msgid "Problem size too large, cannot allocate memory!\n" -msgstr "" - -#: src/ats/plugin_ats_mlp.c:1869 -#, fuzzy, c-format -msgid "Adding address for peer `%s' multiple times\n" -msgstr "Motpart \"%s\" med pålitlighet %8u och adress \"%s\"\n" - -#: src/ats/plugin_ats_mlp.c:1913 -#, fuzzy, c-format -msgid "Updating address property for peer `%s' %p not added before\n" -msgstr "Motpart \"%s\" med pålitlighet %8u och adress \"%s\"\n" - -#: src/ats/plugin_ats_mlp.c:2475 -msgid "" -"MLP solver is not optimizing for anything, changing to feasibility check\n" -msgstr "" - -#: src/ats/plugin_ats_mlp.c:2515 src/ats/plugin_ats_mlp.c:2532 -#: src/ats/plugin_ats_mlp.c:2564 src/ats/plugin_ats_mlp.c:2582 -#: src/ats/plugin_ats_mlp.c:2601 src/ats/plugin_ats_proportional.c:1141 -#: src/ats/plugin_ats_ril.c:2612 src/ats/plugin_ats_ril.c:2629 -#: src/ats/plugin_ats_ril.c:2646 src/ats/plugin_ats_ril.c:2663 -#: src/ats/plugin_ats_ril.c:2680 src/ats/plugin_ats_ril.c:2697 -#: src/ats/plugin_ats_ril.c:2714 src/ats/plugin_ats_ril.c:2731 -#, fuzzy, c-format -msgid "Invalid %s configuration %f \n" -msgstr "Kunde inte spara konfigurationsfil \"%s\":" - -#: src/ats/plugin_ats_mlp.c:2670 -#, c-format -msgid "" -"Adjusting inconsistent outbound quota configuration for network `%s', is " -"%llu must be at least %llu\n" -msgstr "" - -#: src/ats/plugin_ats_mlp.c:2679 -#, c-format -msgid "" -"Adjusting inconsistent inbound quota configuration for network `%s', is %llu " -"must be at least %llu\n" -msgstr "" - -#: src/ats/plugin_ats_mlp.c:2689 -#, c-format -msgid "" -"Adjusting outbound quota configuration for network `%s'from %llu to %.0f\n" -msgstr "" - -#: src/ats/plugin_ats_mlp.c:2698 -#, c-format -msgid "" -"Adjusting inbound quota configuration for network `%s' from %llu to %.0f\n" +#: src/ats-tests/ats-testing-log.c:837 +msgid "Stop logging\n" msgstr "" -#: src/ats/plugin_ats_proportional.c:1164 +#: src/ats-tests/ats-testing-log.c:892 #, fuzzy, c-format -msgid "Invalid %s configuration %f\n" -msgstr "Kunde inte spara konfigurationsfil \"%s\":" +msgid "Start logging `%s'\n" +msgstr "Startade samling \"%s\".\n" #: src/ats-tests/ats-testing.c:422 #, c-format @@ -494,15 +374,6 @@ msgstr "" msgid "Failed to connect master peer [%u] with slave [%u]\n" msgstr "Misslyckades att ansluta till gnunetd.\n" -#: src/ats-tests/ats-testing-log.c:837 -msgid "Stop logging\n" -msgstr "" - -#: src/ats-tests/ats-testing-log.c:892 -#, fuzzy, c-format -msgid "Start logging `%s'\n" -msgstr "Startade samling \"%s\".\n" - #: src/ats-tests/gnunet-ats-sim.c:90 #, c-format msgid "" @@ -510,6 +381,15 @@ msgid "" "= %u KiB/s\n" msgstr "" +#: src/ats-tests/gnunet-solver-eval.c:939 src/ats/gnunet-ats-solver-eval.c:3294 +msgid "solver to use" +msgstr "" + +#: src/ats-tests/gnunet-solver-eval.c:945 +#: src/ats-tests/gnunet-solver-eval.c:950 src/ats/gnunet-ats-solver-eval.c:3299 +msgid "experiment to use" +msgstr "" + #: src/ats-tool/gnunet-ats.c:307 #, c-format msgid "%u address resolutions had a timeout\n" @@ -631,6 +511,124 @@ msgstr "" msgid "Print information about ATS state" msgstr "Skriv ut information om GNUnets motparter." +#: src/ats/gnunet-ats-solver-eval.c:2781 src/ats/gnunet-ats-solver-eval.c:2822 +#, c-format +msgid "" +"Could not load quota for network `%s': `%s', assigning default bandwidth " +"%llu\n" +msgstr "" + +#: src/ats/gnunet-ats-solver-eval.c:2799 +#, c-format +msgid "" +"No outbound quota configured for network `%s', assigning default bandwidth " +"%llu\n" +msgstr "" + +#: src/ats/gnunet-ats-solver-eval.c:2840 +#, c-format +msgid "" +"No outbound quota configure for network `%s', assigning default bandwidth " +"%llu\n" +msgstr "" + +#: src/ats/gnunet-ats-solver-eval.c:3306 +#, fuzzy +msgid "print logging" +msgstr "Startade samling \"%s\".\n" + +#: src/ats/gnunet-ats-solver-eval.c:3311 +msgid "save logging to disk" +msgstr "" + +#: src/ats/gnunet-ats-solver-eval.c:3316 +msgid "disable normalization" +msgstr "" + +#: src/ats/gnunet-service-ats_plugins.c:304 +#, c-format +msgid "" +"Could not load %s quota for network `%s': `%s', assigning default bandwidth " +"%llu\n" +msgstr "" + +#: src/ats/gnunet-service-ats_plugins.c:314 +#, c-format +msgid "%s quota configured for network `%s' is %llu\n" +msgstr "" + +#: src/ats/gnunet-service-ats_plugins.c:359 +#, c-format +msgid "" +"No %s-quota configured for network `%s', assigning default bandwidth %llu\n" +msgstr "" + +#: src/ats/gnunet-service-ats_plugins.c:451 +#, fuzzy, c-format +msgid "Failed to initialize solver `%s'!\n" +msgstr "Kunde inte initiera SQLite.\n" + +#: src/ats/plugin_ats_mlp.c:1274 +msgid "Problem size too large, cannot allocate memory!\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:1869 +#, fuzzy, c-format +msgid "Adding address for peer `%s' multiple times\n" +msgstr "Motpart \"%s\" med pålitlighet %8u och adress \"%s\"\n" + +#: src/ats/plugin_ats_mlp.c:1913 +#, fuzzy, c-format +msgid "Updating address property for peer `%s' %p not added before\n" +msgstr "Motpart \"%s\" med pålitlighet %8u och adress \"%s\"\n" + +#: src/ats/plugin_ats_mlp.c:2475 +msgid "" +"MLP solver is not optimizing for anything, changing to feasibility check\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:2515 src/ats/plugin_ats_mlp.c:2532 +#: src/ats/plugin_ats_mlp.c:2564 src/ats/plugin_ats_mlp.c:2582 +#: src/ats/plugin_ats_mlp.c:2601 src/ats/plugin_ats_proportional.c:1141 +#: src/ats/plugin_ats_ril.c:2612 src/ats/plugin_ats_ril.c:2629 +#: src/ats/plugin_ats_ril.c:2646 src/ats/plugin_ats_ril.c:2663 +#: src/ats/plugin_ats_ril.c:2680 src/ats/plugin_ats_ril.c:2697 +#: src/ats/plugin_ats_ril.c:2714 src/ats/plugin_ats_ril.c:2731 +#, fuzzy, c-format +msgid "Invalid %s configuration %f \n" +msgstr "Kunde inte spara konfigurationsfil \"%s\":" + +#: src/ats/plugin_ats_mlp.c:2670 +#, c-format +msgid "" +"Adjusting inconsistent outbound quota configuration for network `%s', is " +"%llu must be at least %llu\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:2679 +#, c-format +msgid "" +"Adjusting inconsistent inbound quota configuration for network `%s', is %llu " +"must be at least %llu\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:2689 +#, c-format +msgid "" +"Adjusting outbound quota configuration for network `%s'from %llu to %.0f\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:2698 +#, c-format +msgid "" +"Adjusting inbound quota configuration for network `%s' from %llu to %.0f\n" +msgstr "" + +#: src/ats/plugin_ats_proportional.c:1164 +#, fuzzy, c-format +msgid "Invalid %s configuration %f\n" +msgstr "Kunde inte spara konfigurationsfil \"%s\":" + #: src/auction/gnunet-auction-create.c:163 msgid "description of the item to be sold" msgstr "" @@ -779,6 +777,28 @@ msgstr "" msgid "Connection to conversation service lost, trying to reconnect\n" msgstr "" +#: src/conversation/gnunet-conversation-test.c:119 +#, c-format +msgid "" +"\n" +"End of transmission. Have a GNU day.\n" +msgstr "" + +#: src/conversation/gnunet-conversation-test.c:145 +#, c-format +msgid "" +"\n" +"We are now playing your recording back. If you can hear it, your audio " +"settings are working..." +msgstr "" + +#: src/conversation/gnunet-conversation-test.c:210 +#, c-format +msgid "" +"We will now be recording you for %s. After that time, the recording will be " +"played back to you..." +msgstr "" + #: src/conversation/gnunet-conversation.c:269 #, c-format msgid "Incoming call from `%s'. Please /accept %u or /cancel %u the call.\n" @@ -1036,30 +1056,8 @@ msgstr "" msgid "Enables having a conversation with other GNUnet users." msgstr "" -#: src/conversation/gnunet-conversation-test.c:119 -#, c-format -msgid "" -"\n" -"End of transmission. Have a GNU day.\n" -msgstr "" - -#: src/conversation/gnunet-conversation-test.c:145 -#, c-format -msgid "" -"\n" -"We are now playing your recording back. If you can hear it, your audio " -"settings are working..." -msgstr "" - -#: src/conversation/gnunet-conversation-test.c:210 -#, c-format -msgid "" -"We will now be recording you for %s. After that time, the recording will be " -"played back to you..." -msgstr "" - -#: src/conversation/gnunet_gst.c:622 #: src/conversation/gnunet-helper-audio-playback-gst.c:356 +#: src/conversation/gnunet_gst.c:622 #, c-format msgid "Read error from STDIN: %d %s\n" msgstr "" @@ -1191,6 +1189,11 @@ msgstr "\"%s\" %s misslyckades: %s\n" msgid "Failed to allocate %u bytes for second packet\n" msgstr "Misslyckades att läsa kompislista från \"%s\"\n" +#: src/conversation/gnunet-service-conversation.c:1276 +#, fuzzy, c-format +msgid "Could not open line, port %s already in use!\n" +msgstr "Kunde inte ansluta till gnunetd.\n" + #: src/conversation/microphone.c:119 #, fuzzy msgid "Could not start record audio helper\n" @@ -1490,8 +1493,140 @@ msgstr "# krypterade PONG-meddelanden mottagna" msgid "# updates to my type map" msgstr "" +#: src/credential/credential_misc.c:88 +#, fuzzy, c-format +msgid "Unable to parse CRED record string `%s'\n" +msgstr "Misslyckades att läsa kompislista från \"%s\"\n" + +#: src/credential/gnunet-credential.c:278 src/namestore/gnunet-namestore.c:776 +#: src/namestore/plugin_rest_namestore.c:1009 +#, fuzzy, c-format +msgid "Ego `%s' not known to identity service\n" +msgstr "\"%s\": okänd tjänst: %s\n" + +#: src/credential/gnunet-credential.c:294 +#: src/credential/gnunet-credential.c:446 +#, fuzzy, c-format +msgid "Issuer public key `%s' is not well-formed\n" +msgstr "Ogiltigt argument: \"%s\"\n" + +#: src/credential/gnunet-credential.c:375 +#: src/credential/gnunet-credential.c:435 +#, fuzzy, c-format +msgid "Issuer public key not well-formed\n" +msgstr "Ogiltigt argument: \"%s\"\n" + +#: src/credential/gnunet-credential.c:386 +#: src/credential/gnunet-credential.c:455 +#, fuzzy, c-format +msgid "Failed to connect to CREDENTIAL\n" +msgstr "Misslyckades att ansluta till gnunetd.\n" + +#: src/credential/gnunet-credential.c:392 +#, c-format +msgid "You must provide issuer the attribute\n" +msgstr "" + +#: src/credential/gnunet-credential.c:399 +#, c-format +msgid "ego required\n" +msgstr "" + +#: src/credential/gnunet-credential.c:415 +#, c-format +msgid "Subject public key needed\n" +msgstr "" + +#: src/credential/gnunet-credential.c:426 +#, fuzzy, c-format +msgid "Subject public key `%s' is not well-formed\n" +msgstr "Ogiltigt argument: \"%s\"\n" + +#: src/credential/gnunet-credential.c:461 +#, c-format +msgid "You must provide issuer and subject attributes\n" +msgstr "" + +#: src/credential/gnunet-credential.c:511 +#, c-format +msgid "Issuer ego required\n" +msgstr "" + +#: src/credential/gnunet-credential.c:523 +#, c-format +msgid "Please specify name to lookup, subject key and issuer key!\n" +msgstr "" + +#: src/credential/gnunet-credential.c:543 +msgid "create credential" +msgstr "" + +#: src/credential/gnunet-credential.c:547 +msgid "verify credential against attribute" +msgstr "" + +#: src/credential/gnunet-credential.c:552 +#, fuzzy +msgid "The public key of the subject to lookup the credential for" +msgstr "ange prioritet för innehållet" + +#: src/credential/gnunet-credential.c:557 +msgid "The name of the credential presented by the subject" +msgstr "" + +#: src/credential/gnunet-credential.c:562 +#, fuzzy +msgid "The public key of the authority to verify the credential against" +msgstr "ange prioritet för innehållet" + +#: src/credential/gnunet-credential.c:567 +#, fuzzy +msgid "The ego to use" +msgstr "meddelandestorlek" + +#: src/credential/gnunet-credential.c:572 +msgid "The issuer attribute to verify against or to issue" +msgstr "" + +#: src/credential/gnunet-credential.c:577 +msgid "The time to live for the credential" +msgstr "" + +#: src/credential/gnunet-credential.c:581 +msgid "collect credentials" +msgstr "" + +#: src/credential/gnunet-credential.c:595 +#, fuzzy +msgid "GNUnet credential resolver tool" +msgstr "Spåra GNUnets nätverkstopologi." + +#: src/credential/gnunet-service-credential.c:1204 +#: src/gns/gnunet-gns-helper-service-w32.c:727 src/gns/gnunet-gns.c:355 +#, fuzzy, c-format +msgid "Failed to connect to GNS\n" +msgstr "Misslyckades att ansluta till gnunetd.\n" + +#: src/credential/gnunet-service-credential.c:1210 +#: src/namestore/gnunet-namestore-fcfsd.c:1034 +#: src/namestore/gnunet-namestore.c:802 +#: src/namestore/plugin_rest_namestore.c:1022 +#, fuzzy, c-format +msgid "Failed to connect to namestore\n" +msgstr "Misslyckades att ansluta till gnunetd.\n" + +#: src/credential/plugin_gnsrecord_credential.c:186 +#, fuzzy, c-format +msgid "Unable to parse ATTR record string `%s'\n" +msgstr "Misslyckades att läsa kompislista från \"%s\"\n" + +#: src/credential/plugin_rest_credential.c:1155 src/gns/plugin_rest_gns.c:668 +#, fuzzy +msgid "GNS REST API initialized\n" +msgstr " Anslutning misslyckades\n" + #: src/datacache/datacache.c:119 src/datacache/datacache.c:294 -#: src/datastore/gnunet-service-datastore.c:775 +#: src/datastore/gnunet-service-datastore.c:757 #, fuzzy msgid "# bytes stored" msgstr "# byte krypterade" @@ -1536,13 +1671,12 @@ msgstr "" #: src/datacache/plugin_datacache_sqlite.c:113 #: src/datacache/plugin_datacache_sqlite.c:122 -#: src/datastore/plugin_datastore_mysql.c:980 +#: src/datastore/plugin_datastore_mysql.c:892 #: src/datastore/plugin_datastore_sqlite.c:58 -#: src/datastore/plugin_datastore_sqlite.c:66 src/my/my.c:80 src/my/my.c:92 -#: src/mysql/mysql.c:42 src/mysql/mysql.c:49 -#: src/namecache/plugin_namecache_postgres.c:53 +#: src/datastore/plugin_datastore_sqlite.c:66 +#: src/identity-provider/plugin_identity_provider_sqlite.c:52 src/my/my.c:80 +#: src/my/my.c:92 src/mysql/mysql.c:42 src/mysql/mysql.c:49 #: src/namecache/plugin_namecache_sqlite.c:53 -#: src/namestore/plugin_namestore_postgres.c:53 #: src/namestore/plugin_namestore_sqlite.c:53 #: src/peerstore/plugin_peerstore_sqlite.c:52 #: src/psycstore/plugin_psycstore_mysql.c:62 @@ -1551,14 +1685,15 @@ msgstr "" #: src/testbed/gnunet-daemon-testbed-underlay.c:56 #: src/testbed/testbed_api_hosts.c:69 src/util/crypto_ecc.c:52 #: src/util/crypto_ecc_setup.c:41 src/util/crypto_mpi.c:39 -#: src/include/gnunet_common.h:720 src/include/gnunet_common.h:729 +#: src/include/gnunet_common.h:735 src/include/gnunet_common.h:744 #: src/scalarproduct/scalarproduct.h:35 #, c-format msgid "`%s' failed at %s:%d with error: %s\n" msgstr "\"%s\" misslyckades vid %s:%d med fel: %s\n" #: src/datacache/plugin_datacache_sqlite.c:817 -#: src/datastore/plugin_datastore_sqlite.c:475 +#: src/datastore/plugin_datastore_sqlite.c:456 +#: src/identity-provider/plugin_identity_provider_sqlite.c:336 #: src/namecache/plugin_namecache_sqlite.c:296 #: src/namestore/plugin_namestore_sqlite.c:355 msgid "Tried to close sqlite without finalizing all prepared statements.\n" @@ -1626,23 +1761,75 @@ msgstr "" msgid "# GET requests executed" msgstr "" -#: src/datastore/gnunet-datastore.c:113 +#: src/datastore/gnunet-datastore.c:189 +#, c-format +msgid "Dumped % records\n" +msgstr "" + +#: src/datastore/gnunet-datastore.c:217 src/datastore/gnunet-datastore.c:229 +#, c-format +msgid "Short write to file: %zd bytes expecting %zd\n" +msgstr "" + +#: src/datastore/gnunet-datastore.c:261 +#, fuzzy +msgid "Error queueing datastore GET operation\n" +msgstr "Fel vid skapandet av användare" + +#: src/datastore/gnunet-datastore.c:287 src/datastore/gnunet-datastore.c:412 +#, fuzzy, c-format +msgid "Unable to open dump file: %s\n" +msgstr "Kunde inte skapa namnrymd \"%s\" (existerar?).\n" + +#: src/datastore/gnunet-datastore.c:326 #, fuzzy, c-format msgid "Failed to store item: %s, aborting\n" msgstr "Misslyckades att leverera \"%s\" meddelande.\n" -#: src/datastore/gnunet-datastore.c:209 +#: src/datastore/gnunet-datastore.c:340 #, c-format -msgid "Cannot use the same configuration for source and destination\n" +msgid "Inserted % records\n" msgstr "" -#: src/datastore/gnunet-datastore.c:256 -msgid "" -"specifies the configuration to use to access an alternative datastore; will " -"merge that datastore into our current datastore" +#: src/datastore/gnunet-datastore.c:349 src/datastore/gnunet-datastore.c:363 +#, c-format +msgid "Short read from file: %zd bytes expecting %zd\n" +msgstr "" + +#: src/datastore/gnunet-datastore.c:389 +#, fuzzy +msgid "Error queueing datastore PUT operation\n" +msgstr "Fel vid skapandet av användare" + +#: src/datastore/gnunet-datastore.c:432 +msgid "Input file is not of a supported format\n" +msgstr "" + +#: src/datastore/gnunet-datastore.c:458 +#, fuzzy +msgid "Failed connecting to the datastore.\n" +msgstr "Misslyckades att ansluta till gnunetd.\n" + +#: src/datastore/gnunet-datastore.c:470 +#, c-format +msgid "Please choose at least one operation: %s, %s\n" +msgstr "" + +#: src/datastore/gnunet-datastore.c:493 +#, fuzzy +msgid "Dump all records from the datastore" +msgstr "Misslyckades att ta emot svar till \"%s\" meddelande från gnunetd\n" + +#: src/datastore/gnunet-datastore.c:497 +#, fuzzy +msgid "Insert records into the datastore" +msgstr "# byte krypterade" + +#: src/datastore/gnunet-datastore.c:502 +msgid "File to dump or insert" msgstr "" -#: src/datastore/gnunet-datastore.c:265 +#: src/datastore/gnunet-datastore.c:511 #, fuzzy msgid "Manipulate GNUnet datastore" msgstr "skriv ut ett värde från konfigurationsfilen till standard ut" @@ -1686,8 +1873,8 @@ msgstr "" #: src/datastore/gnunet-service-datastore.c:634 #: src/datastore/gnunet-service-datastore.c:689 -#: src/datastore/gnunet-service-datastore.c:977 -#: src/datastore/gnunet-service-datastore.c:1633 +#: src/datastore/gnunet-service-datastore.c:837 +#: src/datastore/gnunet-service-datastore.c:1469 msgid "# reserved" msgstr "" @@ -1695,147 +1882,148 @@ msgstr "" msgid "Could not find matching reservation" msgstr "" -#: src/datastore/gnunet-service-datastore.c:792 +#: src/datastore/gnunet-service-datastore.c:773 #, c-format msgid "Need %llu bytes more space (%llu allowed, using %llu)\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1026 +#: src/datastore/gnunet-service-datastore.c:876 #, fuzzy msgid "# GET requests received" msgstr "# byte mottogs via TCP" -#: src/datastore/gnunet-service-datastore.c:1058 +#: src/datastore/gnunet-service-datastore.c:907 #, fuzzy msgid "# GET KEY requests received" msgstr "# byte mottogs via TCP" -#: src/datastore/gnunet-service-datastore.c:1071 +#: src/datastore/gnunet-service-datastore.c:920 msgid "# requests filtered by bloomfilter" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1108 +#: src/datastore/gnunet-service-datastore.c:956 msgid "# GET REPLICATION requests received" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1141 +#: src/datastore/gnunet-service-datastore.c:989 msgid "# GET ZERO ANONYMITY requests received" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1190 +#: src/datastore/gnunet-service-datastore.c:1036 #, fuzzy msgid "Content not found" msgstr "Kommando \"%s\" hittades inte!\n" -#: src/datastore/gnunet-service-datastore.c:1199 +#: src/datastore/gnunet-service-datastore.c:1043 msgid "# bytes removed (explicit request)" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1246 +#: src/datastore/gnunet-service-datastore.c:1088 #, fuzzy msgid "# REMOVE requests received" msgstr "# byte mottogs via TCP" -#: src/datastore/gnunet-service-datastore.c:1301 +#: src/datastore/gnunet-service-datastore.c:1137 #, c-format msgid "" "Datastore payload must have been inaccurate (%lld < %lld). Recomputing it.\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1307 -#: src/datastore/gnunet-service-datastore.c:1482 +#: src/datastore/gnunet-service-datastore.c:1143 +#: src/datastore/gnunet-service-datastore.c:1318 #, c-format msgid "New payload: %lld\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1361 +#: src/datastore/gnunet-service-datastore.c:1197 #, c-format msgid "Loading `%s' datastore plugin\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1373 +#: src/datastore/gnunet-service-datastore.c:1209 #, fuzzy, c-format msgid "Failed to load datastore plugin for `%s'\n" msgstr "Kunde inte slå upp \"%s\": %s\n" -#: src/datastore/gnunet-service-datastore.c:1433 +#: src/datastore/gnunet-service-datastore.c:1269 msgid "Bloomfilter construction complete.\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1489 +#: src/datastore/gnunet-service-datastore.c:1325 msgid "Rebuilding bloomfilter. Please be patient.\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1500 +#: src/datastore/gnunet-service-datastore.c:1336 msgid "Plugin does not support get_keys function. Please fix!\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1670 +#: src/datastore/gnunet-service-datastore.c:1506 #, fuzzy, c-format msgid "# bytes used in file-sharing datastore `%s'" msgstr "# byte krypterade" -#: src/datastore/gnunet-service-datastore.c:1686 +#: src/datastore/gnunet-service-datastore.c:1522 msgid "# quota" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1691 +#: src/datastore/gnunet-service-datastore.c:1527 msgid "# cache size" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1707 +#: src/datastore/gnunet-service-datastore.c:1543 #, c-format msgid "Could not use specified filename `%s' for bloomfilter.\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1725 -#: src/datastore/gnunet-service-datastore.c:1741 +#: src/datastore/gnunet-service-datastore.c:1561 +#: src/datastore/gnunet-service-datastore.c:1577 #, fuzzy, c-format msgid "Failed to remove bogus bloomfilter file `%s'\n" msgstr "Kunde inte spara konfigurationsfil \"%s\":" -#: src/datastore/gnunet-service-datastore.c:1773 +#: src/datastore/gnunet-service-datastore.c:1609 #, fuzzy msgid "Failed to initialize bloomfilter.\n" msgstr "Misslyckades att initiera tjänsten \"%s\".\n" -#: src/datastore/plugin_datastore_heap.c:769 +#: src/datastore/plugin_datastore_heap.c:893 msgid "Heap database running\n" msgstr "" -#: src/datastore/plugin_datastore_mysql.c:377 -#: src/datastore/plugin_datastore_sqlite.c:590 +#: src/datastore/plugin_datastore_mysql.c:371 +#: src/datastore/plugin_datastore_mysql.c:423 +#: src/datastore/plugin_datastore_mysql.c:1075 +msgid "MySQL statement run failure" +msgstr "" + +#: src/datastore/plugin_datastore_mysql.c:410 +#: src/datastore/plugin_datastore_sqlite.c:626 #, fuzzy msgid "Data too large" msgstr "antal iterationer" -#: src/datastore/plugin_datastore_mysql.c:393 -msgid "MySQL statement run failure" -msgstr "" - -#: src/datastore/plugin_datastore_mysql.c:936 +#: src/datastore/plugin_datastore_mysql.c:848 #, fuzzy, c-format msgid "`%s' for `%s' failed at %s:%d with error: %s\n" msgstr "\"%s\" till \"%s\" misslyckades vid %s:%d med fel: %s\n" -#: src/datastore/plugin_datastore_mysql.c:1208 +#: src/datastore/plugin_datastore_mysql.c:1180 #: src/psycstore/plugin_psycstore_mysql.c:1936 msgid "Mysql database running\n" msgstr "" -#: src/datastore/plugin_datastore_postgres.c:345 +#: src/datastore/plugin_datastore_postgres.c:274 +#: src/datastore/plugin_datastore_postgres.c:891 msgid "Postgress exec failure" msgstr "" -#: src/datastore/plugin_datastore_postgres.c:866 +#: src/datastore/plugin_datastore_postgres.c:852 #, fuzzy msgid "Failed to drop table from database.\n" msgstr "Misslyckades att ta emot svar till \"%s\" meddelande från gnunetd\n" -#: src/datastore/plugin_datastore_postgres.c:903 -#: src/namecache/plugin_namecache_postgres.c:398 -#: src/namestore/plugin_namestore_postgres.c:571 -#: src/psycstore/plugin_psycstore_postgres.c:1721 +#: src/datastore/plugin_datastore_postgres.c:950 +#: src/psycstore/plugin_psycstore_postgres.c:1506 msgid "Postgres database running\n" msgstr "" @@ -1847,7 +2035,8 @@ msgstr "" msgid "`%s' failed at %s:%u with error: %s" msgstr "\"%s\" misslyckades vid %s:%d med fel: %s\n" -#: src/datastore/plugin_datastore_sqlite.c:281 +#: src/datastore/plugin_datastore_sqlite.c:271 +#: src/identity-provider/plugin_identity_provider_sqlite.c:212 #: src/namecache/plugin_namecache_sqlite.c:194 #: src/namestore/plugin_namestore_sqlite.c:222 #: src/peerstore/plugin_peerstore_sqlite.c:535 @@ -1856,24 +2045,29 @@ msgstr "\"%s\" misslyckades vid %s:%d med fel: %s\n" msgid "Unable to initialize SQLite: %s.\n" msgstr "Kunde inte initiera SQLite.\n" -#: src/datastore/plugin_datastore_sqlite.c:1234 +#: src/datastore/plugin_datastore_sqlite.c:577 +msgid "sqlite bind failure" +msgstr "" + +#: src/datastore/plugin_datastore_sqlite.c:1259 msgid "sqlite version to old to determine size, assuming zero\n" msgstr "" -#: src/datastore/plugin_datastore_sqlite.c:1268 +#: src/datastore/plugin_datastore_sqlite.c:1293 #, c-format msgid "" "Using sqlite page utilization to estimate payload (%llu pages of size %llu " "bytes)\n" msgstr "" -#: src/datastore/plugin_datastore_sqlite.c:1312 +#: src/datastore/plugin_datastore_sqlite.c:1337 +#: src/identity-provider/plugin_identity_provider_sqlite.c:711 #: src/namecache/plugin_namecache_sqlite.c:603 #: src/namestore/plugin_namestore_sqlite.c:802 msgid "Sqlite database running\n" msgstr "" -#: src/datastore/plugin_datastore_template.c:259 +#: src/datastore/plugin_datastore_template.c:253 msgid "Template database running\n" msgstr "" @@ -1935,53 +2129,6 @@ msgstr "" msgid "Prints all packets that go through the DHT." msgstr "" -#: src/dht/gnunet_dht_profiler.c:1161 -#: src/testbed/gnunet-testbed-profiler.c:255 -#, fuzzy, c-format -msgid "Exiting as the number of peers is %u\n" -msgstr "Maximalt antal chattklienter uppnått.\n" - -#: src/dht/gnunet_dht_profiler.c:1188 -#, fuzzy -msgid "number of peers to start" -msgstr "antal iterationer" - -#: src/dht/gnunet_dht_profiler.c:1194 -msgid "" -"maximum number of times we try to search for successor circle formation (0 " -"for R5N)" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1200 src/nse/gnunet-nse-profiler.c:853 -#: src/testbed/gnunet-testbed-profiler.c:305 -msgid "name of the file with the login information for the testbed" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1206 -msgid "delay between rounds for collecting statistics (default: 30 sec)" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1212 -msgid "delay to start doing PUTs (default: 1 sec)" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1218 -msgid "delay to start doing GETs (default: 5 min)" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1223 -msgid "replication degree for DHT PUTs" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1230 -msgid "timeout for DHT PUT and GET requests (default: 1 min)" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1248 -#, fuzzy -msgid "Measure quality and performance of the DHT service." -msgstr "Kan inte tillgå tjänsten" - #: src/dht/gnunet-dht-put.c:120 #, fuzzy msgid "PUT request sent with key" @@ -2258,6 +2405,52 @@ msgstr "" msgid "# DHT requests combined" msgstr "# byte mottogs via TCP" +#: src/dht/gnunet_dht_profiler.c:1161 src/testbed/gnunet-testbed-profiler.c:255 +#, fuzzy, c-format +msgid "Exiting as the number of peers is %u\n" +msgstr "Maximalt antal chattklienter uppnått.\n" + +#: src/dht/gnunet_dht_profiler.c:1188 +#, fuzzy +msgid "number of peers to start" +msgstr "antal iterationer" + +#: src/dht/gnunet_dht_profiler.c:1194 +msgid "" +"maximum number of times we try to search for successor circle formation (0 " +"for R5N)" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1200 src/nse/gnunet-nse-profiler.c:853 +#: src/testbed/gnunet-testbed-profiler.c:305 +msgid "name of the file with the login information for the testbed" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1206 +msgid "delay between rounds for collecting statistics (default: 30 sec)" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1212 +msgid "delay to start doing PUTs (default: 1 sec)" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1218 +msgid "delay to start doing GETs (default: 5 min)" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1223 +msgid "replication degree for DHT PUTs" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1230 +msgid "timeout for DHT PUT and GET requests (default: 1 min)" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1248 +#, fuzzy +msgid "Measure quality and performance of the DHT service." +msgstr "Kan inte tillgå tjänsten" + #: src/dht/plugin_block_dht.c:187 #, fuzzy, c-format msgid "Block not of type %u\n" @@ -2591,7 +2784,7 @@ msgstr "" msgid "No useful service enabled. Exiting.\n" msgstr "" -#: src/exit/gnunet-daemon-exit.c:3969 +#: src/exit/gnunet-daemon-exit.c:3970 msgid "Daemon to run to provide an IP exit node for the VPN" msgstr "" @@ -3244,15 +3437,6 @@ msgid "" "chk/...)" msgstr "" -#: src/fs/gnunet-fs.c:119 -msgid "print a list of all indexed files" -msgstr "" - -#: src/fs/gnunet-fs.c:130 -#, fuzzy -msgid "Special file-sharing operations" -msgstr "Visa alla alternativ" - #: src/fs/gnunet-fs-profiler.c:211 msgid "run the experiment with COUNT peers" msgstr "" @@ -3269,6 +3453,15 @@ msgstr "" msgid "run a testbed to measure file-sharing performance" msgstr "" +#: src/fs/gnunet-fs.c:119 +msgid "print a list of all indexed files" +msgstr "" + +#: src/fs/gnunet-fs.c:130 +#, fuzzy +msgid "Special file-sharing operations" +msgstr "Visa alla alternativ" + #: src/fs/gnunet-publish.c:219 src/fs/gnunet-publish.c:231 #, c-format msgid "Publishing `%s' at %llu/%llu (%s remaining)\n" @@ -3956,22 +4149,11 @@ msgstr "" msgid "GNUnet DNS-to-GNS proxy (a DNS server)" msgstr "" -#: src/gns/gnunet-gns.c:235 src/gns/plugin_rest_gns.c:346 -#, c-format -msgid "Invalid typename specified, assuming `ANY'\n" -msgstr "" - -#: src/gns/gnunet-gns.c:252 -#, c-format -msgid "Please specify name to lookup!\n" -msgstr "" - -#: src/gns/gnunet-gns.c:276 -#, c-format -msgid "Ego for `%s' not found, cannot perform lookup.\n" +#: src/gns/gnunet-gns-helper-service-w32.c:602 +msgid "Not ready to process requests, lacking ego data\n" msgstr "" -#: src/gns/gnunet-gns.c:315 src/gns/gnunet-gns-helper-service-w32.c:701 +#: src/gns/gnunet-gns-helper-service-w32.c:701 src/gns/gnunet-gns.c:315 #: src/gns/plugin_rest_gns.c:422 #, c-format msgid "" @@ -3979,59 +4161,12 @@ msgid "" "gns-import.sh?\n" msgstr "" -#: src/gns/gnunet-gns.c:355 src/gns/gnunet-gns-helper-service-w32.c:727 -#, fuzzy, c-format -msgid "Failed to connect to GNS\n" -msgstr "Misslyckades att ansluta till gnunetd.\n" - -#: src/gns/gnunet-gns.c:374 -#, c-format -msgid "Public key `%s' is not well-formed\n" -msgstr "" - -#: src/gns/gnunet-gns.c:428 -msgid "Lookup a record for the given name" -msgstr "" - -#: src/gns/gnunet-gns.c:434 -#, fuzzy -msgid "Specify the type of the record to lookup" -msgstr "ange prioritet för innehållet" - -#: src/gns/gnunet-gns.c:440 -#, fuzzy -msgid "Specify timeout for the lookup" -msgstr "ange prioritet för innehållet" - -#: src/gns/gnunet-gns.c:445 -msgid "No unneeded output" -msgstr "" - -#: src/gns/gnunet-gns.c:451 -#, fuzzy -msgid "Specify the public key of the zone to lookup the record in" -msgstr "ange prioritet för innehållet" - -#: src/gns/gnunet-gns.c:457 -#, fuzzy -msgid "Specify the name of the ego of the zone to lookup the record in" -msgstr "ange prioritet för innehållet" - -#: src/gns/gnunet-gns.c:476 -#, fuzzy -msgid "GNUnet GNS resolver tool" -msgstr "Spåra GNUnets nätverkstopologi." - -#: src/gns/gnunet-gns-helper-service-w32.c:602 -msgid "Not ready to process requests, lacking ego data\n" -msgstr "" - #: src/gns/gnunet-gns-helper-service-w32.c:739 #, fuzzy, c-format msgid "Failed to connect to identity service\n" msgstr "Misslyckades att ansluta till gnunetd.\n" -#: src/gns/gnunet-gns-import.c:489 +#: src/gns/gnunet-gns-import.c:452 msgid "This program will import some GNS authorities into your GNS namestore." msgstr "" @@ -4148,13 +4283,66 @@ msgstr "Misslyckades att läsa kompislista från \"%s\"\n" msgid "listen on specified port (default: 7777)" msgstr "" -#: src/gns/gnunet-gns-proxy.c:3275 -msgid "pem file to use as CA" -msgstr "" +#: src/gns/gnunet-gns-proxy.c:3275 +msgid "pem file to use as CA" +msgstr "" + +#: src/gns/gnunet-gns-proxy.c:3300 +msgid "GNUnet GNS proxy" +msgstr "" + +#: src/gns/gnunet-gns.c:235 src/gns/plugin_rest_gns.c:346 +#, c-format +msgid "Invalid typename specified, assuming `ANY'\n" +msgstr "" + +#: src/gns/gnunet-gns.c:252 +#, c-format +msgid "Please specify name to lookup!\n" +msgstr "" + +#: src/gns/gnunet-gns.c:276 +#, c-format +msgid "Ego for `%s' not found, cannot perform lookup.\n" +msgstr "" + +#: src/gns/gnunet-gns.c:374 +#, c-format +msgid "Public key `%s' is not well-formed\n" +msgstr "" + +#: src/gns/gnunet-gns.c:428 +msgid "Lookup a record for the given name" +msgstr "" + +#: src/gns/gnunet-gns.c:434 +#, fuzzy +msgid "Specify the type of the record to lookup" +msgstr "ange prioritet för innehållet" + +#: src/gns/gnunet-gns.c:440 +#, fuzzy +msgid "Specify timeout for the lookup" +msgstr "ange prioritet för innehållet" + +#: src/gns/gnunet-gns.c:445 +msgid "No unneeded output" +msgstr "" + +#: src/gns/gnunet-gns.c:451 +#, fuzzy +msgid "Specify the public key of the zone to lookup the record in" +msgstr "ange prioritet för innehållet" -#: src/gns/gnunet-gns-proxy.c:3300 -msgid "GNUnet GNS proxy" -msgstr "" +#: src/gns/gnunet-gns.c:457 +#, fuzzy +msgid "Specify the name of the ego of the zone to lookup the record in" +msgstr "ange prioritet för innehållet" + +#: src/gns/gnunet-gns.c:476 +#, fuzzy +msgid "GNUnet GNS resolver tool" +msgstr "Spåra GNUnets nätverkstopologi." #: src/gns/gnunet-service-gns.c:442 #, fuzzy @@ -4162,7 +4350,7 @@ msgid "Failed to connect to the namecache!\n" msgstr "Misslyckades att ansluta till gnunetd.\n" #: src/gns/gnunet-service-gns.c:461 -#: src/zonemaster/gnunet-service-zonemaster.c:741 +#: src/zonemaster/gnunet-service-zonemaster.c:742 #, fuzzy msgid "Could not connect to DHT!\n" msgstr "Kunde inte ansluta till gnunetd.\n" @@ -4220,45 +4408,35 @@ msgstr "" msgid "Hostname `%s' is not well-formed, resolution fails\n" msgstr "" -#: src/gns/plugin_gnsrecord_gns.c:203 +#: src/gns/plugin_gnsrecord_gns.c:179 #, fuzzy, c-format msgid "Unable to parse PKEY record `%s'\n" msgstr "Misslyckades att läsa kompislista från \"%s\"\n" -#: src/gns/plugin_gnsrecord_gns.c:232 +#: src/gns/plugin_gnsrecord_gns.c:208 #, fuzzy, c-format msgid "Unable to parse GNS2DNS record `%s'\n" msgstr "Misslyckades att läsa kompislista från \"%s\"\n" -#: src/gns/plugin_gnsrecord_gns.c:253 +#: src/gns/plugin_gnsrecord_gns.c:229 #, fuzzy, c-format msgid "Failed to serialize GNS2DNS record with value `%s'\n" msgstr "Kunde inte tolka konfigurationsfil \"%s\".\n" -#: src/gns/plugin_gnsrecord_gns.c:276 +#: src/gns/plugin_gnsrecord_gns.c:252 #, fuzzy, c-format msgid "Unable to parse VPN record string `%s'\n" msgstr "Misslyckades att läsa kompislista från \"%s\"\n" -#: src/gns/plugin_gnsrecord_gns.c:312 +#: src/gns/plugin_gnsrecord_gns.c:288 #, fuzzy, c-format msgid "Unable to parse BOX record string `%s'\n" msgstr "Misslyckades att läsa kompislista från \"%s\"\n" -#: src/gns/plugin_gnsrecord_gns.c:360 -#, fuzzy, c-format -msgid "Unable to parse REVERSE record string `%s'\n" -msgstr "Misslyckades att läsa kompislista från \"%s\"\n" - #: src/gns/plugin_rest_gns.c:384 msgid "Ego for not found, cannot perform lookup.\n" msgstr "" -#: src/gns/plugin_rest_gns.c:668 -#, fuzzy -msgid "GNS REST API initialized\n" -msgstr " Anslutning misslyckades\n" - #: src/gnsrecord/plugin_gnsrecord_dns.c:359 #, fuzzy, c-format msgid "Unable to parse IPv4 address `%s'\n" @@ -4689,6 +4867,53 @@ msgstr "\"%s\" är inte tillgänglig." msgid "Could not start hostlist HTTP server on port %u\n" msgstr "" +#: src/identity-provider/gnunet-idp.c:348 +#, fuzzy +msgid "Ego is required\n" +msgstr "%s: flagga \"%s\" är tvetydig\n" + +#: src/identity-provider/gnunet-idp.c:370 +msgid "Add attribute" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:376 +msgid "Attribute value" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:381 +msgid "Ego" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:386 +msgid "Audience (relying party)" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:390 +msgid "List attributes for Ego" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:395 +msgid "Issue a ticket" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:400 +msgid "Consume a ticket" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:405 +msgid "Revoke a ticket" +msgstr "" + +#: src/identity-provider/identity_provider_api.c:429 +#, fuzzy +msgid "failed to store record\n" +msgstr "Misslyckades att starta samling.\n" + +#: src/identity-provider/plugin_rest_identity_provider.c:1175 +#, fuzzy +msgid "Identity Provider REST API initialized\n" +msgstr " Anslutning misslyckades\n" + #: src/identity/gnunet-identity.c:179 #, fuzzy, c-format msgid "Failed to create ego: %s\n" @@ -4776,34 +5001,11 @@ msgstr "Kunde inte spara konfigurationsfil \"%s\":" msgid "Failed to create directory `%s' for storing egos\n" msgstr "Misslyckades att läsa kompislista från \"%s\"\n" -#: src/identity/plugin_rest_identity.c:967 +#: src/identity/plugin_rest_identity.c:964 #, fuzzy msgid "Identity REST API initialized\n" msgstr " Anslutning misslyckades\n" -#: src/identity-provider/gnunet-identity-token.c:66 -#, fuzzy -msgid "Option `-t' is required\n" -msgstr "%s: flagga \"%s\" är tvetydig\n" - -#: src/identity-provider/gnunet-identity-token.c:77 -#, fuzzy, c-format -msgid "Token `%s' is malformed\n" -msgstr "Ogiltigt argument: \"%s\"\n" - -#: src/identity-provider/gnunet-identity-token.c:166 -msgid "GNUid token" -msgstr "" - -#: src/identity-provider/gnunet-identity-token.c:171 -msgid "Print token contents" -msgstr "" - -#: src/identity-provider/plugin_rest_identity_provider.c:1166 -#, fuzzy -msgid "Identity Token REST API initialized\n" -msgstr " Anslutning misslyckades\n" - #: src/json/json.c:119 #, fuzzy, c-format msgid "Failed to parse JSON in option `%s': %s (%s)\n" @@ -4904,12 +5106,66 @@ msgstr "Kunde inte skapa namnrymd \"%s\" (existerar?).\n" msgid "flat plugin running\n" msgstr "" -#: src/namecache/plugin_namecache_postgres.c:90 -#: src/namestore/plugin_namestore_postgres.c:97 -#, fuzzy -msgid "Failed to create indices\n" +#: src/namestore/gnunet-namestore-fcfsd.c:508 +#, fuzzy, c-format +msgid "Unsupported form value `%s'\n" +msgstr "Kommando \"%s\" stöds ej. Avbryter.\n" + +#: src/namestore/gnunet-namestore-fcfsd.c:535 +#, fuzzy, c-format +msgid "Failed to create record for domain `%s': %s\n" +msgstr "Kunde inte tolka konfigurationsfil \"%s\".\n" + +#: src/namestore/gnunet-namestore-fcfsd.c:555 +msgid "Error when mapping zone to name\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:585 +#, c-format +msgid "Found existing name `%s' for the given key\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:662 +#, c-format +msgid "Found %u existing records for domain `%s'\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:718 +#, fuzzy, c-format +msgid "Failed to create page for `%s'\n" msgstr "Kunde inte skapa namnrymd \"%s\" (existerar?).\n" +#: src/namestore/gnunet-namestore-fcfsd.c:734 +#, fuzzy, c-format +msgid "Failed to setup post processor for `%s'\n" +msgstr "Misslyckades att läsa kompislista från \"%s\"\n" + +#: src/namestore/gnunet-namestore-fcfsd.c:770 +msgid "Domain name must not contain `.'\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:778 +msgid "Domain name must not contain `+'\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:974 +msgid "No ego configured for `fcfsd` subsystem\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:1000 +#, fuzzy +msgid "Failed to start HTTP server\n" +msgstr "Misslyckades att starta samling.\n" + +#: src/namestore/gnunet-namestore-fcfsd.c:1042 +#, fuzzy +msgid "Failed to connect to identity\n" +msgstr "Misslyckades att ansluta till gnunetd.\n" + +#: src/namestore/gnunet-namestore-fcfsd.c:1074 +msgid "GNU Name System First Come First Serve name registration service" +msgstr "" + #: src/namestore/gnunet-namestore.c:301 #, fuzzy, c-format msgid "Adding record failed: %s\n" @@ -4918,7 +5174,7 @@ msgstr "" "Fel vid uppladdning av fil: %s\n" #: src/namestore/gnunet-namestore.c:330 -#: src/namestore/plugin_rest_namestore.c:562 +#: src/namestore/plugin_rest_namestore.c:567 #, fuzzy, c-format msgid "Deleting record failed, record does not exist%s%s\n" msgstr "" @@ -4926,7 +5182,7 @@ msgstr "" "Fel vid uppladdning av fil: %s\n" #: src/namestore/gnunet-namestore.c:337 -#: src/namestore/plugin_rest_namestore.c:571 +#: src/namestore/plugin_rest_namestore.c:576 #, fuzzy, c-format msgid "Deleting record failed%s%s\n" msgstr "" @@ -4946,7 +5202,7 @@ msgid "Records already exist under `%s', cannot add `%s' record.\n" msgstr "" #: src/namestore/gnunet-namestore.c:698 -#: src/namestore/plugin_rest_namestore.c:597 +#: src/namestore/plugin_rest_namestore.c:602 #, c-format msgid "There are no records under label `%s' that could be deleted.\n" msgstr "" @@ -4957,24 +5213,11 @@ msgid "" "There are no records under label `%s' that match the request for deletion.\n" msgstr "" -#: src/namestore/gnunet-namestore.c:776 -#: src/namestore/plugin_rest_namestore.c:1004 -#, fuzzy, c-format -msgid "Ego `%s' not known to identity service\n" -msgstr "\"%s\": okänd tjänst: %s\n" - #: src/namestore/gnunet-namestore.c:791 #, c-format msgid "No options given\n" msgstr "" -#: src/namestore/gnunet-namestore.c:802 -#: src/namestore/gnunet-namestore-fcfsd.c:1034 -#: src/namestore/plugin_rest_namestore.c:1017 -#, fuzzy -msgid "Failed to connect to namestore\n" -msgstr "Misslyckades att ansluta till gnunetd.\n" - #: src/namestore/gnunet-namestore.c:810 src/namestore/gnunet-namestore.c:819 #: src/namestore/gnunet-namestore.c:838 src/namestore/gnunet-namestore.c:861 #: src/namestore/gnunet-namestore.c:915 @@ -4988,14 +5231,14 @@ msgid "add" msgstr "" #: src/namestore/gnunet-namestore.c:829 -#: src/namestore/plugin_rest_namestore.c:671 +#: src/namestore/plugin_rest_namestore.c:676 #, fuzzy, c-format msgid "Unsupported type `%s'\n" msgstr "Kommando \"%s\" stöds ej. Avbryter.\n" #: src/namestore/gnunet-namestore.c:851 -#: src/namestore/plugin_rest_namestore.c:689 -#: src/namestore/plugin_rest_namestore.c:729 +#: src/namestore/plugin_rest_namestore.c:694 +#: src/namestore/plugin_rest_namestore.c:734 #, fuzzy, c-format msgid "Value `%s' invalid for record type `%s'\n" msgstr "%s: symbolvärde \"%s\" ogiltigt för %s\n" @@ -5014,8 +5257,7 @@ msgstr "" msgid "Invalid public key for reverse lookup `%s'\n" msgstr "Ogiltigt argument: \"%s\"\n" -#: src/namestore/gnunet-namestore.c:979 -#: src/peerinfo-tool/gnunet-peerinfo.c:775 +#: src/namestore/gnunet-namestore.c:979 src/peerinfo-tool/gnunet-peerinfo.c:775 #, fuzzy, c-format msgid "Invalid URI `%s'\n" msgstr "Ogiltiga argument: " @@ -5026,13 +5268,13 @@ msgid "Invalid nick `%s'\n" msgstr "Ogiltiga argument: " #: src/namestore/gnunet-namestore.c:1051 -#: src/namestore/plugin_rest_namestore.c:1047 +#: src/namestore/plugin_rest_namestore.c:1052 #, fuzzy, c-format msgid "No default ego configured in identity service\n" msgstr "\"%s\": okänd tjänst: %s\n" #: src/namestore/gnunet-namestore.c:1108 -#: src/namestore/plugin_rest_namestore.c:1143 +#: src/namestore/plugin_rest_namestore.c:1148 #, fuzzy, c-format msgid "Cannot connect to identity service\n" msgstr "Kunde inte ansluta till gnunetd.\n" @@ -5096,67 +5338,7 @@ msgstr "" msgid "name of the ego controlling the zone" msgstr "Visa värde av alternativet" -#: src/namestore/gnunet-namestore-fcfsd.c:508 -#, fuzzy, c-format -msgid "Unsupported form value `%s'\n" -msgstr "Kommando \"%s\" stöds ej. Avbryter.\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:535 -#, fuzzy, c-format -msgid "Failed to create record for domain `%s': %s\n" -msgstr "Kunde inte tolka konfigurationsfil \"%s\".\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:555 -msgid "Error when mapping zone to name\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:585 -#, c-format -msgid "Found existing name `%s' for the given key\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:662 -#, c-format -msgid "Found %u existing records for domain `%s'\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:718 -#, fuzzy, c-format -msgid "Failed to create page for `%s'\n" -msgstr "Kunde inte skapa namnrymd \"%s\" (existerar?).\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:734 -#, fuzzy, c-format -msgid "Failed to setup post processor for `%s'\n" -msgstr "Misslyckades att läsa kompislista från \"%s\"\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:770 -msgid "Domain name must not contain `.'\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:778 -msgid "Domain name must not contain `+'\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:974 -msgid "No ego configured for `fcfsd` subsystem\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:1000 -#, fuzzy -msgid "Failed to start HTTP server\n" -msgstr "Misslyckades att starta samling.\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:1042 -#, fuzzy -msgid "Failed to connect to identity\n" -msgstr "Misslyckades att ansluta till gnunetd.\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:1074 -msgid "GNU Name System First Come First Serve name registration service" -msgstr "" - -#: src/namestore/gnunet-service-namestore.c:612 +#: src/namestore/gnunet-service-namestore.c:615 #, fuzzy, c-format msgid "Failed to replicate block in namecache: %s\n" msgstr "Misslyckades att läsa kompislista från \"%s\"\n" @@ -5169,7 +5351,7 @@ msgstr "" msgid "flat file database running\n" msgstr "" -#: src/namestore/plugin_rest_namestore.c:1188 +#: src/namestore/plugin_rest_namestore.c:1193 #, fuzzy msgid "Namestore REST API initialized\n" msgstr " Anslutning misslyckades\n" @@ -5460,11 +5642,6 @@ msgstr "" msgid "`upnpc' command not found\n" msgstr "" -#: src/nse/gnunet-nse.c:122 -#, fuzzy -msgid "Show network size estimates from NSE service." -msgstr "# byte mottogs via TCP" - #: src/nse/gnunet-nse-profiler.c:842 #, fuzzy msgid "limit to the number of connections to NSE services, 0 for none" @@ -5491,66 +5668,16 @@ msgstr "" msgid "Measure quality and performance of the NSE service." msgstr "Kan inte tillgå tjänsten" -#: src/nse/gnunet-service-nse.c:1534 -#: src/revocation/gnunet-service-revocation.c:838 src/util/gnunet-scrypt.c:276 -msgid "Value is too large.\n" -msgstr "" - -#: src/peerinfo/gnunet-service-peerinfo.c:178 -#, fuzzy, c-format -msgid "Removing expired address of transport `%s'\n" -msgstr "Tillgängliga transport(er): %s\n" - -#: src/peerinfo/gnunet-service-peerinfo.c:310 -#, fuzzy, c-format -msgid "Failed to parse HELLO in file `%s': %s\n" -msgstr "Misslyckades att läsa kompislista från \"%s\"\n" - -#: src/peerinfo/gnunet-service-peerinfo.c:331 -#: src/peerinfo/gnunet-service-peerinfo.c:362 -#, fuzzy, c-format -msgid "Failed to parse HELLO in file `%s'\n" -msgstr "Misslyckades att läsa kompislista från \"%s\"\n" - -#: src/peerinfo/gnunet-service-peerinfo.c:446 -msgid "# peers known" -msgstr "" - -#: src/peerinfo/gnunet-service-peerinfo.c:489 -#, c-format -msgid "" -"File `%s' in directory `%s' does not match naming convention. Removed.\n" -msgstr "" - -#: src/peerinfo/gnunet-service-peerinfo.c:655 -#, fuzzy, c-format -msgid "Scanning directory `%s'\n" -msgstr "Misslyckades att läsa kompislista från \"%s\"\n" - -#: src/peerinfo/gnunet-service-peerinfo.c:663 -#, c-format -msgid "Still no peers found in `%s'!\n" -msgstr "" - -#: src/peerinfo/gnunet-service-peerinfo.c:1076 -#, fuzzy, c-format -msgid "Cleaning up directory `%s'\n" -msgstr "Misslyckades att läsa kompislista från \"%s\"\n" - -#: src/peerinfo/gnunet-service-peerinfo.c:1405 -#, c-format -msgid "Importing HELLOs from `%s'\n" -msgstr "" +#: src/nse/gnunet-nse.c:122 +#, fuzzy +msgid "Show network size estimates from NSE service." +msgstr "# byte mottogs via TCP" -#: src/peerinfo/gnunet-service-peerinfo.c:1418 -msgid "Skipping import of included HELLOs\n" +#: src/nse/gnunet-service-nse.c:1534 +#: src/revocation/gnunet-service-revocation.c:838 src/util/gnunet-scrypt.c:276 +msgid "Value is too large.\n" msgstr "" -#: src/peerinfo/peerinfo_api.c:220 -#, fuzzy -msgid "Failed to receive response from `PEERINFO' service." -msgstr "Misslyckades att ta emot svar till \"%s\" meddelande från gnunetd\n" - #: src/peerinfo-tool/gnunet-peerinfo.c:239 #, fuzzy, c-format msgid "%sPeer `%s'\n" @@ -5641,6 +5768,61 @@ msgstr "Testar transport(er) %s\n" msgid "Failed to load transport plugin for `%s'\n" msgstr "Kunde inte slå upp \"%s\": %s\n" +#: src/peerinfo/gnunet-service-peerinfo.c:178 +#, fuzzy, c-format +msgid "Removing expired address of transport `%s'\n" +msgstr "Tillgängliga transport(er): %s\n" + +#: src/peerinfo/gnunet-service-peerinfo.c:310 +#, fuzzy, c-format +msgid "Failed to parse HELLO in file `%s': %s\n" +msgstr "Misslyckades att läsa kompislista från \"%s\"\n" + +#: src/peerinfo/gnunet-service-peerinfo.c:331 +#: src/peerinfo/gnunet-service-peerinfo.c:362 +#, fuzzy, c-format +msgid "Failed to parse HELLO in file `%s'\n" +msgstr "Misslyckades att läsa kompislista från \"%s\"\n" + +#: src/peerinfo/gnunet-service-peerinfo.c:446 +msgid "# peers known" +msgstr "" + +#: src/peerinfo/gnunet-service-peerinfo.c:489 +#, c-format +msgid "" +"File `%s' in directory `%s' does not match naming convention. Removed.\n" +msgstr "" + +#: src/peerinfo/gnunet-service-peerinfo.c:655 +#, fuzzy, c-format +msgid "Scanning directory `%s'\n" +msgstr "Misslyckades att läsa kompislista från \"%s\"\n" + +#: src/peerinfo/gnunet-service-peerinfo.c:663 +#, c-format +msgid "Still no peers found in `%s'!\n" +msgstr "" + +#: src/peerinfo/gnunet-service-peerinfo.c:1076 +#, fuzzy, c-format +msgid "Cleaning up directory `%s'\n" +msgstr "Misslyckades att läsa kompislista från \"%s\"\n" + +#: src/peerinfo/gnunet-service-peerinfo.c:1405 +#, c-format +msgid "Importing HELLOs from `%s'\n" +msgstr "" + +#: src/peerinfo/gnunet-service-peerinfo.c:1418 +msgid "Skipping import of included HELLOs\n" +msgstr "" + +#: src/peerinfo/peerinfo_api.c:220 +#, fuzzy +msgid "Failed to receive response from `PEERINFO' service." +msgstr "Misslyckades att ta emot svar till \"%s\" meddelande från gnunetd\n" + #: src/peerstore/gnunet-peerstore.c:91 msgid "peerstore" msgstr "" @@ -5690,15 +5872,10 @@ msgstr "Fel vid skapandet av användare" msgid "Unable to create indices: %s.\n" msgstr "Kunde inte skapa namnrymd \"%s\" (existerar?).\n" -#: src/postgres/postgres.c:67 -#, fuzzy, c-format -msgid "`%s:%s' failed at %s:%d with error: %s\n" -msgstr "\"%s\" misslyckades vid %s:%d med fel: %s\n" - -#: src/postgres/postgres.c:192 +#: src/pq/pq_prepare.c:80 #, fuzzy, c-format -msgid "Unable to connect to Postgres database '%s': %s\n" -msgstr "Kunde inte spara konfigurationsfil \"%s\":" +msgid "PQprepare (`%s' as `%s') failed with error: %s\n" +msgstr "\"%s\" till \"%s\" misslyckades vid %s:%d med fel: %s\n" #: src/psycstore/gnunet-service-psycstore.c:249 #, fuzzy @@ -5878,61 +6055,61 @@ msgstr "GNUnet-konfiguration" msgid "Daemon to announce regular expressions for the peer using cadet." msgstr "" -#: src/regex/gnunet-regex-profiler.c:1314 +#: src/regex/gnunet-regex-profiler.c:1386 #, fuzzy msgid "No configuration file given. Exiting\n" msgstr "använd konfigurationsfil FILNAMN" -#: src/regex/gnunet-regex-profiler.c:1355 +#: src/regex/gnunet-regex-profiler.c:1427 #: src/regex/gnunet-regex-simulation-profiler.c:630 #, c-format msgid "No policy directory specified on command line. Exiting.\n" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1361 +#: src/regex/gnunet-regex-profiler.c:1433 #: src/regex/gnunet-regex-simulation-profiler.c:638 #, c-format msgid "Specified policies directory does not exist. Exiting.\n" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1368 +#: src/regex/gnunet-regex-profiler.c:1440 #, fuzzy, c-format msgid "No files found in `%s'\n" msgstr "%d filer hittades i katalog.\n" -#: src/regex/gnunet-regex-profiler.c:1377 +#: src/regex/gnunet-regex-profiler.c:1449 msgid "No search strings file given. Exiting.\n" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1397 +#: src/regex/gnunet-regex-profiler.c:1469 #, fuzzy msgid "Error loading search strings. Exiting.\n" msgstr "Fel vid lämning av DHT.\n" -#: src/regex/gnunet-regex-profiler.c:1485 +#: src/regex/gnunet-regex-profiler.c:1557 #, fuzzy msgid "name of the file for writing statistics" msgstr "Visa värde av alternativet" -#: src/regex/gnunet-regex-profiler.c:1491 +#: src/regex/gnunet-regex-profiler.c:1563 msgid "wait TIMEOUT before ending the experiment" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1497 +#: src/regex/gnunet-regex-profiler.c:1569 msgid "directory with policy files" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1504 +#: src/regex/gnunet-regex-profiler.c:1576 #, fuzzy msgid "name of file with input strings" msgstr "Visa värde av alternativet" -#: src/regex/gnunet-regex-profiler.c:1510 +#: src/regex/gnunet-regex-profiler.c:1582 #, fuzzy msgid "name of file with hosts' names" msgstr "Visa värde av alternativet" -#: src/regex/gnunet-regex-profiler.c:1523 +#: src/regex/gnunet-regex-profiler.c:1595 msgid "Profiler for regex" msgstr "" @@ -6166,10 +6343,10 @@ msgstr "" msgid "Calculate the Vectorproduct with a GNUnet peer." msgstr "" -#: src/scalarproduct/gnunet-service-scalarproduct_alice.c:1407 -#: src/scalarproduct/gnunet-service-scalarproduct_bob.c:1345 -#: src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c:1180 +#: src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c:1172 #: src/scalarproduct/gnunet-service-scalarproduct-ecc_bob.c:1063 +#: src/scalarproduct/gnunet-service-scalarproduct_alice.c:1401 +#: src/scalarproduct/gnunet-service-scalarproduct_bob.c:1345 #, fuzzy msgid "Connect to CADET failed\n" msgstr " Anslutning misslyckades (fel?)\n" @@ -6194,7 +6371,7 @@ msgstr "" msgid "also profile decryption" msgstr "" -#: src/set/gnunet-service-set.c:1948 +#: src/set/gnunet-service-set.c:1989 #, fuzzy msgid "Could not connect to CADET service\n" msgstr "Kunde inte ansluta till gnunetd.\n" @@ -6254,116 +6431,116 @@ msgstr "" msgid "say good-bye and leave somebody else's place" msgstr "" -#: src/social/gnunet-social.c:1227 src/social/gnunet-social.c:1232 +#: src/social/gnunet-social.c:1227 msgid "create a place" msgstr "" -#: src/social/gnunet-social.c:1237 +#: src/social/gnunet-social.c:1232 msgid "destroy a place we were hosting" msgstr "" -#: src/social/gnunet-social.c:1242 +#: src/social/gnunet-social.c:1237 msgid "enter somebody else's place" msgstr "" -#: src/social/gnunet-social.c:1248 +#: src/social/gnunet-social.c:1243 msgid "find state matching name prefix" msgstr "" -#: src/social/gnunet-social.c:1253 +#: src/social/gnunet-social.c:1248 msgid "replay history of messages up to the given --limit" msgstr "" -#: src/social/gnunet-social.c:1258 +#: src/social/gnunet-social.c:1253 msgid "reconnect to a previously created place" msgstr "" -#: src/social/gnunet-social.c:1263 +#: src/social/gnunet-social.c:1258 msgid "publish something to a place we are hosting" msgstr "" -#: src/social/gnunet-social.c:1268 +#: src/social/gnunet-social.c:1263 msgid "reconnect to a previously entered place" msgstr "" -#: src/social/gnunet-social.c:1273 +#: src/social/gnunet-social.c:1268 msgid "search for state matching exact name" msgstr "" -#: src/social/gnunet-social.c:1278 +#: src/social/gnunet-social.c:1273 msgid "submit something to somebody's place" msgstr "" -#: src/social/gnunet-social.c:1283 +#: src/social/gnunet-social.c:1278 msgid "list of egos and subscribed places" msgstr "" -#: src/social/gnunet-social.c:1288 +#: src/social/gnunet-social.c:1283 msgid "extract and replay history between message IDs --start and --until" msgstr "" -#: src/social/gnunet-social.c:1297 +#: src/social/gnunet-social.c:1292 msgid "application ID to use when connecting" msgstr "" -#: src/social/gnunet-social.c:1303 +#: src/social/gnunet-social.c:1298 msgid "message body or state value" msgstr "" -#: src/social/gnunet-social.c:1309 +#: src/social/gnunet-social.c:1304 #, fuzzy msgid "name or public key of ego" msgstr "Ogiltigt argument: \"%s\"\n" -#: src/social/gnunet-social.c:1314 +#: src/social/gnunet-social.c:1309 #, fuzzy msgid "wait for incoming messages" msgstr "Misslyckades att leverera \"%s\" meddelande.\n" -#: src/social/gnunet-social.c:1320 +#: src/social/gnunet-social.c:1315 #, fuzzy msgid "GNS name" msgstr "Visa _namn" -#: src/social/gnunet-social.c:1326 +#: src/social/gnunet-social.c:1321 msgid "peer ID for --guest-enter" msgstr "" -#: src/social/gnunet-social.c:1332 +#: src/social/gnunet-social.c:1327 msgid "name (key) to query from state" msgstr "" -#: src/social/gnunet-social.c:1338 +#: src/social/gnunet-social.c:1333 #, fuzzy msgid "method name" msgstr "Visa _namn" -#: src/social/gnunet-social.c:1344 +#: src/social/gnunet-social.c:1339 #, fuzzy msgid "number of messages to replay from history" msgstr "antal meddelanden att använda per iteration" -#: src/social/gnunet-social.c:1350 +#: src/social/gnunet-social.c:1345 msgid "key address of place" msgstr "" -#: src/social/gnunet-social.c:1356 +#: src/social/gnunet-social.c:1351 msgid "start message ID for history replay" msgstr "" -#: src/social/gnunet-social.c:1361 +#: src/social/gnunet-social.c:1356 msgid "respond to entry requests by admitting all guests" msgstr "" -#: src/social/gnunet-social.c:1367 +#: src/social/gnunet-social.c:1362 msgid "end message ID for history replay" msgstr "" -#: src/social/gnunet-social.c:1372 +#: src/social/gnunet-social.c:1367 msgid "respond to entry requests by refusing all guests" msgstr "" -#: src/social/gnunet-social.c:1382 +#: src/social/gnunet-social.c:1377 msgid "" "gnunet-social - Interact with the social service: enter/leave, send/receive " "messages, access history and state.\n" @@ -6556,7 +6733,7 @@ msgid "" msgstr "" #: src/testbed/gnunet-daemon-testbed-underlay.c:231 src/testing/list-keys.c:46 -#: src/testing/testing.c:288 src/util/gnunet-ecc.c:298 +#: src/testing/testing.c:288 src/util/gnunet-ecc.c:301 #, c-format msgid "Incorrect hostkey file format: %s\n" msgstr "" @@ -6626,16 +6803,6 @@ msgstr "" msgid "%.s Unknown result code." msgstr "" -#: src/testbed/gnunet_testbed_mpi_spawn.c:118 -#, fuzzy -msgid "Waiting for child to exit.\n" -msgstr "Väntar på att motparter ska ansluta (%u iterationer kvar)...\n" - -#: src/testbed/gnunet_testbed_mpi_spawn.c:241 -#, fuzzy, c-format -msgid "Spawning process `%s'\n" -msgstr "Startade samling \"%s\".\n" - #: src/testbed/gnunet-testbed-profiler.c:290 msgid "tolerate COUNT number of continious timeout failures" msgstr "" @@ -6647,6 +6814,16 @@ msgid "" "signal is received" msgstr "" +#: src/testbed/gnunet_testbed_mpi_spawn.c:118 +#, fuzzy +msgid "Waiting for child to exit.\n" +msgstr "Väntar på att motparter ska ansluta (%u iterationer kvar)...\n" + +#: src/testbed/gnunet_testbed_mpi_spawn.c:241 +#, fuzzy, c-format +msgid "Spawning process `%s'\n" +msgstr "Startade samling \"%s\".\n" + #: src/testbed/testbed_api.c:410 #, fuzzy, c-format msgid "Adding host %u failed with error: %s\n" @@ -6943,10 +7120,6 @@ msgstr "# krypterade PONG-meddelanden mottagna" msgid "GNUnet topology control" msgstr "" -#: src/transport/gnunet-service-transport_ats.c:141 -msgid "# Addresses given to ATS" -msgstr "" - #: src/transport/gnunet-service-transport.c:448 msgid "# messages dropped due to slow client" msgstr "" @@ -6995,6 +7168,10 @@ msgstr "" msgid "Transport service is lacking key configuration settings. Exiting.\n" msgstr "GNUnet-konfiguration" +#: src/transport/gnunet-service-transport_ats.c:141 +msgid "# Addresses given to ATS" +msgstr "" + #: src/transport/gnunet-service-transport_hello.c:195 msgid "# refreshed my HELLO" msgstr "" @@ -7326,6 +7503,46 @@ msgstr "" msgid "# validations succeeded" msgstr "" +#: src/transport/gnunet-transport-profiler.c:219 +#, c-format +msgid "%llu B in %llu ms == %.2f KB/s!\n" +msgstr "" + +#: src/transport/gnunet-transport-profiler.c:617 +msgid "send data to peer" +msgstr "" + +#: src/transport/gnunet-transport-profiler.c:621 +#, fuzzy +msgid "receive data from peer" +msgstr "# byte mottagna av typen %d" + +#: src/transport/gnunet-transport-profiler.c:626 +#, fuzzy +msgid "iterations" +msgstr "Visa alla alternativ" + +#: src/transport/gnunet-transport-profiler.c:631 +#, fuzzy +msgid "number of messages to send" +msgstr "antal meddelanden att använda per iteration" + +#: src/transport/gnunet-transport-profiler.c:636 +#, fuzzy +msgid "message size to use" +msgstr "meddelandestorlek" + +#: src/transport/gnunet-transport-profiler.c:641 +#: src/transport/gnunet-transport.c:1462 +msgid "peer identity" +msgstr "" + +#: src/transport/gnunet-transport-profiler.c:652 +#: src/transport/gnunet-transport.c:1482 +#, fuzzy +msgid "Direct access to transport service." +msgstr "Misslyckades att ansluta till gnunetd.\n" + #: src/transport/gnunet-transport.c:413 #, fuzzy, c-format msgid "Transmitted %llu bytes/s (%llu bytes in %s)\n" @@ -7465,11 +7682,6 @@ msgstr "Skriv ut information om GNUnets motparter." msgid "do not resolve hostnames" msgstr "Misslyckades att läsa kompislista från \"%s\"\n" -#: src/transport/gnunet-transport.c:1462 -#: src/transport/gnunet-transport-profiler.c:641 -msgid "peer identity" -msgstr "" - #: src/transport/gnunet-transport.c:1466 msgid "monitor plugin sessions" msgstr "" @@ -7478,44 +7690,9 @@ msgstr "" msgid "send data for benchmarking to the other peer (until CTRL-C)" msgstr "" -#: src/transport/gnunet-transport.c:1482 -#: src/transport/gnunet-transport-profiler.c:652 -#, fuzzy -msgid "Direct access to transport service." -msgstr "Misslyckades att ansluta till gnunetd.\n" - -#: src/transport/gnunet-transport-profiler.c:219 -#, c-format -msgid "%llu B in %llu ms == %.2f KB/s!\n" -msgstr "" - -#: src/transport/gnunet-transport-profiler.c:617 -msgid "send data to peer" -msgstr "" - -#: src/transport/gnunet-transport-profiler.c:621 -#, fuzzy -msgid "receive data from peer" -msgstr "# byte mottagna av typen %d" - -#: src/transport/gnunet-transport-profiler.c:626 -#, fuzzy -msgid "iterations" -msgstr "Visa alla alternativ" - -#: src/transport/gnunet-transport-profiler.c:631 -#, fuzzy -msgid "number of messages to send" -msgstr "antal meddelanden att använda per iteration" - -#: src/transport/gnunet-transport-profiler.c:636 -#, fuzzy -msgid "message size to use" -msgstr "meddelandestorlek" - #: src/transport/plugin_transport_http_client.c:1474 -#: src/transport/plugin_transport_http_server.c:2249 -#: src/transport/plugin_transport_http_server.c:3463 +#: src/transport/plugin_transport_http_server.c:2312 +#: src/transport/plugin_transport_http_server.c:3526 #: src/transport/plugin_transport_tcp.c:3890 #: src/transport/plugin_transport_tcp.c:3897 msgid "TCP_STEALTH not supported on this platform.\n" @@ -7527,13 +7704,13 @@ msgid "Could not initialize curl multi handle, failed to start %s plugin!\n" msgstr "" #: src/transport/plugin_transport_http_client.c:2164 -#: src/transport/plugin_transport_http_server.c:3178 +#: src/transport/plugin_transport_http_server.c:3241 #, fuzzy, c-format msgid "Shutting down plugin `%s'\n" msgstr "Testar transport(er) %s\n" #: src/transport/plugin_transport_http_client.c:2181 -#: src/transport/plugin_transport_http_server.c:3248 +#: src/transport/plugin_transport_http_server.c:3311 #, fuzzy, c-format msgid "Shutdown for plugin `%s' complete\n" msgstr "" @@ -7544,108 +7721,108 @@ msgstr "" msgid "Maximum number of requests is %u\n" msgstr "Maximalt antal chattklienter uppnått.\n" -#: src/transport/plugin_transport_http_server.c:1727 +#: src/transport/plugin_transport_http_server.c:1756 #, c-format msgid "" "Access from connection %p (%u of %u) for `%s' `%s' url `%s' with upload data " "size %u\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:1967 +#: src/transport/plugin_transport_http_server.c:2028 #, c-format msgid "Accepting connection (%u of %u) from `%s'\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:1975 +#: src/transport/plugin_transport_http_server.c:2036 #, c-format msgid "" "Server reached maximum number connections (%u), rejecting new connection\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2125 +#: src/transport/plugin_transport_http_server.c:2186 msgid "" "Could not create a new TLS certificate, program `gnunet-transport-" "certificate-creation' could not be started!\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2148 +#: src/transport/plugin_transport_http_server.c:2209 #, c-format msgid "No usable TLS certificate found and creating one at `%s/%s' failed!\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2275 +#: src/transport/plugin_transport_http_server.c:2338 msgid "Could not load or create server certificate! Loading plugin failed!\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2587 +#: src/transport/plugin_transport_http_server.c:2650 #, fuzzy msgid "Require valid port number for service in configuration!\n" msgstr "Inga applikationer definierade i konfiguration!\n" -#: src/transport/plugin_transport_http_server.c:2752 +#: src/transport/plugin_transport_http_server.c:2815 #, c-format msgid "Found %u addresses to report to NAT service\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2838 +#: src/transport/plugin_transport_http_server.c:2901 #: src/transport/plugin_transport_udp.c:3622 msgid "Disabling IPv6 since it is not supported on this system!\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2944 +#: src/transport/plugin_transport_http_server.c:3007 #, c-format msgid "IPv4 support is %s\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2959 +#: src/transport/plugin_transport_http_server.c:3022 #, c-format msgid "IPv6 support is %s\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2965 +#: src/transport/plugin_transport_http_server.c:3028 msgid "Neither IPv4 nor IPv6 are enabled! Fix in configuration\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2976 +#: src/transport/plugin_transport_http_server.c:3039 #, fuzzy msgid "Port is required! Fix in configuration\n" msgstr " gconfig\tGTK-konfiguration\n" -#: src/transport/plugin_transport_http_server.c:2982 +#: src/transport/plugin_transport_http_server.c:3045 #, fuzzy, c-format msgid "Using port %u\n" msgstr "Testar transport(er) %s\n" -#: src/transport/plugin_transport_http_server.c:3001 +#: src/transport/plugin_transport_http_server.c:3064 #, fuzzy, c-format msgid "Specific IPv4 address `%s' in configuration file is invalid!\n" msgstr "" "Du måste ange ett positivt nummer för \"%s\" i konfigurationen i sektion \"%s" "\".\n" -#: src/transport/plugin_transport_http_server.c:3036 +#: src/transport/plugin_transport_http_server.c:3099 #, fuzzy, c-format msgid "Specific IPv6 address `%s' in configuration file is invalid!\n" msgstr "" "Du måste ange ett positivt nummer för \"%s\" i konfigurationen i sektion \"%s" "\".\n" -#: src/transport/plugin_transport_http_server.c:3111 +#: src/transport/plugin_transport_http_server.c:3174 #, fuzzy, c-format msgid "Using external hostname `%s'\n" msgstr "Startade samling \"%s\".\n" -#: src/transport/plugin_transport_http_server.c:3132 +#: src/transport/plugin_transport_http_server.c:3195 #, fuzzy, c-format msgid "Notifying transport only about hostname `%s'\n" msgstr "Misslyckades att läsa kompislista från \"%s\"\n" -#: src/transport/plugin_transport_http_server.c:3149 +#: src/transport/plugin_transport_http_server.c:3212 #, fuzzy, c-format msgid "Maximum number of connections is %u\n" msgstr "Maximalt antal chattklienter uppnått.\n" -#: src/transport/plugin_transport_http_server.c:3475 +#: src/transport/plugin_transport_http_server.c:3538 #, fuzzy msgid "Unable to compile URL regex\n" msgstr "Kunde inte initiera SQLite.\n" @@ -7800,21 +7977,6 @@ msgstr "" msgid "TCP transport advertises itself as being on port %llu\n" msgstr "" -#: src/transport/plugin_transport_udp_broadcasting.c:168 -#, fuzzy -msgid "# Multicast HELLO beacons received via UDP" -msgstr "# krypterade PONG-meddelanden mottagna" - -#: src/transport/plugin_transport_udp_broadcasting.c:548 -msgid "" -"Disabling HELLO broadcasting due to friend-to-friend only configuration!\n" -msgstr "" - -#: src/transport/plugin_transport_udp_broadcasting.c:565 -#, c-format -msgid "Failed to set IPv4 broadcast option for broadcast socket on port %d\n" -msgstr "" - #: src/transport/plugin_transport_udp.c:3366 #, c-format msgid "" @@ -7863,6 +8025,21 @@ msgstr "\"%s\" är inte tillgänglig." msgid "Failed to create UDP network sockets\n" msgstr "Kunde inte skapa namnrymd \"%s\" (existerar?).\n" +#: src/transport/plugin_transport_udp_broadcasting.c:168 +#, fuzzy +msgid "# Multicast HELLO beacons received via UDP" +msgstr "# krypterade PONG-meddelanden mottagna" + +#: src/transport/plugin_transport_udp_broadcasting.c:548 +msgid "" +"Disabling HELLO broadcasting due to friend-to-friend only configuration!\n" +msgstr "" + +#: src/transport/plugin_transport_udp_broadcasting.c:565 +#, c-format +msgid "Failed to set IPv4 broadcast option for broadcast socket on port %d\n" +msgstr "" + #: src/transport/plugin_transport_unix.c:1403 #, fuzzy, c-format msgid "Cannot create path to `%s'\n" @@ -7978,7 +8155,7 @@ msgid "" "`GNUNET_SERVER_receive_done' after %s\n" msgstr "" -#: src/transport/tcp_service_legacy.c:339 src/util/service.c:2337 +#: src/transport/tcp_service_legacy.c:339 src/util/service.c:2336 #, fuzzy, c-format msgid "Unknown address family %d\n" msgstr "Okänd operation \"%s\"\n" @@ -8023,51 +8200,51 @@ msgstr "Fel vid %s:%d.\n" msgid "Service `%s' runs at %s\n" msgstr "Motpart \"%s\" med pålitlighet %8u och adress \"%s\"\n" -#: src/transport/tcp_service_legacy.c:1251 src/util/service.c:1501 +#: src/transport/tcp_service_legacy.c:1251 src/util/service.c:1500 msgid "Service process failed to initialize\n" msgstr "" -#: src/transport/tcp_service_legacy.c:1255 src/util/service.c:1505 +#: src/transport/tcp_service_legacy.c:1255 src/util/service.c:1504 msgid "Service process could not initialize server function\n" msgstr "" -#: src/transport/tcp_service_legacy.c:1259 src/util/service.c:1509 +#: src/transport/tcp_service_legacy.c:1259 src/util/service.c:1508 msgid "Service process failed to report status\n" msgstr "" #: src/transport/tcp_service_legacy.c:1313 src/util/disk.c:1488 -#: src/util/service.c:1379 +#: src/util/service.c:1378 #, fuzzy, c-format msgid "Cannot obtain information about user `%s': %s\n" msgstr "Kan inte öppna konfigurationsfil \"%s\".\n" -#: src/transport/tcp_service_legacy.c:1314 src/util/service.c:1381 +#: src/transport/tcp_service_legacy.c:1314 src/util/service.c:1380 msgid "No such user" msgstr "" -#: src/transport/tcp_service_legacy.c:1327 src/util/service.c:1400 +#: src/transport/tcp_service_legacy.c:1327 src/util/service.c:1399 #, c-format msgid "Cannot change user/group to `%s': %s\n" msgstr "Kan inte ändra användare/grupp till \"%s\": %s\n" -#: src/transport/tcp_service_legacy.c:1398 src/util/service.c:1728 +#: src/transport/tcp_service_legacy.c:1398 src/util/service.c:1727 msgid "do daemonize (detach from terminal)" msgstr "" #: src/transport/tcp_service_legacy.c:1448 src/util/program.c:244 -#: src/util/service.c:1791 +#: src/util/service.c:1790 #, fuzzy, c-format msgid "Malformed configuration file `%s', exit ...\n" msgstr "Kunde inte spara konfigurationsfil \"%s\":" #: src/transport/tcp_service_legacy.c:1458 src/util/program.c:261 -#: src/util/service.c:1802 +#: src/util/service.c:1801 #, fuzzy msgid "Malformed configuration, exit ...\n" msgstr "Kunde inte spara konfigurationsfil \"%s\":" #: src/transport/tcp_service_legacy.c:1463 src/util/program.c:256 -#: src/util/service.c:1808 +#: src/util/service.c:1807 #, fuzzy, c-format msgid "Could not access configuration file `%s'\n" msgstr "Kunde inte tolka konfigurationsfil \"%s\".\n" @@ -8112,86 +8289,86 @@ msgstr "" msgid "Need a non-empty hostname for service `%s'.\n" msgstr "" -#: src/util/common_logging.c:256 src/util/common_logging.c:1129 +#: src/util/common_logging.c:259 src/util/common_logging.c:1132 msgid "DEBUG" msgstr "FELSÖKNING" -#: src/util/common_logging.c:258 src/util/common_logging.c:1127 +#: src/util/common_logging.c:261 src/util/common_logging.c:1130 msgid "INFO" msgstr "INFO" -#: src/util/common_logging.c:260 src/util/common_logging.c:1125 +#: src/util/common_logging.c:263 src/util/common_logging.c:1128 msgid "MESSAGE" msgstr "MEDDELANDE" -#: src/util/common_logging.c:262 src/util/common_logging.c:1123 +#: src/util/common_logging.c:265 src/util/common_logging.c:1126 msgid "WARNING" msgstr "VARNING" -#: src/util/common_logging.c:264 src/util/common_logging.c:1121 +#: src/util/common_logging.c:267 src/util/common_logging.c:1124 msgid "ERROR" msgstr "FEL" -#: src/util/common_logging.c:266 src/util/common_logging.c:1131 +#: src/util/common_logging.c:269 src/util/common_logging.c:1134 msgid "NONE" msgstr "" -#: src/util/common_logging.c:879 +#: src/util/common_logging.c:882 #, c-format msgid "Message `%.*s' repeated %u times in the last %s\n" msgstr "" -#: src/util/common_logging.c:1132 +#: src/util/common_logging.c:1135 msgid "INVALID" msgstr "" -#: src/util/common_logging.c:1302 +#: src/util/common_logging.c:1326 msgid "unknown address" msgstr "" -#: src/util/common_logging.c:1344 +#: src/util/common_logging.c:1368 msgid "invalid address" msgstr "" -#: src/util/common_logging.c:1362 +#: src/util/common_logging.c:1386 #, fuzzy, c-format msgid "Configuration fails to specify option `%s' in section `%s'!\n" msgstr "Konfigurationsfil \"%s\" skapad.\n" -#: src/util/common_logging.c:1383 +#: src/util/common_logging.c:1407 #, fuzzy, c-format msgid "" "Configuration specifies invalid value for option `%s' in section `%s': %s\n" msgstr "Konfigurationsfil \"%s\" hittades inte. Kör \"gnunet-setup -d\"!\n" -#: src/util/configuration.c:286 +#: src/util/configuration.c:296 #, fuzzy, c-format msgid "Syntax error while deserializing in line %u\n" msgstr "Syntaxfel i konfigurationsfil \"%s\" på rad %d.\n" -#: src/util/configuration.c:344 +#: src/util/configuration.c:355 #, fuzzy, c-format msgid "Error while reading file `%s'\n" msgstr "Fel vid nedladdning: %s\n" -#: src/util/configuration.c:1017 +#: src/util/configuration.c:1034 #, c-format msgid "" "Configuration value '%s' for '%s' in section '%s' is not in set of legal " "choices\n" msgstr "" -#: src/util/configuration.c:1136 +#: src/util/configuration.c:1153 #, c-format msgid "Recursive expansion suspected, aborting $-expansion for term `%s'\n" msgstr "" -#: src/util/configuration.c:1169 +#: src/util/configuration.c:1186 #, fuzzy, c-format msgid "Missing closing `%s' in option `%s'\n" msgstr "Konfigurationsfil \"%s\" skapad.\n" -#: src/util/configuration.c:1237 +#: src/util/configuration.c:1254 #, c-format msgid "" "Failed to expand `%s' in `%s' as it is neither found in [PATHS] nor defined " @@ -8225,32 +8402,32 @@ msgstr "\"%s\" misslyckades vid %s:%d med fel: \"%s\".\n" msgid "EdDSA signature verification failed at %s:%d: %s\n" msgstr "\"%s\" misslyckades vid %s:%d med fel: \"%s\".\n" -#: src/util/crypto_ecc_setup.c:122 src/util/crypto_ecc_setup.c:160 -#: src/util/crypto_ecc_setup.c:278 src/util/crypto_ecc_setup.c:316 +#: src/util/crypto_ecc_setup.c:122 src/util/crypto_ecc_setup.c:161 +#: src/util/crypto_ecc_setup.c:279 src/util/crypto_ecc_setup.c:317 #, fuzzy, c-format msgid "Could not acquire lock on file `%s': %s...\n" msgstr "Kunde inte slå upp \"%s\": %s\n" -#: src/util/crypto_ecc_setup.c:127 src/util/crypto_ecc_setup.c:283 +#: src/util/crypto_ecc_setup.c:128 src/util/crypto_ecc_setup.c:284 #, fuzzy msgid "Creating a new private key. This may take a while.\n" msgstr "Skapar ny värdnyckel (det här kan ta en stund).\n" -#: src/util/crypto_ecc_setup.c:164 src/util/crypto_ecc_setup.c:320 +#: src/util/crypto_ecc_setup.c:165 src/util/crypto_ecc_setup.c:322 msgid "This may be ok if someone is currently generating a private key.\n" msgstr "" -#: src/util/crypto_ecc_setup.c:194 src/util/crypto_ecc_setup.c:350 +#: src/util/crypto_ecc_setup.c:195 src/util/crypto_ecc_setup.c:352 #, c-format msgid "" "When trying to read key file `%s' I found %u bytes but I need at least %u.\n" msgstr "" -#: src/util/crypto_ecc_setup.c:198 src/util/crypto_ecc_setup.c:354 +#: src/util/crypto_ecc_setup.c:199 src/util/crypto_ecc_setup.c:356 msgid "This may be ok if someone is currently generating a key.\n" msgstr "" -#: src/util/crypto_ecc_setup.c:413 +#: src/util/crypto_ecc_setup.c:415 #, fuzzy msgid "Could not load peer's private key\n" msgstr "Kunde inte tolka konfigurationsfil \"%s\".\n" @@ -8444,82 +8621,86 @@ msgstr "" msgid "Manipulate GNUnet configuration files" msgstr "skriv ut ett värde från konfigurationsfilen till standard ut" -#: src/util/gnunet-ecc.c:84 +#: src/util/gnunet-ecc.c:89 #, fuzzy, c-format msgid "Failed to open `%s': %s\n" msgstr "Misslyckades att leverera \"%s\" meddelande.\n" -#: src/util/gnunet-ecc.c:120 +#: src/util/gnunet-ecc.c:125 #, c-format msgid "Generating %u keys like %s, please wait" msgstr "" -#: src/util/gnunet-ecc.c:133 +#: src/util/gnunet-ecc.c:138 #, c-format msgid "Generating %u keys, please wait" msgstr "" -#: src/util/gnunet-ecc.c:174 +#: src/util/gnunet-ecc.c:179 #, fuzzy, c-format msgid "" "\n" "Failed to write to `%s': %s\n" msgstr "Fel vid %s:%d.\n" -#: src/util/gnunet-ecc.c:184 +#: src/util/gnunet-ecc.c:189 #, fuzzy, c-format msgid "" "\n" "Finished!\n" msgstr "Slutför" -#: src/util/gnunet-ecc.c:187 +#: src/util/gnunet-ecc.c:192 #, c-format msgid "" "\n" "Error, %u keys not generated\n" msgstr "" -#: src/util/gnunet-ecc.c:280 +#: src/util/gnunet-ecc.c:283 #, fuzzy, c-format msgid "Hostkeys file `%s' not found\n" msgstr "\"%s\" misslyckades: tabell hittades inte!\n" -#: src/util/gnunet-ecc.c:291 +#: src/util/gnunet-ecc.c:294 #, fuzzy, c-format msgid "Hostkeys file `%s' is empty\n" msgstr "antal meddelanden att använda per iteration" -#: src/util/gnunet-ecc.c:313 +#: src/util/gnunet-ecc.c:316 #, fuzzy, c-format msgid "Could not read hostkey file: %s\n" msgstr "Kunde inte skapa värdnyckel!\n" -#: src/util/gnunet-ecc.c:364 +#: src/util/gnunet-ecc.c:367 msgid "No hostkey file specified on command line\n" msgstr "" -#: src/util/gnunet-ecc.c:416 +#: src/util/gnunet-ecc.c:425 msgid "list keys included in a file (for testing)" msgstr "" -#: src/util/gnunet-ecc.c:421 +#: src/util/gnunet-ecc.c:430 msgid "number of keys to list included in a file (for testing)" msgstr "" -#: src/util/gnunet-ecc.c:426 +#: src/util/gnunet-ecc.c:435 msgid "create COUNT public-private key pairs (for testing)" msgstr "" -#: src/util/gnunet-ecc.c:430 +#: src/util/gnunet-ecc.c:439 msgid "print the public key in ASCII format" msgstr "" -#: src/util/gnunet-ecc.c:434 +#: src/util/gnunet-ecc.c:443 +msgid "print the public key in HEX format" +msgstr "" + +#: src/util/gnunet-ecc.c:447 msgid "print examples of ECC operations (used for compatibility testing)" msgstr "" -#: src/util/gnunet-ecc.c:449 +#: src/util/gnunet-ecc.c:463 #, fuzzy msgid "Manipulate GNUnet private ECC key files" msgstr "skriv ut ett värde från konfigurationsfilen till standard ut" @@ -8613,7 +8794,7 @@ msgstr "Fel vid skapandet av användare" msgid "Unable to shorten unix path `%s' while keeping name unique\n" msgstr "" -#: src/util/network.c:1793 src/util/network.c:1969 +#: src/util/network.c:1793 src/util/network.c:1977 #, c-format msgid "" "Fatal internal logic error, process hangs in `%s' (abort with CTRL-C)!\n" @@ -8667,7 +8848,7 @@ msgstr "\"%s\" misslyckades vid %s:%d med fel: %s\n" msgid "Could not determine plugin installation path.\n" msgstr "Kunde inte fastställa min publika IPv6-adress.\n" -#: src/util/resolver_api.c:204 +#: src/util/resolver_api.c:203 #, c-format msgid "" "Missing `%s' for `%s' in configuration, DNS resolution will be unavailable.\n" @@ -8682,32 +8863,32 @@ msgstr "" "Du måste ange ett positivt nummer för \"%s\" i konfigurationen i sektion \"%s" "\".\n" -#: src/util/resolver_api.c:815 +#: src/util/resolver_api.c:826 #, fuzzy, c-format msgid "Timeout trying to resolve hostname `%s'.\n" msgstr "Misslyckades att läsa kompislista från \"%s\"\n" -#: src/util/resolver_api.c:827 +#: src/util/resolver_api.c:839 #, c-format msgid "Timeout trying to resolve IP address `%s'.\n" msgstr "" -#: src/util/resolver_api.c:1004 +#: src/util/resolver_api.c:1023 msgid "Resolver not configured correctly.\n" msgstr "" -#: src/util/resolver_api.c:1086 src/util/resolver_api.c:1107 -#: src/util/resolver_api.c:1121 +#: src/util/resolver_api.c:1109 src/util/resolver_api.c:1132 +#: src/util/resolver_api.c:1146 #, fuzzy, c-format msgid "Could not resolve our FQDN: %s\n" msgstr "Kunde inte slå upp \"%s\": %s\n" -#: src/util/service.c:1306 +#: src/util/service.c:1305 msgid "" "Could not bind to any of the ports I was supposed to, refusing to run!\n" msgstr "" -#: src/util/service.c:2082 +#: src/util/service.c:2081 #, c-format msgid "" "Processing code for message of type %u did not call " @@ -8784,63 +8965,63 @@ msgstr " dagar" msgid "end of time" msgstr "" -#: src/util/strings.c:1269 +#: src/util/strings.c:1270 msgid "IPv6 address did not start with `['\n" msgstr "" -#: src/util/strings.c:1277 +#: src/util/strings.c:1278 msgid "IPv6 address did contain ':' to separate port number\n" msgstr "" -#: src/util/strings.c:1283 +#: src/util/strings.c:1284 msgid "IPv6 address did contain ']' before ':' to separate port number\n" msgstr "" -#: src/util/strings.c:1290 +#: src/util/strings.c:1291 msgid "IPv6 address did contain a valid port number after the last ':'\n" msgstr "" -#: src/util/strings.c:1299 +#: src/util/strings.c:1300 #, fuzzy, c-format msgid "Invalid IPv6 address `%s': %s\n" msgstr "Ogiltigt svar på \"%s\".\n" -#: src/util/strings.c:1571 src/util/strings.c:1587 +#: src/util/strings.c:1572 src/util/strings.c:1588 msgid "Port not in range\n" msgstr "" -#: src/util/strings.c:1596 +#: src/util/strings.c:1597 #, fuzzy, c-format msgid "Malformed port policy `%s'\n" msgstr "Misslyckades att starta samling.\n" -#: src/util/strings.c:1679 src/util/strings.c:1710 src/util/strings.c:1758 -#: src/util/strings.c:1779 +#: src/util/strings.c:1680 src/util/strings.c:1711 src/util/strings.c:1759 +#: src/util/strings.c:1780 #, c-format msgid "Invalid format for IP: `%s'\n" msgstr "Ogiltigt format för IP: \"%s\"\n" -#: src/util/strings.c:1736 +#: src/util/strings.c:1737 #, c-format msgid "Invalid network notation ('/%d' is not legal in IPv4 CIDR)." msgstr "Ogiltig nätverksnotation (\"/%d\" är inte giltig i IPv4 CIDR)." -#: src/util/strings.c:1788 +#: src/util/strings.c:1789 #, fuzzy, c-format msgid "Invalid format: `%s'\n" msgstr "Ogiltigt format för IP: \"%s\"\n" -#: src/util/strings.c:1840 +#: src/util/strings.c:1841 #, c-format msgid "Invalid network notation (does not end with ';': `%s')\n" msgstr "Ogiltig nätverksnotation (slutar inte med \";\": \"%s\")\n" -#: src/util/strings.c:1890 +#: src/util/strings.c:1891 #, fuzzy, c-format msgid "Wrong format `%s' for netmask\n" msgstr "Fel format \"%s\" för nätmask: %s\n" -#: src/util/strings.c:1921 +#: src/util/strings.c:1922 #, fuzzy, c-format msgid "Wrong format `%s' for network\n" msgstr "Fel format \"%s\" för nätverk: %s\n" @@ -9023,27 +9204,43 @@ msgstr "# byte mottagna via UDP" msgid "Setup tunnels via VPN." msgstr "" -#: src/zonemaster/gnunet-service-zonemaster.c:705 +#: src/zonemaster/gnunet-service-zonemaster.c:706 #, fuzzy msgid "Failed to connect to the namestore!\n" msgstr "Misslyckades att ansluta till gnunetd.\n" -#: src/include/gnunet_common.h:674 src/include/gnunet_common.h:681 -#: src/include/gnunet_common.h:691 src/include/gnunet_common.h:699 +#: src/include/gnunet_common.h:689 src/include/gnunet_common.h:696 +#: src/include/gnunet_common.h:706 src/include/gnunet_common.h:714 #, fuzzy, c-format msgid "Assertion failed at %s:%d.\n" msgstr "\"%s\" misslyckades vid %s:%d med fel: \"%s\".\n" -#: src/include/gnunet_common.h:711 +#: src/include/gnunet_common.h:726 #, c-format msgid "External protocol violation detected at %s:%d.\n" msgstr "" -#: src/include/gnunet_common.h:738 src/include/gnunet_common.h:747 +#: src/include/gnunet_common.h:753 src/include/gnunet_common.h:762 #, c-format msgid "`%s' failed on file `%s' at %s:%d with error: %s\n" msgstr "\"%s\" misslyckades för fil \"%s\" vid %s:%d med fel: %s\n" +#, fuzzy +#~ msgid "Token `%s' is malformed\n" +#~ msgstr "Ogiltigt argument: \"%s\"\n" + +#, fuzzy +#~ msgid "Failed to create indices\n" +#~ msgstr "Kunde inte skapa namnrymd \"%s\" (existerar?).\n" + +#, fuzzy +#~ msgid "`%s:%s' failed at %s:%d with error: %s\n" +#~ msgstr "\"%s\" misslyckades vid %s:%d med fel: %s\n" + +#, fuzzy +#~ msgid "Unable to connect to Postgres database '%s': %s\n" +#~ msgstr "Kunde inte spara konfigurationsfil \"%s\":" + #, fuzzy #~ msgid "Misconfiguration (can not connect to the ARM service)" #~ msgstr "Misslyckades att ansluta till gnunetd.\n" @@ -9152,10 +9349,6 @@ msgstr "\"%s\" misslyckades för fil \"%s\" vid %s:%d med fel: %s\n" #~ msgid "# transmission request failures" #~ msgstr "# klartext PONG-meddelanden mottagna" -#, fuzzy -#~ msgid "# bytes sent to datastore" -#~ msgstr "# byte krypterade" - #, fuzzy #~ msgid "Failed to receive status response from database." #~ msgstr "Misslyckades att ta emot svar till \"%s\" meddelande från gnunetd\n" @@ -9445,10 +9638,6 @@ msgstr "\"%s\" misslyckades för fil \"%s\" vid %s:%d med fel: %s\n" #~ msgid "Timeout transmitting iteration request to `SENSOR' service." #~ msgstr "Misslyckades att initiera tjänsten \"%s\".\n" -#, fuzzy -#~ msgid "Error reading sensor version\n" -#~ msgstr "Fel vid skapandet av användare" - #, fuzzy #~ msgid "Error reading sensor category\n" #~ msgstr "Fel vid skapandet av användare" @@ -10004,10 +10193,6 @@ msgstr "\"%s\" misslyckades för fil \"%s\" vid %s:%d med fel: %s\n" #~ msgid "Failed to put new set of records in database" #~ msgstr "Misslyckades att skicka HTTP-begäran till värd \"%s\": %s\n" -#, fuzzy -#~ msgid "Failed to remove records from database" -#~ msgstr "Misslyckades att ta emot svar till \"%s\" meddelande från gnunetd\n" - #, fuzzy #~ msgid "Failed to access database" #~ msgstr "Misslyckades att leverera \"%s\" meddelande.\n" diff --git a/po/vi.po b/po/vi.po index a9f00a20d..05b1f1381 100644 --- a/po/vi.po +++ b/po/vi.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: gnunet 0.8.0a\n" "Report-Msgid-Bugs-To: gnunet-developers@mail.gnu.org\n" -"POT-Creation-Date: 2017-03-31 19:22-0500\n" +"POT-Creation-Date: 2017-10-20 15:14+0000\n" "PO-Revision-Date: 2008-09-10 22:05+0930\n" "Last-Translator: Clytie Siddall \n" "Language-Team: Vietnamese \n" @@ -280,7 +280,7 @@ msgid "Have neither PORT nor UNIXPATH for service `%s', but one is required\n" msgstr "" #: src/arm/gnunet-service-arm.c:513 -#: src/transport/plugin_transport_http_server.c:2621 +#: src/transport/plugin_transport_http_server.c:2684 #: src/transport/plugin_transport_tcp.c:1259 #: src/transport/tcp_service_legacy.c:696 src/util/service.c:782 #, fuzzy, c-format @@ -288,7 +288,7 @@ msgid "Failed to resolve `%s': %s\n" msgstr "Lỗi mở tập tin ghi sự kiện « %s »: %s\n" #: src/arm/gnunet-service-arm.c:532 -#: src/transport/plugin_transport_http_server.c:2639 +#: src/transport/plugin_transport_http_server.c:2702 #: src/transport/plugin_transport_tcp.c:1278 #: src/transport/tcp_service_legacy.c:715 src/util/service.c:802 #, fuzzy, c-format @@ -362,134 +362,15 @@ msgstr "" msgid "Initiating shutdown as requested by client.\n" msgstr "" -#: src/ats/gnunet-ats-solver-eval.c:2781 src/ats/gnunet-ats-solver-eval.c:2822 -#, c-format -msgid "" -"Could not load quota for network `%s': `%s', assigning default bandwidth " -"%llu\n" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:2799 -#, c-format -msgid "" -"No outbound quota configured for network `%s', assigning default bandwidth " -"%llu\n" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:2840 -#, c-format -msgid "" -"No outbound quota configure for network `%s', assigning default bandwidth " -"%llu\n" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:3294 -#: src/ats-tests/gnunet-solver-eval.c:939 -msgid "solver to use" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:3299 -#: src/ats-tests/gnunet-solver-eval.c:945 -#: src/ats-tests/gnunet-solver-eval.c:950 -msgid "experiment to use" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:3306 +#: src/ats-tests/ats-testing-log.c:837 #, fuzzy -msgid "print logging" +msgid "Stop logging\n" msgstr "Theo dõi" -#: src/ats/gnunet-ats-solver-eval.c:3311 -msgid "save logging to disk" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:3316 -msgid "disable normalization" -msgstr "" - -#: src/ats/gnunet-service-ats_plugins.c:304 -#, c-format -msgid "" -"Could not load %s quota for network `%s': `%s', assigning default bandwidth " -"%llu\n" -msgstr "" - -#: src/ats/gnunet-service-ats_plugins.c:314 -#, c-format -msgid "%s quota configured for network `%s' is %llu\n" -msgstr "" - -#: src/ats/gnunet-service-ats_plugins.c:359 -#, c-format -msgid "" -"No %s-quota configured for network `%s', assigning default bandwidth %llu\n" -msgstr "" - -#: src/ats/gnunet-service-ats_plugins.c:451 -#, fuzzy, c-format -msgid "Failed to initialize solver `%s'!\n" -msgstr "Không thể sơ khởi SQLite: %s.\n" - -#: src/ats/plugin_ats_mlp.c:1274 -msgid "Problem size too large, cannot allocate memory!\n" -msgstr "" - -#: src/ats/plugin_ats_mlp.c:1869 -#, fuzzy, c-format -msgid "Adding address for peer `%s' multiple times\n" -msgstr "Không thể lấy địa chỉ của đồng đẳng « %s ».\n" - -#: src/ats/plugin_ats_mlp.c:1913 -#, fuzzy, c-format -msgid "Updating address property for peer `%s' %p not added before\n" -msgstr "Không thể lấy địa chỉ của đồng đẳng « %s ».\n" - -#: src/ats/plugin_ats_mlp.c:2475 -msgid "" -"MLP solver is not optimizing for anything, changing to feasibility check\n" -msgstr "" - -#: src/ats/plugin_ats_mlp.c:2515 src/ats/plugin_ats_mlp.c:2532 -#: src/ats/plugin_ats_mlp.c:2564 src/ats/plugin_ats_mlp.c:2582 -#: src/ats/plugin_ats_mlp.c:2601 src/ats/plugin_ats_proportional.c:1141 -#: src/ats/plugin_ats_ril.c:2612 src/ats/plugin_ats_ril.c:2629 -#: src/ats/plugin_ats_ril.c:2646 src/ats/plugin_ats_ril.c:2663 -#: src/ats/plugin_ats_ril.c:2680 src/ats/plugin_ats_ril.c:2697 -#: src/ats/plugin_ats_ril.c:2714 src/ats/plugin_ats_ril.c:2731 -#, fuzzy, c-format -msgid "Invalid %s configuration %f \n" -msgstr "Không thể lưu tập tin cấu hình « %s »:" - -#: src/ats/plugin_ats_mlp.c:2670 -#, c-format -msgid "" -"Adjusting inconsistent outbound quota configuration for network `%s', is " -"%llu must be at least %llu\n" -msgstr "" - -#: src/ats/plugin_ats_mlp.c:2679 -#, c-format -msgid "" -"Adjusting inconsistent inbound quota configuration for network `%s', is %llu " -"must be at least %llu\n" -msgstr "" - -#: src/ats/plugin_ats_mlp.c:2689 -#, c-format -msgid "" -"Adjusting outbound quota configuration for network `%s'from %llu to %.0f\n" -msgstr "" - -#: src/ats/plugin_ats_mlp.c:2698 -#, c-format -msgid "" -"Adjusting inbound quota configuration for network `%s' from %llu to %.0f\n" -msgstr "" - -#: src/ats/plugin_ats_proportional.c:1164 +#: src/ats-tests/ats-testing-log.c:892 #, fuzzy, c-format -msgid "Invalid %s configuration %f\n" -msgstr "Không thể lưu tập tin cấu hình « %s »:" +msgid "Start logging `%s'\n" +msgstr "Đang bắt đầu tài về « %s »\n" #: src/ats-tests/ats-testing.c:422 #, c-format @@ -501,16 +382,6 @@ msgstr "" msgid "Failed to connect master peer [%u] with slave [%u]\n" msgstr "Lỗi kết nối đến gnunetd.\n" -#: src/ats-tests/ats-testing-log.c:837 -#, fuzzy -msgid "Stop logging\n" -msgstr "Theo dõi" - -#: src/ats-tests/ats-testing-log.c:892 -#, fuzzy, c-format -msgid "Start logging `%s'\n" -msgstr "Đang bắt đầu tài về « %s »\n" - #: src/ats-tests/gnunet-ats-sim.c:90 #, c-format msgid "" @@ -518,6 +389,15 @@ msgid "" "= %u KiB/s\n" msgstr "" +#: src/ats-tests/gnunet-solver-eval.c:939 src/ats/gnunet-ats-solver-eval.c:3294 +msgid "solver to use" +msgstr "" + +#: src/ats-tests/gnunet-solver-eval.c:945 +#: src/ats-tests/gnunet-solver-eval.c:950 src/ats/gnunet-ats-solver-eval.c:3299 +msgid "experiment to use" +msgstr "" + #: src/ats-tool/gnunet-ats.c:307 #, c-format msgid "%u address resolutions had a timeout\n" @@ -640,6 +520,124 @@ msgstr "" msgid "Print information about ATS state" msgstr "In ra thông tin về các đồng đẳng GNUnet." +#: src/ats/gnunet-ats-solver-eval.c:2781 src/ats/gnunet-ats-solver-eval.c:2822 +#, c-format +msgid "" +"Could not load quota for network `%s': `%s', assigning default bandwidth " +"%llu\n" +msgstr "" + +#: src/ats/gnunet-ats-solver-eval.c:2799 +#, c-format +msgid "" +"No outbound quota configured for network `%s', assigning default bandwidth " +"%llu\n" +msgstr "" + +#: src/ats/gnunet-ats-solver-eval.c:2840 +#, c-format +msgid "" +"No outbound quota configure for network `%s', assigning default bandwidth " +"%llu\n" +msgstr "" + +#: src/ats/gnunet-ats-solver-eval.c:3306 +#, fuzzy +msgid "print logging" +msgstr "Theo dõi" + +#: src/ats/gnunet-ats-solver-eval.c:3311 +msgid "save logging to disk" +msgstr "" + +#: src/ats/gnunet-ats-solver-eval.c:3316 +msgid "disable normalization" +msgstr "" + +#: src/ats/gnunet-service-ats_plugins.c:304 +#, c-format +msgid "" +"Could not load %s quota for network `%s': `%s', assigning default bandwidth " +"%llu\n" +msgstr "" + +#: src/ats/gnunet-service-ats_plugins.c:314 +#, c-format +msgid "%s quota configured for network `%s' is %llu\n" +msgstr "" + +#: src/ats/gnunet-service-ats_plugins.c:359 +#, c-format +msgid "" +"No %s-quota configured for network `%s', assigning default bandwidth %llu\n" +msgstr "" + +#: src/ats/gnunet-service-ats_plugins.c:451 +#, fuzzy, c-format +msgid "Failed to initialize solver `%s'!\n" +msgstr "Không thể sơ khởi SQLite: %s.\n" + +#: src/ats/plugin_ats_mlp.c:1274 +msgid "Problem size too large, cannot allocate memory!\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:1869 +#, fuzzy, c-format +msgid "Adding address for peer `%s' multiple times\n" +msgstr "Không thể lấy địa chỉ của đồng đẳng « %s ».\n" + +#: src/ats/plugin_ats_mlp.c:1913 +#, fuzzy, c-format +msgid "Updating address property for peer `%s' %p not added before\n" +msgstr "Không thể lấy địa chỉ của đồng đẳng « %s ».\n" + +#: src/ats/plugin_ats_mlp.c:2475 +msgid "" +"MLP solver is not optimizing for anything, changing to feasibility check\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:2515 src/ats/plugin_ats_mlp.c:2532 +#: src/ats/plugin_ats_mlp.c:2564 src/ats/plugin_ats_mlp.c:2582 +#: src/ats/plugin_ats_mlp.c:2601 src/ats/plugin_ats_proportional.c:1141 +#: src/ats/plugin_ats_ril.c:2612 src/ats/plugin_ats_ril.c:2629 +#: src/ats/plugin_ats_ril.c:2646 src/ats/plugin_ats_ril.c:2663 +#: src/ats/plugin_ats_ril.c:2680 src/ats/plugin_ats_ril.c:2697 +#: src/ats/plugin_ats_ril.c:2714 src/ats/plugin_ats_ril.c:2731 +#, fuzzy, c-format +msgid "Invalid %s configuration %f \n" +msgstr "Không thể lưu tập tin cấu hình « %s »:" + +#: src/ats/plugin_ats_mlp.c:2670 +#, c-format +msgid "" +"Adjusting inconsistent outbound quota configuration for network `%s', is " +"%llu must be at least %llu\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:2679 +#, c-format +msgid "" +"Adjusting inconsistent inbound quota configuration for network `%s', is %llu " +"must be at least %llu\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:2689 +#, c-format +msgid "" +"Adjusting outbound quota configuration for network `%s'from %llu to %.0f\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:2698 +#, c-format +msgid "" +"Adjusting inbound quota configuration for network `%s' from %llu to %.0f\n" +msgstr "" + +#: src/ats/plugin_ats_proportional.c:1164 +#, fuzzy, c-format +msgid "Invalid %s configuration %f\n" +msgstr "Không thể lưu tập tin cấu hình « %s »:" + #: src/auction/gnunet-auction-create.c:163 msgid "description of the item to be sold" msgstr "" @@ -788,6 +786,28 @@ msgstr "" msgid "Connection to conversation service lost, trying to reconnect\n" msgstr "" +#: src/conversation/gnunet-conversation-test.c:119 +#, c-format +msgid "" +"\n" +"End of transmission. Have a GNU day.\n" +msgstr "" + +#: src/conversation/gnunet-conversation-test.c:145 +#, c-format +msgid "" +"\n" +"We are now playing your recording back. If you can hear it, your audio " +"settings are working..." +msgstr "" + +#: src/conversation/gnunet-conversation-test.c:210 +#, c-format +msgid "" +"We will now be recording you for %s. After that time, the recording will be " +"played back to you..." +msgstr "" + #: src/conversation/gnunet-conversation.c:269 #, c-format msgid "Incoming call from `%s'. Please /accept %u or /cancel %u the call.\n" @@ -1045,30 +1065,8 @@ msgstr "" msgid "Enables having a conversation with other GNUnet users." msgstr "" -#: src/conversation/gnunet-conversation-test.c:119 -#, c-format -msgid "" -"\n" -"End of transmission. Have a GNU day.\n" -msgstr "" - -#: src/conversation/gnunet-conversation-test.c:145 -#, c-format -msgid "" -"\n" -"We are now playing your recording back. If you can hear it, your audio " -"settings are working..." -msgstr "" - -#: src/conversation/gnunet-conversation-test.c:210 -#, c-format -msgid "" -"We will now be recording you for %s. After that time, the recording will be " -"played back to you..." -msgstr "" - -#: src/conversation/gnunet_gst.c:622 #: src/conversation/gnunet-helper-audio-playback-gst.c:356 +#: src/conversation/gnunet_gst.c:622 #, c-format msgid "Read error from STDIN: %d %s\n" msgstr "" @@ -1198,6 +1196,11 @@ msgstr "SMTP: « %s » bị lỗi: %s\n" msgid "Failed to allocate %u bytes for second packet\n" msgstr "Lỗi tạo thư mục tạm thời." +#: src/conversation/gnunet-service-conversation.c:1276 +#, fuzzy, c-format +msgid "Could not open line, port %s already in use!\n" +msgstr "Không thể kết nối tới %s:%u: %s\n" + #: src/conversation/microphone.c:119 #, fuzzy msgid "Could not start record audio helper\n" @@ -1499,8 +1502,140 @@ msgstr "# các thông báo phát hiện dht được nhận" msgid "# updates to my type map" msgstr "" +#: src/credential/credential_misc.c:88 +#, fuzzy, c-format +msgid "Unable to parse CRED record string `%s'\n" +msgstr "Lỗi đọc danh sách bạn bè từ « %s »\n" + +#: src/credential/gnunet-credential.c:278 src/namestore/gnunet-namestore.c:776 +#: src/namestore/plugin_rest_namestore.c:1009 +#, c-format +msgid "Ego `%s' not known to identity service\n" +msgstr "" + +#: src/credential/gnunet-credential.c:294 +#: src/credential/gnunet-credential.c:446 +#, fuzzy, c-format +msgid "Issuer public key `%s' is not well-formed\n" +msgstr "Đối số không hợp lệ cho « %s ».\n" + +#: src/credential/gnunet-credential.c:375 +#: src/credential/gnunet-credential.c:435 +#, fuzzy, c-format +msgid "Issuer public key not well-formed\n" +msgstr "Đối số không hợp lệ cho « %s ».\n" + +#: src/credential/gnunet-credential.c:386 +#: src/credential/gnunet-credential.c:455 +#, fuzzy, c-format +msgid "Failed to connect to CREDENTIAL\n" +msgstr "Lỗi kết nối đến gnunetd.\n" + +#: src/credential/gnunet-credential.c:392 +#, c-format +msgid "You must provide issuer the attribute\n" +msgstr "" + +#: src/credential/gnunet-credential.c:399 +#, c-format +msgid "ego required\n" +msgstr "" + +#: src/credential/gnunet-credential.c:415 +#, c-format +msgid "Subject public key needed\n" +msgstr "" + +#: src/credential/gnunet-credential.c:426 +#, fuzzy, c-format +msgid "Subject public key `%s' is not well-formed\n" +msgstr "Đối số không hợp lệ cho « %s ».\n" + +#: src/credential/gnunet-credential.c:461 +#, c-format +msgid "You must provide issuer and subject attributes\n" +msgstr "" + +#: src/credential/gnunet-credential.c:511 +#, c-format +msgid "Issuer ego required\n" +msgstr "" + +#: src/credential/gnunet-credential.c:523 +#, c-format +msgid "Please specify name to lookup, subject key and issuer key!\n" +msgstr "" + +#: src/credential/gnunet-credential.c:543 +msgid "create credential" +msgstr "" + +#: src/credential/gnunet-credential.c:547 +msgid "verify credential against attribute" +msgstr "" + +#: src/credential/gnunet-credential.c:552 +#, fuzzy +msgid "The public key of the subject to lookup the credential for" +msgstr "xác định mức ưu tiên của nội dung" + +#: src/credential/gnunet-credential.c:557 +msgid "The name of the credential presented by the subject" +msgstr "" + +#: src/credential/gnunet-credential.c:562 +#, fuzzy +msgid "The public key of the authority to verify the credential against" +msgstr "xác định mức ưu tiên của nội dung" + +#: src/credential/gnunet-credential.c:567 +#, fuzzy +msgid "The ego to use" +msgstr "kích cỡ tin nhắn" + +#: src/credential/gnunet-credential.c:572 +msgid "The issuer attribute to verify against or to issue" +msgstr "" + +#: src/credential/gnunet-credential.c:577 +msgid "The time to live for the credential" +msgstr "" + +#: src/credential/gnunet-credential.c:581 +msgid "collect credentials" +msgstr "" + +#: src/credential/gnunet-credential.c:595 +#, fuzzy +msgid "GNUnet credential resolver tool" +msgstr "Bản ghi lỗi GNUnet" + +#: src/credential/gnunet-service-credential.c:1204 +#: src/gns/gnunet-gns-helper-service-w32.c:727 src/gns/gnunet-gns.c:355 +#, fuzzy, c-format +msgid "Failed to connect to GNS\n" +msgstr "Lỗi kết nối đến gnunetd.\n" + +#: src/credential/gnunet-service-credential.c:1210 +#: src/namestore/gnunet-namestore-fcfsd.c:1034 +#: src/namestore/gnunet-namestore.c:802 +#: src/namestore/plugin_rest_namestore.c:1022 +#, fuzzy, c-format +msgid "Failed to connect to namestore\n" +msgstr "Không kết nối được đến trình nền gnunetd." + +#: src/credential/plugin_gnsrecord_credential.c:186 +#, fuzzy, c-format +msgid "Unable to parse ATTR record string `%s'\n" +msgstr "Lỗi đọc danh sách bạn bè từ « %s »\n" + +#: src/credential/plugin_rest_credential.c:1155 src/gns/plugin_rest_gns.c:668 +#, fuzzy +msgid "GNS REST API initialized\n" +msgstr "Lỗi sơ khởi lõi.\n" + #: src/datacache/datacache.c:119 src/datacache/datacache.c:294 -#: src/datastore/gnunet-service-datastore.c:775 +#: src/datastore/gnunet-service-datastore.c:757 #, fuzzy msgid "# bytes stored" msgstr "# các byte trong kho dữ liệu" @@ -1546,13 +1681,12 @@ msgstr "kho dữ liệu sqlite" #: src/datacache/plugin_datacache_sqlite.c:113 #: src/datacache/plugin_datacache_sqlite.c:122 -#: src/datastore/plugin_datastore_mysql.c:980 +#: src/datastore/plugin_datastore_mysql.c:892 #: src/datastore/plugin_datastore_sqlite.c:58 -#: src/datastore/plugin_datastore_sqlite.c:66 src/my/my.c:80 src/my/my.c:92 -#: src/mysql/mysql.c:42 src/mysql/mysql.c:49 -#: src/namecache/plugin_namecache_postgres.c:53 +#: src/datastore/plugin_datastore_sqlite.c:66 +#: src/identity-provider/plugin_identity_provider_sqlite.c:52 src/my/my.c:80 +#: src/my/my.c:92 src/mysql/mysql.c:42 src/mysql/mysql.c:49 #: src/namecache/plugin_namecache_sqlite.c:53 -#: src/namestore/plugin_namestore_postgres.c:53 #: src/namestore/plugin_namestore_sqlite.c:53 #: src/peerstore/plugin_peerstore_sqlite.c:52 #: src/psycstore/plugin_psycstore_mysql.c:62 @@ -1561,14 +1695,15 @@ msgstr "kho dữ liệu sqlite" #: src/testbed/gnunet-daemon-testbed-underlay.c:56 #: src/testbed/testbed_api_hosts.c:69 src/util/crypto_ecc.c:52 #: src/util/crypto_ecc_setup.c:41 src/util/crypto_mpi.c:39 -#: src/include/gnunet_common.h:720 src/include/gnunet_common.h:729 +#: src/include/gnunet_common.h:735 src/include/gnunet_common.h:744 #: src/scalarproduct/scalarproduct.h:35 #, c-format msgid "`%s' failed at %s:%d with error: %s\n" msgstr "« %s » bị lỗi tại %s:%d với lỗi: %s\n" #: src/datacache/plugin_datacache_sqlite.c:817 -#: src/datastore/plugin_datastore_sqlite.c:475 +#: src/datastore/plugin_datastore_sqlite.c:456 +#: src/identity-provider/plugin_identity_provider_sqlite.c:336 #: src/namecache/plugin_namecache_sqlite.c:296 #: src/namestore/plugin_namestore_sqlite.c:355 msgid "Tried to close sqlite without finalizing all prepared statements.\n" @@ -1613,50 +1748,104 @@ msgstr "# các kết nối dht" msgid "# PUT requests executed" msgstr "# các yêu cầu dht được định tuyến" -#: src/datastore/datastore_api.c:1116 +#: src/datastore/datastore_api.c:1116 +#, fuzzy +msgid "# RESERVE requests executed" +msgstr "# các yêu cầu dht được định tuyến" + +#: src/datastore/datastore_api.c:1181 +msgid "# RELEASE RESERVE requests executed" +msgstr "" + +#: src/datastore/datastore_api.c:1259 +#, fuzzy +msgid "# REMOVE requests executed" +msgstr "# các yêu cầu dht được định tuyến" + +#: src/datastore/datastore_api.c:1319 +msgid "# GET REPLICATION requests executed" +msgstr "" + +#: src/datastore/datastore_api.c:1381 +msgid "# GET ZERO ANONYMITY requests executed" +msgstr "" + +#: src/datastore/datastore_api.c:1462 +#, fuzzy +msgid "# GET requests executed" +msgstr "# các yêu cầu dht được định tuyến" + +#: src/datastore/gnunet-datastore.c:189 +#, c-format +msgid "Dumped % records\n" +msgstr "" + +#: src/datastore/gnunet-datastore.c:217 src/datastore/gnunet-datastore.c:229 +#, c-format +msgid "Short write to file: %zd bytes expecting %zd\n" +msgstr "" + +#: src/datastore/gnunet-datastore.c:261 +#, fuzzy +msgid "Error queueing datastore GET operation\n" +msgstr "Gặp lỗi khi tạo người dùng" + +#: src/datastore/gnunet-datastore.c:287 src/datastore/gnunet-datastore.c:412 +#, fuzzy, c-format +msgid "Unable to open dump file: %s\n" +msgstr "Không thể tạo miền tên.\n" + +#: src/datastore/gnunet-datastore.c:326 +#, fuzzy, c-format +msgid "Failed to store item: %s, aborting\n" +msgstr "Lỗi mở tập tin ghi sự kiện « %s »: %s\n" + +#: src/datastore/gnunet-datastore.c:340 +#, c-format +msgid "Inserted % records\n" +msgstr "" + +#: src/datastore/gnunet-datastore.c:349 src/datastore/gnunet-datastore.c:363 +#, c-format +msgid "Short read from file: %zd bytes expecting %zd\n" +msgstr "" + +#: src/datastore/gnunet-datastore.c:389 #, fuzzy -msgid "# RESERVE requests executed" -msgstr "# các yêu cầu dht được định tuyến" +msgid "Error queueing datastore PUT operation\n" +msgstr "Gặp lỗi khi tạo người dùng" -#: src/datastore/datastore_api.c:1181 -msgid "# RELEASE RESERVE requests executed" +#: src/datastore/gnunet-datastore.c:432 +msgid "Input file is not of a supported format\n" msgstr "" -#: src/datastore/datastore_api.c:1259 +#: src/datastore/gnunet-datastore.c:458 #, fuzzy -msgid "# REMOVE requests executed" -msgstr "# các yêu cầu dht được định tuyến" +msgid "Failed connecting to the datastore.\n" +msgstr "Không kết nối được đến trình nền gnunetd." -#: src/datastore/datastore_api.c:1319 -msgid "# GET REPLICATION requests executed" +#: src/datastore/gnunet-datastore.c:470 +#, c-format +msgid "Please choose at least one operation: %s, %s\n" msgstr "" -#: src/datastore/datastore_api.c:1381 -msgid "# GET ZERO ANONYMITY requests executed" +#: src/datastore/gnunet-datastore.c:493 +#, fuzzy +msgid "Dump all records from the datastore" msgstr "" +"\n" +"Không nhận được đáp ứng từ gnunetd.\n" -#: src/datastore/datastore_api.c:1462 +#: src/datastore/gnunet-datastore.c:497 #, fuzzy -msgid "# GET requests executed" -msgstr "# các yêu cầu dht được định tuyến" - -#: src/datastore/gnunet-datastore.c:113 -#, fuzzy, c-format -msgid "Failed to store item: %s, aborting\n" -msgstr "Lỗi mở tập tin ghi sự kiện « %s »: %s\n" - -#: src/datastore/gnunet-datastore.c:209 -#, c-format -msgid "Cannot use the same configuration for source and destination\n" -msgstr "" +msgid "Insert records into the datastore" +msgstr "# các byte trong kho dữ liệu" -#: src/datastore/gnunet-datastore.c:256 -msgid "" -"specifies the configuration to use to access an alternative datastore; will " -"merge that datastore into our current datastore" +#: src/datastore/gnunet-datastore.c:502 +msgid "File to dump or insert" msgstr "" -#: src/datastore/gnunet-datastore.c:265 +#: src/datastore/gnunet-datastore.c:511 #, fuzzy msgid "Manipulate GNUnet datastore" msgstr "cập nhật một giá trị trong tập tin cấu hình" @@ -1700,8 +1889,8 @@ msgstr "" #: src/datastore/gnunet-service-datastore.c:634 #: src/datastore/gnunet-service-datastore.c:689 -#: src/datastore/gnunet-service-datastore.c:977 -#: src/datastore/gnunet-service-datastore.c:1633 +#: src/datastore/gnunet-service-datastore.c:837 +#: src/datastore/gnunet-service-datastore.c:1469 msgid "# reserved" msgstr "" @@ -1709,152 +1898,153 @@ msgstr "" msgid "Could not find matching reservation" msgstr "" -#: src/datastore/gnunet-service-datastore.c:792 +#: src/datastore/gnunet-service-datastore.c:773 #, c-format msgid "Need %llu bytes more space (%llu allowed, using %llu)\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1026 +#: src/datastore/gnunet-service-datastore.c:876 #, fuzzy msgid "# GET requests received" msgstr "# các yêu cầu get (lấy) dht được nhận" -#: src/datastore/gnunet-service-datastore.c:1058 +#: src/datastore/gnunet-service-datastore.c:907 #, fuzzy msgid "# GET KEY requests received" msgstr "# các yêu cầu get (lấy) dht được nhận" -#: src/datastore/gnunet-service-datastore.c:1071 +#: src/datastore/gnunet-service-datastore.c:920 #, fuzzy msgid "# requests filtered by bloomfilter" msgstr "# các yêu cầu được lọc theo bộ lọc bloom" -#: src/datastore/gnunet-service-datastore.c:1108 +#: src/datastore/gnunet-service-datastore.c:956 #, fuzzy msgid "# GET REPLICATION requests received" msgstr "# các yêu cầu get (lấy) dht được nhận" -#: src/datastore/gnunet-service-datastore.c:1141 +#: src/datastore/gnunet-service-datastore.c:989 #, fuzzy msgid "# GET ZERO ANONYMITY requests received" msgstr "# các yêu cầu get (lấy) dht được nhận" -#: src/datastore/gnunet-service-datastore.c:1190 +#: src/datastore/gnunet-service-datastore.c:1036 msgid "Content not found" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1199 +#: src/datastore/gnunet-service-datastore.c:1043 msgid "# bytes removed (explicit request)" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1246 +#: src/datastore/gnunet-service-datastore.c:1088 #, fuzzy msgid "# REMOVE requests received" msgstr "# các yêu cầu get (lấy) dht được nhận" -#: src/datastore/gnunet-service-datastore.c:1301 +#: src/datastore/gnunet-service-datastore.c:1137 #, c-format msgid "" "Datastore payload must have been inaccurate (%lld < %lld). Recomputing it.\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1307 -#: src/datastore/gnunet-service-datastore.c:1482 +#: src/datastore/gnunet-service-datastore.c:1143 +#: src/datastore/gnunet-service-datastore.c:1318 #, c-format msgid "New payload: %lld\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1361 +#: src/datastore/gnunet-service-datastore.c:1197 #, c-format msgid "Loading `%s' datastore plugin\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1373 +#: src/datastore/gnunet-service-datastore.c:1209 #, fuzzy, c-format msgid "Failed to load datastore plugin for `%s'\n" msgstr "Không thể nạp phần bổ sung truyền tải « %s »\n" -#: src/datastore/gnunet-service-datastore.c:1433 +#: src/datastore/gnunet-service-datastore.c:1269 msgid "Bloomfilter construction complete.\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1489 +#: src/datastore/gnunet-service-datastore.c:1325 msgid "Rebuilding bloomfilter. Please be patient.\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1500 +#: src/datastore/gnunet-service-datastore.c:1336 msgid "Plugin does not support get_keys function. Please fix!\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1670 +#: src/datastore/gnunet-service-datastore.c:1506 #, fuzzy, c-format msgid "# bytes used in file-sharing datastore `%s'" msgstr "# các byte được phép trong kho dữ liệu" -#: src/datastore/gnunet-service-datastore.c:1686 +#: src/datastore/gnunet-service-datastore.c:1522 msgid "# quota" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1691 +#: src/datastore/gnunet-service-datastore.c:1527 msgid "# cache size" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1707 +#: src/datastore/gnunet-service-datastore.c:1543 #, c-format msgid "Could not use specified filename `%s' for bloomfilter.\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1725 -#: src/datastore/gnunet-service-datastore.c:1741 +#: src/datastore/gnunet-service-datastore.c:1561 +#: src/datastore/gnunet-service-datastore.c:1577 #, fuzzy, c-format msgid "Failed to remove bogus bloomfilter file `%s'\n" msgstr "Không thể lưu tập tin cấu hình « %s »:" -#: src/datastore/gnunet-service-datastore.c:1773 +#: src/datastore/gnunet-service-datastore.c:1609 #, fuzzy msgid "Failed to initialize bloomfilter.\n" msgstr "Lỗi sơ khởi dịch vụ « %s ».\n" -#: src/datastore/plugin_datastore_heap.c:769 +#: src/datastore/plugin_datastore_heap.c:893 #, fuzzy msgid "Heap database running\n" msgstr "kho dữ liệu sqlite" -#: src/datastore/plugin_datastore_mysql.c:377 -#: src/datastore/plugin_datastore_sqlite.c:590 +#: src/datastore/plugin_datastore_mysql.c:371 +#: src/datastore/plugin_datastore_mysql.c:423 +#: src/datastore/plugin_datastore_mysql.c:1075 +msgid "MySQL statement run failure" +msgstr "" + +#: src/datastore/plugin_datastore_mysql.c:410 +#: src/datastore/plugin_datastore_sqlite.c:626 #, fuzzy msgid "Data too large" msgstr "số lần lặp lại" -#: src/datastore/plugin_datastore_mysql.c:393 -msgid "MySQL statement run failure" -msgstr "" - -#: src/datastore/plugin_datastore_mysql.c:936 +#: src/datastore/plugin_datastore_mysql.c:848 #, fuzzy, c-format msgid "`%s' for `%s' failed at %s:%d with error: %s\n" msgstr "« %s » bị lỗi tại %s:%d với lỗi: %s\n" -#: src/datastore/plugin_datastore_mysql.c:1208 +#: src/datastore/plugin_datastore_mysql.c:1180 #: src/psycstore/plugin_psycstore_mysql.c:1936 msgid "Mysql database running\n" msgstr "" -#: src/datastore/plugin_datastore_postgres.c:345 +#: src/datastore/plugin_datastore_postgres.c:274 +#: src/datastore/plugin_datastore_postgres.c:891 msgid "Postgress exec failure" msgstr "" -#: src/datastore/plugin_datastore_postgres.c:866 +#: src/datastore/plugin_datastore_postgres.c:852 #, fuzzy msgid "Failed to drop table from database.\n" msgstr "" "\n" "Không nhận được đáp ứng từ gnunetd.\n" -#: src/datastore/plugin_datastore_postgres.c:903 -#: src/namecache/plugin_namecache_postgres.c:398 -#: src/namestore/plugin_namestore_postgres.c:571 -#: src/psycstore/plugin_psycstore_postgres.c:1721 +#: src/datastore/plugin_datastore_postgres.c:950 +#: src/psycstore/plugin_psycstore_postgres.c:1506 msgid "Postgres database running\n" msgstr "" @@ -1866,7 +2056,8 @@ msgstr "" msgid "`%s' failed at %s:%u with error: %s" msgstr "« %s » bị lỗi tại %s:%d với lỗi: %s" -#: src/datastore/plugin_datastore_sqlite.c:281 +#: src/datastore/plugin_datastore_sqlite.c:271 +#: src/identity-provider/plugin_identity_provider_sqlite.c:212 #: src/namecache/plugin_namecache_sqlite.c:194 #: src/namestore/plugin_namestore_sqlite.c:222 #: src/peerstore/plugin_peerstore_sqlite.c:535 @@ -1875,25 +2066,30 @@ msgstr "« %s » bị lỗi tại %s:%d với lỗi: %s" msgid "Unable to initialize SQLite: %s.\n" msgstr "Không thể sơ khởi SQLite: %s.\n" -#: src/datastore/plugin_datastore_sqlite.c:1234 +#: src/datastore/plugin_datastore_sqlite.c:577 +msgid "sqlite bind failure" +msgstr "" + +#: src/datastore/plugin_datastore_sqlite.c:1259 msgid "sqlite version to old to determine size, assuming zero\n" msgstr "" -#: src/datastore/plugin_datastore_sqlite.c:1268 +#: src/datastore/plugin_datastore_sqlite.c:1293 #, c-format msgid "" "Using sqlite page utilization to estimate payload (%llu pages of size %llu " "bytes)\n" msgstr "" -#: src/datastore/plugin_datastore_sqlite.c:1312 +#: src/datastore/plugin_datastore_sqlite.c:1337 +#: src/identity-provider/plugin_identity_provider_sqlite.c:711 #: src/namecache/plugin_namecache_sqlite.c:603 #: src/namestore/plugin_namestore_sqlite.c:802 #, fuzzy msgid "Sqlite database running\n" msgstr "kho dữ liệu sqlite" -#: src/datastore/plugin_datastore_template.c:259 +#: src/datastore/plugin_datastore_template.c:253 msgid "Template database running\n" msgstr "" @@ -1955,53 +2151,6 @@ msgstr "" msgid "Prints all packets that go through the DHT." msgstr "" -#: src/dht/gnunet_dht_profiler.c:1161 -#: src/testbed/gnunet-testbed-profiler.c:255 -#, fuzzy, c-format -msgid "Exiting as the number of peers is %u\n" -msgstr "tăng sổ tối đa các kết nối TCP/IP" - -#: src/dht/gnunet_dht_profiler.c:1188 -#, fuzzy -msgid "number of peers to start" -msgstr "số lần lặp lại" - -#: src/dht/gnunet_dht_profiler.c:1194 -msgid "" -"maximum number of times we try to search for successor circle formation (0 " -"for R5N)" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1200 src/nse/gnunet-nse-profiler.c:853 -#: src/testbed/gnunet-testbed-profiler.c:305 -msgid "name of the file with the login information for the testbed" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1206 -msgid "delay between rounds for collecting statistics (default: 30 sec)" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1212 -msgid "delay to start doing PUTs (default: 1 sec)" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1218 -msgid "delay to start doing GETs (default: 5 min)" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1223 -msgid "replication degree for DHT PUTs" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1230 -msgid "timeout for DHT PUT and GET requests (default: 1 min)" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1248 -#, fuzzy -msgid "Measure quality and performance of the DHT service." -msgstr "Không thể truy cập đến dịch vụ" - #: src/dht/gnunet-dht-put.c:120 #, fuzzy msgid "PUT request sent with key" @@ -2279,6 +2428,52 @@ msgstr "" msgid "# DHT requests combined" msgstr "# các yêu cầu get (lấy) dht được nhận" +#: src/dht/gnunet_dht_profiler.c:1161 src/testbed/gnunet-testbed-profiler.c:255 +#, fuzzy, c-format +msgid "Exiting as the number of peers is %u\n" +msgstr "tăng sổ tối đa các kết nối TCP/IP" + +#: src/dht/gnunet_dht_profiler.c:1188 +#, fuzzy +msgid "number of peers to start" +msgstr "số lần lặp lại" + +#: src/dht/gnunet_dht_profiler.c:1194 +msgid "" +"maximum number of times we try to search for successor circle formation (0 " +"for R5N)" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1200 src/nse/gnunet-nse-profiler.c:853 +#: src/testbed/gnunet-testbed-profiler.c:305 +msgid "name of the file with the login information for the testbed" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1206 +msgid "delay between rounds for collecting statistics (default: 30 sec)" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1212 +msgid "delay to start doing PUTs (default: 1 sec)" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1218 +msgid "delay to start doing GETs (default: 5 min)" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1223 +msgid "replication degree for DHT PUTs" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1230 +msgid "timeout for DHT PUT and GET requests (default: 1 min)" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1248 +#, fuzzy +msgid "Measure quality and performance of the DHT service." +msgstr "Không thể truy cập đến dịch vụ" + #: src/dht/plugin_block_dht.c:187 #, fuzzy, c-format msgid "Block not of type %u\n" @@ -2612,7 +2807,7 @@ msgstr "" msgid "No useful service enabled. Exiting.\n" msgstr "" -#: src/exit/gnunet-daemon-exit.c:3969 +#: src/exit/gnunet-daemon-exit.c:3970 msgid "Daemon to run to provide an IP exit node for the VPN" msgstr "" @@ -3265,15 +3460,6 @@ msgid "" "chk/...)" msgstr "" -#: src/fs/gnunet-fs.c:119 -msgid "print a list of all indexed files" -msgstr "" - -#: src/fs/gnunet-fs.c:130 -#, fuzzy -msgid "Special file-sharing operations" -msgstr "Tùy chọn chia sẻ tập tin" - #: src/fs/gnunet-fs-profiler.c:211 msgid "run the experiment with COUNT peers" msgstr "" @@ -3290,6 +3476,15 @@ msgstr "" msgid "run a testbed to measure file-sharing performance" msgstr "" +#: src/fs/gnunet-fs.c:119 +msgid "print a list of all indexed files" +msgstr "" + +#: src/fs/gnunet-fs.c:130 +#, fuzzy +msgid "Special file-sharing operations" +msgstr "Tùy chọn chia sẻ tập tin" + #: src/fs/gnunet-publish.c:219 src/fs/gnunet-publish.c:231 #, c-format msgid "Publishing `%s' at %llu/%llu (%s remaining)\n" @@ -4000,22 +4195,11 @@ msgstr "" msgid "GNUnet DNS-to-GNS proxy (a DNS server)" msgstr "" -#: src/gns/gnunet-gns.c:235 src/gns/plugin_rest_gns.c:346 -#, c-format -msgid "Invalid typename specified, assuming `ANY'\n" -msgstr "" - -#: src/gns/gnunet-gns.c:252 -#, c-format -msgid "Please specify name to lookup!\n" -msgstr "" - -#: src/gns/gnunet-gns.c:276 -#, c-format -msgid "Ego for `%s' not found, cannot perform lookup.\n" +#: src/gns/gnunet-gns-helper-service-w32.c:602 +msgid "Not ready to process requests, lacking ego data\n" msgstr "" -#: src/gns/gnunet-gns.c:315 src/gns/gnunet-gns-helper-service-w32.c:701 +#: src/gns/gnunet-gns-helper-service-w32.c:701 src/gns/gnunet-gns.c:315 #: src/gns/plugin_rest_gns.c:422 #, c-format msgid "" @@ -4023,59 +4207,12 @@ msgid "" "gns-import.sh?\n" msgstr "" -#: src/gns/gnunet-gns.c:355 src/gns/gnunet-gns-helper-service-w32.c:727 -#, fuzzy, c-format -msgid "Failed to connect to GNS\n" -msgstr "Lỗi kết nối đến gnunetd.\n" - -#: src/gns/gnunet-gns.c:374 -#, c-format -msgid "Public key `%s' is not well-formed\n" -msgstr "" - -#: src/gns/gnunet-gns.c:428 -msgid "Lookup a record for the given name" -msgstr "" - -#: src/gns/gnunet-gns.c:434 -#, fuzzy -msgid "Specify the type of the record to lookup" -msgstr "xác định mức ưu tiên của nội dung" - -#: src/gns/gnunet-gns.c:440 -#, fuzzy -msgid "Specify timeout for the lookup" -msgstr "xác định mức ưu tiên của nội dung" - -#: src/gns/gnunet-gns.c:445 -msgid "No unneeded output" -msgstr "" - -#: src/gns/gnunet-gns.c:451 -#, fuzzy -msgid "Specify the public key of the zone to lookup the record in" -msgstr "xác định mức ưu tiên của nội dung" - -#: src/gns/gnunet-gns.c:457 -#, fuzzy -msgid "Specify the name of the ego of the zone to lookup the record in" -msgstr "xác định mức ưu tiên của nội dung" - -#: src/gns/gnunet-gns.c:476 -#, fuzzy -msgid "GNUnet GNS resolver tool" -msgstr "Bản ghi lỗi GNUnet" - -#: src/gns/gnunet-gns-helper-service-w32.c:602 -msgid "Not ready to process requests, lacking ego data\n" -msgstr "" - #: src/gns/gnunet-gns-helper-service-w32.c:739 #, fuzzy, c-format msgid "Failed to connect to identity service\n" msgstr "Lỗi kết nối đến gnunetd.\n" -#: src/gns/gnunet-gns-import.c:489 +#: src/gns/gnunet-gns-import.c:452 msgid "This program will import some GNS authorities into your GNS namestore." msgstr "" @@ -4196,9 +4333,62 @@ msgstr "" msgid "pem file to use as CA" msgstr "" -#: src/gns/gnunet-gns-proxy.c:3300 -msgid "GNUnet GNS proxy" -msgstr "" +#: src/gns/gnunet-gns-proxy.c:3300 +msgid "GNUnet GNS proxy" +msgstr "" + +#: src/gns/gnunet-gns.c:235 src/gns/plugin_rest_gns.c:346 +#, c-format +msgid "Invalid typename specified, assuming `ANY'\n" +msgstr "" + +#: src/gns/gnunet-gns.c:252 +#, c-format +msgid "Please specify name to lookup!\n" +msgstr "" + +#: src/gns/gnunet-gns.c:276 +#, c-format +msgid "Ego for `%s' not found, cannot perform lookup.\n" +msgstr "" + +#: src/gns/gnunet-gns.c:374 +#, c-format +msgid "Public key `%s' is not well-formed\n" +msgstr "" + +#: src/gns/gnunet-gns.c:428 +msgid "Lookup a record for the given name" +msgstr "" + +#: src/gns/gnunet-gns.c:434 +#, fuzzy +msgid "Specify the type of the record to lookup" +msgstr "xác định mức ưu tiên của nội dung" + +#: src/gns/gnunet-gns.c:440 +#, fuzzy +msgid "Specify timeout for the lookup" +msgstr "xác định mức ưu tiên của nội dung" + +#: src/gns/gnunet-gns.c:445 +msgid "No unneeded output" +msgstr "" + +#: src/gns/gnunet-gns.c:451 +#, fuzzy +msgid "Specify the public key of the zone to lookup the record in" +msgstr "xác định mức ưu tiên của nội dung" + +#: src/gns/gnunet-gns.c:457 +#, fuzzy +msgid "Specify the name of the ego of the zone to lookup the record in" +msgstr "xác định mức ưu tiên của nội dung" + +#: src/gns/gnunet-gns.c:476 +#, fuzzy +msgid "GNUnet GNS resolver tool" +msgstr "Bản ghi lỗi GNUnet" #: src/gns/gnunet-service-gns.c:442 #, fuzzy @@ -4206,7 +4396,7 @@ msgid "Failed to connect to the namecache!\n" msgstr "Không kết nối được đến trình nền gnunetd." #: src/gns/gnunet-service-gns.c:461 -#: src/zonemaster/gnunet-service-zonemaster.c:741 +#: src/zonemaster/gnunet-service-zonemaster.c:742 #, fuzzy msgid "Could not connect to DHT!\n" msgstr "Không thể kết nối tới %s:%u: %s\n" @@ -4265,45 +4455,35 @@ msgstr "" msgid "Hostname `%s' is not well-formed, resolution fails\n" msgstr "" -#: src/gns/plugin_gnsrecord_gns.c:203 +#: src/gns/plugin_gnsrecord_gns.c:179 #, fuzzy, c-format msgid "Unable to parse PKEY record `%s'\n" msgstr "Lỗi đọc danh sách bạn bè từ « %s »\n" -#: src/gns/plugin_gnsrecord_gns.c:232 +#: src/gns/plugin_gnsrecord_gns.c:208 #, fuzzy, c-format msgid "Unable to parse GNS2DNS record `%s'\n" msgstr "Lỗi đọc danh sách bạn bè từ « %s »\n" -#: src/gns/plugin_gnsrecord_gns.c:253 +#: src/gns/plugin_gnsrecord_gns.c:229 #, fuzzy, c-format msgid "Failed to serialize GNS2DNS record with value `%s'\n" msgstr "Không thể truy cập đến tập tin gnunet-directory « %s »\n" -#: src/gns/plugin_gnsrecord_gns.c:276 +#: src/gns/plugin_gnsrecord_gns.c:252 #, fuzzy, c-format msgid "Unable to parse VPN record string `%s'\n" msgstr "Lỗi đọc danh sách bạn bè từ « %s »\n" -#: src/gns/plugin_gnsrecord_gns.c:312 +#: src/gns/plugin_gnsrecord_gns.c:288 #, fuzzy, c-format msgid "Unable to parse BOX record string `%s'\n" msgstr "Lỗi đọc danh sách bạn bè từ « %s »\n" -#: src/gns/plugin_gnsrecord_gns.c:360 -#, fuzzy, c-format -msgid "Unable to parse REVERSE record string `%s'\n" -msgstr "Lỗi đọc danh sách bạn bè từ « %s »\n" - #: src/gns/plugin_rest_gns.c:384 msgid "Ego for not found, cannot perform lookup.\n" msgstr "" -#: src/gns/plugin_rest_gns.c:668 -#, fuzzy -msgid "GNS REST API initialized\n" -msgstr "Lỗi sơ khởi lõi.\n" - #: src/gnsrecord/plugin_gnsrecord_dns.c:359 #, fuzzy, c-format msgid "Unable to parse IPv4 address `%s'\n" @@ -4746,6 +4926,53 @@ msgstr "« %s » không sẵn sàng.\n" msgid "Could not start hostlist HTTP server on port %u\n" msgstr "Cổng cho trình phục vụ HTTP danh sách máy chủ thống nhất" +#: src/identity-provider/gnunet-idp.c:348 +#, fuzzy +msgid "Ego is required\n" +msgstr "Bị từ chối đặt tùy chọn « %s » trong phần « %s » thành « %s ».\n" + +#: src/identity-provider/gnunet-idp.c:370 +msgid "Add attribute" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:376 +msgid "Attribute value" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:381 +msgid "Ego" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:386 +msgid "Audience (relying party)" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:390 +msgid "List attributes for Ego" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:395 +msgid "Issue a ticket" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:400 +msgid "Consume a ticket" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:405 +msgid "Revoke a ticket" +msgstr "" + +#: src/identity-provider/identity_provider_api.c:429 +#, fuzzy +msgid "failed to store record\n" +msgstr "Lỗi bắt đầu thu thập.\n" + +#: src/identity-provider/plugin_rest_identity_provider.c:1175 +#, fuzzy +msgid "Identity Provider REST API initialized\n" +msgstr "Lỗi sơ khởi lõi.\n" + #: src/identity/gnunet-identity.c:179 #, fuzzy, c-format msgid "Failed to create ego: %s\n" @@ -4833,34 +5060,11 @@ msgstr "Không thể lưu tập tin cấu hình « %s »:" msgid "Failed to create directory `%s' for storing egos\n" msgstr "Lỗi đọc danh sách bạn bè từ « %s »\n" -#: src/identity/plugin_rest_identity.c:967 +#: src/identity/plugin_rest_identity.c:964 #, fuzzy msgid "Identity REST API initialized\n" msgstr "Lỗi sơ khởi lõi.\n" -#: src/identity-provider/gnunet-identity-token.c:66 -#, fuzzy -msgid "Option `-t' is required\n" -msgstr "Bị từ chối đặt tùy chọn « %s » trong phần « %s » thành « %s ».\n" - -#: src/identity-provider/gnunet-identity-token.c:77 -#, fuzzy, c-format -msgid "Token `%s' is malformed\n" -msgstr "Đối số không hợp lệ cho « %s ».\n" - -#: src/identity-provider/gnunet-identity-token.c:166 -msgid "GNUid token" -msgstr "" - -#: src/identity-provider/gnunet-identity-token.c:171 -msgid "Print token contents" -msgstr "" - -#: src/identity-provider/plugin_rest_identity_provider.c:1166 -#, fuzzy -msgid "Identity Token REST API initialized\n" -msgstr "Lỗi sơ khởi lõi.\n" - #: src/json/json.c:119 #, fuzzy, c-format msgid "Failed to parse JSON in option `%s': %s (%s)\n" @@ -4962,25 +5166,79 @@ msgstr "Không thể tạo miền tên.\n" msgid "flat plugin running\n" msgstr "kho dữ liệu sqlite" -#: src/namecache/plugin_namecache_postgres.c:90 -#: src/namestore/plugin_namestore_postgres.c:97 -#, fuzzy -msgid "Failed to create indices\n" +#: src/namestore/gnunet-namestore-fcfsd.c:508 +#, fuzzy, c-format +msgid "Unsupported form value `%s'\n" +msgstr "Lệnh không được hỗ trợ « %s ». Đang hủy bỏ.\n" + +#: src/namestore/gnunet-namestore-fcfsd.c:535 +#, fuzzy, c-format +msgid "Failed to create record for domain `%s': %s\n" +msgstr "Không thể truy cập đến tập tin gnunet-directory « %s »\n" + +#: src/namestore/gnunet-namestore-fcfsd.c:555 +msgid "Error when mapping zone to name\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:585 +#, c-format +msgid "Found existing name `%s' for the given key\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:662 +#, c-format +msgid "Found %u existing records for domain `%s'\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:718 +#, fuzzy, c-format +msgid "Failed to create page for `%s'\n" msgstr "Không thể tạo miền tên.\n" +#: src/namestore/gnunet-namestore-fcfsd.c:734 +#, fuzzy, c-format +msgid "Failed to setup post processor for `%s'\n" +msgstr "Lỗi cập nhật dữ liệu cho mô-đun « %s »\n" + +#: src/namestore/gnunet-namestore-fcfsd.c:770 +msgid "Domain name must not contain `.'\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:778 +msgid "Domain name must not contain `+'\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:974 +msgid "No ego configured for `fcfsd` subsystem\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:1000 +#, fuzzy +msgid "Failed to start HTTP server\n" +msgstr "Lỗi bắt đầu thu thập.\n" + +#: src/namestore/gnunet-namestore-fcfsd.c:1042 +#, fuzzy +msgid "Failed to connect to identity\n" +msgstr "Lỗi kết nối đến gnunetd.\n" + +#: src/namestore/gnunet-namestore-fcfsd.c:1074 +msgid "GNU Name System First Come First Serve name registration service" +msgstr "" + #: src/namestore/gnunet-namestore.c:301 #, fuzzy, c-format msgid "Adding record failed: %s\n" msgstr "Gặp lỗi khi tải lên tập tin: %s\n" #: src/namestore/gnunet-namestore.c:330 -#: src/namestore/plugin_rest_namestore.c:562 +#: src/namestore/plugin_rest_namestore.c:567 #, fuzzy, c-format msgid "Deleting record failed, record does not exist%s%s\n" msgstr "Gặp lỗi khi tải lên tập tin: %s\n" #: src/namestore/gnunet-namestore.c:337 -#: src/namestore/plugin_rest_namestore.c:571 +#: src/namestore/plugin_rest_namestore.c:576 #, fuzzy, c-format msgid "Deleting record failed%s%s\n" msgstr "Gặp lỗi khi tải lên tập tin: %s\n" @@ -4998,7 +5256,7 @@ msgid "Records already exist under `%s', cannot add `%s' record.\n" msgstr "" #: src/namestore/gnunet-namestore.c:698 -#: src/namestore/plugin_rest_namestore.c:597 +#: src/namestore/plugin_rest_namestore.c:602 #, c-format msgid "There are no records under label `%s' that could be deleted.\n" msgstr "" @@ -5009,24 +5267,11 @@ msgid "" "There are no records under label `%s' that match the request for deletion.\n" msgstr "" -#: src/namestore/gnunet-namestore.c:776 -#: src/namestore/plugin_rest_namestore.c:1004 -#, c-format -msgid "Ego `%s' not known to identity service\n" -msgstr "" - #: src/namestore/gnunet-namestore.c:791 #, fuzzy, c-format msgid "No options given\n" msgstr "chưa đưa ra tên" -#: src/namestore/gnunet-namestore.c:802 -#: src/namestore/gnunet-namestore-fcfsd.c:1034 -#: src/namestore/plugin_rest_namestore.c:1017 -#, fuzzy -msgid "Failed to connect to namestore\n" -msgstr "Không kết nối được đến trình nền gnunetd." - #: src/namestore/gnunet-namestore.c:810 src/namestore/gnunet-namestore.c:819 #: src/namestore/gnunet-namestore.c:838 src/namestore/gnunet-namestore.c:861 #: src/namestore/gnunet-namestore.c:915 @@ -5040,14 +5285,14 @@ msgid "add" msgstr "" #: src/namestore/gnunet-namestore.c:829 -#: src/namestore/plugin_rest_namestore.c:671 +#: src/namestore/plugin_rest_namestore.c:676 #, fuzzy, c-format msgid "Unsupported type `%s'\n" msgstr "Lệnh không được hỗ trợ « %s ». Đang hủy bỏ.\n" #: src/namestore/gnunet-namestore.c:851 -#: src/namestore/plugin_rest_namestore.c:689 -#: src/namestore/plugin_rest_namestore.c:729 +#: src/namestore/plugin_rest_namestore.c:694 +#: src/namestore/plugin_rest_namestore.c:734 #, c-format msgid "Value `%s' invalid for record type `%s'\n" msgstr "" @@ -5066,8 +5311,7 @@ msgstr "" msgid "Invalid public key for reverse lookup `%s'\n" msgstr "Đối số không hợp lệ cho « %s ».\n" -#: src/namestore/gnunet-namestore.c:979 -#: src/peerinfo-tool/gnunet-peerinfo.c:775 +#: src/namestore/gnunet-namestore.c:979 src/peerinfo-tool/gnunet-peerinfo.c:775 #, fuzzy, c-format msgid "Invalid URI `%s'\n" msgstr "Dữ liệu nhập không hợp lệ.\n" @@ -5078,13 +5322,13 @@ msgid "Invalid nick `%s'\n" msgstr "Dữ liệu nhập không hợp lệ.\n" #: src/namestore/gnunet-namestore.c:1051 -#: src/namestore/plugin_rest_namestore.c:1047 +#: src/namestore/plugin_rest_namestore.c:1052 #, c-format msgid "No default ego configured in identity service\n" msgstr "" #: src/namestore/gnunet-namestore.c:1108 -#: src/namestore/plugin_rest_namestore.c:1143 +#: src/namestore/plugin_rest_namestore.c:1148 #, fuzzy, c-format msgid "Cannot connect to identity service\n" msgstr "Không thể kết nối tới %s:%u: %s\n" @@ -5147,67 +5391,7 @@ msgstr "" msgid "name of the ego controlling the zone" msgstr "" -#: src/namestore/gnunet-namestore-fcfsd.c:508 -#, fuzzy, c-format -msgid "Unsupported form value `%s'\n" -msgstr "Lệnh không được hỗ trợ « %s ». Đang hủy bỏ.\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:535 -#, fuzzy, c-format -msgid "Failed to create record for domain `%s': %s\n" -msgstr "Không thể truy cập đến tập tin gnunet-directory « %s »\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:555 -msgid "Error when mapping zone to name\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:585 -#, c-format -msgid "Found existing name `%s' for the given key\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:662 -#, c-format -msgid "Found %u existing records for domain `%s'\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:718 -#, fuzzy, c-format -msgid "Failed to create page for `%s'\n" -msgstr "Không thể tạo miền tên.\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:734 -#, fuzzy, c-format -msgid "Failed to setup post processor for `%s'\n" -msgstr "Lỗi cập nhật dữ liệu cho mô-đun « %s »\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:770 -msgid "Domain name must not contain `.'\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:778 -msgid "Domain name must not contain `+'\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:974 -msgid "No ego configured for `fcfsd` subsystem\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:1000 -#, fuzzy -msgid "Failed to start HTTP server\n" -msgstr "Lỗi bắt đầu thu thập.\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:1042 -#, fuzzy -msgid "Failed to connect to identity\n" -msgstr "Lỗi kết nối đến gnunetd.\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:1074 -msgid "GNU Name System First Come First Serve name registration service" -msgstr "" - -#: src/namestore/gnunet-service-namestore.c:612 +#: src/namestore/gnunet-service-namestore.c:615 #, fuzzy, c-format msgid "Failed to replicate block in namecache: %s\n" msgstr "Lỗi cập nhật dữ liệu cho mô-đun « %s »\n" @@ -5221,7 +5405,7 @@ msgstr "" msgid "flat file database running\n" msgstr "kho dữ liệu sqlite" -#: src/namestore/plugin_rest_namestore.c:1188 +#: src/namestore/plugin_rest_namestore.c:1193 #, fuzzy msgid "Namestore REST API initialized\n" msgstr "Lỗi sơ khởi lõi.\n" @@ -5508,11 +5692,6 @@ msgstr "" msgid "`upnpc' command not found\n" msgstr "" -#: src/nse/gnunet-nse.c:122 -#, fuzzy -msgid "Show network size estimates from NSE service." -msgstr "# các yêu cầu get (lấy) dht được nhận" - #: src/nse/gnunet-nse-profiler.c:842 #, fuzzy msgid "limit to the number of connections to NSE services, 0 for none" @@ -5539,70 +5718,16 @@ msgstr "" msgid "Measure quality and performance of the NSE service." msgstr "Không thể truy cập đến dịch vụ" -#: src/nse/gnunet-service-nse.c:1534 -#: src/revocation/gnunet-service-revocation.c:838 src/util/gnunet-scrypt.c:276 +#: src/nse/gnunet-nse.c:122 #, fuzzy -msgid "Value is too large.\n" -msgstr "Giá trị không nằm trong phạm vi được phép." - -#: src/peerinfo/gnunet-service-peerinfo.c:178 -#, fuzzy, c-format -msgid "Removing expired address of transport `%s'\n" -msgstr "Đã nạp truyền tải « %s »\n" - -#: src/peerinfo/gnunet-service-peerinfo.c:310 -#, fuzzy, c-format -msgid "Failed to parse HELLO in file `%s': %s\n" -msgstr "Lỗi đọc danh sách bạn bè từ « %s »\n" - -#: src/peerinfo/gnunet-service-peerinfo.c:331 -#: src/peerinfo/gnunet-service-peerinfo.c:362 -#, fuzzy, c-format -msgid "Failed to parse HELLO in file `%s'\n" -msgstr "Lỗi đọc danh sách bạn bè từ « %s »\n" - -#: src/peerinfo/gnunet-service-peerinfo.c:446 -msgid "# peers known" -msgstr "" - -#: src/peerinfo/gnunet-service-peerinfo.c:489 -#, c-format -msgid "" -"File `%s' in directory `%s' does not match naming convention. Removed.\n" -msgstr "" -"Tập tin « %s » trong thư mục « %s » không tùy theo quy ước đặt tên. Bị gỡ " -"bỏ.\n" - -#: src/peerinfo/gnunet-service-peerinfo.c:655 -#, fuzzy, c-format -msgid "Scanning directory `%s'\n" -msgstr "Lỗi đọc danh sách bạn bè từ « %s »\n" - -#: src/peerinfo/gnunet-service-peerinfo.c:663 -#, c-format -msgid "Still no peers found in `%s'!\n" -msgstr "Vẫn còn không tìm thấy đồng đẳng trong « %s ».\n" - -#: src/peerinfo/gnunet-service-peerinfo.c:1076 -#, fuzzy, c-format -msgid "Cleaning up directory `%s'\n" -msgstr "Lỗi đọc danh sách bạn bè từ « %s »\n" - -#: src/peerinfo/gnunet-service-peerinfo.c:1405 -#, c-format -msgid "Importing HELLOs from `%s'\n" -msgstr "" - -#: src/peerinfo/gnunet-service-peerinfo.c:1418 -msgid "Skipping import of included HELLOs\n" -msgstr "" +msgid "Show network size estimates from NSE service." +msgstr "# các yêu cầu get (lấy) dht được nhận" -#: src/peerinfo/peerinfo_api.c:220 +#: src/nse/gnunet-service-nse.c:1534 +#: src/revocation/gnunet-service-revocation.c:838 src/util/gnunet-scrypt.c:276 #, fuzzy -msgid "Failed to receive response from `PEERINFO' service." -msgstr "" -"\n" -"Không nhận được đáp ứng từ gnunetd.\n" +msgid "Value is too large.\n" +msgstr "Giá trị không nằm trong phạm vi được phép." #: src/peerinfo-tool/gnunet-peerinfo.c:239 #, fuzzy, c-format @@ -5695,6 +5820,65 @@ msgstr "Đang nạp các truyền tải « %s »\n" msgid "Failed to load transport plugin for `%s'\n" msgstr "Không thể nạp phần bổ sung truyền tải « %s »\n" +#: src/peerinfo/gnunet-service-peerinfo.c:178 +#, fuzzy, c-format +msgid "Removing expired address of transport `%s'\n" +msgstr "Đã nạp truyền tải « %s »\n" + +#: src/peerinfo/gnunet-service-peerinfo.c:310 +#, fuzzy, c-format +msgid "Failed to parse HELLO in file `%s': %s\n" +msgstr "Lỗi đọc danh sách bạn bè từ « %s »\n" + +#: src/peerinfo/gnunet-service-peerinfo.c:331 +#: src/peerinfo/gnunet-service-peerinfo.c:362 +#, fuzzy, c-format +msgid "Failed to parse HELLO in file `%s'\n" +msgstr "Lỗi đọc danh sách bạn bè từ « %s »\n" + +#: src/peerinfo/gnunet-service-peerinfo.c:446 +msgid "# peers known" +msgstr "" + +#: src/peerinfo/gnunet-service-peerinfo.c:489 +#, c-format +msgid "" +"File `%s' in directory `%s' does not match naming convention. Removed.\n" +msgstr "" +"Tập tin « %s » trong thư mục « %s » không tùy theo quy ước đặt tên. Bị gỡ " +"bỏ.\n" + +#: src/peerinfo/gnunet-service-peerinfo.c:655 +#, fuzzy, c-format +msgid "Scanning directory `%s'\n" +msgstr "Lỗi đọc danh sách bạn bè từ « %s »\n" + +#: src/peerinfo/gnunet-service-peerinfo.c:663 +#, c-format +msgid "Still no peers found in `%s'!\n" +msgstr "Vẫn còn không tìm thấy đồng đẳng trong « %s ».\n" + +#: src/peerinfo/gnunet-service-peerinfo.c:1076 +#, fuzzy, c-format +msgid "Cleaning up directory `%s'\n" +msgstr "Lỗi đọc danh sách bạn bè từ « %s »\n" + +#: src/peerinfo/gnunet-service-peerinfo.c:1405 +#, c-format +msgid "Importing HELLOs from `%s'\n" +msgstr "" + +#: src/peerinfo/gnunet-service-peerinfo.c:1418 +msgid "Skipping import of included HELLOs\n" +msgstr "" + +#: src/peerinfo/peerinfo_api.c:220 +#, fuzzy +msgid "Failed to receive response from `PEERINFO' service." +msgstr "" +"\n" +"Không nhận được đáp ứng từ gnunetd.\n" + #: src/peerstore/gnunet-peerstore.c:91 msgid "peerstore" msgstr "" @@ -5744,15 +5928,10 @@ msgstr "Gặp lỗi khi tạo người dùng" msgid "Unable to create indices: %s.\n" msgstr "Không thể tạo miền tên.\n" -#: src/postgres/postgres.c:67 -#, fuzzy, c-format -msgid "`%s:%s' failed at %s:%d with error: %s\n" -msgstr "« %s » bị lỗi tại %s:%d với lỗi: %s" - -#: src/postgres/postgres.c:192 +#: src/pq/pq_prepare.c:80 #, fuzzy, c-format -msgid "Unable to connect to Postgres database '%s': %s\n" -msgstr "Không thể lưu tập tin cấu hình « %s »:" +msgid "PQprepare (`%s' as `%s') failed with error: %s\n" +msgstr "« %s » bị lỗi tại %s:%d với lỗi: %s\n" #: src/psycstore/gnunet-service-psycstore.c:249 #, fuzzy @@ -5932,61 +6111,61 @@ msgstr "Lưu cấu hình ngay bây giờ không?" msgid "Daemon to announce regular expressions for the peer using cadet." msgstr "" -#: src/regex/gnunet-regex-profiler.c:1314 +#: src/regex/gnunet-regex-profiler.c:1386 #, fuzzy msgid "No configuration file given. Exiting\n" msgstr "dùng tập tin cấu hình TÊN_TẬP_TIN" -#: src/regex/gnunet-regex-profiler.c:1355 +#: src/regex/gnunet-regex-profiler.c:1427 #: src/regex/gnunet-regex-simulation-profiler.c:630 #, c-format msgid "No policy directory specified on command line. Exiting.\n" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1361 +#: src/regex/gnunet-regex-profiler.c:1433 #: src/regex/gnunet-regex-simulation-profiler.c:638 #, c-format msgid "Specified policies directory does not exist. Exiting.\n" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1368 +#: src/regex/gnunet-regex-profiler.c:1440 #, fuzzy, c-format msgid "No files found in `%s'\n" msgstr "Vẫn còn không tìm thấy đồng đẳng trong « %s ».\n" -#: src/regex/gnunet-regex-profiler.c:1377 +#: src/regex/gnunet-regex-profiler.c:1449 msgid "No search strings file given. Exiting.\n" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1397 +#: src/regex/gnunet-regex-profiler.c:1469 #, fuzzy msgid "Error loading search strings. Exiting.\n" msgstr "Gặp lỗi khi tải xuống: %s\n" -#: src/regex/gnunet-regex-profiler.c:1485 +#: src/regex/gnunet-regex-profiler.c:1557 #, fuzzy msgid "name of the file for writing statistics" msgstr "Lỗi lấy thông kê về truyền tải.\n" -#: src/regex/gnunet-regex-profiler.c:1491 +#: src/regex/gnunet-regex-profiler.c:1563 msgid "wait TIMEOUT before ending the experiment" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1497 +#: src/regex/gnunet-regex-profiler.c:1569 msgid "directory with policy files" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1504 +#: src/regex/gnunet-regex-profiler.c:1576 #, fuzzy msgid "name of file with input strings" msgstr "Lỗi lấy thông kê về truyền tải.\n" -#: src/regex/gnunet-regex-profiler.c:1510 +#: src/regex/gnunet-regex-profiler.c:1582 #, fuzzy msgid "name of file with hosts' names" msgstr "Lỗi lấy thông kê về truyền tải.\n" -#: src/regex/gnunet-regex-profiler.c:1523 +#: src/regex/gnunet-regex-profiler.c:1595 msgid "Profiler for regex" msgstr "" @@ -6219,10 +6398,10 @@ msgstr "" msgid "Calculate the Vectorproduct with a GNUnet peer." msgstr "" -#: src/scalarproduct/gnunet-service-scalarproduct_alice.c:1407 -#: src/scalarproduct/gnunet-service-scalarproduct_bob.c:1345 -#: src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c:1180 +#: src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c:1172 #: src/scalarproduct/gnunet-service-scalarproduct-ecc_bob.c:1063 +#: src/scalarproduct/gnunet-service-scalarproduct_alice.c:1401 +#: src/scalarproduct/gnunet-service-scalarproduct_bob.c:1345 #, fuzzy msgid "Connect to CADET failed\n" msgstr " Không kết nối được (lỗi ?)\n" @@ -6247,7 +6426,7 @@ msgstr "" msgid "also profile decryption" msgstr "" -#: src/set/gnunet-service-set.c:1948 +#: src/set/gnunet-service-set.c:1989 #, fuzzy msgid "Could not connect to CADET service\n" msgstr "Không thể kết nối tới %s:%u: %s\n" @@ -6307,114 +6486,114 @@ msgstr "" msgid "say good-bye and leave somebody else's place" msgstr "" -#: src/social/gnunet-social.c:1227 src/social/gnunet-social.c:1232 +#: src/social/gnunet-social.c:1227 msgid "create a place" msgstr "" -#: src/social/gnunet-social.c:1237 +#: src/social/gnunet-social.c:1232 msgid "destroy a place we were hosting" msgstr "" -#: src/social/gnunet-social.c:1242 +#: src/social/gnunet-social.c:1237 msgid "enter somebody else's place" msgstr "" -#: src/social/gnunet-social.c:1248 +#: src/social/gnunet-social.c:1243 msgid "find state matching name prefix" msgstr "" -#: src/social/gnunet-social.c:1253 +#: src/social/gnunet-social.c:1248 msgid "replay history of messages up to the given --limit" msgstr "" -#: src/social/gnunet-social.c:1258 +#: src/social/gnunet-social.c:1253 msgid "reconnect to a previously created place" msgstr "" -#: src/social/gnunet-social.c:1263 +#: src/social/gnunet-social.c:1258 msgid "publish something to a place we are hosting" msgstr "" -#: src/social/gnunet-social.c:1268 +#: src/social/gnunet-social.c:1263 msgid "reconnect to a previously entered place" msgstr "" -#: src/social/gnunet-social.c:1273 +#: src/social/gnunet-social.c:1268 msgid "search for state matching exact name" msgstr "" -#: src/social/gnunet-social.c:1278 +#: src/social/gnunet-social.c:1273 msgid "submit something to somebody's place" msgstr "" -#: src/social/gnunet-social.c:1283 +#: src/social/gnunet-social.c:1278 msgid "list of egos and subscribed places" msgstr "" -#: src/social/gnunet-social.c:1288 +#: src/social/gnunet-social.c:1283 msgid "extract and replay history between message IDs --start and --until" msgstr "" -#: src/social/gnunet-social.c:1297 +#: src/social/gnunet-social.c:1292 msgid "application ID to use when connecting" msgstr "" -#: src/social/gnunet-social.c:1303 +#: src/social/gnunet-social.c:1298 msgid "message body or state value" msgstr "" -#: src/social/gnunet-social.c:1309 +#: src/social/gnunet-social.c:1304 #, fuzzy msgid "name or public key of ego" msgstr "Đối số không hợp lệ cho « %s ».\n" -#: src/social/gnunet-social.c:1314 +#: src/social/gnunet-social.c:1309 #, fuzzy msgid "wait for incoming messages" msgstr "Lỗi gửi tin nhẳn.\n" -#: src/social/gnunet-social.c:1320 +#: src/social/gnunet-social.c:1315 msgid "GNS name" msgstr "" -#: src/social/gnunet-social.c:1326 +#: src/social/gnunet-social.c:1321 msgid "peer ID for --guest-enter" msgstr "" -#: src/social/gnunet-social.c:1332 +#: src/social/gnunet-social.c:1327 msgid "name (key) to query from state" msgstr "" -#: src/social/gnunet-social.c:1338 +#: src/social/gnunet-social.c:1333 msgid "method name" msgstr "" -#: src/social/gnunet-social.c:1344 +#: src/social/gnunet-social.c:1339 #, fuzzy msgid "number of messages to replay from history" msgstr "số tin nhắn cần dùng mỗi lần lặp" -#: src/social/gnunet-social.c:1350 +#: src/social/gnunet-social.c:1345 msgid "key address of place" msgstr "" -#: src/social/gnunet-social.c:1356 +#: src/social/gnunet-social.c:1351 msgid "start message ID for history replay" msgstr "" -#: src/social/gnunet-social.c:1361 +#: src/social/gnunet-social.c:1356 msgid "respond to entry requests by admitting all guests" msgstr "" -#: src/social/gnunet-social.c:1367 +#: src/social/gnunet-social.c:1362 msgid "end message ID for history replay" msgstr "" -#: src/social/gnunet-social.c:1372 +#: src/social/gnunet-social.c:1367 msgid "respond to entry requests by refusing all guests" msgstr "" -#: src/social/gnunet-social.c:1382 +#: src/social/gnunet-social.c:1377 msgid "" "gnunet-social - Interact with the social service: enter/leave, send/receive " "messages, access history and state.\n" @@ -6607,7 +6786,7 @@ msgid "" msgstr "" #: src/testbed/gnunet-daemon-testbed-underlay.c:231 src/testing/list-keys.c:46 -#: src/testing/testing.c:288 src/util/gnunet-ecc.c:298 +#: src/testing/testing.c:288 src/util/gnunet-ecc.c:301 #, c-format msgid "Incorrect hostkey file format: %s\n" msgstr "" @@ -6677,16 +6856,6 @@ msgstr "« %s » đang tắt.\n" msgid "%.s Unknown result code." msgstr "" -#: src/testbed/gnunet_testbed_mpi_spawn.c:118 -#, fuzzy -msgid "Waiting for child to exit.\n" -msgstr "Đang đợi các đồng đẳng kết nối" - -#: src/testbed/gnunet_testbed_mpi_spawn.c:241 -#, fuzzy, c-format -msgid "Spawning process `%s'\n" -msgstr "Đang bắt đầu tài về « %s »\n" - #: src/testbed/gnunet-testbed-profiler.c:290 msgid "tolerate COUNT number of continious timeout failures" msgstr "" @@ -6698,6 +6867,16 @@ msgid "" "signal is received" msgstr "" +#: src/testbed/gnunet_testbed_mpi_spawn.c:118 +#, fuzzy +msgid "Waiting for child to exit.\n" +msgstr "Đang đợi các đồng đẳng kết nối" + +#: src/testbed/gnunet_testbed_mpi_spawn.c:241 +#, fuzzy, c-format +msgid "Spawning process `%s'\n" +msgstr "Đang bắt đầu tài về « %s »\n" + #: src/testbed/testbed_api.c:410 #, fuzzy, c-format msgid "Adding host %u failed with error: %s\n" @@ -7000,10 +7179,6 @@ msgstr "# các thông báo PONG đã mật mã được nhận" msgid "GNUnet topology control" msgstr "" -#: src/transport/gnunet-service-transport_ats.c:141 -msgid "# Addresses given to ATS" -msgstr "" - #: src/transport/gnunet-service-transport.c:448 #, fuzzy msgid "# messages dropped due to slow client" @@ -7053,6 +7228,10 @@ msgstr "" msgid "Transport service is lacking key configuration settings. Exiting.\n" msgstr "Lưu cấu hình ngay bây giờ không?" +#: src/transport/gnunet-service-transport_ats.c:141 +msgid "# Addresses given to ATS" +msgstr "" + #: src/transport/gnunet-service-transport_hello.c:195 msgid "# refreshed my HELLO" msgstr "" @@ -7387,6 +7566,46 @@ msgstr "" msgid "# validations succeeded" msgstr "" +#: src/transport/gnunet-transport-profiler.c:219 +#, c-format +msgid "%llu B in %llu ms == %.2f KB/s!\n" +msgstr "" + +#: src/transport/gnunet-transport-profiler.c:617 +msgid "send data to peer" +msgstr "" + +#: src/transport/gnunet-transport-profiler.c:621 +#, fuzzy +msgid "receive data from peer" +msgstr "Yêu cầu cấp %d từ đồng đẳng %d\n" + +#: src/transport/gnunet-transport-profiler.c:626 +#, fuzzy +msgid "iterations" +msgstr "Tùy chọn chung" + +#: src/transport/gnunet-transport-profiler.c:631 +#, fuzzy +msgid "number of messages to send" +msgstr "số tin nhắn cần dùng mỗi lần lặp" + +#: src/transport/gnunet-transport-profiler.c:636 +#, fuzzy +msgid "message size to use" +msgstr "kích cỡ tin nhắn" + +#: src/transport/gnunet-transport-profiler.c:641 +#: src/transport/gnunet-transport.c:1462 +msgid "peer identity" +msgstr "" + +#: src/transport/gnunet-transport-profiler.c:652 +#: src/transport/gnunet-transport.c:1482 +#, fuzzy +msgid "Direct access to transport service." +msgstr "Lỗi kết nối đến gnunetd.\n" + #: src/transport/gnunet-transport.c:413 #, fuzzy, c-format msgid "Transmitted %llu bytes/s (%llu bytes in %s)\n" @@ -7526,11 +7745,6 @@ msgstr "In ra thông tin về các đồng đẳng GNUnet." msgid "do not resolve hostnames" msgstr "không quyết định các tên máy" -#: src/transport/gnunet-transport.c:1462 -#: src/transport/gnunet-transport-profiler.c:641 -msgid "peer identity" -msgstr "" - #: src/transport/gnunet-transport.c:1466 msgid "monitor plugin sessions" msgstr "" @@ -7539,44 +7753,9 @@ msgstr "" msgid "send data for benchmarking to the other peer (until CTRL-C)" msgstr "" -#: src/transport/gnunet-transport.c:1482 -#: src/transport/gnunet-transport-profiler.c:652 -#, fuzzy -msgid "Direct access to transport service." -msgstr "Lỗi kết nối đến gnunetd.\n" - -#: src/transport/gnunet-transport-profiler.c:219 -#, c-format -msgid "%llu B in %llu ms == %.2f KB/s!\n" -msgstr "" - -#: src/transport/gnunet-transport-profiler.c:617 -msgid "send data to peer" -msgstr "" - -#: src/transport/gnunet-transport-profiler.c:621 -#, fuzzy -msgid "receive data from peer" -msgstr "Yêu cầu cấp %d từ đồng đẳng %d\n" - -#: src/transport/gnunet-transport-profiler.c:626 -#, fuzzy -msgid "iterations" -msgstr "Tùy chọn chung" - -#: src/transport/gnunet-transport-profiler.c:631 -#, fuzzy -msgid "number of messages to send" -msgstr "số tin nhắn cần dùng mỗi lần lặp" - -#: src/transport/gnunet-transport-profiler.c:636 -#, fuzzy -msgid "message size to use" -msgstr "kích cỡ tin nhắn" - #: src/transport/plugin_transport_http_client.c:1474 -#: src/transport/plugin_transport_http_server.c:2249 -#: src/transport/plugin_transport_http_server.c:3463 +#: src/transport/plugin_transport_http_server.c:2312 +#: src/transport/plugin_transport_http_server.c:3526 #: src/transport/plugin_transport_tcp.c:3890 #: src/transport/plugin_transport_tcp.c:3897 msgid "TCP_STEALTH not supported on this platform.\n" @@ -7588,13 +7767,13 @@ msgid "Could not initialize curl multi handle, failed to start %s plugin!\n" msgstr "" #: src/transport/plugin_transport_http_client.c:2164 -#: src/transport/plugin_transport_http_server.c:3178 +#: src/transport/plugin_transport_http_server.c:3241 #, fuzzy, c-format msgid "Shutting down plugin `%s'\n" msgstr "Đang nạp các truyền tải « %s »\n" #: src/transport/plugin_transport_http_client.c:2181 -#: src/transport/plugin_transport_http_server.c:3248 +#: src/transport/plugin_transport_http_server.c:3311 #, fuzzy, c-format msgid "Shutdown for plugin `%s' complete\n" msgstr "Tải lên « %s » hoàn thành, địa chỉ URI là « %s ».\n" @@ -7604,106 +7783,106 @@ msgstr "Tải lên « %s » hoàn thành, địa chỉ URI là « %s ».\n" msgid "Maximum number of requests is %u\n" msgstr "tăng sổ tối đa các kết nối TCP/IP" -#: src/transport/plugin_transport_http_server.c:1727 +#: src/transport/plugin_transport_http_server.c:1756 #, c-format msgid "" "Access from connection %p (%u of %u) for `%s' `%s' url `%s' with upload data " "size %u\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:1967 +#: src/transport/plugin_transport_http_server.c:2028 #, c-format msgid "Accepting connection (%u of %u) from `%s'\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:1975 +#: src/transport/plugin_transport_http_server.c:2036 #, c-format msgid "" "Server reached maximum number connections (%u), rejecting new connection\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2125 +#: src/transport/plugin_transport_http_server.c:2186 msgid "" "Could not create a new TLS certificate, program `gnunet-transport-" "certificate-creation' could not be started!\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2148 +#: src/transport/plugin_transport_http_server.c:2209 #, c-format msgid "No usable TLS certificate found and creating one at `%s/%s' failed!\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2275 +#: src/transport/plugin_transport_http_server.c:2338 msgid "Could not load or create server certificate! Loading plugin failed!\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2587 +#: src/transport/plugin_transport_http_server.c:2650 #, fuzzy msgid "Require valid port number for service in configuration!\n" msgstr "Lỗi lưu cấu hình." -#: src/transport/plugin_transport_http_server.c:2752 +#: src/transport/plugin_transport_http_server.c:2815 #, c-format msgid "Found %u addresses to report to NAT service\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2838 +#: src/transport/plugin_transport_http_server.c:2901 #: src/transport/plugin_transport_udp.c:3622 msgid "Disabling IPv6 since it is not supported on this system!\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2944 +#: src/transport/plugin_transport_http_server.c:3007 #, c-format msgid "IPv4 support is %s\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2959 +#: src/transport/plugin_transport_http_server.c:3022 #, c-format msgid "IPv6 support is %s\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2965 +#: src/transport/plugin_transport_http_server.c:3028 msgid "Neither IPv4 nor IPv6 are enabled! Fix in configuration\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2976 +#: src/transport/plugin_transport_http_server.c:3039 #, fuzzy msgid "Port is required! Fix in configuration\n" msgstr "" "\n" "Kết thúc cấu hình.\n" -#: src/transport/plugin_transport_http_server.c:2982 +#: src/transport/plugin_transport_http_server.c:3045 #, fuzzy, c-format msgid "Using port %u\n" msgstr "Đang thử nghiệm (các) truyền tải %s\n" -#: src/transport/plugin_transport_http_server.c:3001 +#: src/transport/plugin_transport_http_server.c:3064 #, fuzzy, c-format msgid "Specific IPv4 address `%s' in configuration file is invalid!\n" msgstr "Đang thử dùng tập tin « %s » cho cấu hình MySQL.\n" -#: src/transport/plugin_transport_http_server.c:3036 +#: src/transport/plugin_transport_http_server.c:3099 #, fuzzy, c-format msgid "Specific IPv6 address `%s' in configuration file is invalid!\n" msgstr "Đang thử dùng tập tin « %s » cho cấu hình MySQL.\n" -#: src/transport/plugin_transport_http_server.c:3111 +#: src/transport/plugin_transport_http_server.c:3174 #, fuzzy, c-format msgid "Using external hostname `%s'\n" msgstr "Đang bắt đầu tài về « %s »\n" -#: src/transport/plugin_transport_http_server.c:3132 +#: src/transport/plugin_transport_http_server.c:3195 #, fuzzy, c-format msgid "Notifying transport only about hostname `%s'\n" msgstr "không quyết định các tên máy" -#: src/transport/plugin_transport_http_server.c:3149 +#: src/transport/plugin_transport_http_server.c:3212 #, fuzzy, c-format msgid "Maximum number of connections is %u\n" msgstr "tăng sổ tối đa các kết nối TCP/IP" -#: src/transport/plugin_transport_http_server.c:3475 +#: src/transport/plugin_transport_http_server.c:3538 #, fuzzy msgid "Unable to compile URL regex\n" msgstr "Không thể sơ khởi SQLite: %s.\n" @@ -7852,21 +8031,6 @@ msgstr "" msgid "TCP transport advertises itself as being on port %llu\n" msgstr "" -#: src/transport/plugin_transport_udp_broadcasting.c:168 -#, fuzzy -msgid "# Multicast HELLO beacons received via UDP" -msgstr "# các thông báo PONG đã mật mã được nhận" - -#: src/transport/plugin_transport_udp_broadcasting.c:548 -msgid "" -"Disabling HELLO broadcasting due to friend-to-friend only configuration!\n" -msgstr "" - -#: src/transport/plugin_transport_udp_broadcasting.c:565 -#, c-format -msgid "Failed to set IPv4 broadcast option for broadcast socket on port %d\n" -msgstr "" - #: src/transport/plugin_transport_udp.c:3366 #, c-format msgid "" @@ -7915,6 +8079,21 @@ msgstr "« %s » không sẵn sàng.\n" msgid "Failed to create UDP network sockets\n" msgstr "Không thể tạo miền tên.\n" +#: src/transport/plugin_transport_udp_broadcasting.c:168 +#, fuzzy +msgid "# Multicast HELLO beacons received via UDP" +msgstr "# các thông báo PONG đã mật mã được nhận" + +#: src/transport/plugin_transport_udp_broadcasting.c:548 +msgid "" +"Disabling HELLO broadcasting due to friend-to-friend only configuration!\n" +msgstr "" + +#: src/transport/plugin_transport_udp_broadcasting.c:565 +#, c-format +msgid "Failed to set IPv4 broadcast option for broadcast socket on port %d\n" +msgstr "" + #: src/transport/plugin_transport_unix.c:1403 #, fuzzy, c-format msgid "Cannot create path to `%s'\n" @@ -8029,7 +8208,7 @@ msgid "" "`GNUNET_SERVER_receive_done' after %s\n" msgstr "" -#: src/transport/tcp_service_legacy.c:339 src/util/service.c:2337 +#: src/transport/tcp_service_legacy.c:339 src/util/service.c:2336 #, fuzzy, c-format msgid "Unknown address family %d\n" msgstr "\tKhông rõ miền tên « %s »\n" @@ -8074,51 +8253,51 @@ msgstr "Lỗi chạy %s: %s %d\n" msgid "Service `%s' runs at %s\n" msgstr "Đồng đẳng « %s » có mức tin cậy %8u\n" -#: src/transport/tcp_service_legacy.c:1251 src/util/service.c:1501 +#: src/transport/tcp_service_legacy.c:1251 src/util/service.c:1500 msgid "Service process failed to initialize\n" msgstr "" -#: src/transport/tcp_service_legacy.c:1255 src/util/service.c:1505 +#: src/transport/tcp_service_legacy.c:1255 src/util/service.c:1504 msgid "Service process could not initialize server function\n" msgstr "" -#: src/transport/tcp_service_legacy.c:1259 src/util/service.c:1509 +#: src/transport/tcp_service_legacy.c:1259 src/util/service.c:1508 msgid "Service process failed to report status\n" msgstr "" #: src/transport/tcp_service_legacy.c:1313 src/util/disk.c:1488 -#: src/util/service.c:1379 +#: src/util/service.c:1378 #, c-format msgid "Cannot obtain information about user `%s': %s\n" msgstr "Không thể lấy thông tin về người dùng « %s »: %s\n" -#: src/transport/tcp_service_legacy.c:1314 src/util/service.c:1381 +#: src/transport/tcp_service_legacy.c:1314 src/util/service.c:1380 msgid "No such user" msgstr "Không có người dùng như vậy" -#: src/transport/tcp_service_legacy.c:1327 src/util/service.c:1400 +#: src/transport/tcp_service_legacy.c:1327 src/util/service.c:1399 #, c-format msgid "Cannot change user/group to `%s': %s\n" msgstr "Không thể thay đổi người dùng/nhóm thành « %s »: %s\n" -#: src/transport/tcp_service_legacy.c:1398 src/util/service.c:1728 +#: src/transport/tcp_service_legacy.c:1398 src/util/service.c:1727 msgid "do daemonize (detach from terminal)" msgstr "" #: src/transport/tcp_service_legacy.c:1448 src/util/program.c:244 -#: src/util/service.c:1791 +#: src/util/service.c:1790 #, fuzzy, c-format msgid "Malformed configuration file `%s', exit ...\n" msgstr "Không thể lưu tập tin cấu hình « %s »:" #: src/transport/tcp_service_legacy.c:1458 src/util/program.c:261 -#: src/util/service.c:1802 +#: src/util/service.c:1801 #, fuzzy msgid "Malformed configuration, exit ...\n" msgstr "Không thể lưu tập tin cấu hình « %s »:" #: src/transport/tcp_service_legacy.c:1463 src/util/program.c:256 -#: src/util/service.c:1808 +#: src/util/service.c:1807 #, fuzzy, c-format msgid "Could not access configuration file `%s'\n" msgstr "Không thể truy cập đến tập tin gnunet-directory « %s »\n" @@ -8162,71 +8341,71 @@ msgstr "" msgid "Need a non-empty hostname for service `%s'.\n" msgstr "" -#: src/util/common_logging.c:256 src/util/common_logging.c:1129 +#: src/util/common_logging.c:259 src/util/common_logging.c:1132 msgid "DEBUG" msgstr "GỠ LỖI" -#: src/util/common_logging.c:258 src/util/common_logging.c:1127 +#: src/util/common_logging.c:261 src/util/common_logging.c:1130 msgid "INFO" msgstr "TIN" -#: src/util/common_logging.c:260 src/util/common_logging.c:1125 +#: src/util/common_logging.c:263 src/util/common_logging.c:1128 msgid "MESSAGE" msgstr "" -#: src/util/common_logging.c:262 src/util/common_logging.c:1123 +#: src/util/common_logging.c:265 src/util/common_logging.c:1126 msgid "WARNING" msgstr "CẢNH BÁO" -#: src/util/common_logging.c:264 src/util/common_logging.c:1121 +#: src/util/common_logging.c:267 src/util/common_logging.c:1124 msgid "ERROR" msgstr "LỖI" -#: src/util/common_logging.c:266 src/util/common_logging.c:1131 +#: src/util/common_logging.c:269 src/util/common_logging.c:1134 msgid "NONE" msgstr "" -#: src/util/common_logging.c:879 +#: src/util/common_logging.c:882 #, fuzzy, c-format msgid "Message `%.*s' repeated %u times in the last %s\n" msgstr "Thông điệp « %.*s » đã lặp lại %u lần trong %llu giây trước\n" -#: src/util/common_logging.c:1132 +#: src/util/common_logging.c:1135 msgid "INVALID" msgstr "" -#: src/util/common_logging.c:1302 +#: src/util/common_logging.c:1326 msgid "unknown address" msgstr "" -#: src/util/common_logging.c:1344 +#: src/util/common_logging.c:1368 msgid "invalid address" msgstr "" -#: src/util/common_logging.c:1362 +#: src/util/common_logging.c:1386 #, fuzzy, c-format msgid "Configuration fails to specify option `%s' in section `%s'!\n" msgstr "" "Cấu hình không thỏa mãn các ràng buộc của tập tin đặc tả cấu hình « %s ».\n" -#: src/util/common_logging.c:1383 +#: src/util/common_logging.c:1407 #, fuzzy, c-format msgid "" "Configuration specifies invalid value for option `%s' in section `%s': %s\n" msgstr "" "Cấu hình không thỏa mãn các ràng buộc của tập tin đặc tả cấu hình « %s ».\n" -#: src/util/configuration.c:286 +#: src/util/configuration.c:296 #, fuzzy, c-format msgid "Syntax error while deserializing in line %u\n" msgstr "Gặp lỗi cú pháp trong tập tin cấu hình « %s » tại dòng %d.\n" -#: src/util/configuration.c:344 +#: src/util/configuration.c:355 #, fuzzy, c-format msgid "Error while reading file `%s'\n" msgstr "Gặp lỗi khi tải xuống: %s\n" -#: src/util/configuration.c:1017 +#: src/util/configuration.c:1034 #, c-format msgid "" "Configuration value '%s' for '%s' in section '%s' is not in set of legal " @@ -8235,17 +8414,17 @@ msgstr "" "Giá trị cấu hình « %s » cho « %s » trong phần « %s » không phải nằm trong " "tập hợp các sự chọn được phép\n" -#: src/util/configuration.c:1136 +#: src/util/configuration.c:1153 #, c-format msgid "Recursive expansion suspected, aborting $-expansion for term `%s'\n" msgstr "" -#: src/util/configuration.c:1169 +#: src/util/configuration.c:1186 #, fuzzy, c-format msgid "Missing closing `%s' in option `%s'\n" msgstr "Giá trị cấu hình « %s » cho « %s » trong phần « %s » nên là con số\n" -#: src/util/configuration.c:1237 +#: src/util/configuration.c:1254 #, c-format msgid "" "Failed to expand `%s' in `%s' as it is neither found in [PATHS] nor defined " @@ -8279,32 +8458,32 @@ msgstr "Lỗi thẩm tra chữ ký RSA tại %s:%d: %s\n" msgid "EdDSA signature verification failed at %s:%d: %s\n" msgstr "Lỗi thẩm tra chữ ký RSA tại %s:%d: %s\n" -#: src/util/crypto_ecc_setup.c:122 src/util/crypto_ecc_setup.c:160 -#: src/util/crypto_ecc_setup.c:278 src/util/crypto_ecc_setup.c:316 +#: src/util/crypto_ecc_setup.c:122 src/util/crypto_ecc_setup.c:161 +#: src/util/crypto_ecc_setup.c:279 src/util/crypto_ecc_setup.c:317 #, fuzzy, c-format msgid "Could not acquire lock on file `%s': %s...\n" msgstr "Lỗi mở tập tin theo dõi « %s »: %s\n" -#: src/util/crypto_ecc_setup.c:127 src/util/crypto_ecc_setup.c:283 +#: src/util/crypto_ecc_setup.c:128 src/util/crypto_ecc_setup.c:284 #, fuzzy msgid "Creating a new private key. This may take a while.\n" msgstr "Đang tạo khoá máy mới (có thể hơi lâu).\n" -#: src/util/crypto_ecc_setup.c:164 src/util/crypto_ecc_setup.c:320 +#: src/util/crypto_ecc_setup.c:165 src/util/crypto_ecc_setup.c:322 msgid "This may be ok if someone is currently generating a private key.\n" msgstr "" -#: src/util/crypto_ecc_setup.c:194 src/util/crypto_ecc_setup.c:350 +#: src/util/crypto_ecc_setup.c:195 src/util/crypto_ecc_setup.c:352 #, c-format msgid "" "When trying to read key file `%s' I found %u bytes but I need at least %u.\n" msgstr "" -#: src/util/crypto_ecc_setup.c:198 src/util/crypto_ecc_setup.c:354 +#: src/util/crypto_ecc_setup.c:199 src/util/crypto_ecc_setup.c:356 msgid "This may be ok if someone is currently generating a key.\n" msgstr "" -#: src/util/crypto_ecc_setup.c:413 +#: src/util/crypto_ecc_setup.c:415 #, fuzzy msgid "Could not load peer's private key\n" msgstr "Không thể truy cập đến tập tin gnunet-directory « %s »\n" @@ -8499,82 +8678,86 @@ msgstr "" msgid "Manipulate GNUnet configuration files" msgstr "cập nhật một giá trị trong tập tin cấu hình" -#: src/util/gnunet-ecc.c:84 +#: src/util/gnunet-ecc.c:89 #, fuzzy, c-format msgid "Failed to open `%s': %s\n" msgstr "Lỗi mở tập tin ghi sự kiện « %s »: %s\n" -#: src/util/gnunet-ecc.c:120 +#: src/util/gnunet-ecc.c:125 #, c-format msgid "Generating %u keys like %s, please wait" msgstr "" -#: src/util/gnunet-ecc.c:133 +#: src/util/gnunet-ecc.c:138 #, c-format msgid "Generating %u keys, please wait" msgstr "" -#: src/util/gnunet-ecc.c:174 +#: src/util/gnunet-ecc.c:179 #, fuzzy, c-format msgid "" "\n" "Failed to write to `%s': %s\n" msgstr "Lỗi chạy %s: %s %d\n" -#: src/util/gnunet-ecc.c:184 +#: src/util/gnunet-ecc.c:189 #, c-format msgid "" "\n" "Finished!\n" msgstr "" -#: src/util/gnunet-ecc.c:187 +#: src/util/gnunet-ecc.c:192 #, c-format msgid "" "\n" "Error, %u keys not generated\n" msgstr "" -#: src/util/gnunet-ecc.c:280 +#: src/util/gnunet-ecc.c:283 #, fuzzy, c-format msgid "Hostkeys file `%s' not found\n" msgstr "Khoá phiên chạy từ đồng đẳng « %s » không thể được thẩm tra.\n" -#: src/util/gnunet-ecc.c:291 +#: src/util/gnunet-ecc.c:294 #, fuzzy, c-format msgid "Hostkeys file `%s' is empty\n" msgstr "Định dạng của tập tin « %s » là không hợp lệ.\n" -#: src/util/gnunet-ecc.c:313 +#: src/util/gnunet-ecc.c:316 #, fuzzy, c-format msgid "Could not read hostkey file: %s\n" msgstr "Không thể đọc danh sách bạn bè « %s »\n" -#: src/util/gnunet-ecc.c:364 +#: src/util/gnunet-ecc.c:367 msgid "No hostkey file specified on command line\n" msgstr "" -#: src/util/gnunet-ecc.c:416 +#: src/util/gnunet-ecc.c:425 msgid "list keys included in a file (for testing)" msgstr "" -#: src/util/gnunet-ecc.c:421 +#: src/util/gnunet-ecc.c:430 msgid "number of keys to list included in a file (for testing)" msgstr "" -#: src/util/gnunet-ecc.c:426 +#: src/util/gnunet-ecc.c:435 msgid "create COUNT public-private key pairs (for testing)" msgstr "" -#: src/util/gnunet-ecc.c:430 +#: src/util/gnunet-ecc.c:439 msgid "print the public key in ASCII format" msgstr "" -#: src/util/gnunet-ecc.c:434 +#: src/util/gnunet-ecc.c:443 +msgid "print the public key in HEX format" +msgstr "" + +#: src/util/gnunet-ecc.c:447 msgid "print examples of ECC operations (used for compatibility testing)" msgstr "" -#: src/util/gnunet-ecc.c:449 +#: src/util/gnunet-ecc.c:463 #, fuzzy msgid "Manipulate GNUnet private ECC key files" msgstr "cập nhật một giá trị trong tập tin cấu hình" @@ -8668,7 +8851,7 @@ msgstr "Gặp lỗi khi tạo người dùng" msgid "Unable to shorten unix path `%s' while keeping name unique\n" msgstr "" -#: src/util/network.c:1793 src/util/network.c:1969 +#: src/util/network.c:1793 src/util/network.c:1977 #, c-format msgid "" "Fatal internal logic error, process hangs in `%s' (abort with CTRL-C)!\n" @@ -8721,7 +8904,7 @@ msgstr "« %s » thất bại cho thư viện « %s » với lỗi: %s\n" msgid "Could not determine plugin installation path.\n" msgstr "Không thể truy cập đến thông tin về không gian tên.\n" -#: src/util/resolver_api.c:204 +#: src/util/resolver_api.c:203 #, c-format msgid "" "Missing `%s' for `%s' in configuration, DNS resolution will be unavailable.\n" @@ -8734,32 +8917,32 @@ msgid "" "resolution will be unavailable.\n" msgstr "" -#: src/util/resolver_api.c:815 +#: src/util/resolver_api.c:826 #, fuzzy, c-format msgid "Timeout trying to resolve hostname `%s'.\n" msgstr "không quyết định các tên máy" -#: src/util/resolver_api.c:827 +#: src/util/resolver_api.c:839 #, fuzzy, c-format msgid "Timeout trying to resolve IP address `%s'.\n" msgstr "GNUnet bây giờ sử dụng địa chỉ IP %s.\n" -#: src/util/resolver_api.c:1004 +#: src/util/resolver_api.c:1023 msgid "Resolver not configured correctly.\n" msgstr "" -#: src/util/resolver_api.c:1086 src/util/resolver_api.c:1107 -#: src/util/resolver_api.c:1121 +#: src/util/resolver_api.c:1109 src/util/resolver_api.c:1132 +#: src/util/resolver_api.c:1146 #, fuzzy, c-format msgid "Could not resolve our FQDN: %s\n" msgstr "Không thể giải quyết « %s » (%s): %s\n" -#: src/util/service.c:1306 +#: src/util/service.c:1305 msgid "" "Could not bind to any of the ports I was supposed to, refusing to run!\n" msgstr "" -#: src/util/service.c:2082 +#: src/util/service.c:2081 #, c-format msgid "" "Processing code for message of type %u did not call " @@ -8837,63 +9020,63 @@ msgstr " ngày" msgid "end of time" msgstr "" -#: src/util/strings.c:1269 +#: src/util/strings.c:1270 msgid "IPv6 address did not start with `['\n" msgstr "" -#: src/util/strings.c:1277 +#: src/util/strings.c:1278 msgid "IPv6 address did contain ':' to separate port number\n" msgstr "" -#: src/util/strings.c:1283 +#: src/util/strings.c:1284 msgid "IPv6 address did contain ']' before ':' to separate port number\n" msgstr "" -#: src/util/strings.c:1290 +#: src/util/strings.c:1291 msgid "IPv6 address did contain a valid port number after the last ':'\n" msgstr "" -#: src/util/strings.c:1299 +#: src/util/strings.c:1300 #, fuzzy, c-format msgid "Invalid IPv6 address `%s': %s\n" msgstr "Mức ưu tiên tiến trình không hợp lê « %s ».\n" -#: src/util/strings.c:1571 src/util/strings.c:1587 +#: src/util/strings.c:1572 src/util/strings.c:1588 msgid "Port not in range\n" msgstr "" -#: src/util/strings.c:1596 +#: src/util/strings.c:1597 #, fuzzy, c-format msgid "Malformed port policy `%s'\n" msgstr "Lỗi bắt đầu thu thập.\n" -#: src/util/strings.c:1679 src/util/strings.c:1710 src/util/strings.c:1758 -#: src/util/strings.c:1779 +#: src/util/strings.c:1680 src/util/strings.c:1711 src/util/strings.c:1759 +#: src/util/strings.c:1780 #, c-format msgid "Invalid format for IP: `%s'\n" msgstr "Địa chỉ IP định dạng sai: %s\n" -#: src/util/strings.c:1736 +#: src/util/strings.c:1737 #, c-format msgid "Invalid network notation ('/%d' is not legal in IPv4 CIDR)." msgstr "Ký hiệu mạng sai (« /%d » không hợp lệ trong CIDR IPv4)." -#: src/util/strings.c:1788 +#: src/util/strings.c:1789 #, fuzzy, c-format msgid "Invalid format: `%s'\n" msgstr "Địa chỉ IP định dạng sai: %s\n" -#: src/util/strings.c:1840 +#: src/util/strings.c:1841 #, c-format msgid "Invalid network notation (does not end with ';': `%s')\n" msgstr "Ký hiệu mạng sai (không kết thúc với « ; »: « %s »)\n" -#: src/util/strings.c:1890 +#: src/util/strings.c:1891 #, fuzzy, c-format msgid "Wrong format `%s' for netmask\n" msgstr "Mặt nạ mạng có định dạng sai « %s »: %s\n" -#: src/util/strings.c:1921 +#: src/util/strings.c:1922 #, fuzzy, c-format msgid "Wrong format `%s' for network\n" msgstr "Mạng có định dạng sai « %s »: %s\n" @@ -9076,27 +9259,43 @@ msgstr "# các byte đã nhận qua UDP" msgid "Setup tunnels via VPN." msgstr "" -#: src/zonemaster/gnunet-service-zonemaster.c:705 +#: src/zonemaster/gnunet-service-zonemaster.c:706 #, fuzzy msgid "Failed to connect to the namestore!\n" msgstr "Không kết nối được đến trình nền gnunetd." -#: src/include/gnunet_common.h:674 src/include/gnunet_common.h:681 -#: src/include/gnunet_common.h:691 src/include/gnunet_common.h:699 +#: src/include/gnunet_common.h:689 src/include/gnunet_common.h:696 +#: src/include/gnunet_common.h:706 src/include/gnunet_common.h:714 #, fuzzy, c-format msgid "Assertion failed at %s:%d.\n" msgstr "Lỗi nội bộ : khẳng định không thành công tại %s:%d.\n" -#: src/include/gnunet_common.h:711 +#: src/include/gnunet_common.h:726 #, fuzzy, c-format msgid "External protocol violation detected at %s:%d.\n" msgstr "Lỗi nội bộ : khẳng định không thành công tại %s:%d.\n" -#: src/include/gnunet_common.h:738 src/include/gnunet_common.h:747 +#: src/include/gnunet_common.h:753 src/include/gnunet_common.h:762 #, c-format msgid "`%s' failed on file `%s' at %s:%d with error: %s\n" msgstr "« %s » thất bại ở tập tin « %s » tại %s:%d với lỗi: %s\n" +#, fuzzy +#~ msgid "Token `%s' is malformed\n" +#~ msgstr "Đối số không hợp lệ cho « %s ».\n" + +#, fuzzy +#~ msgid "Failed to create indices\n" +#~ msgstr "Không thể tạo miền tên.\n" + +#, fuzzy +#~ msgid "`%s:%s' failed at %s:%d with error: %s\n" +#~ msgstr "« %s » bị lỗi tại %s:%d với lỗi: %s" + +#, fuzzy +#~ msgid "Unable to connect to Postgres database '%s': %s\n" +#~ msgstr "Không thể lưu tập tin cấu hình « %s »:" + #, fuzzy #~ msgid "Misconfiguration (can not connect to the ARM service)" #~ msgstr "Lỗi kết nối đến gnunetd.\n" @@ -9205,10 +9404,6 @@ msgstr "« %s » thất bại ở tập tin « %s » tại %s:%d với lỗi: %s #~ msgid "# transmission request failures" #~ msgstr "# các sự truyền PONG bị lỗi" -#, fuzzy -#~ msgid "# bytes sent to datastore" -#~ msgstr "# các byte trong kho dữ liệu" - #, fuzzy #~ msgid "Failed to receive status response from database." #~ msgstr "" @@ -9525,10 +9720,6 @@ msgstr "« %s » thất bại ở tập tin « %s » tại %s:%d với lỗi: %s #~ msgid "Timeout transmitting iteration request to `SENSOR' service." #~ msgstr "Lỗi sơ khởi dịch vụ « %s ».\n" -#, fuzzy -#~ msgid "Error reading sensor version\n" -#~ msgstr "Gặp lỗi khi tạo người dùng" - #, fuzzy #~ msgid "Error reading sensor category\n" #~ msgstr "Gặp lỗi khi tạo người dùng" @@ -10133,12 +10324,6 @@ msgstr "« %s » thất bại ở tập tin « %s » tại %s:%d với lỗi: %s #~ "\n" #~ "Không nhận được đáp ứng từ gnunetd.\n" -#, fuzzy -#~ msgid "Failed to remove records from database" -#~ msgstr "" -#~ "\n" -#~ "Không nhận được đáp ứng từ gnunetd.\n" - #, fuzzy #~ msgid "Failed to access database" #~ msgstr "Lỗi mở tập tin ghi sự kiện « %s »: %s\n" diff --git a/po/zh_CN.po b/po/zh_CN.po index fee065a9d..2539296c2 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: gnunet-0.8.1\n" "Report-Msgid-Bugs-To: gnunet-developers@mail.gnu.org\n" -"POT-Creation-Date: 2017-03-31 19:22-0500\n" +"POT-Creation-Date: 2017-10-20 15:14+0000\n" "PO-Revision-Date: 2011-07-09 12:12+0800\n" "Last-Translator: Wylmer Wang \n" "Language-Team: Chinese (simplified) \n" @@ -267,7 +267,7 @@ msgid "Have neither PORT nor UNIXPATH for service `%s', but one is required\n" msgstr "" #: src/arm/gnunet-service-arm.c:513 -#: src/transport/plugin_transport_http_server.c:2621 +#: src/transport/plugin_transport_http_server.c:2684 #: src/transport/plugin_transport_tcp.c:1259 #: src/transport/tcp_service_legacy.c:696 src/util/service.c:782 #, fuzzy, c-format @@ -275,7 +275,7 @@ msgid "Failed to resolve `%s': %s\n" msgstr "打开日志文件“%s”失败:%s\n" #: src/arm/gnunet-service-arm.c:532 -#: src/transport/plugin_transport_http_server.c:2639 +#: src/transport/plugin_transport_http_server.c:2702 #: src/transport/plugin_transport_tcp.c:1278 #: src/transport/tcp_service_legacy.c:715 src/util/service.c:802 #, fuzzy, c-format @@ -349,134 +349,14 @@ msgstr "" msgid "Initiating shutdown as requested by client.\n" msgstr "" -#: src/ats/gnunet-ats-solver-eval.c:2781 src/ats/gnunet-ats-solver-eval.c:2822 -#, c-format -msgid "" -"Could not load quota for network `%s': `%s', assigning default bandwidth " -"%llu\n" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:2799 -#, c-format -msgid "" -"No outbound quota configured for network `%s', assigning default bandwidth " -"%llu\n" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:2840 -#, c-format -msgid "" -"No outbound quota configure for network `%s', assigning default bandwidth " -"%llu\n" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:3294 -#: src/ats-tests/gnunet-solver-eval.c:939 -msgid "solver to use" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:3299 -#: src/ats-tests/gnunet-solver-eval.c:945 -#: src/ats-tests/gnunet-solver-eval.c:950 -msgid "experiment to use" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:3306 -#, fuzzy -msgid "print logging" -msgstr "未知的命令“%s”。\n" - -#: src/ats/gnunet-ats-solver-eval.c:3311 -msgid "save logging to disk" -msgstr "" - -#: src/ats/gnunet-ats-solver-eval.c:3316 -msgid "disable normalization" -msgstr "" - -#: src/ats/gnunet-service-ats_plugins.c:304 -#, c-format -msgid "" -"Could not load %s quota for network `%s': `%s', assigning default bandwidth " -"%llu\n" -msgstr "" - -#: src/ats/gnunet-service-ats_plugins.c:314 -#, c-format -msgid "%s quota configured for network `%s' is %llu\n" -msgstr "" - -#: src/ats/gnunet-service-ats_plugins.c:359 -#, c-format -msgid "" -"No %s-quota configured for network `%s', assigning default bandwidth %llu\n" -msgstr "" - -#: src/ats/gnunet-service-ats_plugins.c:451 -#, fuzzy, c-format -msgid "Failed to initialize solver `%s'!\n" -msgstr "无法初始化 SQLite:%s。\n" - -#: src/ats/plugin_ats_mlp.c:1274 -msgid "Problem size too large, cannot allocate memory!\n" -msgstr "" - -#: src/ats/plugin_ats_mlp.c:1869 -#, c-format -msgid "Adding address for peer `%s' multiple times\n" -msgstr "" - -#: src/ats/plugin_ats_mlp.c:1913 -#, c-format -msgid "Updating address property for peer `%s' %p not added before\n" -msgstr "" - -#: src/ats/plugin_ats_mlp.c:2475 -msgid "" -"MLP solver is not optimizing for anything, changing to feasibility check\n" -msgstr "" - -#: src/ats/plugin_ats_mlp.c:2515 src/ats/plugin_ats_mlp.c:2532 -#: src/ats/plugin_ats_mlp.c:2564 src/ats/plugin_ats_mlp.c:2582 -#: src/ats/plugin_ats_mlp.c:2601 src/ats/plugin_ats_proportional.c:1141 -#: src/ats/plugin_ats_ril.c:2612 src/ats/plugin_ats_ril.c:2629 -#: src/ats/plugin_ats_ril.c:2646 src/ats/plugin_ats_ril.c:2663 -#: src/ats/plugin_ats_ril.c:2680 src/ats/plugin_ats_ril.c:2697 -#: src/ats/plugin_ats_ril.c:2714 src/ats/plugin_ats_ril.c:2731 -#, fuzzy, c-format -msgid "Invalid %s configuration %f \n" -msgstr "解析配置文件“%s”失败\n" - -#: src/ats/plugin_ats_mlp.c:2670 -#, c-format -msgid "" -"Adjusting inconsistent outbound quota configuration for network `%s', is " -"%llu must be at least %llu\n" -msgstr "" - -#: src/ats/plugin_ats_mlp.c:2679 -#, c-format -msgid "" -"Adjusting inconsistent inbound quota configuration for network `%s', is %llu " -"must be at least %llu\n" -msgstr "" - -#: src/ats/plugin_ats_mlp.c:2689 -#, c-format -msgid "" -"Adjusting outbound quota configuration for network `%s'from %llu to %.0f\n" -msgstr "" - -#: src/ats/plugin_ats_mlp.c:2698 -#, c-format -msgid "" -"Adjusting inbound quota configuration for network `%s' from %llu to %.0f\n" +#: src/ats-tests/ats-testing-log.c:837 +msgid "Stop logging\n" msgstr "" -#: src/ats/plugin_ats_proportional.c:1164 +#: src/ats-tests/ats-testing-log.c:892 #, fuzzy, c-format -msgid "Invalid %s configuration %f\n" -msgstr "解析配置文件“%s”失败\n" +msgid "Start logging `%s'\n" +msgstr "未知的命令“%s”。\n" #: src/ats-tests/ats-testing.c:422 #, c-format @@ -488,15 +368,6 @@ msgstr "" msgid "Failed to connect master peer [%u] with slave [%u]\n" msgstr "初始化“%s”服务失败。\n" -#: src/ats-tests/ats-testing-log.c:837 -msgid "Stop logging\n" -msgstr "" - -#: src/ats-tests/ats-testing-log.c:892 -#, fuzzy, c-format -msgid "Start logging `%s'\n" -msgstr "未知的命令“%s”。\n" - #: src/ats-tests/gnunet-ats-sim.c:90 #, c-format msgid "" @@ -504,6 +375,15 @@ msgid "" "= %u KiB/s\n" msgstr "" +#: src/ats-tests/gnunet-solver-eval.c:939 src/ats/gnunet-ats-solver-eval.c:3294 +msgid "solver to use" +msgstr "" + +#: src/ats-tests/gnunet-solver-eval.c:945 +#: src/ats-tests/gnunet-solver-eval.c:950 src/ats/gnunet-ats-solver-eval.c:3299 +msgid "experiment to use" +msgstr "" + #: src/ats-tool/gnunet-ats.c:307 #, c-format msgid "%u address resolutions had a timeout\n" @@ -625,6 +505,124 @@ msgstr "" msgid "Print information about ATS state" msgstr "无法获取有关用户“%s”的信息:%s\n" +#: src/ats/gnunet-ats-solver-eval.c:2781 src/ats/gnunet-ats-solver-eval.c:2822 +#, c-format +msgid "" +"Could not load quota for network `%s': `%s', assigning default bandwidth " +"%llu\n" +msgstr "" + +#: src/ats/gnunet-ats-solver-eval.c:2799 +#, c-format +msgid "" +"No outbound quota configured for network `%s', assigning default bandwidth " +"%llu\n" +msgstr "" + +#: src/ats/gnunet-ats-solver-eval.c:2840 +#, c-format +msgid "" +"No outbound quota configure for network `%s', assigning default bandwidth " +"%llu\n" +msgstr "" + +#: src/ats/gnunet-ats-solver-eval.c:3306 +#, fuzzy +msgid "print logging" +msgstr "未知的命令“%s”。\n" + +#: src/ats/gnunet-ats-solver-eval.c:3311 +msgid "save logging to disk" +msgstr "" + +#: src/ats/gnunet-ats-solver-eval.c:3316 +msgid "disable normalization" +msgstr "" + +#: src/ats/gnunet-service-ats_plugins.c:304 +#, c-format +msgid "" +"Could not load %s quota for network `%s': `%s', assigning default bandwidth " +"%llu\n" +msgstr "" + +#: src/ats/gnunet-service-ats_plugins.c:314 +#, c-format +msgid "%s quota configured for network `%s' is %llu\n" +msgstr "" + +#: src/ats/gnunet-service-ats_plugins.c:359 +#, c-format +msgid "" +"No %s-quota configured for network `%s', assigning default bandwidth %llu\n" +msgstr "" + +#: src/ats/gnunet-service-ats_plugins.c:451 +#, fuzzy, c-format +msgid "Failed to initialize solver `%s'!\n" +msgstr "无法初始化 SQLite:%s。\n" + +#: src/ats/plugin_ats_mlp.c:1274 +msgid "Problem size too large, cannot allocate memory!\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:1869 +#, c-format +msgid "Adding address for peer `%s' multiple times\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:1913 +#, c-format +msgid "Updating address property for peer `%s' %p not added before\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:2475 +msgid "" +"MLP solver is not optimizing for anything, changing to feasibility check\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:2515 src/ats/plugin_ats_mlp.c:2532 +#: src/ats/plugin_ats_mlp.c:2564 src/ats/plugin_ats_mlp.c:2582 +#: src/ats/plugin_ats_mlp.c:2601 src/ats/plugin_ats_proportional.c:1141 +#: src/ats/plugin_ats_ril.c:2612 src/ats/plugin_ats_ril.c:2629 +#: src/ats/plugin_ats_ril.c:2646 src/ats/plugin_ats_ril.c:2663 +#: src/ats/plugin_ats_ril.c:2680 src/ats/plugin_ats_ril.c:2697 +#: src/ats/plugin_ats_ril.c:2714 src/ats/plugin_ats_ril.c:2731 +#, fuzzy, c-format +msgid "Invalid %s configuration %f \n" +msgstr "解析配置文件“%s”失败\n" + +#: src/ats/plugin_ats_mlp.c:2670 +#, c-format +msgid "" +"Adjusting inconsistent outbound quota configuration for network `%s', is " +"%llu must be at least %llu\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:2679 +#, c-format +msgid "" +"Adjusting inconsistent inbound quota configuration for network `%s', is %llu " +"must be at least %llu\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:2689 +#, c-format +msgid "" +"Adjusting outbound quota configuration for network `%s'from %llu to %.0f\n" +msgstr "" + +#: src/ats/plugin_ats_mlp.c:2698 +#, c-format +msgid "" +"Adjusting inbound quota configuration for network `%s' from %llu to %.0f\n" +msgstr "" + +#: src/ats/plugin_ats_proportional.c:1164 +#, fuzzy, c-format +msgid "Invalid %s configuration %f\n" +msgstr "解析配置文件“%s”失败\n" + #: src/auction/gnunet-auction-create.c:163 msgid "description of the item to be sold" msgstr "" @@ -770,6 +768,28 @@ msgstr "" msgid "Connection to conversation service lost, trying to reconnect\n" msgstr "" +#: src/conversation/gnunet-conversation-test.c:119 +#, c-format +msgid "" +"\n" +"End of transmission. Have a GNU day.\n" +msgstr "" + +#: src/conversation/gnunet-conversation-test.c:145 +#, c-format +msgid "" +"\n" +"We are now playing your recording back. If you can hear it, your audio " +"settings are working..." +msgstr "" + +#: src/conversation/gnunet-conversation-test.c:210 +#, c-format +msgid "" +"We will now be recording you for %s. After that time, the recording will be " +"played back to you..." +msgstr "" + #: src/conversation/gnunet-conversation.c:269 #, c-format msgid "Incoming call from `%s'. Please /accept %u or /cancel %u the call.\n" @@ -1026,30 +1046,8 @@ msgstr "" msgid "Enables having a conversation with other GNUnet users." msgstr "" -#: src/conversation/gnunet-conversation-test.c:119 -#, c-format -msgid "" -"\n" -"End of transmission. Have a GNU day.\n" -msgstr "" - -#: src/conversation/gnunet-conversation-test.c:145 -#, c-format -msgid "" -"\n" -"We are now playing your recording back. If you can hear it, your audio " -"settings are working..." -msgstr "" - -#: src/conversation/gnunet-conversation-test.c:210 -#, c-format -msgid "" -"We will now be recording you for %s. After that time, the recording will be " -"played back to you..." -msgstr "" - -#: src/conversation/gnunet_gst.c:622 #: src/conversation/gnunet-helper-audio-playback-gst.c:356 +#: src/conversation/gnunet_gst.c:622 #, c-format msgid "Read error from STDIN: %d %s\n" msgstr "" @@ -1175,6 +1173,11 @@ msgstr "“%s”说:%s\n" msgid "Failed to allocate %u bytes for second packet\n" msgstr "初始化“%s”服务失败。\n" +#: src/conversation/gnunet-service-conversation.c:1276 +#, fuzzy, c-format +msgid "Could not open line, port %s already in use!\n" +msgstr "无法连接到 %s:%u:%s\n" + #: src/conversation/microphone.c:119 #, fuzzy msgid "Could not start record audio helper\n" @@ -1444,12 +1447,141 @@ msgstr "保存配置失败。" msgid "# type maps received" msgstr "" -#: src/core/gnunet-service-core_typemap.c:212 -msgid "# updates to my type map" +#: src/core/gnunet-service-core_typemap.c:212 +msgid "# updates to my type map" +msgstr "" + +#: src/credential/credential_misc.c:88 +#, fuzzy, c-format +msgid "Unable to parse CRED record string `%s'\n" +msgstr "解析配置文件“%s”失败\n" + +#: src/credential/gnunet-credential.c:278 src/namestore/gnunet-namestore.c:776 +#: src/namestore/plugin_rest_namestore.c:1009 +#, c-format +msgid "Ego `%s' not known to identity service\n" +msgstr "" + +#: src/credential/gnunet-credential.c:294 +#: src/credential/gnunet-credential.c:446 +#, fuzzy, c-format +msgid "Issuer public key `%s' is not well-formed\n" +msgstr "“%s”的参数无效。\n" + +#: src/credential/gnunet-credential.c:375 +#: src/credential/gnunet-credential.c:435 +#, fuzzy, c-format +msgid "Issuer public key not well-formed\n" +msgstr "“%s”的参数无效。\n" + +#: src/credential/gnunet-credential.c:386 +#: src/credential/gnunet-credential.c:455 +#, fuzzy, c-format +msgid "Failed to connect to CREDENTIAL\n" +msgstr "初始化“%s”服务失败。\n" + +#: src/credential/gnunet-credential.c:392 +#, c-format +msgid "You must provide issuer the attribute\n" +msgstr "" + +#: src/credential/gnunet-credential.c:399 +#, c-format +msgid "ego required\n" +msgstr "" + +#: src/credential/gnunet-credential.c:415 +#, c-format +msgid "Subject public key needed\n" +msgstr "" + +#: src/credential/gnunet-credential.c:426 +#, fuzzy, c-format +msgid "Subject public key `%s' is not well-formed\n" +msgstr "“%s”的参数无效。\n" + +#: src/credential/gnunet-credential.c:461 +#, c-format +msgid "You must provide issuer and subject attributes\n" +msgstr "" + +#: src/credential/gnunet-credential.c:511 +#, c-format +msgid "Issuer ego required\n" +msgstr "" + +#: src/credential/gnunet-credential.c:523 +#, c-format +msgid "Please specify name to lookup, subject key and issuer key!\n" +msgstr "" + +#: src/credential/gnunet-credential.c:543 +msgid "create credential" +msgstr "" + +#: src/credential/gnunet-credential.c:547 +msgid "verify credential against attribute" +msgstr "" + +#: src/credential/gnunet-credential.c:552 +msgid "The public key of the subject to lookup the credential for" +msgstr "" + +#: src/credential/gnunet-credential.c:557 +msgid "The name of the credential presented by the subject" +msgstr "" + +#: src/credential/gnunet-credential.c:562 +msgid "The public key of the authority to verify the credential against" +msgstr "" + +#: src/credential/gnunet-credential.c:567 +#, fuzzy +msgid "The ego to use" +msgstr "消息尺寸" + +#: src/credential/gnunet-credential.c:572 +msgid "The issuer attribute to verify against or to issue" +msgstr "" + +#: src/credential/gnunet-credential.c:577 +msgid "The time to live for the credential" +msgstr "" + +#: src/credential/gnunet-credential.c:581 +msgid "collect credentials" +msgstr "" + +#: src/credential/gnunet-credential.c:595 +#, fuzzy +msgid "GNUnet credential resolver tool" +msgstr "GNUnet 错误日志" + +#: src/credential/gnunet-service-credential.c:1204 +#: src/gns/gnunet-gns-helper-service-w32.c:727 src/gns/gnunet-gns.c:355 +#, fuzzy, c-format +msgid "Failed to connect to GNS\n" +msgstr "初始化“%s”服务失败。\n" + +#: src/credential/gnunet-service-credential.c:1210 +#: src/namestore/gnunet-namestore-fcfsd.c:1034 +#: src/namestore/gnunet-namestore.c:802 +#: src/namestore/plugin_rest_namestore.c:1022 +#, fuzzy, c-format +msgid "Failed to connect to namestore\n" +msgstr "初始化“%s”服务失败。\n" + +#: src/credential/plugin_gnsrecord_credential.c:186 +#, fuzzy, c-format +msgid "Unable to parse ATTR record string `%s'\n" +msgstr "解析配置文件“%s”失败\n" + +#: src/credential/plugin_rest_credential.c:1155 src/gns/plugin_rest_gns.c:668 +msgid "GNS REST API initialized\n" msgstr "" #: src/datacache/datacache.c:119 src/datacache/datacache.c:294 -#: src/datastore/gnunet-service-datastore.c:775 +#: src/datastore/gnunet-service-datastore.c:757 msgid "# bytes stored" msgstr "" @@ -1490,13 +1622,12 @@ msgstr "sqlite 数据仓库" #: src/datacache/plugin_datacache_sqlite.c:113 #: src/datacache/plugin_datacache_sqlite.c:122 -#: src/datastore/plugin_datastore_mysql.c:980 +#: src/datastore/plugin_datastore_mysql.c:892 #: src/datastore/plugin_datastore_sqlite.c:58 -#: src/datastore/plugin_datastore_sqlite.c:66 src/my/my.c:80 src/my/my.c:92 -#: src/mysql/mysql.c:42 src/mysql/mysql.c:49 -#: src/namecache/plugin_namecache_postgres.c:53 +#: src/datastore/plugin_datastore_sqlite.c:66 +#: src/identity-provider/plugin_identity_provider_sqlite.c:52 src/my/my.c:80 +#: src/my/my.c:92 src/mysql/mysql.c:42 src/mysql/mysql.c:49 #: src/namecache/plugin_namecache_sqlite.c:53 -#: src/namestore/plugin_namestore_postgres.c:53 #: src/namestore/plugin_namestore_sqlite.c:53 #: src/peerstore/plugin_peerstore_sqlite.c:52 #: src/psycstore/plugin_psycstore_mysql.c:62 @@ -1505,14 +1636,15 @@ msgstr "sqlite 数据仓库" #: src/testbed/gnunet-daemon-testbed-underlay.c:56 #: src/testbed/testbed_api_hosts.c:69 src/util/crypto_ecc.c:52 #: src/util/crypto_ecc_setup.c:41 src/util/crypto_mpi.c:39 -#: src/include/gnunet_common.h:720 src/include/gnunet_common.h:729 +#: src/include/gnunet_common.h:735 src/include/gnunet_common.h:744 #: src/scalarproduct/scalarproduct.h:35 #, fuzzy, c-format msgid "`%s' failed at %s:%d with error: %s\n" msgstr "“%s”于 %s:%d 处失败,错误为:%s\n" #: src/datacache/plugin_datacache_sqlite.c:817 -#: src/datastore/plugin_datastore_sqlite.c:475 +#: src/datastore/plugin_datastore_sqlite.c:456 +#: src/identity-provider/plugin_identity_provider_sqlite.c:336 #: src/namecache/plugin_namecache_sqlite.c:296 #: src/namestore/plugin_namestore_sqlite.c:355 msgid "Tried to close sqlite without finalizing all prepared statements.\n" @@ -1576,23 +1708,74 @@ msgstr "" msgid "# GET requests executed" msgstr "" -#: src/datastore/gnunet-datastore.c:113 +#: src/datastore/gnunet-datastore.c:189 +#, c-format +msgid "Dumped % records\n" +msgstr "" + +#: src/datastore/gnunet-datastore.c:217 src/datastore/gnunet-datastore.c:229 +#, c-format +msgid "Short write to file: %zd bytes expecting %zd\n" +msgstr "" + +#: src/datastore/gnunet-datastore.c:261 +#, fuzzy +msgid "Error queueing datastore GET operation\n" +msgstr "创建用户出错" + +#: src/datastore/gnunet-datastore.c:287 src/datastore/gnunet-datastore.c:412 +#, fuzzy, c-format +msgid "Unable to open dump file: %s\n" +msgstr "发送消息失败。\n" + +#: src/datastore/gnunet-datastore.c:326 #, fuzzy, c-format msgid "Failed to store item: %s, aborting\n" msgstr "打开日志文件“%s”失败:%s\n" -#: src/datastore/gnunet-datastore.c:209 +#: src/datastore/gnunet-datastore.c:340 #, c-format -msgid "Cannot use the same configuration for source and destination\n" +msgid "Inserted % records\n" msgstr "" -#: src/datastore/gnunet-datastore.c:256 -msgid "" -"specifies the configuration to use to access an alternative datastore; will " -"merge that datastore into our current datastore" +#: src/datastore/gnunet-datastore.c:349 src/datastore/gnunet-datastore.c:363 +#, c-format +msgid "Short read from file: %zd bytes expecting %zd\n" +msgstr "" + +#: src/datastore/gnunet-datastore.c:389 +#, fuzzy +msgid "Error queueing datastore PUT operation\n" +msgstr "创建用户出错" + +#: src/datastore/gnunet-datastore.c:432 +msgid "Input file is not of a supported format\n" +msgstr "" + +#: src/datastore/gnunet-datastore.c:458 +#, fuzzy +msgid "Failed connecting to the datastore.\n" +msgstr "初始化“%s”服务失败。\n" + +#: src/datastore/gnunet-datastore.c:470 +#, c-format +msgid "Please choose at least one operation: %s, %s\n" +msgstr "" + +#: src/datastore/gnunet-datastore.c:493 +#, fuzzy +msgid "Dump all records from the datastore" +msgstr "发送消息失败。\n" + +#: src/datastore/gnunet-datastore.c:497 +msgid "Insert records into the datastore" +msgstr "" + +#: src/datastore/gnunet-datastore.c:502 +msgid "File to dump or insert" msgstr "" -#: src/datastore/gnunet-datastore.c:265 +#: src/datastore/gnunet-datastore.c:511 #, fuzzy msgid "Manipulate GNUnet datastore" msgstr "更改配置文件中的一个值" @@ -1635,8 +1818,8 @@ msgstr "" #: src/datastore/gnunet-service-datastore.c:634 #: src/datastore/gnunet-service-datastore.c:689 -#: src/datastore/gnunet-service-datastore.c:977 -#: src/datastore/gnunet-service-datastore.c:1633 +#: src/datastore/gnunet-service-datastore.c:837 +#: src/datastore/gnunet-service-datastore.c:1469 msgid "# reserved" msgstr "" @@ -1644,144 +1827,145 @@ msgstr "" msgid "Could not find matching reservation" msgstr "" -#: src/datastore/gnunet-service-datastore.c:792 +#: src/datastore/gnunet-service-datastore.c:773 #, c-format msgid "Need %llu bytes more space (%llu allowed, using %llu)\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1026 +#: src/datastore/gnunet-service-datastore.c:876 msgid "# GET requests received" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1058 +#: src/datastore/gnunet-service-datastore.c:907 msgid "# GET KEY requests received" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1071 +#: src/datastore/gnunet-service-datastore.c:920 msgid "# requests filtered by bloomfilter" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1108 +#: src/datastore/gnunet-service-datastore.c:956 msgid "# GET REPLICATION requests received" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1141 +#: src/datastore/gnunet-service-datastore.c:989 msgid "# GET ZERO ANONYMITY requests received" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1190 +#: src/datastore/gnunet-service-datastore.c:1036 msgid "Content not found" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1199 +#: src/datastore/gnunet-service-datastore.c:1043 msgid "# bytes removed (explicit request)" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1246 +#: src/datastore/gnunet-service-datastore.c:1088 msgid "# REMOVE requests received" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1301 +#: src/datastore/gnunet-service-datastore.c:1137 #, c-format msgid "" "Datastore payload must have been inaccurate (%lld < %lld). Recomputing it.\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1307 -#: src/datastore/gnunet-service-datastore.c:1482 +#: src/datastore/gnunet-service-datastore.c:1143 +#: src/datastore/gnunet-service-datastore.c:1318 #, c-format msgid "New payload: %lld\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1361 +#: src/datastore/gnunet-service-datastore.c:1197 #, c-format msgid "Loading `%s' datastore plugin\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1373 +#: src/datastore/gnunet-service-datastore.c:1209 #, fuzzy, c-format msgid "Failed to load datastore plugin for `%s'\n" msgstr "解析配置文件“%s”失败\n" -#: src/datastore/gnunet-service-datastore.c:1433 +#: src/datastore/gnunet-service-datastore.c:1269 msgid "Bloomfilter construction complete.\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1489 +#: src/datastore/gnunet-service-datastore.c:1325 msgid "Rebuilding bloomfilter. Please be patient.\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1500 +#: src/datastore/gnunet-service-datastore.c:1336 msgid "Plugin does not support get_keys function. Please fix!\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1670 +#: src/datastore/gnunet-service-datastore.c:1506 #, c-format msgid "# bytes used in file-sharing datastore `%s'" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1686 +#: src/datastore/gnunet-service-datastore.c:1522 msgid "# quota" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1691 +#: src/datastore/gnunet-service-datastore.c:1527 msgid "# cache size" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1707 +#: src/datastore/gnunet-service-datastore.c:1543 #, c-format msgid "Could not use specified filename `%s' for bloomfilter.\n" msgstr "" -#: src/datastore/gnunet-service-datastore.c:1725 -#: src/datastore/gnunet-service-datastore.c:1741 +#: src/datastore/gnunet-service-datastore.c:1561 +#: src/datastore/gnunet-service-datastore.c:1577 #, fuzzy, c-format msgid "Failed to remove bogus bloomfilter file `%s'\n" msgstr "解析配置文件“%s”失败\n" -#: src/datastore/gnunet-service-datastore.c:1773 +#: src/datastore/gnunet-service-datastore.c:1609 #, fuzzy msgid "Failed to initialize bloomfilter.\n" msgstr "初始化“%s”服务失败。\n" -#: src/datastore/plugin_datastore_heap.c:769 +#: src/datastore/plugin_datastore_heap.c:893 #, fuzzy msgid "Heap database running\n" msgstr "sqlite 数据仓库" -#: src/datastore/plugin_datastore_mysql.c:377 -#: src/datastore/plugin_datastore_sqlite.c:590 +#: src/datastore/plugin_datastore_mysql.c:371 +#: src/datastore/plugin_datastore_mysql.c:423 +#: src/datastore/plugin_datastore_mysql.c:1075 +msgid "MySQL statement run failure" +msgstr "" + +#: src/datastore/plugin_datastore_mysql.c:410 +#: src/datastore/plugin_datastore_sqlite.c:626 #, fuzzy msgid "Data too large" msgstr "迭代次数" -#: src/datastore/plugin_datastore_mysql.c:393 -msgid "MySQL statement run failure" -msgstr "" - -#: src/datastore/plugin_datastore_mysql.c:936 +#: src/datastore/plugin_datastore_mysql.c:848 #, fuzzy, c-format msgid "`%s' for `%s' failed at %s:%d with error: %s\n" msgstr "“%s”于 %s:%d 处失败,错误为:%s\n" -#: src/datastore/plugin_datastore_mysql.c:1208 +#: src/datastore/plugin_datastore_mysql.c:1180 #: src/psycstore/plugin_psycstore_mysql.c:1936 msgid "Mysql database running\n" msgstr "" -#: src/datastore/plugin_datastore_postgres.c:345 +#: src/datastore/plugin_datastore_postgres.c:274 +#: src/datastore/plugin_datastore_postgres.c:891 msgid "Postgress exec failure" msgstr "" -#: src/datastore/plugin_datastore_postgres.c:866 +#: src/datastore/plugin_datastore_postgres.c:852 #, fuzzy msgid "Failed to drop table from database.\n" msgstr "发送消息失败。\n" -#: src/datastore/plugin_datastore_postgres.c:903 -#: src/namecache/plugin_namecache_postgres.c:398 -#: src/namestore/plugin_namestore_postgres.c:571 -#: src/psycstore/plugin_psycstore_postgres.c:1721 +#: src/datastore/plugin_datastore_postgres.c:950 +#: src/psycstore/plugin_psycstore_postgres.c:1506 msgid "Postgres database running\n" msgstr "" @@ -1793,7 +1977,8 @@ msgstr "" msgid "`%s' failed at %s:%u with error: %s" msgstr "“%s”于 %s:%d 处失败,错误为:%s\n" -#: src/datastore/plugin_datastore_sqlite.c:281 +#: src/datastore/plugin_datastore_sqlite.c:271 +#: src/identity-provider/plugin_identity_provider_sqlite.c:212 #: src/namecache/plugin_namecache_sqlite.c:194 #: src/namestore/plugin_namestore_sqlite.c:222 #: src/peerstore/plugin_peerstore_sqlite.c:535 @@ -1802,25 +1987,30 @@ msgstr "“%s”于 %s:%d 处失败,错误为:%s\n" msgid "Unable to initialize SQLite: %s.\n" msgstr "无法初始化 SQLite:%s。\n" -#: src/datastore/plugin_datastore_sqlite.c:1234 +#: src/datastore/plugin_datastore_sqlite.c:577 +msgid "sqlite bind failure" +msgstr "" + +#: src/datastore/plugin_datastore_sqlite.c:1259 msgid "sqlite version to old to determine size, assuming zero\n" msgstr "" -#: src/datastore/plugin_datastore_sqlite.c:1268 +#: src/datastore/plugin_datastore_sqlite.c:1293 #, c-format msgid "" "Using sqlite page utilization to estimate payload (%llu pages of size %llu " "bytes)\n" msgstr "" -#: src/datastore/plugin_datastore_sqlite.c:1312 +#: src/datastore/plugin_datastore_sqlite.c:1337 +#: src/identity-provider/plugin_identity_provider_sqlite.c:711 #: src/namecache/plugin_namecache_sqlite.c:603 #: src/namestore/plugin_namestore_sqlite.c:802 #, fuzzy msgid "Sqlite database running\n" msgstr "sqlite 数据仓库" -#: src/datastore/plugin_datastore_template.c:259 +#: src/datastore/plugin_datastore_template.c:253 msgid "Template database running\n" msgstr "" @@ -1882,53 +2072,6 @@ msgstr "" msgid "Prints all packets that go through the DHT." msgstr "" -#: src/dht/gnunet_dht_profiler.c:1161 -#: src/testbed/gnunet-testbed-profiler.c:255 -#, fuzzy, c-format -msgid "Exiting as the number of peers is %u\n" -msgstr "增加 TCP/IP 的最大连接数" - -#: src/dht/gnunet_dht_profiler.c:1188 -#, fuzzy -msgid "number of peers to start" -msgstr "迭代次数" - -#: src/dht/gnunet_dht_profiler.c:1194 -msgid "" -"maximum number of times we try to search for successor circle formation (0 " -"for R5N)" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1200 src/nse/gnunet-nse-profiler.c:853 -#: src/testbed/gnunet-testbed-profiler.c:305 -msgid "name of the file with the login information for the testbed" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1206 -msgid "delay between rounds for collecting statistics (default: 30 sec)" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1212 -msgid "delay to start doing PUTs (default: 1 sec)" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1218 -msgid "delay to start doing GETs (default: 5 min)" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1223 -msgid "replication degree for DHT PUTs" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1230 -msgid "timeout for DHT PUT and GET requests (default: 1 min)" -msgstr "" - -#: src/dht/gnunet_dht_profiler.c:1248 -#, fuzzy -msgid "Measure quality and performance of the DHT service." -msgstr "无法访问该服务" - #: src/dht/gnunet-dht-put.c:120 msgid "PUT request sent with key" msgstr "" @@ -2178,6 +2321,52 @@ msgstr "" msgid "# DHT requests combined" msgstr "" +#: src/dht/gnunet_dht_profiler.c:1161 src/testbed/gnunet-testbed-profiler.c:255 +#, fuzzy, c-format +msgid "Exiting as the number of peers is %u\n" +msgstr "增加 TCP/IP 的最大连接数" + +#: src/dht/gnunet_dht_profiler.c:1188 +#, fuzzy +msgid "number of peers to start" +msgstr "迭代次数" + +#: src/dht/gnunet_dht_profiler.c:1194 +msgid "" +"maximum number of times we try to search for successor circle formation (0 " +"for R5N)" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1200 src/nse/gnunet-nse-profiler.c:853 +#: src/testbed/gnunet-testbed-profiler.c:305 +msgid "name of the file with the login information for the testbed" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1206 +msgid "delay between rounds for collecting statistics (default: 30 sec)" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1212 +msgid "delay to start doing PUTs (default: 1 sec)" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1218 +msgid "delay to start doing GETs (default: 5 min)" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1223 +msgid "replication degree for DHT PUTs" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1230 +msgid "timeout for DHT PUT and GET requests (default: 1 min)" +msgstr "" + +#: src/dht/gnunet_dht_profiler.c:1248 +#, fuzzy +msgid "Measure quality and performance of the DHT service." +msgstr "无法访问该服务" + #: src/dht/plugin_block_dht.c:187 #, c-format msgid "Block not of type %u\n" @@ -2500,7 +2689,7 @@ msgstr "" msgid "No useful service enabled. Exiting.\n" msgstr "" -#: src/exit/gnunet-daemon-exit.c:3969 +#: src/exit/gnunet-daemon-exit.c:3970 msgid "Daemon to run to provide an IP exit node for the VPN" msgstr "" @@ -3132,14 +3321,6 @@ msgid "" "chk/...)" msgstr "" -#: src/fs/gnunet-fs.c:119 -msgid "print a list of all indexed files" -msgstr "" - -#: src/fs/gnunet-fs.c:130 -msgid "Special file-sharing operations" -msgstr "" - #: src/fs/gnunet-fs-profiler.c:211 msgid "run the experiment with COUNT peers" msgstr "" @@ -3156,6 +3337,14 @@ msgstr "" msgid "run a testbed to measure file-sharing performance" msgstr "" +#: src/fs/gnunet-fs.c:119 +msgid "print a list of all indexed files" +msgstr "" + +#: src/fs/gnunet-fs.c:130 +msgid "Special file-sharing operations" +msgstr "" + #: src/fs/gnunet-publish.c:219 src/fs/gnunet-publish.c:231 #, c-format msgid "Publishing `%s' at %llu/%llu (%s remaining)\n" @@ -3810,22 +3999,11 @@ msgstr "" msgid "GNUnet DNS-to-GNS proxy (a DNS server)" msgstr "" -#: src/gns/gnunet-gns.c:235 src/gns/plugin_rest_gns.c:346 -#, c-format -msgid "Invalid typename specified, assuming `ANY'\n" -msgstr "" - -#: src/gns/gnunet-gns.c:252 -#, c-format -msgid "Please specify name to lookup!\n" -msgstr "" - -#: src/gns/gnunet-gns.c:276 -#, c-format -msgid "Ego for `%s' not found, cannot perform lookup.\n" +#: src/gns/gnunet-gns-helper-service-w32.c:602 +msgid "Not ready to process requests, lacking ego data\n" msgstr "" -#: src/gns/gnunet-gns.c:315 src/gns/gnunet-gns-helper-service-w32.c:701 +#: src/gns/gnunet-gns-helper-service-w32.c:701 src/gns/gnunet-gns.c:315 #: src/gns/plugin_rest_gns.c:422 #, c-format msgid "" @@ -3833,55 +4011,12 @@ msgid "" "gns-import.sh?\n" msgstr "" -#: src/gns/gnunet-gns.c:355 src/gns/gnunet-gns-helper-service-w32.c:727 -#, fuzzy, c-format -msgid "Failed to connect to GNS\n" -msgstr "初始化“%s”服务失败。\n" - -#: src/gns/gnunet-gns.c:374 -#, c-format -msgid "Public key `%s' is not well-formed\n" -msgstr "" - -#: src/gns/gnunet-gns.c:428 -msgid "Lookup a record for the given name" -msgstr "" - -#: src/gns/gnunet-gns.c:434 -msgid "Specify the type of the record to lookup" -msgstr "" - -#: src/gns/gnunet-gns.c:440 -msgid "Specify timeout for the lookup" -msgstr "" - -#: src/gns/gnunet-gns.c:445 -msgid "No unneeded output" -msgstr "" - -#: src/gns/gnunet-gns.c:451 -msgid "Specify the public key of the zone to lookup the record in" -msgstr "" - -#: src/gns/gnunet-gns.c:457 -msgid "Specify the name of the ego of the zone to lookup the record in" -msgstr "" - -#: src/gns/gnunet-gns.c:476 -#, fuzzy -msgid "GNUnet GNS resolver tool" -msgstr "GNUnet 错误日志" - -#: src/gns/gnunet-gns-helper-service-w32.c:602 -msgid "Not ready to process requests, lacking ego data\n" -msgstr "" - #: src/gns/gnunet-gns-helper-service-w32.c:739 #, fuzzy, c-format msgid "Failed to connect to identity service\n" msgstr "初始化“%s”服务失败。\n" -#: src/gns/gnunet-gns-import.c:489 +#: src/gns/gnunet-gns-import.c:452 msgid "This program will import some GNS authorities into your GNS namestore." msgstr "" @@ -3994,25 +4129,74 @@ msgstr "" msgid "Failed to load SSL/TLS key and certificate from `%s'\n" msgstr "解析配置文件“%s”失败\n" -#: src/gns/gnunet-gns-proxy.c:3269 -msgid "listen on specified port (default: 7777)" +#: src/gns/gnunet-gns-proxy.c:3269 +msgid "listen on specified port (default: 7777)" +msgstr "" + +#: src/gns/gnunet-gns-proxy.c:3275 +msgid "pem file to use as CA" +msgstr "" + +#: src/gns/gnunet-gns-proxy.c:3300 +msgid "GNUnet GNS proxy" +msgstr "" + +#: src/gns/gnunet-gns.c:235 src/gns/plugin_rest_gns.c:346 +#, c-format +msgid "Invalid typename specified, assuming `ANY'\n" +msgstr "" + +#: src/gns/gnunet-gns.c:252 +#, c-format +msgid "Please specify name to lookup!\n" +msgstr "" + +#: src/gns/gnunet-gns.c:276 +#, c-format +msgid "Ego for `%s' not found, cannot perform lookup.\n" +msgstr "" + +#: src/gns/gnunet-gns.c:374 +#, c-format +msgid "Public key `%s' is not well-formed\n" +msgstr "" + +#: src/gns/gnunet-gns.c:428 +msgid "Lookup a record for the given name" +msgstr "" + +#: src/gns/gnunet-gns.c:434 +msgid "Specify the type of the record to lookup" +msgstr "" + +#: src/gns/gnunet-gns.c:440 +msgid "Specify timeout for the lookup" +msgstr "" + +#: src/gns/gnunet-gns.c:445 +msgid "No unneeded output" msgstr "" -#: src/gns/gnunet-gns-proxy.c:3275 -msgid "pem file to use as CA" +#: src/gns/gnunet-gns.c:451 +msgid "Specify the public key of the zone to lookup the record in" msgstr "" -#: src/gns/gnunet-gns-proxy.c:3300 -msgid "GNUnet GNS proxy" +#: src/gns/gnunet-gns.c:457 +msgid "Specify the name of the ego of the zone to lookup the record in" msgstr "" +#: src/gns/gnunet-gns.c:476 +#, fuzzy +msgid "GNUnet GNS resolver tool" +msgstr "GNUnet 错误日志" + #: src/gns/gnunet-service-gns.c:442 #, fuzzy msgid "Failed to connect to the namecache!\n" msgstr "初始化“%s”服务失败。\n" #: src/gns/gnunet-service-gns.c:461 -#: src/zonemaster/gnunet-service-zonemaster.c:741 +#: src/zonemaster/gnunet-service-zonemaster.c:742 #, fuzzy msgid "Could not connect to DHT!\n" msgstr "无法连接到 %s:%u:%s\n" @@ -4070,44 +4254,35 @@ msgstr "" msgid "Hostname `%s' is not well-formed, resolution fails\n" msgstr "" -#: src/gns/plugin_gnsrecord_gns.c:203 +#: src/gns/plugin_gnsrecord_gns.c:179 #, fuzzy, c-format msgid "Unable to parse PKEY record `%s'\n" msgstr "解析配置文件“%s”失败\n" -#: src/gns/plugin_gnsrecord_gns.c:232 +#: src/gns/plugin_gnsrecord_gns.c:208 #, fuzzy, c-format msgid "Unable to parse GNS2DNS record `%s'\n" msgstr "解析配置文件“%s”失败\n" -#: src/gns/plugin_gnsrecord_gns.c:253 +#: src/gns/plugin_gnsrecord_gns.c:229 #, fuzzy, c-format msgid "Failed to serialize GNS2DNS record with value `%s'\n" msgstr "解析配置文件“%s”失败\n" -#: src/gns/plugin_gnsrecord_gns.c:276 +#: src/gns/plugin_gnsrecord_gns.c:252 #, fuzzy, c-format msgid "Unable to parse VPN record string `%s'\n" msgstr "解析配置文件“%s”失败\n" -#: src/gns/plugin_gnsrecord_gns.c:312 +#: src/gns/plugin_gnsrecord_gns.c:288 #, fuzzy, c-format msgid "Unable to parse BOX record string `%s'\n" msgstr "解析配置文件“%s”失败\n" -#: src/gns/plugin_gnsrecord_gns.c:360 -#, fuzzy, c-format -msgid "Unable to parse REVERSE record string `%s'\n" -msgstr "解析配置文件“%s”失败\n" - #: src/gns/plugin_rest_gns.c:384 msgid "Ego for not found, cannot perform lookup.\n" msgstr "" -#: src/gns/plugin_rest_gns.c:668 -msgid "GNS REST API initialized\n" -msgstr "" - #: src/gnsrecord/plugin_gnsrecord_dns.c:359 #, fuzzy, c-format msgid "Unable to parse IPv4 address `%s'\n" @@ -4532,6 +4707,52 @@ msgstr "“%s”不可用。\n" msgid "Could not start hostlist HTTP server on port %u\n" msgstr "" +#: src/identity-provider/gnunet-idp.c:348 +#, fuzzy +msgid "Ego is required\n" +msgstr "%s:选项“%s”有歧义\n" + +#: src/identity-provider/gnunet-idp.c:370 +msgid "Add attribute" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:376 +msgid "Attribute value" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:381 +msgid "Ego" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:386 +msgid "Audience (relying party)" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:390 +msgid "List attributes for Ego" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:395 +msgid "Issue a ticket" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:400 +msgid "Consume a ticket" +msgstr "" + +#: src/identity-provider/gnunet-idp.c:405 +msgid "Revoke a ticket" +msgstr "" + +#: src/identity-provider/identity_provider_api.c:429 +#, fuzzy +msgid "failed to store record\n" +msgstr "运行 %s失败:%s %d\n" + +#: src/identity-provider/plugin_rest_identity_provider.c:1175 +msgid "Identity Provider REST API initialized\n" +msgstr "" + #: src/identity/gnunet-identity.c:179 #, fuzzy, c-format msgid "Failed to create ego: %s\n" @@ -4619,32 +4840,10 @@ msgstr "解析配置文件“%s”失败\n" msgid "Failed to create directory `%s' for storing egos\n" msgstr "解析配置文件“%s”失败\n" -#: src/identity/plugin_rest_identity.c:967 +#: src/identity/plugin_rest_identity.c:964 msgid "Identity REST API initialized\n" msgstr "" -#: src/identity-provider/gnunet-identity-token.c:66 -#, fuzzy -msgid "Option `-t' is required\n" -msgstr "%s:选项“%s”有歧义\n" - -#: src/identity-provider/gnunet-identity-token.c:77 -#, fuzzy, c-format -msgid "Token `%s' is malformed\n" -msgstr "“%s”的参数无效。\n" - -#: src/identity-provider/gnunet-identity-token.c:166 -msgid "GNUid token" -msgstr "" - -#: src/identity-provider/gnunet-identity-token.c:171 -msgid "Print token contents" -msgstr "" - -#: src/identity-provider/plugin_rest_identity_provider.c:1166 -msgid "Identity Token REST API initialized\n" -msgstr "" - #: src/json/json.c:119 #, fuzzy, c-format msgid "Failed to parse JSON in option `%s': %s (%s)\n" @@ -4745,25 +4944,79 @@ msgstr "发送消息失败。\n" msgid "flat plugin running\n" msgstr "sqlite 数据仓库" -#: src/namecache/plugin_namecache_postgres.c:90 -#: src/namestore/plugin_namestore_postgres.c:97 -#, fuzzy -msgid "Failed to create indices\n" +#: src/namestore/gnunet-namestore-fcfsd.c:508 +#, fuzzy, c-format +msgid "Unsupported form value `%s'\n" +msgstr "未知的命令“%s”。\n" + +#: src/namestore/gnunet-namestore-fcfsd.c:535 +#, fuzzy, c-format +msgid "Failed to create record for domain `%s': %s\n" +msgstr "解析配置文件“%s”失败\n" + +#: src/namestore/gnunet-namestore-fcfsd.c:555 +msgid "Error when mapping zone to name\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:585 +#, c-format +msgid "Found existing name `%s' for the given key\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:662 +#, c-format +msgid "Found %u existing records for domain `%s'\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:718 +#, fuzzy, c-format +msgid "Failed to create page for `%s'\n" msgstr "发送消息失败。\n" +#: src/namestore/gnunet-namestore-fcfsd.c:734 +#, fuzzy, c-format +msgid "Failed to setup post processor for `%s'\n" +msgstr "解析配置文件“%s”失败\n" + +#: src/namestore/gnunet-namestore-fcfsd.c:770 +msgid "Domain name must not contain `.'\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:778 +msgid "Domain name must not contain `+'\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:974 +msgid "No ego configured for `fcfsd` subsystem\n" +msgstr "" + +#: src/namestore/gnunet-namestore-fcfsd.c:1000 +#, fuzzy +msgid "Failed to start HTTP server\n" +msgstr "初始化“%s”服务失败。\n" + +#: src/namestore/gnunet-namestore-fcfsd.c:1042 +#, fuzzy +msgid "Failed to connect to identity\n" +msgstr "初始化“%s”服务失败。\n" + +#: src/namestore/gnunet-namestore-fcfsd.c:1074 +msgid "GNU Name System First Come First Serve name registration service" +msgstr "" + #: src/namestore/gnunet-namestore.c:301 #, c-format msgid "Adding record failed: %s\n" msgstr "" #: src/namestore/gnunet-namestore.c:330 -#: src/namestore/plugin_rest_namestore.c:562 +#: src/namestore/plugin_rest_namestore.c:567 #, c-format msgid "Deleting record failed, record does not exist%s%s\n" msgstr "" #: src/namestore/gnunet-namestore.c:337 -#: src/namestore/plugin_rest_namestore.c:571 +#: src/namestore/plugin_rest_namestore.c:576 #, c-format msgid "Deleting record failed%s%s\n" msgstr "" @@ -4781,7 +5034,7 @@ msgid "Records already exist under `%s', cannot add `%s' record.\n" msgstr "" #: src/namestore/gnunet-namestore.c:698 -#: src/namestore/plugin_rest_namestore.c:597 +#: src/namestore/plugin_rest_namestore.c:602 #, c-format msgid "There are no records under label `%s' that could be deleted.\n" msgstr "" @@ -4792,24 +5045,11 @@ msgid "" "There are no records under label `%s' that match the request for deletion.\n" msgstr "" -#: src/namestore/gnunet-namestore.c:776 -#: src/namestore/plugin_rest_namestore.c:1004 -#, c-format -msgid "Ego `%s' not known to identity service\n" -msgstr "" - #: src/namestore/gnunet-namestore.c:791 #, c-format msgid "No options given\n" msgstr "" -#: src/namestore/gnunet-namestore.c:802 -#: src/namestore/gnunet-namestore-fcfsd.c:1034 -#: src/namestore/plugin_rest_namestore.c:1017 -#, fuzzy -msgid "Failed to connect to namestore\n" -msgstr "初始化“%s”服务失败。\n" - #: src/namestore/gnunet-namestore.c:810 src/namestore/gnunet-namestore.c:819 #: src/namestore/gnunet-namestore.c:838 src/namestore/gnunet-namestore.c:861 #: src/namestore/gnunet-namestore.c:915 @@ -4823,14 +5063,14 @@ msgid "add" msgstr "" #: src/namestore/gnunet-namestore.c:829 -#: src/namestore/plugin_rest_namestore.c:671 +#: src/namestore/plugin_rest_namestore.c:676 #, fuzzy, c-format msgid "Unsupported type `%s'\n" msgstr "未知的命令“%s”。\n" #: src/namestore/gnunet-namestore.c:851 -#: src/namestore/plugin_rest_namestore.c:689 -#: src/namestore/plugin_rest_namestore.c:729 +#: src/namestore/plugin_rest_namestore.c:694 +#: src/namestore/plugin_rest_namestore.c:734 #, c-format msgid "Value `%s' invalid for record type `%s'\n" msgstr "" @@ -4849,8 +5089,7 @@ msgstr "" msgid "Invalid public key for reverse lookup `%s'\n" msgstr "“%s”的参数无效。\n" -#: src/namestore/gnunet-namestore.c:979 -#: src/peerinfo-tool/gnunet-peerinfo.c:775 +#: src/namestore/gnunet-namestore.c:979 src/peerinfo-tool/gnunet-peerinfo.c:775 #, fuzzy, c-format msgid "Invalid URI `%s'\n" msgstr "无效条目。\n" @@ -4861,13 +5100,13 @@ msgid "Invalid nick `%s'\n" msgstr "无效条目。\n" #: src/namestore/gnunet-namestore.c:1051 -#: src/namestore/plugin_rest_namestore.c:1047 +#: src/namestore/plugin_rest_namestore.c:1052 #, c-format msgid "No default ego configured in identity service\n" msgstr "" #: src/namestore/gnunet-namestore.c:1108 -#: src/namestore/plugin_rest_namestore.c:1143 +#: src/namestore/plugin_rest_namestore.c:1148 #, fuzzy, c-format msgid "Cannot connect to identity service\n" msgstr "无法连接到 %s:%u:%s\n" @@ -4930,67 +5169,7 @@ msgstr "" msgid "name of the ego controlling the zone" msgstr "" -#: src/namestore/gnunet-namestore-fcfsd.c:508 -#, fuzzy, c-format -msgid "Unsupported form value `%s'\n" -msgstr "未知的命令“%s”。\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:535 -#, fuzzy, c-format -msgid "Failed to create record for domain `%s': %s\n" -msgstr "解析配置文件“%s”失败\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:555 -msgid "Error when mapping zone to name\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:585 -#, c-format -msgid "Found existing name `%s' for the given key\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:662 -#, c-format -msgid "Found %u existing records for domain `%s'\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:718 -#, fuzzy, c-format -msgid "Failed to create page for `%s'\n" -msgstr "发送消息失败。\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:734 -#, fuzzy, c-format -msgid "Failed to setup post processor for `%s'\n" -msgstr "解析配置文件“%s”失败\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:770 -msgid "Domain name must not contain `.'\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:778 -msgid "Domain name must not contain `+'\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:974 -msgid "No ego configured for `fcfsd` subsystem\n" -msgstr "" - -#: src/namestore/gnunet-namestore-fcfsd.c:1000 -#, fuzzy -msgid "Failed to start HTTP server\n" -msgstr "初始化“%s”服务失败。\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:1042 -#, fuzzy -msgid "Failed to connect to identity\n" -msgstr "初始化“%s”服务失败。\n" - -#: src/namestore/gnunet-namestore-fcfsd.c:1074 -msgid "GNU Name System First Come First Serve name registration service" -msgstr "" - -#: src/namestore/gnunet-service-namestore.c:612 +#: src/namestore/gnunet-service-namestore.c:615 #, fuzzy, c-format msgid "Failed to replicate block in namecache: %s\n" msgstr "发送消息失败。\n" @@ -5004,7 +5183,7 @@ msgstr "" msgid "flat file database running\n" msgstr "sqlite 数据仓库" -#: src/namestore/plugin_rest_namestore.c:1188 +#: src/namestore/plugin_rest_namestore.c:1193 msgid "Namestore REST API initialized\n" msgstr "" @@ -5287,10 +5466,6 @@ msgstr "" msgid "`upnpc' command not found\n" msgstr "" -#: src/nse/gnunet-nse.c:122 -msgid "Show network size estimates from NSE service." -msgstr "" - #: src/nse/gnunet-nse-profiler.c:842 msgid "limit to the number of connections to NSE services, 0 for none" msgstr "" @@ -5302,80 +5477,30 @@ msgstr "" #: src/nse/gnunet-nse-profiler.c:859 msgid "name of the file for writing the main results" msgstr "" - -#: src/nse/gnunet-nse-profiler.c:866 -msgid "Number of peers to run in each round, separated by commas" -msgstr "" - -#: src/nse/gnunet-nse-profiler.c:877 -msgid "delay between rounds" -msgstr "" - -#: src/nse/gnunet-nse-profiler.c:886 -#, fuzzy -msgid "Measure quality and performance of the NSE service." -msgstr "无法访问该服务" - -#: src/nse/gnunet-service-nse.c:1534 -#: src/revocation/gnunet-service-revocation.c:838 src/util/gnunet-scrypt.c:276 -#, fuzzy -msgid "Value is too large.\n" -msgstr "值不在合法范围内。" - -#: src/peerinfo/gnunet-service-peerinfo.c:178 -#, c-format -msgid "Removing expired address of transport `%s'\n" -msgstr "" - -#: src/peerinfo/gnunet-service-peerinfo.c:310 -#, fuzzy, c-format -msgid "Failed to parse HELLO in file `%s': %s\n" -msgstr "解析配置文件“%s”失败\n" - -#: src/peerinfo/gnunet-service-peerinfo.c:331 -#: src/peerinfo/gnunet-service-peerinfo.c:362 -#, fuzzy, c-format -msgid "Failed to parse HELLO in file `%s'\n" -msgstr "解析配置文件“%s”失败\n" - -#: src/peerinfo/gnunet-service-peerinfo.c:446 -msgid "# peers known" -msgstr "" - -#: src/peerinfo/gnunet-service-peerinfo.c:489 -#, c-format -msgid "" -"File `%s' in directory `%s' does not match naming convention. Removed.\n" -msgstr "" - -#: src/peerinfo/gnunet-service-peerinfo.c:655 -#, fuzzy, c-format -msgid "Scanning directory `%s'\n" -msgstr "解析配置文件“%s”失败\n" - -#: src/peerinfo/gnunet-service-peerinfo.c:663 -#, c-format -msgid "Still no peers found in `%s'!\n" -msgstr "" - -#: src/peerinfo/gnunet-service-peerinfo.c:1076 -#, fuzzy, c-format -msgid "Cleaning up directory `%s'\n" -msgstr "解析配置文件“%s”失败\n" - -#: src/peerinfo/gnunet-service-peerinfo.c:1405 -#, c-format -msgid "Importing HELLOs from `%s'\n" + +#: src/nse/gnunet-nse-profiler.c:866 +msgid "Number of peers to run in each round, separated by commas" msgstr "" -#: src/peerinfo/gnunet-service-peerinfo.c:1418 -msgid "Skipping import of included HELLOs\n" +#: src/nse/gnunet-nse-profiler.c:877 +msgid "delay between rounds" msgstr "" -#: src/peerinfo/peerinfo_api.c:220 -msgid "Failed to receive response from `PEERINFO' service." +#: src/nse/gnunet-nse-profiler.c:886 +#, fuzzy +msgid "Measure quality and performance of the NSE service." +msgstr "无法访问该服务" + +#: src/nse/gnunet-nse.c:122 +msgid "Show network size estimates from NSE service." msgstr "" +#: src/nse/gnunet-service-nse.c:1534 +#: src/revocation/gnunet-service-revocation.c:838 src/util/gnunet-scrypt.c:276 +#, fuzzy +msgid "Value is too large.\n" +msgstr "值不在合法范围内。" + #: src/peerinfo-tool/gnunet-peerinfo.c:239 #, fuzzy, c-format msgid "%sPeer `%s'\n" @@ -5467,6 +5592,60 @@ msgstr "" msgid "Failed to load transport plugin for `%s'\n" msgstr "解析配置文件“%s”失败\n" +#: src/peerinfo/gnunet-service-peerinfo.c:178 +#, c-format +msgid "Removing expired address of transport `%s'\n" +msgstr "" + +#: src/peerinfo/gnunet-service-peerinfo.c:310 +#, fuzzy, c-format +msgid "Failed to parse HELLO in file `%s': %s\n" +msgstr "解析配置文件“%s”失败\n" + +#: src/peerinfo/gnunet-service-peerinfo.c:331 +#: src/peerinfo/gnunet-service-peerinfo.c:362 +#, fuzzy, c-format +msgid "Failed to parse HELLO in file `%s'\n" +msgstr "解析配置文件“%s”失败\n" + +#: src/peerinfo/gnunet-service-peerinfo.c:446 +msgid "# peers known" +msgstr "" + +#: src/peerinfo/gnunet-service-peerinfo.c:489 +#, c-format +msgid "" +"File `%s' in directory `%s' does not match naming convention. Removed.\n" +msgstr "" + +#: src/peerinfo/gnunet-service-peerinfo.c:655 +#, fuzzy, c-format +msgid "Scanning directory `%s'\n" +msgstr "解析配置文件“%s”失败\n" + +#: src/peerinfo/gnunet-service-peerinfo.c:663 +#, c-format +msgid "Still no peers found in `%s'!\n" +msgstr "" + +#: src/peerinfo/gnunet-service-peerinfo.c:1076 +#, fuzzy, c-format +msgid "Cleaning up directory `%s'\n" +msgstr "解析配置文件“%s”失败\n" + +#: src/peerinfo/gnunet-service-peerinfo.c:1405 +#, c-format +msgid "Importing HELLOs from `%s'\n" +msgstr "" + +#: src/peerinfo/gnunet-service-peerinfo.c:1418 +msgid "Skipping import of included HELLOs\n" +msgstr "" + +#: src/peerinfo/peerinfo_api.c:220 +msgid "Failed to receive response from `PEERINFO' service." +msgstr "" + #: src/peerstore/gnunet-peerstore.c:91 msgid "peerstore" msgstr "" @@ -5516,16 +5695,11 @@ msgstr "创建用户出错" msgid "Unable to create indices: %s.\n" msgstr "发送消息失败。\n" -#: src/postgres/postgres.c:67 +#: src/pq/pq_prepare.c:80 #, fuzzy, c-format -msgid "`%s:%s' failed at %s:%d with error: %s\n" +msgid "PQprepare (`%s' as `%s') failed with error: %s\n" msgstr "“%s”于 %s:%d 处失败,错误为:%s\n" -#: src/postgres/postgres.c:192 -#, fuzzy, c-format -msgid "Unable to connect to Postgres database '%s': %s\n" -msgstr "无法保存配置文件“%s”:" - #: src/psycstore/gnunet-service-psycstore.c:249 #, fuzzy msgid "Failed to store membership information!\n" @@ -5696,60 +5870,60 @@ msgstr "立即保存配置?" msgid "Daemon to announce regular expressions for the peer using cadet." msgstr "" -#: src/regex/gnunet-regex-profiler.c:1314 +#: src/regex/gnunet-regex-profiler.c:1386 msgid "No configuration file given. Exiting\n" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1355 +#: src/regex/gnunet-regex-profiler.c:1427 #: src/regex/gnunet-regex-simulation-profiler.c:630 #, c-format msgid "No policy directory specified on command line. Exiting.\n" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1361 +#: src/regex/gnunet-regex-profiler.c:1433 #: src/regex/gnunet-regex-simulation-profiler.c:638 #, c-format msgid "Specified policies directory does not exist. Exiting.\n" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1368 +#: src/regex/gnunet-regex-profiler.c:1440 #, fuzzy, c-format msgid "No files found in `%s'\n" msgstr "运行 %s失败:%s %d\n" -#: src/regex/gnunet-regex-profiler.c:1377 +#: src/regex/gnunet-regex-profiler.c:1449 msgid "No search strings file given. Exiting.\n" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1397 +#: src/regex/gnunet-regex-profiler.c:1469 #, fuzzy msgid "Error loading search strings. Exiting.\n" msgstr "创建用户出错" -#: src/regex/gnunet-regex-profiler.c:1485 +#: src/regex/gnunet-regex-profiler.c:1557 #, fuzzy msgid "name of the file for writing statistics" msgstr "初始化“%s”服务失败。\n" -#: src/regex/gnunet-regex-profiler.c:1491 +#: src/regex/gnunet-regex-profiler.c:1563 msgid "wait TIMEOUT before ending the experiment" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1497 +#: src/regex/gnunet-regex-profiler.c:1569 msgid "directory with policy files" msgstr "" -#: src/regex/gnunet-regex-profiler.c:1504 +#: src/regex/gnunet-regex-profiler.c:1576 #, fuzzy msgid "name of file with input strings" msgstr "初始化“%s”服务失败。\n" -#: src/regex/gnunet-regex-profiler.c:1510 +#: src/regex/gnunet-regex-profiler.c:1582 #, fuzzy msgid "name of file with hosts' names" msgstr "初始化“%s”服务失败。\n" -#: src/regex/gnunet-regex-profiler.c:1523 +#: src/regex/gnunet-regex-profiler.c:1595 msgid "Profiler for regex" msgstr "" @@ -5980,10 +6154,10 @@ msgstr "" msgid "Calculate the Vectorproduct with a GNUnet peer." msgstr "" -#: src/scalarproduct/gnunet-service-scalarproduct_alice.c:1407 -#: src/scalarproduct/gnunet-service-scalarproduct_bob.c:1345 -#: src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c:1180 +#: src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c:1172 #: src/scalarproduct/gnunet-service-scalarproduct-ecc_bob.c:1063 +#: src/scalarproduct/gnunet-service-scalarproduct_alice.c:1401 +#: src/scalarproduct/gnunet-service-scalarproduct_bob.c:1345 #, fuzzy msgid "Connect to CADET failed\n" msgstr "“%s”已连接到“%s”。\n" @@ -6008,7 +6182,7 @@ msgstr "" msgid "also profile decryption" msgstr "" -#: src/set/gnunet-service-set.c:1948 +#: src/set/gnunet-service-set.c:1989 #, fuzzy msgid "Could not connect to CADET service\n" msgstr "无法连接到 %s:%u:%s\n" @@ -6068,114 +6242,114 @@ msgstr "" msgid "say good-bye and leave somebody else's place" msgstr "" -#: src/social/gnunet-social.c:1227 src/social/gnunet-social.c:1232 +#: src/social/gnunet-social.c:1227 msgid "create a place" msgstr "" -#: src/social/gnunet-social.c:1237 +#: src/social/gnunet-social.c:1232 msgid "destroy a place we were hosting" msgstr "" -#: src/social/gnunet-social.c:1242 +#: src/social/gnunet-social.c:1237 msgid "enter somebody else's place" msgstr "" -#: src/social/gnunet-social.c:1248 +#: src/social/gnunet-social.c:1243 msgid "find state matching name prefix" msgstr "" -#: src/social/gnunet-social.c:1253 +#: src/social/gnunet-social.c:1248 msgid "replay history of messages up to the given --limit" msgstr "" -#: src/social/gnunet-social.c:1258 +#: src/social/gnunet-social.c:1253 msgid "reconnect to a previously created place" msgstr "" -#: src/social/gnunet-social.c:1263 +#: src/social/gnunet-social.c:1258 msgid "publish something to a place we are hosting" msgstr "" -#: src/social/gnunet-social.c:1268 +#: src/social/gnunet-social.c:1263 msgid "reconnect to a previously entered place" msgstr "" -#: src/social/gnunet-social.c:1273 +#: src/social/gnunet-social.c:1268 msgid "search for state matching exact name" msgstr "" -#: src/social/gnunet-social.c:1278 +#: src/social/gnunet-social.c:1273 msgid "submit something to somebody's place" msgstr "" -#: src/social/gnunet-social.c:1283 +#: src/social/gnunet-social.c:1278 msgid "list of egos and subscribed places" msgstr "" -#: src/social/gnunet-social.c:1288 +#: src/social/gnunet-social.c:1283 msgid "extract and replay history between message IDs --start and --until" msgstr "" -#: src/social/gnunet-social.c:1297 +#: src/social/gnunet-social.c:1292 msgid "application ID to use when connecting" msgstr "" -#: src/social/gnunet-social.c:1303 +#: src/social/gnunet-social.c:1298 msgid "message body or state value" msgstr "" -#: src/social/gnunet-social.c:1309 +#: src/social/gnunet-social.c:1304 #, fuzzy msgid "name or public key of ego" msgstr "“%s”的参数无效。\n" -#: src/social/gnunet-social.c:1314 +#: src/social/gnunet-social.c:1309 #, fuzzy msgid "wait for incoming messages" msgstr "发送消息失败。\n" -#: src/social/gnunet-social.c:1320 +#: src/social/gnunet-social.c:1315 msgid "GNS name" msgstr "" -#: src/social/gnunet-social.c:1326 +#: src/social/gnunet-social.c:1321 msgid "peer ID for --guest-enter" msgstr "" -#: src/social/gnunet-social.c:1332 +#: src/social/gnunet-social.c:1327 msgid "name (key) to query from state" msgstr "" -#: src/social/gnunet-social.c:1338 +#: src/social/gnunet-social.c:1333 msgid "method name" msgstr "" -#: src/social/gnunet-social.c:1344 +#: src/social/gnunet-social.c:1339 #, fuzzy msgid "number of messages to replay from history" msgstr "每次迭代所使用的消息数量" -#: src/social/gnunet-social.c:1350 +#: src/social/gnunet-social.c:1345 msgid "key address of place" msgstr "" -#: src/social/gnunet-social.c:1356 +#: src/social/gnunet-social.c:1351 msgid "start message ID for history replay" msgstr "" -#: src/social/gnunet-social.c:1361 +#: src/social/gnunet-social.c:1356 msgid "respond to entry requests by admitting all guests" msgstr "" -#: src/social/gnunet-social.c:1367 +#: src/social/gnunet-social.c:1362 msgid "end message ID for history replay" msgstr "" -#: src/social/gnunet-social.c:1372 +#: src/social/gnunet-social.c:1367 msgid "respond to entry requests by refusing all guests" msgstr "" -#: src/social/gnunet-social.c:1382 +#: src/social/gnunet-social.c:1377 msgid "" "gnunet-social - Interact with the social service: enter/leave, send/receive " "messages, access history and state.\n" @@ -6368,7 +6542,7 @@ msgid "" msgstr "" #: src/testbed/gnunet-daemon-testbed-underlay.c:231 src/testing/list-keys.c:46 -#: src/testing/testing.c:288 src/util/gnunet-ecc.c:298 +#: src/testing/testing.c:288 src/util/gnunet-ecc.c:301 #, c-format msgid "Incorrect hostkey file format: %s\n" msgstr "" @@ -6438,15 +6612,6 @@ msgstr "" msgid "%.s Unknown result code." msgstr "" -#: src/testbed/gnunet_testbed_mpi_spawn.c:118 -msgid "Waiting for child to exit.\n" -msgstr "" - -#: src/testbed/gnunet_testbed_mpi_spawn.c:241 -#, fuzzy, c-format -msgid "Spawning process `%s'\n" -msgstr "卸载 GNUnet 服务" - #: src/testbed/gnunet-testbed-profiler.c:290 msgid "tolerate COUNT number of continious timeout failures" msgstr "" @@ -6458,6 +6623,15 @@ msgid "" "signal is received" msgstr "" +#: src/testbed/gnunet_testbed_mpi_spawn.c:118 +msgid "Waiting for child to exit.\n" +msgstr "" + +#: src/testbed/gnunet_testbed_mpi_spawn.c:241 +#, fuzzy, c-format +msgid "Spawning process `%s'\n" +msgstr "卸载 GNUnet 服务" + #: src/testbed/testbed_api.c:410 #, fuzzy, c-format msgid "Adding host %u failed with error: %s\n" @@ -6754,10 +6928,6 @@ msgstr "" msgid "GNUnet topology control" msgstr "" -#: src/transport/gnunet-service-transport_ats.c:141 -msgid "# Addresses given to ATS" -msgstr "" - #: src/transport/gnunet-service-transport.c:448 msgid "# messages dropped due to slow client" msgstr "" @@ -6803,6 +6973,10 @@ msgstr "" msgid "Transport service is lacking key configuration settings. Exiting.\n" msgstr "立即保存配置?" +#: src/transport/gnunet-service-transport_ats.c:141 +msgid "# Addresses given to ATS" +msgstr "" + #: src/transport/gnunet-service-transport_hello.c:195 msgid "# refreshed my HELLO" msgstr "" @@ -7107,6 +7281,44 @@ msgstr "" msgid "# validations succeeded" msgstr "" +#: src/transport/gnunet-transport-profiler.c:219 +#, c-format +msgid "%llu B in %llu ms == %.2f KB/s!\n" +msgstr "" + +#: src/transport/gnunet-transport-profiler.c:617 +msgid "send data to peer" +msgstr "" + +#: src/transport/gnunet-transport-profiler.c:621 +msgid "receive data from peer" +msgstr "" + +#: src/transport/gnunet-transport-profiler.c:626 +msgid "iterations" +msgstr "" + +#: src/transport/gnunet-transport-profiler.c:631 +#, fuzzy +msgid "number of messages to send" +msgstr "每次迭代所使用的消息数量" + +#: src/transport/gnunet-transport-profiler.c:636 +#, fuzzy +msgid "message size to use" +msgstr "消息尺寸" + +#: src/transport/gnunet-transport-profiler.c:641 +#: src/transport/gnunet-transport.c:1462 +msgid "peer identity" +msgstr "" + +#: src/transport/gnunet-transport-profiler.c:652 +#: src/transport/gnunet-transport.c:1482 +#, fuzzy +msgid "Direct access to transport service." +msgstr "初始化“%s”服务失败。\n" + #: src/transport/gnunet-transport.c:413 #, c-format msgid "Transmitted %llu bytes/s (%llu bytes in %s)\n" @@ -7243,11 +7455,6 @@ msgstr "" msgid "do not resolve hostnames" msgstr "" -#: src/transport/gnunet-transport.c:1462 -#: src/transport/gnunet-transport-profiler.c:641 -msgid "peer identity" -msgstr "" - #: src/transport/gnunet-transport.c:1466 msgid "monitor plugin sessions" msgstr "" @@ -7256,42 +7463,9 @@ msgstr "" msgid "send data for benchmarking to the other peer (until CTRL-C)" msgstr "" -#: src/transport/gnunet-transport.c:1482 -#: src/transport/gnunet-transport-profiler.c:652 -#, fuzzy -msgid "Direct access to transport service." -msgstr "初始化“%s”服务失败。\n" - -#: src/transport/gnunet-transport-profiler.c:219 -#, c-format -msgid "%llu B in %llu ms == %.2f KB/s!\n" -msgstr "" - -#: src/transport/gnunet-transport-profiler.c:617 -msgid "send data to peer" -msgstr "" - -#: src/transport/gnunet-transport-profiler.c:621 -msgid "receive data from peer" -msgstr "" - -#: src/transport/gnunet-transport-profiler.c:626 -msgid "iterations" -msgstr "" - -#: src/transport/gnunet-transport-profiler.c:631 -#, fuzzy -msgid "number of messages to send" -msgstr "每次迭代所使用的消息数量" - -#: src/transport/gnunet-transport-profiler.c:636 -#, fuzzy -msgid "message size to use" -msgstr "消息尺寸" - #: src/transport/plugin_transport_http_client.c:1474 -#: src/transport/plugin_transport_http_server.c:2249 -#: src/transport/plugin_transport_http_server.c:3463 +#: src/transport/plugin_transport_http_server.c:2312 +#: src/transport/plugin_transport_http_server.c:3526 #: src/transport/plugin_transport_tcp.c:3890 #: src/transport/plugin_transport_tcp.c:3897 msgid "TCP_STEALTH not supported on this platform.\n" @@ -7303,13 +7477,13 @@ msgid "Could not initialize curl multi handle, failed to start %s plugin!\n" msgstr "" #: src/transport/plugin_transport_http_client.c:2164 -#: src/transport/plugin_transport_http_server.c:3178 +#: src/transport/plugin_transport_http_server.c:3241 #, fuzzy, c-format msgid "Shutting down plugin `%s'\n" msgstr "未知的命令“%s”。\n" #: src/transport/plugin_transport_http_client.c:2181 -#: src/transport/plugin_transport_http_server.c:3248 +#: src/transport/plugin_transport_http_server.c:3311 #, c-format msgid "Shutdown for plugin `%s' complete\n" msgstr "" @@ -7319,106 +7493,106 @@ msgstr "" msgid "Maximum number of requests is %u\n" msgstr "增加 TCP/IP 的最大连接数" -#: src/transport/plugin_transport_http_server.c:1727 +#: src/transport/plugin_transport_http_server.c:1756 #, c-format msgid "" "Access from connection %p (%u of %u) for `%s' `%s' url `%s' with upload data " "size %u\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:1967 +#: src/transport/plugin_transport_http_server.c:2028 #, c-format msgid "Accepting connection (%u of %u) from `%s'\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:1975 +#: src/transport/plugin_transport_http_server.c:2036 #, c-format msgid "" "Server reached maximum number connections (%u), rejecting new connection\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2125 +#: src/transport/plugin_transport_http_server.c:2186 msgid "" "Could not create a new TLS certificate, program `gnunet-transport-" "certificate-creation' could not be started!\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2148 +#: src/transport/plugin_transport_http_server.c:2209 #, c-format msgid "No usable TLS certificate found and creating one at `%s/%s' failed!\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2275 +#: src/transport/plugin_transport_http_server.c:2338 msgid "Could not load or create server certificate! Loading plugin failed!\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2587 +#: src/transport/plugin_transport_http_server.c:2650 #, fuzzy msgid "Require valid port number for service in configuration!\n" msgstr "保存配置失败。" -#: src/transport/plugin_transport_http_server.c:2752 +#: src/transport/plugin_transport_http_server.c:2815 #, c-format msgid "Found %u addresses to report to NAT service\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2838 +#: src/transport/plugin_transport_http_server.c:2901 #: src/transport/plugin_transport_udp.c:3622 msgid "Disabling IPv6 since it is not supported on this system!\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2944 +#: src/transport/plugin_transport_http_server.c:3007 #, c-format msgid "IPv4 support is %s\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2959 +#: src/transport/plugin_transport_http_server.c:3022 #, c-format msgid "IPv6 support is %s\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2965 +#: src/transport/plugin_transport_http_server.c:3028 msgid "Neither IPv4 nor IPv6 are enabled! Fix in configuration\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:2976 +#: src/transport/plugin_transport_http_server.c:3039 #, fuzzy msgid "Port is required! Fix in configuration\n" msgstr "" "\n" "结束配置。\n" -#: src/transport/plugin_transport_http_server.c:2982 +#: src/transport/plugin_transport_http_server.c:3045 #, c-format msgid "Using port %u\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:3001 +#: src/transport/plugin_transport_http_server.c:3064 #, c-format msgid "Specific IPv4 address `%s' in configuration file is invalid!\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:3036 +#: src/transport/plugin_transport_http_server.c:3099 #, c-format msgid "Specific IPv6 address `%s' in configuration file is invalid!\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:3111 +#: src/transport/plugin_transport_http_server.c:3174 #, fuzzy, c-format msgid "Using external hostname `%s'\n" msgstr "卸载 GNUnet 服务" -#: src/transport/plugin_transport_http_server.c:3132 +#: src/transport/plugin_transport_http_server.c:3195 #, c-format msgid "Notifying transport only about hostname `%s'\n" msgstr "" -#: src/transport/plugin_transport_http_server.c:3149 +#: src/transport/plugin_transport_http_server.c:3212 #, fuzzy, c-format msgid "Maximum number of connections is %u\n" msgstr "增加 TCP/IP 的最大连接数" -#: src/transport/plugin_transport_http_server.c:3475 +#: src/transport/plugin_transport_http_server.c:3538 #, fuzzy msgid "Unable to compile URL regex\n" msgstr "无法初始化 SQLite:%s。\n" @@ -7565,20 +7739,6 @@ msgstr "" msgid "TCP transport advertises itself as being on port %llu\n" msgstr "" -#: src/transport/plugin_transport_udp_broadcasting.c:168 -msgid "# Multicast HELLO beacons received via UDP" -msgstr "" - -#: src/transport/plugin_transport_udp_broadcasting.c:548 -msgid "" -"Disabling HELLO broadcasting due to friend-to-friend only configuration!\n" -msgstr "" - -#: src/transport/plugin_transport_udp_broadcasting.c:565 -#, c-format -msgid "Failed to set IPv4 broadcast option for broadcast socket on port %d\n" -msgstr "" - #: src/transport/plugin_transport_udp.c:3366 #, c-format msgid "" @@ -7627,6 +7787,20 @@ msgstr "“%s”不可用。\n" msgid "Failed to create UDP network sockets\n" msgstr "发送消息失败。\n" +#: src/transport/plugin_transport_udp_broadcasting.c:168 +msgid "# Multicast HELLO beacons received via UDP" +msgstr "" + +#: src/transport/plugin_transport_udp_broadcasting.c:548 +msgid "" +"Disabling HELLO broadcasting due to friend-to-friend only configuration!\n" +msgstr "" + +#: src/transport/plugin_transport_udp_broadcasting.c:565 +#, c-format +msgid "Failed to set IPv4 broadcast option for broadcast socket on port %d\n" +msgstr "" + #: src/transport/plugin_transport_unix.c:1403 #, fuzzy, c-format msgid "Cannot create path to `%s'\n" @@ -7731,7 +7905,7 @@ msgid "" "`GNUNET_SERVER_receive_done' after %s\n" msgstr "" -#: src/transport/tcp_service_legacy.c:339 src/util/service.c:2337 +#: src/transport/tcp_service_legacy.c:339 src/util/service.c:2336 #, c-format msgid "Unknown address family %d\n" msgstr "" @@ -7776,51 +7950,51 @@ msgstr "运行 %s失败:%s %d\n" msgid "Service `%s' runs at %s\n" msgstr "" -#: src/transport/tcp_service_legacy.c:1251 src/util/service.c:1501 +#: src/transport/tcp_service_legacy.c:1251 src/util/service.c:1500 msgid "Service process failed to initialize\n" msgstr "" -#: src/transport/tcp_service_legacy.c:1255 src/util/service.c:1505 +#: src/transport/tcp_service_legacy.c:1255 src/util/service.c:1504 msgid "Service process could not initialize server function\n" msgstr "" -#: src/transport/tcp_service_legacy.c:1259 src/util/service.c:1509 +#: src/transport/tcp_service_legacy.c:1259 src/util/service.c:1508 msgid "Service process failed to report status\n" msgstr "" #: src/transport/tcp_service_legacy.c:1313 src/util/disk.c:1488 -#: src/util/service.c:1379 +#: src/util/service.c:1378 #, c-format msgid "Cannot obtain information about user `%s': %s\n" msgstr "无法获取有关用户“%s”的信息:%s\n" -#: src/transport/tcp_service_legacy.c:1314 src/util/service.c:1381 +#: src/transport/tcp_service_legacy.c:1314 src/util/service.c:1380 msgid "No such user" msgstr "无此用户" -#: src/transport/tcp_service_legacy.c:1327 src/util/service.c:1400 +#: src/transport/tcp_service_legacy.c:1327 src/util/service.c:1399 #, c-format msgid "Cannot change user/group to `%s': %s\n" msgstr "无法更改用户/组为“%s”:%s\n" -#: src/transport/tcp_service_legacy.c:1398 src/util/service.c:1728 +#: src/transport/tcp_service_legacy.c:1398 src/util/service.c:1727 msgid "do daemonize (detach from terminal)" msgstr "" #: src/transport/tcp_service_legacy.c:1448 src/util/program.c:244 -#: src/util/service.c:1791 +#: src/util/service.c:1790 #, fuzzy, c-format msgid "Malformed configuration file `%s', exit ...\n" msgstr "解析配置文件“%s”失败\n" #: src/transport/tcp_service_legacy.c:1458 src/util/program.c:261 -#: src/util/service.c:1802 +#: src/util/service.c:1801 #, fuzzy msgid "Malformed configuration, exit ...\n" msgstr "解析配置文件“%s”失败\n" #: src/transport/tcp_service_legacy.c:1463 src/util/program.c:256 -#: src/util/service.c:1808 +#: src/util/service.c:1807 #, fuzzy, c-format msgid "Could not access configuration file `%s'\n" msgstr "找不到接口“%s”的一个 IP 地址。\n" @@ -7864,86 +8038,86 @@ msgstr "" msgid "Need a non-empty hostname for service `%s'.\n" msgstr "" -#: src/util/common_logging.c:256 src/util/common_logging.c:1129 +#: src/util/common_logging.c:259 src/util/common_logging.c:1132 msgid "DEBUG" msgstr "调试" -#: src/util/common_logging.c:258 src/util/common_logging.c:1127 +#: src/util/common_logging.c:261 src/util/common_logging.c:1130 msgid "INFO" msgstr "信息" -#: src/util/common_logging.c:260 src/util/common_logging.c:1125 +#: src/util/common_logging.c:263 src/util/common_logging.c:1128 msgid "MESSAGE" msgstr "" -#: src/util/common_logging.c:262 src/util/common_logging.c:1123 +#: src/util/common_logging.c:265 src/util/common_logging.c:1126 msgid "WARNING" msgstr "警告" -#: src/util/common_logging.c:264 src/util/common_logging.c:1121 +#: src/util/common_logging.c:267 src/util/common_logging.c:1124 msgid "ERROR" msgstr "错误" -#: src/util/common_logging.c:266 src/util/common_logging.c:1131 +#: src/util/common_logging.c:269 src/util/common_logging.c:1134 msgid "NONE" msgstr "" -#: src/util/common_logging.c:879 +#: src/util/common_logging.c:882 #, fuzzy, c-format msgid "Message `%.*s' repeated %u times in the last %s\n" msgstr "消息“%.*s”重复了 %u 次,在最近 %llu 秒内\n" -#: src/util/common_logging.c:1132 +#: src/util/common_logging.c:1135 msgid "INVALID" msgstr "" -#: src/util/common_logging.c:1302 +#: src/util/common_logging.c:1326 msgid "unknown address" msgstr "" -#: src/util/common_logging.c:1344 +#: src/util/common_logging.c:1368 msgid "invalid address" msgstr "" -#: src/util/common_logging.c:1362 +#: src/util/common_logging.c:1386 #, fuzzy, c-format msgid "Configuration fails to specify option `%s' in section `%s'!\n" msgstr "配置不满足配置规范文件“%s”的约束!\n" -#: src/util/common_logging.c:1383 +#: src/util/common_logging.c:1407 #, fuzzy, c-format msgid "" "Configuration specifies invalid value for option `%s' in section `%s': %s\n" msgstr "配置不满足配置规范文件“%s”的约束!\n" -#: src/util/configuration.c:286 +#: src/util/configuration.c:296 #, fuzzy, c-format msgid "Syntax error while deserializing in line %u\n" msgstr "配置文件“%s”第 %d 行有语法错误。\n" -#: src/util/configuration.c:344 +#: src/util/configuration.c:355 #, fuzzy, c-format msgid "Error while reading file `%s'\n" msgstr "解析 dscl 输出时出错。\n" -#: src/util/configuration.c:1017 +#: src/util/configuration.c:1034 #, c-format msgid "" "Configuration value '%s' for '%s' in section '%s' is not in set of legal " "choices\n" msgstr "" -#: src/util/configuration.c:1136 +#: src/util/configuration.c:1153 #, c-format msgid "Recursive expansion suspected, aborting $-expansion for term `%s'\n" msgstr "" -#: src/util/configuration.c:1169 +#: src/util/configuration.c:1186 #, fuzzy, c-format msgid "Missing closing `%s' in option `%s'\n" msgstr "配置文件“%s”已写入。\n" -#: src/util/configuration.c:1237 +#: src/util/configuration.c:1254 #, c-format msgid "" "Failed to expand `%s' in `%s' as it is neither found in [PATHS] nor defined " @@ -7977,32 +8151,32 @@ msgstr "对驱动器“%2$s”的“%1$s”操作失败:%3$u\n" msgid "EdDSA signature verification failed at %s:%d: %s\n" msgstr "对驱动器“%2$s”的“%1$s”操作失败:%3$u\n" -#: src/util/crypto_ecc_setup.c:122 src/util/crypto_ecc_setup.c:160 -#: src/util/crypto_ecc_setup.c:278 src/util/crypto_ecc_setup.c:316 +#: src/util/crypto_ecc_setup.c:122 src/util/crypto_ecc_setup.c:161 +#: src/util/crypto_ecc_setup.c:279 src/util/crypto_ecc_setup.c:317 #, fuzzy, c-format msgid "Could not acquire lock on file `%s': %s...\n" msgstr "无法解析“%s”(%s):%s\n" -#: src/util/crypto_ecc_setup.c:127 src/util/crypto_ecc_setup.c:283 +#: src/util/crypto_ecc_setup.c:128 src/util/crypto_ecc_setup.c:284 #, fuzzy msgid "Creating a new private key. This may take a while.\n" msgstr "正在启动数据仓库转换(可能需要一段时间)。\n" -#: src/util/crypto_ecc_setup.c:164 src/util/crypto_ecc_setup.c:320 +#: src/util/crypto_ecc_setup.c:165 src/util/crypto_ecc_setup.c:322 msgid "This may be ok if someone is currently generating a private key.\n" msgstr "" -#: src/util/crypto_ecc_setup.c:194 src/util/crypto_ecc_setup.c:350 +#: src/util/crypto_ecc_setup.c:195 src/util/crypto_ecc_setup.c:352 #, c-format msgid "" "When trying to read key file `%s' I found %u bytes but I need at least %u.\n" msgstr "" -#: src/util/crypto_ecc_setup.c:198 src/util/crypto_ecc_setup.c:354 +#: src/util/crypto_ecc_setup.c:199 src/util/crypto_ecc_setup.c:356 msgid "This may be ok if someone is currently generating a key.\n" msgstr "" -#: src/util/crypto_ecc_setup.c:413 +#: src/util/crypto_ecc_setup.c:415 #, fuzzy msgid "Could not load peer's private key\n" msgstr "找不到接口“%s”的一个 IP 地址。\n" @@ -8193,82 +8367,86 @@ msgstr "" msgid "Manipulate GNUnet configuration files" msgstr "更改配置文件中的一个值" -#: src/util/gnunet-ecc.c:84 +#: src/util/gnunet-ecc.c:89 #, fuzzy, c-format msgid "Failed to open `%s': %s\n" msgstr "打开日志文件“%s”失败:%s\n" -#: src/util/gnunet-ecc.c:120 +#: src/util/gnunet-ecc.c:125 #, c-format msgid "Generating %u keys like %s, please wait" msgstr "" -#: src/util/gnunet-ecc.c:133 +#: src/util/gnunet-ecc.c:138 #, c-format msgid "Generating %u keys, please wait" msgstr "" -#: src/util/gnunet-ecc.c:174 +#: src/util/gnunet-ecc.c:179 #, fuzzy, c-format msgid "" "\n" "Failed to write to `%s': %s\n" msgstr "运行 %s失败:%s %d\n" -#: src/util/gnunet-ecc.c:184 +#: src/util/gnunet-ecc.c:189 #, c-format msgid "" "\n" "Finished!\n" msgstr "" -#: src/util/gnunet-ecc.c:187 +#: src/util/gnunet-ecc.c:192 #, c-format msgid "" "\n" "Error, %u keys not generated\n" msgstr "" -#: src/util/gnunet-ecc.c:280 +#: src/util/gnunet-ecc.c:283 #, c-format msgid "Hostkeys file `%s' not found\n" msgstr "" -#: src/util/gnunet-ecc.c:291 +#: src/util/gnunet-ecc.c:294 #, fuzzy, c-format msgid "Hostkeys file `%s' is empty\n" msgstr "找不到接口“%s”的一个 IP 地址。\n" -#: src/util/gnunet-ecc.c:313 +#: src/util/gnunet-ecc.c:316 #, fuzzy, c-format msgid "Could not read hostkey file: %s\n" msgstr "找不到接口“%s”的一个 IP 地址。\n" -#: src/util/gnunet-ecc.c:364 +#: src/util/gnunet-ecc.c:367 msgid "No hostkey file specified on command line\n" msgstr "" -#: src/util/gnunet-ecc.c:416 +#: src/util/gnunet-ecc.c:425 msgid "list keys included in a file (for testing)" msgstr "" -#: src/util/gnunet-ecc.c:421 +#: src/util/gnunet-ecc.c:430 msgid "number of keys to list included in a file (for testing)" msgstr "" -#: src/util/gnunet-ecc.c:426 +#: src/util/gnunet-ecc.c:435 msgid "create COUNT public-private key pairs (for testing)" msgstr "" -#: src/util/gnunet-ecc.c:430 +#: src/util/gnunet-ecc.c:439 msgid "print the public key in ASCII format" msgstr "" -#: src/util/gnunet-ecc.c:434 +#: src/util/gnunet-ecc.c:443 +msgid "print the public key in HEX format" +msgstr "" + +#: src/util/gnunet-ecc.c:447 msgid "print examples of ECC operations (used for compatibility testing)" msgstr "" -#: src/util/gnunet-ecc.c:449 +#: src/util/gnunet-ecc.c:463 #, fuzzy msgid "Manipulate GNUnet private ECC key files" msgstr "更改配置文件中的一个值" @@ -8362,7 +8540,7 @@ msgstr "创建用户出错" msgid "Unable to shorten unix path `%s' while keeping name unique\n" msgstr "" -#: src/util/network.c:1793 src/util/network.c:1969 +#: src/util/network.c:1793 src/util/network.c:1977 #, c-format msgid "" "Fatal internal logic error, process hangs in `%s' (abort with CTRL-C)!\n" @@ -8415,7 +8593,7 @@ msgstr "" msgid "Could not determine plugin installation path.\n" msgstr "无法确定用户界面定义文件。" -#: src/util/resolver_api.c:204 +#: src/util/resolver_api.c:203 #, c-format msgid "" "Missing `%s' for `%s' in configuration, DNS resolution will be unavailable.\n" @@ -8428,32 +8606,32 @@ msgid "" "resolution will be unavailable.\n" msgstr "" -#: src/util/resolver_api.c:815 +#: src/util/resolver_api.c:826 #, c-format msgid "Timeout trying to resolve hostname `%s'.\n" msgstr "" -#: src/util/resolver_api.c:827 +#: src/util/resolver_api.c:839 #, fuzzy, c-format msgid "Timeout trying to resolve IP address `%s'.\n" msgstr "GNUnet 现在使用 IP 地址 %s。\n" -#: src/util/resolver_api.c:1004 +#: src/util/resolver_api.c:1023 msgid "Resolver not configured correctly.\n" msgstr "" -#: src/util/resolver_api.c:1086 src/util/resolver_api.c:1107 -#: src/util/resolver_api.c:1121 +#: src/util/resolver_api.c:1109 src/util/resolver_api.c:1132 +#: src/util/resolver_api.c:1146 #, fuzzy, c-format msgid "Could not resolve our FQDN: %s\n" msgstr "无法解析“%s”(%s):%s\n" -#: src/util/service.c:1306 +#: src/util/service.c:1305 msgid "" "Could not bind to any of the ports I was supposed to, refusing to run!\n" msgstr "" -#: src/util/service.c:2082 +#: src/util/service.c:2081 #, c-format msgid "" "Processing code for message of type %u did not call " @@ -8530,63 +8708,63 @@ msgstr " 天" msgid "end of time" msgstr "" -#: src/util/strings.c:1269 +#: src/util/strings.c:1270 msgid "IPv6 address did not start with `['\n" msgstr "" -#: src/util/strings.c:1277 +#: src/util/strings.c:1278 msgid "IPv6 address did contain ':' to separate port number\n" msgstr "" -#: src/util/strings.c:1283 +#: src/util/strings.c:1284 msgid "IPv6 address did contain ']' before ':' to separate port number\n" msgstr "" -#: src/util/strings.c:1290 +#: src/util/strings.c:1291 msgid "IPv6 address did contain a valid port number after the last ':'\n" msgstr "" -#: src/util/strings.c:1299 +#: src/util/strings.c:1300 #, fuzzy, c-format msgid "Invalid IPv6 address `%s': %s\n" msgstr "无效的进程优先级“%s”\n" -#: src/util/strings.c:1571 src/util/strings.c:1587 +#: src/util/strings.c:1572 src/util/strings.c:1588 msgid "Port not in range\n" msgstr "" -#: src/util/strings.c:1596 +#: src/util/strings.c:1597 #, fuzzy, c-format msgid "Malformed port policy `%s'\n" msgstr "解析配置文件“%s”失败\n" -#: src/util/strings.c:1679 src/util/strings.c:1710 src/util/strings.c:1758 -#: src/util/strings.c:1779 +#: src/util/strings.c:1680 src/util/strings.c:1711 src/util/strings.c:1759 +#: src/util/strings.c:1780 #, c-format msgid "Invalid format for IP: `%s'\n" msgstr "IP 格式无效:“%s”\n" -#: src/util/strings.c:1736 +#: src/util/strings.c:1737 #, c-format msgid "Invalid network notation ('/%d' is not legal in IPv4 CIDR)." msgstr "网络表示法无效(“/%d” 在 IPv4 CIDR 中是非法的)。" -#: src/util/strings.c:1788 +#: src/util/strings.c:1789 #, fuzzy, c-format msgid "Invalid format: `%s'\n" msgstr "IP 格式无效:“%s”\n" -#: src/util/strings.c:1840 +#: src/util/strings.c:1841 #, c-format msgid "Invalid network notation (does not end with ';': `%s')\n" msgstr "无效的网络表示法(没有以“;”结尾:“%s”)\n" -#: src/util/strings.c:1890 +#: src/util/strings.c:1891 #, c-format msgid "Wrong format `%s' for netmask\n" msgstr "网络掩码的格式“%s”错误\n" -#: src/util/strings.c:1921 +#: src/util/strings.c:1922 #, c-format msgid "Wrong format `%s' for network\n" msgstr "网络的格式“%s”错误\n" @@ -8761,27 +8939,43 @@ msgstr "" msgid "Setup tunnels via VPN." msgstr "" -#: src/zonemaster/gnunet-service-zonemaster.c:705 +#: src/zonemaster/gnunet-service-zonemaster.c:706 #, fuzzy msgid "Failed to connect to the namestore!\n" msgstr "初始化“%s”服务失败。\n" -#: src/include/gnunet_common.h:674 src/include/gnunet_common.h:681 -#: src/include/gnunet_common.h:691 src/include/gnunet_common.h:699 +#: src/include/gnunet_common.h:689 src/include/gnunet_common.h:696 +#: src/include/gnunet_common.h:706 src/include/gnunet_common.h:714 #, c-format msgid "Assertion failed at %s:%d.\n" msgstr "" -#: src/include/gnunet_common.h:711 +#: src/include/gnunet_common.h:726 #, c-format msgid "External protocol violation detected at %s:%d.\n" msgstr "" -#: src/include/gnunet_common.h:738 src/include/gnunet_common.h:747 +#: src/include/gnunet_common.h:753 src/include/gnunet_common.h:762 #, c-format msgid "`%s' failed on file `%s' at %s:%d with error: %s\n" msgstr "" +#, fuzzy +#~ msgid "Token `%s' is malformed\n" +#~ msgstr "“%s”的参数无效。\n" + +#, fuzzy +#~ msgid "Failed to create indices\n" +#~ msgstr "发送消息失败。\n" + +#, fuzzy +#~ msgid "`%s:%s' failed at %s:%d with error: %s\n" +#~ msgstr "“%s”于 %s:%d 处失败,错误为:%s\n" + +#, fuzzy +#~ msgid "Unable to connect to Postgres database '%s': %s\n" +#~ msgstr "无法保存配置文件“%s”:" + #, fuzzy #~ msgid "Misconfiguration (can not connect to the ARM service)" #~ msgstr "初始化“%s”服务失败。\n" @@ -9078,10 +9272,6 @@ msgstr "" #~ msgid "Timeout transmitting iteration request to `SENSOR' service." #~ msgstr "初始化“%s”服务失败。\n" -#, fuzzy -#~ msgid "Error reading sensor version\n" -#~ msgstr "创建用户出错" - #, fuzzy #~ msgid "Error reading sensor category\n" #~ msgstr "创建用户出错" @@ -9404,10 +9594,6 @@ msgstr "" #~ msgid "Could not parse zone key file `%s'\n" #~ msgstr "找不到接口“%s”的一个 IP 地址。\n" -#, fuzzy -#~ msgid "Failed to remove records from database" -#~ msgstr "发送消息失败。\n" - #, fuzzy #~ msgid "Failed to access database" #~ msgstr "打开日志文件“%s”失败:%s\n" -- cgit v1.2.3 From bc44eb0e64dc5def0f9200f2f6329dc0798d5905 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Wed, 25 Oct 2017 14:26:08 +0200 Subject: -add docker entrypoint --- Dockerfile | 4 ++++ docker-entrypoint.sh | 3 +++ 2 files changed, 7 insertions(+) create mode 100644 docker-entrypoint.sh diff --git a/Dockerfile b/Dockerfile index 375c76c4b..044222d80 100644 --- a/Dockerfile +++ b/Dockerfile @@ -56,3 +56,7 @@ RUN groupadd gnunetdns RUN adduser --system -m --home-dir /var/lib/gnunet gnunet RUN chown gnunet:gnunet /var/lib/gnunet RUN echo '[arm]\nSYSTEM_ONLY = YES\nUSER_ONLY = NO\n' > /etc/gnunet.conf + +ADD docker-entrypoint.sh . + +CMD ["sh", "docker-entrypoint.sh"] diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh new file mode 100644 index 000000000..807d86d6f --- /dev/null +++ b/docker-entrypoint.sh @@ -0,0 +1,3 @@ +#!/bin/bash +gnunet-arm -s > $HOME/gnunet.log 2>&1 +exec bash \ No newline at end of file -- cgit v1.2.3 From 2edaa4ebc120bd3c6bd81d9cd292f10151f0539d Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Wed, 25 Oct 2017 14:37:59 +0200 Subject: -add j to make --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 044222d80..3f3e5b29b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -49,7 +49,7 @@ WORKDIR /usr/src/gnunet ADD . . RUN ./bootstrap RUN ./configure --prefix=/usr/local -RUN make +RUN make -j RUN make install RUN groupadd gnunetdns -- cgit v1.2.3 From f431f72d9ab213d8989bfb45366321bbb983d888 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Wed, 25 Oct 2017 14:47:48 +0200 Subject: -fixes --- Dockerfile | 3 ++- src/identity-provider/Makefile.am | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3f3e5b29b..5a193a46d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -47,9 +47,10 @@ RUN git checkout gnuidentity RUN mkdir /usr/src/gnunet WORKDIR /usr/src/gnunet ADD . . +ARG NUM_JOBS RUN ./bootstrap RUN ./configure --prefix=/usr/local -RUN make -j +RUN make -j$NUM_JOBS RUN make install RUN groupadd gnunetdns diff --git a/src/identity-provider/Makefile.am b/src/identity-provider/Makefile.am index 6a56b2e91..f64f1aa68 100644 --- a/src/identity-provider/Makefile.am +++ b/src/identity-provider/Makefile.am @@ -52,7 +52,7 @@ libgnunet_plugin_gnsrecord_identity_provider_la_LDFLAGS = \ libgnunet_plugin_identity_provider_sqlite_la_SOURCES = \ plugin_identity_provider_sqlite.c libgnunet_plugin_identity_provider_sqlite_la_LIBADD = \ - $(top_builddir)/src/identity-provider/libgnunetidentityprovider.la \ + libgnunetidentityprovider.la \ $(top_builddir)/src/sq/libgnunetsq.la \ $(top_builddir)/src/statistics/libgnunetstatistics.la \ $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) -lsqlite3 \ @@ -72,7 +72,7 @@ gnunet_service_identity_provider_LDADD = \ $(top_builddir)/src/identity/libgnunetidentity.la \ $(top_builddir)/src/statistics/libgnunetstatistics.la \ $(top_builddir)/src/credential/libgnunetcredential.la \ - $(top_builddir)/src/identity-provider/libgnunetidentityprovider.la \ + libgnunetidentityprovider.la \ $(top_builddir)/src/gns/libgnunetgns.la \ $(GN_LIBINTL) -- cgit v1.2.3 From 8af95178c5c1ee764091b5e082a1b724ccf35108 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Fri, 27 Oct 2017 13:39:57 +0200 Subject: -fix --- src/identity-provider/gnunet-service-identity-provider.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 85291d69a..1c2f31ed3 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -1719,7 +1719,7 @@ process_consume_abe_key (void *cls, uint32_t rd_count, lookup_query, &handle->ticket.identity, GNUNET_GNSRECORD_TYPE_ID_ATTR, - GNUNET_GNS_LO_LOCAL_MASTER, + GNUNET_GNS_LO_DEFAULT, &process_parallel_lookup2, parallel_lookup); GNUNET_CONTAINER_DLL_insert (handle->parallel_lookups_head, @@ -1773,7 +1773,7 @@ handle_consume_ticket_message (void *cls, lookup_query, &ch->ticket.identity, GNUNET_GNSRECORD_TYPE_ABE_KEY, - GNUNET_GNS_LO_LOCAL_MASTER, + GNUNET_GNS_LO_DEFAULT, &process_consume_abe_key, ch); GNUNET_free (rnd_label); -- cgit v1.2.3 From 08ea93ee62022a31040e1f1e1b62cf4092c2331b Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Fri, 27 Oct 2017 14:07:18 +0200 Subject: -add stats --- .../gnunet-service-identity-provider.c | 44 ++++++++++++++++++++-- 1 file changed, 40 insertions(+), 4 deletions(-) diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 1c2f31ed3..2e67dc1eb 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -93,6 +93,11 @@ static struct GNUNET_GNS_Handle *gns_handle; */ static struct GNUNET_CREDENTIAL_Handle *credential_handle; +/** + * Stats handle + */ +static struct GNUNET_STATISTICS_Handle *stats_handle; + /** * Namestore qe */ @@ -425,6 +430,10 @@ struct ConsumeTicketHandle */ struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs; + /** + * Lookup time + */ + struct GNUNET_TIME_Absolute lookup_start_time; /** * request id @@ -449,6 +458,11 @@ struct ParallelLookup /* The handle the return to */ struct ConsumeTicketHandle *handle; + /** + * Lookup time + */ + struct GNUNET_TIME_Absolute lookup_start_time; + /* The label to look up */ char *label; }; @@ -620,6 +634,8 @@ cleanup() GNUNET_NAMESTORE_cancel (ns_qe); if (NULL != ns_handle) GNUNET_NAMESTORE_disconnect (ns_handle); + if (NULL != stats_handle) + GNUNET_STATISTICS_destroy (stats_handle, GNUNET_NO); if (NULL != token) GNUNET_free (token); if (NULL != label) @@ -1569,6 +1585,17 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count, handle->parallel_lookups_tail, parallel_lookup); GNUNET_free (parallel_lookup->label); + + GNUNET_STATISTICS_update (stats_handle, + "attribute_lookup_time_total", + GNUNET_TIME_absolute_get_duration (parallel_lookup->lookup_start_time).rel_value_us, + GNUNET_YES); + GNUNET_STATISTICS_update (stats_handle, + "attribute_lookups_count", + 1, + GNUNET_YES); + + GNUNET_free (parallel_lookup); if (1 != rd_count) GNUNET_break(0);//TODO @@ -1696,7 +1723,14 @@ process_consume_abe_key (void *cls, uint32_t rd_count, GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Decrypted bytes: %zd Expected bytes: %zd\n", size, rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); - + GNUNET_STATISTICS_update (stats_handle, + "abe_key_lookup_time_total", + GNUNET_TIME_absolute_get_duration (handle->lookup_start_time).rel_value_us, + GNUNET_YES); + GNUNET_STATISTICS_update (stats_handle, + "abe_key_lookups_count", + 1, + GNUNET_YES); scopes = GNUNET_strdup (buf); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Scopes %s\n", scopes); @@ -1714,6 +1748,7 @@ process_consume_abe_key (void *cls, uint32_t rd_count, parallel_lookup = GNUNET_new (struct ParallelLookup); parallel_lookup->handle = handle; parallel_lookup->label = GNUNET_strdup (scope); + parallel_lookup->lookup_start_time = GNUNET_TIME_absolute_get(); parallel_lookup->lookup_request = GNUNET_GNS_lookup (gns_handle, lookup_query, @@ -1767,7 +1802,7 @@ handle_consume_ticket_message (void *cls, rnd_label); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Looking for ABE key under %s\n", lookup_query); - + ch->lookup_start_time = GNUNET_TIME_absolute_get (); ch->lookup_request = GNUNET_GNS_lookup (gns_handle, lookup_query, @@ -2069,7 +2104,7 @@ iterate_after_abe_bootstrap (void *cls, void iterate_next_after_abe_bootstrap (void *cls, - struct GNUNET_CRYPTO_AbeMasterKey *abe_key) + struct GNUNET_CRYPTO_AbeMasterKey *abe_key) { struct AttributeIterator *ai = cls; ai->abe_key = abe_key; @@ -2440,7 +2475,8 @@ run (void *cls, identity_handle = GNUNET_IDENTITY_connect (cfg, NULL, NULL); - + stats_handle = GNUNET_STATISTICS_create ("identity-provider", + cfg); /* Loading DB plugin */ if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (cfg, -- cgit v1.2.3 From 14c62ed969ace8843154d10b55d4c3571383dc37 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Tue, 7 Nov 2017 16:26:56 +0100 Subject: -add decrypt stats --- src/identity-provider/gnunet-service-identity-provider.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 2e67dc1eb..58dea88a7 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -1576,6 +1576,7 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count, struct ConsumeTicketResultMessage *crm; struct GNUNET_MQ_Envelope *env; struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *attr_le; + struct GNUNET_TIME_Absolute decrypt_duration; char *data; char *data_tmp; ssize_t attr_len; @@ -1601,12 +1602,22 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count, GNUNET_break(0);//TODO if (rd->record_type == GNUNET_GNSRECORD_TYPE_ID_ATTR) { + decrypt_duration = GNUNET_TIME_absolute_get (); attr_len = GNUNET_CRYPTO_cpabe_decrypt (rd->data + sizeof (uint32_t), rd->data_size - sizeof (uint32_t), handle->key, (void**)&data); if (GNUNET_SYSERR != attr_len) { + GNUNET_STATISTICS_update (stats_handle, + "abe_decrypt_time_total", + GNUNET_TIME_absolute_get_duration (decrypt_duration).rel_value_us, + GNUNET_YES); + GNUNET_STATISTICS_update (stats_handle, + "abe_decrypt_count", + 1, + GNUNET_YES); + attr_le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry); attr_le->attribute = attribute_deserialize (data, attr_len); -- cgit v1.2.3 From a9a7ac802811e76e33b54040bf31f00ea9438cea Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sat, 2 Dec 2017 22:32:28 +0100 Subject: -refactored --- configure.ac | 1 + po/POTFILES.in | 3 +- src/Makefile.am | 2 + src/identity-attribute/Makefile.am | 44 ++++ src/identity-attribute/identity_attribute.c | 245 +++++++++++++++++++++ src/identity-attribute/identity_attribute.h | 56 +++++ .../plugin_identity_attribute_gnuid.c | 184 ++++++++++++++++ src/identity-provider/Makefile.am | 12 +- src/identity-provider/gnunet-idp.c | 26 +-- .../gnunet-service-identity-provider.c | 120 +++++----- src/identity-provider/identity_attribute.c | 245 --------------------- src/identity-provider/identity_attribute.h | 149 ------------- src/identity-provider/identity_provider_api.c | 49 ++--- .../plugin_identity_provider_sqlite.c | 14 +- .../plugin_rest_identity_provider.c | 11 +- src/include/gnunet_identity_attribute_lib.h | 231 +++++++++++++++++++ src/include/gnunet_identity_attribute_plugin.h | 149 +++++++++++++ src/include/gnunet_identity_provider_plugin.h | 5 +- src/include/gnunet_identity_provider_service.h | 109 +-------- 19 files changed, 1027 insertions(+), 628 deletions(-) create mode 100644 src/identity-attribute/Makefile.am create mode 100644 src/identity-attribute/identity_attribute.c create mode 100644 src/identity-attribute/identity_attribute.h create mode 100644 src/identity-attribute/plugin_identity_attribute_gnuid.c delete mode 100644 src/identity-provider/identity_attribute.c delete mode 100644 src/identity-provider/identity_attribute.h create mode 100644 src/include/gnunet_identity_attribute_lib.h create mode 100644 src/include/gnunet_identity_attribute_plugin.h diff --git a/configure.ac b/configure.ac index 206a407fa..e0d92fb8c 100644 --- a/configure.ac +++ b/configure.ac @@ -1654,6 +1654,7 @@ src/vpn/vpn.conf src/zonemaster/Makefile src/zonemaster/zonemaster.conf src/rest/Makefile +src/identity-attribute/Makefile src/identity-provider/Makefile pkgconfig/Makefile pkgconfig/gnunetarm.pc diff --git a/po/POTFILES.in b/po/POTFILES.in index 3444e321b..b06eb3a9f 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -196,9 +196,10 @@ src/hello/hello.c src/hostlist/gnunet-daemon-hostlist.c src/hostlist/gnunet-daemon-hostlist_client.c src/hostlist/gnunet-daemon-hostlist_server.c +src/identity-attribute/identity_attribute.c +src/identity-attribute/plugin_identity_attribute_type_gnuid.c src/identity-provider/gnunet-idp.c src/identity-provider/gnunet-service-identity-provider.c -src/identity-provider/identity_attribute.c src/identity-provider/identity_provider_api.c src/identity-provider/jwt.c src/identity-provider/plugin_gnsrecord_identity_provider.c diff --git a/src/Makefile.am b/src/Makefile.am index e4d7d8924..68878b5a0 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -17,6 +17,7 @@ endif if HAVE_JSON if HAVE_MHD + ATTRIBUTE_DIR = identity-attribute PROVIDER_DIR = identity-provider endif endif @@ -131,6 +132,7 @@ SUBDIRS = \ social \ $(AUCTION_DIR) \ $(EXP_DIR) \ + $(ATTRIBUTE_DIR) \ $(PROVIDER_DIR) endif diff --git a/src/identity-attribute/Makefile.am b/src/identity-attribute/Makefile.am new file mode 100644 index 000000000..770bc2ead --- /dev/null +++ b/src/identity-attribute/Makefile.am @@ -0,0 +1,44 @@ +# This Makefile.am is in the public domain +AM_CPPFLAGS = -I$(top_srcdir)/src/include + +plugindir = $(libdir)/gnunet + +pkgcfgdir= $(pkgdatadir)/config.d/ + +libexecdir= $(pkglibdir)/libexec/ + +if MINGW + WINFLAGS = -Wl,--no-undefined -Wl,--export-all-symbols +endif + +if USE_COVERAGE + AM_CFLAGS = --coverage -O0 + XLIBS = -lgcov +endif + +lib_LTLIBRARIES = \ + libgnunetidentityattribute.la + +libgnunetidentityattribute_la_SOURCES = \ + identity_attribute.c +libgnunetidentityattribute_la_LIBADD = \ + $(top_builddir)/src/util/libgnunetutil.la \ + $(GN_LIBINTL) +libgnunetidentityattribute_la_LDFLAGS = \ + $(GN_LIB_LDFLAGS) $(WINFLAGS) \ + -version-info 0:0:0 + + +plugin_LTLIBRARIES = \ + libgnunet_plugin_identity_attribute_gnuid.la + + +libgnunet_plugin_identity_attribute_gnuid_la_SOURCES = \ + plugin_identity_attribute_gnuid.c +libgnunet_plugin_identity_attribute_gnuid_la_LIBADD = \ + $(top_builddir)/src/util/libgnunetutil.la \ + $(LTLIBINTL) +libgnunet_plugin_gnsrecord_dns_la_LDFLAGS = \ + $(GN_PLUGIN_LDFLAGS) + + diff --git a/src/identity-attribute/identity_attribute.c b/src/identity-attribute/identity_attribute.c new file mode 100644 index 000000000..377eb3211 --- /dev/null +++ b/src/identity-attribute/identity_attribute.c @@ -0,0 +1,245 @@ +/* + This file is part of GNUnet + Copyright (C) 2010-2015 GNUnet e.V. + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. + */ + +/** + * @file identity-provider/identity_attribute.c + * @brief helper library to manage identity attributes + * @author Martin Schanzenbach + */ +#include "platform.h" +#include "gnunet_util_lib.h" +#include "identity_attribute.h" + +/** + * Create a new attribute. + * + * @param name the attribute name + * @param type the attribute type + * @param data the attribute value + * @param data_size the attribute value size + * @return the new attribute + */ +struct GNUNET_IDENTITY_ATTRIBUTE_Claim * +GNUNET_IDENTITY_ATTRIBUTE_claim_new (const char* attr_name, + uint32_t attr_type, + const void* data, + size_t data_size) +{ + struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr; + char *write_ptr; + + attr = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_ATTRIBUTE_Claim) + + strlen (attr_name) + 1 + + data_size); + attr->type = attr_type; + attr->data_size = data_size; + attr->version = 0; + write_ptr = (char*)&attr[1]; + GNUNET_memcpy (write_ptr, + attr_name, + strlen (attr_name) + 1); + attr->name = write_ptr; + write_ptr += strlen (attr->name) + 1; + GNUNET_memcpy (write_ptr, + data, + data_size); + attr->data = write_ptr; + return attr; +} + +size_t +GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs) +{ + struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; + size_t len = 0; + for (le = attrs->list_head; NULL != le; le = le->next) + len += GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (le->claim); + return len; +} + +size_t +GNUNET_IDENTITY_ATTRIBUTE_list_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs, + char *result) +{ + struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; + size_t len; + size_t total_len; + char* write_ptr; + + write_ptr = result; + total_len = 0; + for (le = attrs->list_head; NULL != le; le = le->next) + { + len = GNUNET_IDENTITY_ATTRIBUTE_serialize (le->claim, + write_ptr); + total_len += len; + write_ptr += len; + } + return total_len; +} + +struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList * +GNUNET_IDENTITY_ATTRIBUTE_list_deserialize (const char* data, + size_t data_size) +{ + struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs; + struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; + size_t attr_len; + const char* read_ptr; + + if (data_size < sizeof (struct Attribute)) + return NULL; + + attrs = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList); + read_ptr = data; + while (((data + data_size) - read_ptr) >= sizeof (struct Attribute)) + { + + le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry); + le->claim = GNUNET_IDENTITY_ATTRIBUTE_deserialize (read_ptr, + data_size - (read_ptr - data)); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Deserialized attribute %s\n", le->claim->name); + GNUNET_CONTAINER_DLL_insert (attrs->list_head, + attrs->list_tail, + le); + attr_len = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (le->claim); + read_ptr += attr_len; + } + return attrs; +} + +struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList* +GNUNET_IDENTITY_ATTRIBUTE_list_dup (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs) +{ + struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; + struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *result_le; + struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *result; + size_t len; + + result = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList); + for (le = attrs->list_head; NULL != le; le = le->next) + { + result_le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry); + len = sizeof (struct GNUNET_IDENTITY_ATTRIBUTE_Claim) + le->claim->data_size; + result_le->claim = GNUNET_malloc (len); + GNUNET_memcpy (result_le->claim, + le->claim, + len); + result_le->claim->name = (const char*)&result_le->claim[1]; + GNUNET_CONTAINER_DLL_insert (result->list_head, + result->list_tail, + result_le); + } + return result; +} + + +void +GNUNET_IDENTITY_ATTRIBUTE_list_destroy (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs) +{ + struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; + struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *tmp_le; + + for (le = attrs->list_head; NULL != le;) + { + GNUNET_free (le->claim); + tmp_le = le; + le = le->next; + GNUNET_free (tmp_le); + } + GNUNET_free (attrs); + +} + +size_t +GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr) +{ + return sizeof (struct Attribute) + + strlen (attr->name) + + attr->data_size; +} + +size_t +GNUNET_IDENTITY_ATTRIBUTE_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr, + char *result) +{ + size_t data_len_ser; + size_t name_len; + struct Attribute *attr_ser; + char* write_ptr; + + attr_ser = (struct Attribute*)result; + attr_ser->attribute_type = htons (attr->type); + attr_ser->attribute_version = htonl (attr->version); + name_len = strlen (attr->name); + attr_ser->name_len = htons (name_len); + write_ptr = (char*)&attr_ser[1]; + GNUNET_memcpy (write_ptr, attr->name, name_len); + write_ptr += name_len; + //TODO plugin-ize + //data_len_ser = plugin->serialize_attribute_value (attr, + // &attr_ser[1]); + data_len_ser = attr->data_size; + GNUNET_memcpy (write_ptr, attr->data, attr->data_size); + attr_ser->data_size = htons (data_len_ser); + + return sizeof (struct Attribute) + strlen (attr->name) + attr->data_size; +} + +struct GNUNET_IDENTITY_ATTRIBUTE_Claim * +GNUNET_IDENTITY_ATTRIBUTE_deserialize (const char* data, + size_t data_size) +{ + struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr; + struct Attribute *attr_ser; + size_t data_len; + size_t name_len; + char* write_ptr; + + if (data_size < sizeof (struct Attribute)) + return NULL; + + attr_ser = (struct Attribute*)data; + data_len = ntohs (attr_ser->data_size); + name_len = ntohs (attr_ser->name_len); + attr = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_ATTRIBUTE_Claim) + + data_len + name_len + 1); + attr->type = ntohs (attr_ser->attribute_type); + attr->version = ntohl (attr_ser->attribute_version); + attr->data_size = ntohs (attr_ser->data_size); + + write_ptr = (char*)&attr[1]; + GNUNET_memcpy (write_ptr, + &attr_ser[1], + name_len); + write_ptr[name_len] = '\0'; + attr->name = write_ptr; + + write_ptr += name_len + 1; + GNUNET_memcpy (write_ptr, + (char*)&attr_ser[1] + name_len, + attr->data_size); + attr->data = write_ptr; + return attr; + +} + +/* end of identity_attribute.c */ diff --git a/src/identity-attribute/identity_attribute.h b/src/identity-attribute/identity_attribute.h new file mode 100644 index 000000000..046321807 --- /dev/null +++ b/src/identity-attribute/identity_attribute.h @@ -0,0 +1,56 @@ +/* + This file is part of GNUnet. + Copyright (C) 2012-2015 GNUnet e.V. + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. + */ +/** + * @author Martin Schanzenbach + * @file identity-provider/identity_attribute.h + * @brief GNUnet Identity Provider library + * + */ +#ifndef IDENTITY_ATTRIBUTE_H +#define IDENTITY_ATTRIBUTE_H + +#include "gnunet_identity_provider_service.h" + +struct Attribute +{ + /** + * Attribute type + */ + uint32_t attribute_type; + + /** + * Attribute version + */ + uint32_t attribute_version; + + /** + * Name length + */ + uint32_t name_len; + + /** + * Data size + */ + uint32_t data_size; + + //followed by data_size Attribute value data +}; + +#endif diff --git a/src/identity-attribute/plugin_identity_attribute_gnuid.c b/src/identity-attribute/plugin_identity_attribute_gnuid.c new file mode 100644 index 000000000..ba460d0a5 --- /dev/null +++ b/src/identity-attribute/plugin_identity_attribute_gnuid.c @@ -0,0 +1,184 @@ +/* + This file is part of GNUnet + Copyright (C) 2013, 2014, 2016 GNUnet e.V. + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. +*/ + +/** + * @file identity-provider/plugin_identity_attribute_gnuid.c + * @brief identity attribute plugin to provide the API for fundamental + * attribute types. + * + * @author Martin Schanzenbach + */ +#include "platform.h" +#include "gnunet_util_lib.h" +#include "gnunet_identity_attribute_plugin.h" +#include + + +/** + * Convert the 'value' of an attribute to a string. + * + * @param cls closure, unused + * @param type type of the attribute + * @param data value in binary encoding + * @param data_size number of bytes in @a data + * @return NULL on error, otherwise human-readable representation of the value + */ +static char * +gnuid_value_to_string (void *cls, + uint32_t type, + const void *data, + size_t data_size) +{ + + switch (type) + { + case GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING: + return GNUNET_strndup (data, data_size); + default: + return NULL; + } +} + + +/** + * Convert human-readable version of a 'value' of an attribute to the binary + * representation. + * + * @param cls closure, unused + * @param type type of the attribute + * @param s human-readable string + * @param data set to value in binary encoding (will be allocated) + * @param data_size set to number of bytes in @a data + * @return #GNUNET_OK on success + */ +static int +gnuid_string_to_value (void *cls, + uint32_t type, + const char *s, + void **data, + size_t *data_size) +{ + if (NULL == s) + return GNUNET_SYSERR; + switch (type) + { + + case GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING: + *data = GNUNET_strdup (s); + *data_size = strlen (s); + return GNUNET_OK; + default: + return GNUNET_SYSERR; + } +} + + +/** + * Mapping of attribute type numbers to human-readable + * attribute type names. + */ +static struct { + const char *name; + uint32_t number; +} gnuid_name_map[] = { + { "STRING", GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING }, + { NULL, UINT32_MAX } +}; + + +/** + * Convert a type name to the corresponding number. + * + * @param cls closure, unused + * @param gnuid_typename name to convert + * @return corresponding number, UINT32_MAX on error + */ +static uint32_t +gnuid_typename_to_number (void *cls, + const char *gnuid_typename) +{ + unsigned int i; + + i=0; + while ( (NULL != gnuid_name_map[i].name) && + (0 != strcasecmp (gnuid_typename, + gnuid_name_map[i].name)) ) + i++; + return gnuid_name_map[i].number; +} + + +/** + * Convert a type number (i.e. 1) to the corresponding type string + * + * @param cls closure, unused + * @param type number of a type to convert + * @return corresponding typestring, NULL on error + */ +static const char * +gnuid_number_to_typename (void *cls, + uint32_t type) +{ + unsigned int i; + + i=0; + while ( (NULL != gnuid_name_map[i].name) && + (type != gnuid_name_map[i].number) ) + i++; + return gnuid_name_map[i].name; +} + + +/** + * Entry point for the plugin. + * + * @param cls NULL + * @return the exported block API + */ +void * +libgnunet_plugin_attribute_type_gnuid_init (void *cls) +{ + struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions *api; + + api = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions); + api->value_to_string = &gnuid_value_to_string; + api->string_to_value = &gnuid_string_to_value; + api->typename_to_number = &gnuid_typename_to_number; + api->number_to_typename = &gnuid_number_to_typename; + return api; +} + + +/** + * Exit point from the plugin. + * + * @param cls the return value from #libgnunet_plugin_block_test_init() + * @return NULL + */ +void * +libgnunet_plugin_attribute_type_gnuid_done (void *cls) +{ + struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions *api = cls; + + GNUNET_free (api); + return NULL; +} + +/* end of plugin_identity_attribute_type_gnuid.c */ diff --git a/src/identity-provider/Makefile.am b/src/identity-provider/Makefile.am index f64f1aa68..3b072e59d 100644 --- a/src/identity-provider/Makefile.am +++ b/src/identity-provider/Makefile.am @@ -63,8 +63,7 @@ libgnunet_plugin_identity_provider_sqlite_la_LDFLAGS = \ gnunet_service_identity_provider_SOURCES = \ - gnunet-service-identity-provider.c \ - identity_attribute.h + gnunet-service-identity-provider.c gnunet_service_identity_provider_LDADD = \ $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \ $(top_builddir)/src/util/libgnunetutil.la \ @@ -72,14 +71,14 @@ gnunet_service_identity_provider_LDADD = \ $(top_builddir)/src/identity/libgnunetidentity.la \ $(top_builddir)/src/statistics/libgnunetstatistics.la \ $(top_builddir)/src/credential/libgnunetcredential.la \ + $(top_builddir)/src/identity-attribute/libgnunetidentityattribute.la \ libgnunetidentityprovider.la \ $(top_builddir)/src/gns/libgnunetgns.la \ $(GN_LIBINTL) libgnunetidentityprovider_la_SOURCES = \ identity_provider_api.c \ - identity_provider.h \ - identity_attribute.c + identity_provider.h libgnunetidentityprovider_la_LIBADD = \ $(top_builddir)/src/util/libgnunetutil.la \ $(GN_LIBINTL) $(XLIB) @@ -88,13 +87,13 @@ libgnunetidentityprovider_la_LDFLAGS = \ -version-info 0:0:0 libgnunet_plugin_rest_identity_provider_la_SOURCES = \ - plugin_rest_identity_provider.c \ - jwt.c + plugin_rest_identity_provider.c libgnunet_plugin_rest_identity_provider_la_LIBADD = \ $(top_builddir)/src/identity/libgnunetidentity.la \ libgnunetidentityprovider.la \ $(top_builddir)/src/rest/libgnunetrest.la \ $(top_builddir)/src/jsonapi/libgnunetjsonapi.la \ + $(top_builddir)/src/identity-attribute/libgnunetidentityattribute.la \ $(top_builddir)/src/namestore/libgnunetnamestore.la \ $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \ $(LTLIBINTL) -ljansson -lmicrohttpd @@ -108,6 +107,7 @@ gnunet_idp_LDADD = \ $(top_builddir)/src/namestore/libgnunetnamestore.la \ libgnunetidentityprovider.la \ $(top_builddir)/src/identity/libgnunetidentity.la \ + $(top_builddir)/src/identity-attribute/libgnunetidentityattribute.la \ $(GN_LIBINTL) check_SCRIPTS = \ diff --git a/src/identity-provider/gnunet-idp.c b/src/identity-provider/gnunet-idp.c index 88136c124..18a5676c0 100644 --- a/src/identity-provider/gnunet-idp.c +++ b/src/identity-provider/gnunet-idp.c @@ -119,7 +119,7 @@ static struct GNUNET_IDENTITY_PROVIDER_Ticket ticket; /** * Attribute list */ -static struct GNUNET_IDENTITY_PROVIDER_AttributeList *attr_list; +static struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attr_list; static void do_cleanup(void *cls) @@ -166,7 +166,7 @@ store_attr_cont (void *cls, static void process_attrs (void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, - const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr) + const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr) { if (NULL == identity) { @@ -207,7 +207,7 @@ process_rvk (void *cls, int success, const char* msg) static void iter_finished (void *cls) { - struct GNUNET_IDENTITY_PROVIDER_Attribute *attr; + struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr; attr_iterator = NULL; if (list) @@ -244,8 +244,8 @@ iter_finished (void *cls) NULL); return; } - attr = GNUNET_IDENTITY_PROVIDER_attribute_new (attr_name, - GNUNET_IDENTITY_PROVIDER_AT_STRING, + attr = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr_name, + GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING, attr_value, strlen (attr_value) + 1); idp_op = GNUNET_IDENTITY_PROVIDER_attribute_store (idp_handle, @@ -260,9 +260,9 @@ iter_finished (void *cls) static void iter_cb (void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, - const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr) + const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr) { - struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; + struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; char *attrs_tmp; char *attr_str; @@ -275,11 +275,11 @@ iter_cb (void *cls, attr_str = strtok (NULL, ","); continue; } - le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry); - le->attribute = GNUNET_IDENTITY_PROVIDER_attribute_new (attr->name, - attr->attribute_type, - attr->data, - attr->data_size); + le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry); + le->claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr->name, + attr->type, + attr->data, + attr->data_size); GNUNET_CONTAINER_DLL_insert (attr_list->list_head, attr_list->list_tail, le); @@ -321,7 +321,7 @@ ego_cb (void *cls, sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket)); - attr_list = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList); + attr_list = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList); attr_iterator = GNUNET_IDENTITY_PROVIDER_get_attributes_start (idp_handle, pkey, diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 58dea88a7..a5c178aa5 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -34,9 +34,9 @@ #include "gnunet_statistics_service.h" #include "gnunet_gns_service.h" #include "gnunet_identity_provider_plugin.h" +#include "gnunet_identity_attribute_lib.h" #include "gnunet_signatures.h" #include "identity_provider.h" -#include "identity_attribute.h" /** * First pass state @@ -365,7 +365,7 @@ struct AttributeStoreHandle /** * The attribute to store */ - struct GNUNET_IDENTITY_PROVIDER_Attribute *attribute; + struct GNUNET_IDENTITY_ATTRIBUTE_Claim *claim; /** * request id @@ -428,7 +428,7 @@ struct ConsumeTicketHandle /** * Attributes */ - struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs; + struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs; /** * Lookup time @@ -490,12 +490,12 @@ struct TicketRevocationHandle /** * Attributes to reissue */ - struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs; + struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs; /** * Attributes to revoke */ - struct GNUNET_IDENTITY_PROVIDER_AttributeList *rvk_attrs; + struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *rvk_attrs; /** * Issuer Key @@ -549,7 +549,7 @@ struct TicketIssueHandle /** * Attributes to issue */ - struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs; + struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs; /** * Issuer Key @@ -809,7 +809,7 @@ static void cleanup_ticket_issue_handle (struct TicketIssueHandle *handle) { if (NULL != handle->attrs) - attribute_list_destroy (handle->attrs); + GNUNET_IDENTITY_ATTRIBUTE_list_destroy (handle->attrs); if (NULL != handle->ns_qe) GNUNET_NAMESTORE_cancel (handle->ns_qe); GNUNET_free (handle); @@ -820,7 +820,7 @@ static void send_ticket_result (struct IdpClient *client, uint32_t r_id, const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs) + const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs) { struct TicketResultMessage *irm; struct GNUNET_MQ_Envelope *env; @@ -873,13 +873,13 @@ store_ticket_issue_cont (void *cls, int serialize_abe_keyinfo2 (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs, + const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs, const struct GNUNET_CRYPTO_AbeKey *rp_key, struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey, char **result) { struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey; - struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; + struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; char *enc_keyinfo; char *serialized_key; char *buf; @@ -896,7 +896,7 @@ serialize_abe_keyinfo2 (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, (void**)&serialized_key); attrs_str_len = 0; for (le = attrs->list_head; NULL != le; le = le->next) { - attrs_str_len += strlen (le->attribute->name) + 1; + attrs_str_len += strlen (le->claim->name) + 1; } buf = GNUNET_malloc (attrs_str_len + size); write_ptr = buf; @@ -904,14 +904,14 @@ serialize_abe_keyinfo2 (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, "Writing attributes\n"); for (le = attrs->list_head; NULL != le; le = le->next) { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "%s\n", le->attribute->name); + "%s\n", le->claim->name); GNUNET_memcpy (write_ptr, - le->attribute->name, - strlen (le->attribute->name)); - write_ptr[strlen (le->attribute->name)] = ','; - write_ptr += strlen (le->attribute->name) + 1; + le->claim->name, + strlen (le->claim->name)); + write_ptr[strlen (le->claim->name)] = ','; + write_ptr += strlen (le->claim->name) + 1; } write_ptr--; write_ptr[0] = '\0'; //replace last , with a 0-terminator @@ -954,7 +954,7 @@ issue_ticket_after_abe_bootstrap (void *cls, struct GNUNET_CRYPTO_AbeMasterKey *abe_key) { struct TicketIssueHandle *ih = cls; - struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; + struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; struct GNUNET_GNSRECORD_Data code_record[1]; struct GNUNET_CRYPTO_AbeKey *rp_key; @@ -974,8 +974,8 @@ issue_ticket_after_abe_bootstrap (void *cls, i = 0; for (le = ih->attrs->list_head; NULL != le; le = le->next) { GNUNET_asprintf (&policy, "%s_%lu", - le->attribute->name, - le->attribute->attribute_version); + le->claim->name, + le->claim->version); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute to key: %s\n", policy); @@ -1061,7 +1061,7 @@ handle_issue_ticket_message (void *cls, ih = GNUNET_new (struct TicketIssueHandle); attrs_len = ntohs (im->attr_len); - ih->attrs = attribute_list_deserialize ((char*)&im[1], attrs_len); + ih->attrs = GNUNET_IDENTITY_ATTRIBUTE_list_deserialize ((char*)&im[1], attrs_len); ih->r_id = ntohl (im->id); ih->client = idp; ih->identity = im->identity; @@ -1087,9 +1087,9 @@ static void cleanup_revoke_ticket_handle (struct TicketRevocationHandle *handle) { if (NULL != handle->attrs) - attribute_list_destroy (handle->attrs); + GNUNET_IDENTITY_ATTRIBUTE_list_destroy (handle->attrs); if (NULL != handle->rvk_attrs) - attribute_list_destroy (handle->rvk_attrs); + GNUNET_IDENTITY_ATTRIBUTE_list_destroy (handle->rvk_attrs); if (NULL != handle->abe_key) GNUNET_CRYPTO_cpabe_delete_master_key (handle->abe_key); if (NULL != handle->ns_qe) @@ -1132,7 +1132,7 @@ send_revocation_finished (struct TicketRevocationHandle *rh, static void ticket_reissue_proc (void *cls, const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs); + const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs); static void revocation_reissue_tickets (struct TicketRevocationHandle *rh); @@ -1176,11 +1176,11 @@ reissue_ticket_cont (void *cls, static void ticket_reissue_proc (void *cls, const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs) + const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs) { struct TicketRevocationHandle *rh = cls; - struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; - struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le_rollover; + struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; + struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le_rollover; struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; struct GNUNET_GNSRECORD_Data code_record[1]; struct GNUNET_CRYPTO_AbeKey *rp_key; @@ -1223,11 +1223,11 @@ ticket_reissue_proc (void *cls, NULL != le_rollover; le_rollover = le_rollover->next) { - if (0 == strcmp (le_rollover->attribute->name, - le->attribute->name)) + if (0 == strcmp (le_rollover->claim->name, + le->claim->name)) { reissue_ticket = GNUNET_YES; - le->attribute->attribute_version = le_rollover->attribute->attribute_version; + le->claim->version = le_rollover->claim->version; } } } @@ -1255,8 +1255,8 @@ ticket_reissue_proc (void *cls, i = 0; for (le = attrs->list_head; NULL != le; le = le->next) { GNUNET_asprintf (&policy, "%s_%lu", - le->attribute->name, - le->attribute->attribute_version); + le->claim->name, + le->claim->version); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Recreating key with %s\n", policy); attr_arr[i] = policy; @@ -1349,14 +1349,14 @@ reenc_next_attribute (struct TicketRevocationHandle *rh) revocation_reissue_tickets (rh); return; } - buf_size = attribute_serialize_get_size (rh->attrs->list_head->attribute); + buf_size = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (rh->attrs->list_head->claim); buf = GNUNET_malloc (buf_size); - attribute_serialize (rh->attrs->list_head->attribute, + GNUNET_IDENTITY_ATTRIBUTE_serialize (rh->attrs->list_head->claim, buf); - rh->attrs->list_head->attribute->attribute_version++; + rh->attrs->list_head->claim->version++; GNUNET_asprintf (&policy, "%s_%lu", - rh->attrs->list_head->attribute->name, - rh->attrs->list_head->attribute->attribute_version); + rh->attrs->list_head->claim->name, + rh->attrs->list_head->claim->version); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Encrypting with policy %s\n", policy); /** @@ -1371,7 +1371,7 @@ reenc_next_attribute (struct TicketRevocationHandle *rh) GNUNET_free (policy); rd[0].data_size = enc_size + sizeof (uint32_t); rd_buf = GNUNET_malloc (rd[0].data_size); - attr_ver = htonl (rh->attrs->list_head->attribute->attribute_version); + attr_ver = htonl (rh->attrs->list_head->claim->version); GNUNET_memcpy (rd_buf, &attr_ver, sizeof (uint32_t)); @@ -1384,7 +1384,7 @@ reenc_next_attribute (struct TicketRevocationHandle *rh) rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane? rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, &rh->identity, - rh->attrs->list_head->attribute->name, + rh->attrs->list_head->claim->name, 1, rd, &attr_reenc_cont, @@ -1403,7 +1403,7 @@ attr_reenc_cont (void *cls, const char *emsg) { struct TicketRevocationHandle *rh = cls; - struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; + struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; if (GNUNET_SYSERR == success) { @@ -1437,11 +1437,11 @@ attr_reenc_cont (void *cls, static void process_attributes_to_update (void *cls, const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs) + const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs) { struct TicketRevocationHandle *rh = cls; - rh->attrs = attribute_list_dup (attrs); + rh->attrs = GNUNET_IDENTITY_ATTRIBUTE_list_dup (attrs); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Revocation Phase I: Collecting attributes\n"); /* Reencrypt all attributes with new key */ @@ -1514,7 +1514,7 @@ handle_revoke_ticket_message (void *cls, rh = GNUNET_new (struct TicketRevocationHandle); ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket*)&rm[1]; - rh->rvk_attrs = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList); + rh->rvk_attrs = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList); rh->ticket = *ticket; rh->r_id = ntohl (rm->id); rh->client = idp; @@ -1537,7 +1537,7 @@ cleanup_consume_ticket_handle (struct ConsumeTicketHandle *handle) GNUNET_CRYPTO_cpabe_delete_key (handle->key, GNUNET_YES); if (NULL != handle->attrs) - attribute_list_destroy (handle->attrs); + GNUNET_IDENTITY_ATTRIBUTE_list_destroy (handle->attrs); GNUNET_free (handle); } @@ -1575,7 +1575,7 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count, struct ConsumeTicketHandle *handle = parallel_lookup->handle; struct ConsumeTicketResultMessage *crm; struct GNUNET_MQ_Envelope *env; - struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *attr_le; + struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *attr_le; struct GNUNET_TIME_Absolute decrypt_duration; char *data; char *data_tmp; @@ -1618,10 +1618,10 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count, 1, GNUNET_YES); - attr_le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry); - attr_le->attribute = attribute_deserialize (data, + attr_le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry); + attr_le->claim = GNUNET_IDENTITY_ATTRIBUTE_deserialize (data, attr_len); - attr_le->attribute->attribute_version = ntohl(*(uint32_t*)rd->data); + attr_le->claim->version = ntohl(*(uint32_t*)rd->data); GNUNET_CONTAINER_DLL_insert (handle->attrs->list_head, handle->attrs->list_tail, attr_le); @@ -1643,7 +1643,7 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count, } GNUNET_SCHEDULER_cancel (handle->kill_task); - attrs_len = attribute_list_serialize_get_size (handle->attrs); + attrs_len = GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (handle->attrs); env = GNUNET_MQ_msg_extra (crm, attrs_len, GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT); @@ -1651,7 +1651,7 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count, crm->attrs_len = htons (attrs_len); crm->identity = handle->ticket.identity; data_tmp = (char *) &crm[1]; - attribute_list_serialize (handle->attrs, + GNUNET_IDENTITY_ATTRIBUTE_list_serialize (handle->attrs, data_tmp); GNUNET_MQ_send (handle->client->mq, env); cleanup_consume_ticket_handle (handle); @@ -1802,7 +1802,7 @@ handle_consume_ticket_message (void *cls, ch->r_id = ntohl (cm->id); ch->client = idp; ch->identity = cm->identity; - ch->attrs = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList); + ch->attrs = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList); GNUNET_CRYPTO_ecdsa_key_get_public (&ch->identity, &ch->identity_pub); ch->ticket = *((struct GNUNET_IDENTITY_PROVIDER_Ticket*)&cm[1]); @@ -1830,8 +1830,8 @@ handle_consume_ticket_message (void *cls, static void cleanup_as_handle (struct AttributeStoreHandle *handle) { - if (NULL != handle->attribute) - GNUNET_free (handle->attribute); + if (NULL != handle->claim) + GNUNET_free (handle->claim); if (NULL != handle->abe_key) GNUNET_CRYPTO_cpabe_delete_master_key (handle->abe_key); GNUNET_free (handle); @@ -1882,16 +1882,16 @@ attr_store_task (void *cls) GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Storing attribute\n"); - buf_size = attribute_serialize_get_size (as_handle->attribute); + buf_size = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (as_handle->claim); buf = GNUNET_malloc (buf_size); - attribute_serialize (as_handle->attribute, + GNUNET_IDENTITY_ATTRIBUTE_serialize (as_handle->claim, buf); GNUNET_asprintf (&policy, "%s_%lu", - as_handle->attribute->name, - as_handle->attribute->attribute_version); + as_handle->claim->name, + as_handle->claim->version); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Encrypting with policy %s\n", policy); /** @@ -1906,7 +1906,7 @@ attr_store_task (void *cls) GNUNET_free (policy); rd[0].data_size = enc_size + sizeof (uint32_t); rd_buf = GNUNET_malloc (rd[0].data_size); - attr_ver = htonl (as_handle->attribute->attribute_version); + attr_ver = htonl (as_handle->claim->version); GNUNET_memcpy (rd_buf, &attr_ver, sizeof (uint32_t)); @@ -1919,7 +1919,7 @@ attr_store_task (void *cls) rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane? as_handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, &as_handle->identity, - as_handle->attribute->name, + as_handle->claim->name, 1, rd, &attr_store_cont, @@ -1984,7 +1984,7 @@ handle_attribute_store_message (void *cls, data_len = ntohs (sam->attr_len); as_handle = GNUNET_new (struct AttributeStoreHandle); - as_handle->attribute = attribute_deserialize ((char*)&sam[1], + as_handle->claim = GNUNET_IDENTITY_ATTRIBUTE_deserialize ((char*)&sam[1], data_len); as_handle->r_id = ntohl (sam->id); @@ -2280,7 +2280,7 @@ cleanup_ticket_iter_handle (struct TicketIteration *ti) static void ticket_iterate_proc (void *cls, const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs) + const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs) { struct TicketIterationProcResult *proc = cls; diff --git a/src/identity-provider/identity_attribute.c b/src/identity-provider/identity_attribute.c deleted file mode 100644 index c7e833326..000000000 --- a/src/identity-provider/identity_attribute.c +++ /dev/null @@ -1,245 +0,0 @@ -/* - This file is part of GNUnet - Copyright (C) 2010-2015 GNUnet e.V. - - GNUnet is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published - by the Free Software Foundation; either version 3, or (at your - option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received a copy of the GNU General Public License - along with GNUnet; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. - */ - -/** - * @file identity-provider/identity_attribute.c - * @brief helper library to manage identity attributes - * @author Martin Schanzenbach - */ -#include "platform.h" -#include "gnunet_util_lib.h" -#include "identity_attribute.h" - -/** - * Create a new attribute. - * - * @param name the attribute name - * @param type the attribute type - * @param data the attribute value - * @param data_size the attribute value size - * @return the new attribute - */ -struct GNUNET_IDENTITY_PROVIDER_Attribute * -attribute_new (const char* attr_name, - uint32_t attr_type, - const void* data, - size_t data_size) -{ - struct GNUNET_IDENTITY_PROVIDER_Attribute *attr; - char *write_ptr; - - attr = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_Attribute) + - strlen (attr_name) + 1 + - data_size); - attr->attribute_type = attr_type; - attr->data_size = data_size; - write_ptr = (char*)&attr[1]; - GNUNET_memcpy (write_ptr, - attr_name, - strlen (attr_name) + 1); - attr->name = write_ptr; - write_ptr += strlen (attr->name) + 1; - GNUNET_memcpy (write_ptr, - data, - data_size); - attr->data = write_ptr; - return attr; -} - -size_t -attribute_list_serialize_get_size (const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs) -{ - struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; - size_t len = 0; - for (le = attrs->list_head; NULL != le; le = le->next) - len += attribute_serialize_get_size (le->attribute); - return len; -} - -size_t -attribute_list_serialize (const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs, - char *result) -{ - struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; - size_t len; - size_t total_len; - char* write_ptr; - - write_ptr = result; - total_len = 0; - for (le = attrs->list_head; NULL != le; le = le->next) - { - len = attribute_serialize (le->attribute, - write_ptr); - total_len += len; - write_ptr += len; - } - return total_len; -} - -struct GNUNET_IDENTITY_PROVIDER_AttributeList * -attribute_list_deserialize (const char* data, - size_t data_size) -{ - struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs; - struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; - size_t attr_len; - const char* read_ptr; - - if (data_size < sizeof (struct Attribute)) - return NULL; - - attrs = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList); - read_ptr = data; - while (((data + data_size) - read_ptr) >= sizeof (struct Attribute)) - { - - le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry); - le->attribute = attribute_deserialize (read_ptr, - data_size - (read_ptr - data)); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Deserialized attribute %s\n", le->attribute->name); - GNUNET_CONTAINER_DLL_insert (attrs->list_head, - attrs->list_tail, - le); - attr_len = attribute_serialize_get_size (le->attribute); - read_ptr += attr_len; - } - return attrs; -} - -struct GNUNET_IDENTITY_PROVIDER_AttributeList* -attribute_list_dup (const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs) -{ - struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; - struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *result_le; - struct GNUNET_IDENTITY_PROVIDER_AttributeList *result; - size_t len; - - result = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList); - for (le = attrs->list_head; NULL != le; le = le->next) - { - result_le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry); - len = sizeof (struct GNUNET_IDENTITY_PROVIDER_Attribute) + le->attribute->data_size; - result_le->attribute = GNUNET_malloc (len); - GNUNET_memcpy (result_le->attribute, - le->attribute, - len); - result_le->attribute->name = (const char*)&result_le->attribute[1]; - GNUNET_CONTAINER_DLL_insert (result->list_head, - result->list_tail, - result_le); - } - return result; -} - - -void -attribute_list_destroy (struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs) -{ - struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; - struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *tmp_le; - - for (le = attrs->list_head; NULL != le;) - { - GNUNET_free (le->attribute); - tmp_le = le; - le = le->next; - GNUNET_free (tmp_le); - } - GNUNET_free (attrs); - -} - -size_t -attribute_serialize_get_size (const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr) -{ - return sizeof (struct Attribute) - + strlen (attr->name) - + attr->data_size; //TODO get data_size from plugin -} - -size_t -attribute_serialize (const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr, - char *result) -{ - size_t data_len_ser; - size_t name_len; - struct Attribute *attr_ser; - char* write_ptr; - - attr_ser = (struct Attribute*)result; - attr_ser->attribute_type = htons (attr->attribute_type); - attr_ser->attribute_version = htonl (attr->attribute_version); - name_len = strlen (attr->name); - attr_ser->name_len = htons (name_len); - write_ptr = (char*)&attr_ser[1]; - GNUNET_memcpy (write_ptr, attr->name, name_len); - write_ptr += name_len; - //TODO plugin-ize - //data_len_ser = plugin->serialize_attribute_value (attr, - // &attr_ser[1]); - data_len_ser = attr->data_size; - GNUNET_memcpy (write_ptr, attr->data, attr->data_size); - attr_ser->data_size = htons (data_len_ser); - - return sizeof (struct Attribute) + strlen (attr->name) + attr->data_size; -} - -struct GNUNET_IDENTITY_PROVIDER_Attribute * -attribute_deserialize (const char* data, - size_t data_size) -{ - struct GNUNET_IDENTITY_PROVIDER_Attribute *attr; - struct Attribute *attr_ser; - size_t data_len; - size_t name_len; - char* write_ptr; - - if (data_size < sizeof (struct Attribute)) - return NULL; - - attr_ser = (struct Attribute*)data; - //TODO use plugin. - data_len = ntohs (attr_ser->data_size); - name_len = ntohs (attr_ser->name_len); - attr = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_Attribute) - + data_len + name_len + 1); - attr->attribute_type = ntohs (attr_ser->attribute_type); - attr->attribute_version = ntohl (attr_ser->attribute_version); - attr->data_size = ntohs (attr_ser->data_size); - - write_ptr = (char*)&attr[1]; - GNUNET_memcpy (write_ptr, - &attr_ser[1], - name_len); - write_ptr[name_len] = '\0'; - attr->name = write_ptr; - - write_ptr += name_len + 1; - GNUNET_memcpy (write_ptr, - (char*)&attr_ser[1] + name_len, - attr->data_size); - attr->data = write_ptr; - return attr; - -} - -/* end of identity_attribute.c */ diff --git a/src/identity-provider/identity_attribute.h b/src/identity-provider/identity_attribute.h deleted file mode 100644 index 3e8fadccf..000000000 --- a/src/identity-provider/identity_attribute.h +++ /dev/null @@ -1,149 +0,0 @@ -/* - This file is part of GNUnet. - Copyright (C) 2012-2015 GNUnet e.V. - - GNUnet is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published - by the Free Software Foundation; either version 3, or (at your - option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received a copy of the GNU General Public License - along with GNUnet; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. - */ -/** - * @author Martin Schanzenbach - * @file identity-provider/identity_attribute.h - * @brief GNUnet Identity Provider library - * - */ -#ifndef IDENTITY_ATTRIBUTE_H -#define IDENTITY_ATTRIBUTE_H - -#include "gnunet_identity_provider_service.h" - -struct Attribute -{ - /** - * Attribute type - */ - uint32_t attribute_type; - - /** - * Attribute version - */ - uint32_t attribute_version; - - /** - * Name length - */ - uint32_t name_len; - - /** - * Data size - */ - uint32_t data_size; - - //followed by data_size Attribute value data -}; - -/** - * Get required size for serialization buffer - * - * @param attrs the attribute list to serialize - * - * @return the required buffer size - */ -size_t -attribute_list_serialize_get_size (const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs); - -void -attribute_list_destroy (struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs); - - -/** - * Serialize an attribute list - * - * @param attrs the attribute list to serialize - * @param result the serialized attribute - * - * @return length of serialized data - */ -size_t -attribute_list_serialize (const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs, - char *result); - -/** - * Deserialize an attribute list - * - * @param data the serialized attribute list - * @param data_size the length of the serialized data - * - * @return a GNUNET_IDENTITY_PROVIDER_AttributeList, must be free'd by caller - */ -struct GNUNET_IDENTITY_PROVIDER_AttributeList * -attribute_list_deserialize (const char* data, - size_t data_size); - - -/** - * Get required size for serialization buffer - * - * @param attr the attribute to serialize - * - * @return the required buffer size - */ -size_t -attribute_serialize_get_size (const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr); - - - -/** - * Serialize an attribute - * - * @param attr the attribute to serialize - * @param result the serialized attribute - * - * @return length of serialized data - */ -size_t -attribute_serialize (const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr, - char *result); - -/** - * Deserialize an attribute - * - * @param data the serialized attribute - * @param data_size the length of the serialized data - * - * @return a GNUNET_IDENTITY_PROVIDER_Attribute, must be free'd by caller - */ -struct GNUNET_IDENTITY_PROVIDER_Attribute * -attribute_deserialize (const char* data, - size_t data_size); - -/** - * Create a new attribute. - * - * @param name the attribute name - * @param type the attribute type - * @param data the attribute value - * @param data_size the attribute value size - * @return the new attribute - */ -struct GNUNET_IDENTITY_PROVIDER_Attribute * -attribute_new (const char* attr_name, - uint32_t attr_type, - const void* data, - size_t data_size); - -struct GNUNET_IDENTITY_PROVIDER_AttributeList* -attribute_list_dup (const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs); - -#endif diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c index 6d28709df..6fc8d228a 100644 --- a/src/identity-provider/identity_provider_api.c +++ b/src/identity-provider/identity_provider_api.c @@ -29,13 +29,12 @@ #include "gnunet_protocols.h" #include "gnunet_mq_lib.h" #include "gnunet_identity_provider_service.h" +#include "gnunet_identity_attribute_lib.h" #include "identity_provider.h" -#include "identity_attribute.h" #define LOG(kind,...) GNUNET_log_from (kind, "identity-api",__VA_ARGS__) - /** * Handle for an operation with the service. */ @@ -495,9 +494,9 @@ handle_consume_ticket_result (void *cls, return; { - struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs; - struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; - attrs = attribute_list_deserialize ((char*)&msg[1], + struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs; + struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; + attrs = GNUNET_IDENTITY_ATTRIBUTE_list_deserialize ((char*)&msg[1], attrs_len); if (NULL != op->ar_cb) { @@ -512,8 +511,8 @@ handle_consume_ticket_result (void *cls, for (le = attrs->list_head; NULL != le; le = le->next) op->ar_cb (op->cls, &msg->identity, - le->attribute); - attribute_list_destroy (attrs); + le->claim); + GNUNET_IDENTITY_ATTRIBUTE_list_destroy (attrs); } } op->ar_cb (op->cls, @@ -619,9 +618,9 @@ handle_attribute_result (void *cls, } { - struct GNUNET_IDENTITY_PROVIDER_Attribute *attr; - attr = attribute_deserialize ((char*)&msg[1], - attr_len); + struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr; + attr = GNUNET_IDENTITY_ATTRIBUTE_deserialize ((char*)&msg[1], + attr_len); if (NULL != it) { if (NULL != it->proc) @@ -905,7 +904,7 @@ GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h) struct GNUNET_IDENTITY_PROVIDER_Operation * GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle *h, const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey, - const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr, + const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr, GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cont, void *cont_cls) { @@ -921,14 +920,14 @@ GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle GNUNET_CONTAINER_DLL_insert_tail (h->op_head, h->op_tail, op); - attr_len = attribute_serialize_get_size (attr); + attr_len = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (attr); op->env = GNUNET_MQ_msg_extra (sam, attr_len, GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE); sam->identity = *pkey; sam->id = htonl (op->r_id); - attribute_serialize (attr, + GNUNET_IDENTITY_ATTRIBUTE_serialize (attr, (char*)&sam[1]); sam->attr_len = htons (attr_len); @@ -940,24 +939,6 @@ GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle } -/** - * Create a new attribute. - * - * @param name the attribute name - * @param type the attribute type - * @param data the attribute value - * @param data_size the attribute value size - * @return the new attribute - */ -struct GNUNET_IDENTITY_PROVIDER_Attribute * -GNUNET_IDENTITY_PROVIDER_attribute_new (const char* attr_name, - uint32_t attr_type, - const void* data, - size_t data_size) -{ - return attribute_new (attr_name, attr_type, data, data_size); -} - /** * List all attributes for a local identity. * This MUST lock the `struct GNUNET_IDENTITY_PROVIDER_Handle` @@ -1089,7 +1070,7 @@ struct GNUNET_IDENTITY_PROVIDER_Operation * GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h, const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss, const struct GNUNET_CRYPTO_EcdsaPublicKey *rp, - const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs, + const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs, GNUNET_IDENTITY_PROVIDER_TicketCallback cb, void *cb_cls) { @@ -1105,7 +1086,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h GNUNET_CONTAINER_DLL_insert_tail (h->op_head, h->op_tail, op); - attr_len = attribute_list_serialize_get_size (attrs); + attr_len = GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (attrs); op->env = GNUNET_MQ_msg_extra (tim, attr_len, GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_TICKET); @@ -1113,7 +1094,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h tim->rp = *rp; tim->id = htonl (op->r_id); - attribute_list_serialize (attrs, + GNUNET_IDENTITY_ATTRIBUTE_list_serialize (attrs, (char*)&tim[1]); tim->attr_len = htons (attr_len); diff --git a/src/identity-provider/plugin_identity_provider_sqlite.c b/src/identity-provider/plugin_identity_provider_sqlite.c index c87f30e1c..594e4788d 100644 --- a/src/identity-provider/plugin_identity_provider_sqlite.c +++ b/src/identity-provider/plugin_identity_provider_sqlite.c @@ -27,7 +27,7 @@ #include "platform.h" #include "gnunet_identity_provider_service.h" #include "gnunet_identity_provider_plugin.h" -#include "identity_attribute.h" +#include "gnunet_identity_attribute_lib.h" #include "gnunet_sq_lib.h" #include @@ -373,7 +373,7 @@ database_shutdown (struct Plugin *plugin) static int identity_provider_sqlite_store_ticket (void *cls, const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs) + const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs) { struct Plugin *plugin = cls; size_t attrs_len; @@ -402,9 +402,9 @@ identity_provider_sqlite_store_ticket (void *cls, GNUNET_SQ_reset (plugin->dbh, plugin->delete_ticket); - attrs_len = attribute_list_serialize_get_size (attrs); + attrs_len = GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (attrs); attrs_ser = GNUNET_malloc (attrs_len); - attribute_list_serialize (attrs, + GNUNET_IDENTITY_ATTRIBUTE_list_serialize (attrs, attrs_ser); struct GNUNET_SQ_QueryParam sparams[] = { GNUNET_SQ_query_param_auto_from_type (&ticket->identity), @@ -526,7 +526,7 @@ get_ticket_and_call_iterator (struct Plugin *plugin, void *iter_cls) { struct GNUNET_IDENTITY_PROVIDER_Ticket ticket; - struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs; + struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs; int ret; int sret; size_t attrs_len; @@ -553,13 +553,13 @@ get_ticket_and_call_iterator (struct Plugin *plugin, } else { - attrs = attribute_list_deserialize (attrs_ser, + attrs = GNUNET_IDENTITY_ATTRIBUTE_list_deserialize (attrs_ser, attrs_len); if (NULL != iter) iter (iter_cls, &ticket, attrs); - attribute_list_destroy (attrs); + GNUNET_IDENTITY_ATTRIBUTE_list_destroy (attrs); ret = GNUNET_YES; } GNUNET_SQ_cleanup_result (rs); diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index f6039722f..c27662a0d 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c @@ -37,6 +37,7 @@ #include #include #include "gnunet_signatures.h" +#include "gnunet_identity_attribute_lib.h" #include "gnunet_identity_provider_service.h" /** @@ -508,7 +509,7 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle, struct RequestHandle *handle = cls; struct EgoEntry *ego_entry; struct MHD_Response *resp; - struct GNUNET_IDENTITY_PROVIDER_Attribute *attribute; + struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attribute; struct GNUNET_JSONAPI_Document *json_obj; struct GNUNET_JSONAPI_Resource *json_res; char term_data[handle->rest_handle->data_size+1]; @@ -596,8 +597,8 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle, value_json = GNUNET_JSONAPI_resource_read_attr (json_res, "value"); value_str = json_string_value (value_json); - attribute = GNUNET_IDENTITY_PROVIDER_attribute_new (name_str, - GNUNET_IDENTITY_PROVIDER_AT_STRING, + attribute = GNUNET_IDENTITY_ATTRIBUTE_claim_new (name_str, + GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING, value_str, strlen (value_str) + 1); handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg); @@ -619,7 +620,7 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle, static void attr_collect (void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, - const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr) + const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr) { struct GNUNET_JSONAPI_Resource *json_resource; struct RequestHandle *handle = cls; @@ -833,7 +834,7 @@ revoke_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle, static void consume_cont (void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, - const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr) + const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr) { struct RequestHandle *handle = cls; struct GNUNET_JSONAPI_Resource *json_resource; diff --git a/src/include/gnunet_identity_attribute_lib.h b/src/include/gnunet_identity_attribute_lib.h new file mode 100644 index 000000000..039b50351 --- /dev/null +++ b/src/include/gnunet_identity_attribute_lib.h @@ -0,0 +1,231 @@ +/* + This file is part of GNUnet. + Copyright (C) 2017 GNUnet e.V. + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. +*/ + +/** + * @author Martin Schanzenbach + * + * @file + * Identity attribute definitions + * + * @defgroup identity-provider Identity Provider service + * @{ + */ +#ifndef GNUNET_IDENTITY_ATTRIBUTE_LIB_H +#define GNUNET_IDENTITY_ATTRIBUTE_LIB_H + +#ifdef __cplusplus +extern "C" +{ +#if 0 /* keep Emacsens' auto-indent happy */ +} +#endif +#endif + +#include "gnunet_util_lib.h" + + +/** + * No value attribute. + */ +#define GNUNET_IDENTITY_ATTRIBUTE_TYPE_NONE 0 + +/** + * String attribute. + */ +#define GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING 1 + + + +/** + * An attribute. + */ +struct GNUNET_IDENTITY_ATTRIBUTE_Claim +{ + /** + * The name of the attribute. Note "name" must never be individually + * free'd + */ + const char* name; + + /** + * Type of Claim + */ + uint32_t type; + + /** + * Version + */ + uint32_t version; + + /** + * Number of bytes in @e data. + */ + size_t data_size; + + /** + * Binary value stored as attribute value. Note: "data" must never + * be individually 'malloc'ed, but instead always points into some + * existing data area. + */ + const void *data; + +}; + +struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList +{ + /** + * List head + */ + struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *list_head; + + /** + * List tail + */ + struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *list_tail; +}; + +struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry +{ + /** + * DLL + */ + struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *prev; + + /** + * DLL + */ + struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *next; + + /** + * The attribute claim + */ + struct GNUNET_IDENTITY_ATTRIBUTE_Claim *claim; +}; + +/** + * Create a new attribute claim. + * + * @param name the attribute name + * @param type the attribute type + * @param data the attribute value + * @param data_size the attribute value size + * @return the new attribute + */ +struct GNUNET_IDENTITY_ATTRIBUTE_Claim * +GNUNET_IDENTITY_ATTRIBUTE_claim_new (const char* attr_name, + uint32_t type, + const void* data, + size_t data_size); + + +/** + * Get required size for serialization buffer + * + * @param attrs the attribute list to serialize + * + * @return the required buffer size + */ +size_t +GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs); + +void +GNUNET_IDENTITY_ATTRIBUTE_list_destroy (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs); + + +/** + * Serialize an attribute list + * + * @param attrs the attribute list to serialize + * @param result the serialized attribute + * + * @return length of serialized data + */ +size_t +GNUNET_IDENTITY_ATTRIBUTE_list_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs, + char *result); + +/** + * Deserialize an attribute list + * + * @param data the serialized attribute list + * @param data_size the length of the serialized data + * + * @return a GNUNET_IDENTITY_PROVIDER_AttributeList, must be free'd by caller + */ +struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList * +GNUNET_IDENTITY_ATTRIBUTE_list_deserialize (const char* data, + size_t data_size); + + +/** + * Get required size for serialization buffer + * + * @param attr the attribute to serialize + * + * @return the required buffer size + */ +size_t +GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr); + + + +/** + * Serialize an attribute + * + * @param attr the attribute to serialize + * @param result the serialized attribute + * + * @return length of serialized data + */ +size_t +GNUNET_IDENTITY_ATTRIBUTE_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr, + char *result); + +/** + * Deserialize an attribute + * + * @param data the serialized attribute + * @param data_size the length of the serialized data + * + * @return a GNUNET_IDENTITY_PROVIDER_Attribute, must be free'd by caller + */ +struct GNUNET_IDENTITY_ATTRIBUTE_Claim * +GNUNET_IDENTITY_ATTRIBUTE_deserialize (const char* data, + size_t data_size); + +struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList* +GNUNET_IDENTITY_ATTRIBUTE_list_dup (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs); + + + +#if 0 /* keep Emacsens' auto-indent happy */ +{ +#endif +#ifdef __cplusplus +} +#endif + + +/* ifndef GNUNET_IDENTITY_ATTRIBUTE_LIB_H */ +#endif + +/** @} */ /* end of group identity */ + +/* end of gnunet_identity_attribute_lib.h */ diff --git a/src/include/gnunet_identity_attribute_plugin.h b/src/include/gnunet_identity_attribute_plugin.h new file mode 100644 index 000000000..edeed57fd --- /dev/null +++ b/src/include/gnunet_identity_attribute_plugin.h @@ -0,0 +1,149 @@ +/* + This file is part of GNUnet + Copyright (C) 2012, 2013 GNUnet e.V. + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. +*/ + +/** + * @author Martin Schanzenbach + * + * @file + * Plugin API for the idp database backend + * + * @defgroup identity-provider-plugin IdP service plugin API + * Plugin API for the idp database backend + * @{ + */ +#ifndef GNUNET_IDENTITY_ATTRIBUTE_PLUGIN_H +#define GNUNET_IDENTITY_ATTRIBUTE_PLUGIN_H + +#include "gnunet_util_lib.h" +#include "gnunet_identity_attribute_lib.h" + +#ifdef __cplusplus +extern "C" +{ +#if 0 /* keep Emacsens' auto-indent happy */ +} +#endif +#endif + + +/** + * Function called to convert the binary value @a data of an attribute of + * type @a type to a human-readable string. + * + * @param cls closure + * @param type type of the attribute + * @param data value in binary encoding + * @param data_size number of bytes in @a data + * @return NULL on error, otherwise human-readable representation of the value + */ +typedef char * (*GNUNET_IDENTITY_ATTRIBUTE_ValueToStringFunction) (void *cls, + uint32_t type, + const void *data, + size_t data_size); + + +/** + * Function called to convert human-readable version of the value @a s + * of an attribute of type @a type to the respective binary + * representation. + * + * @param cls closure + * @param type type of the attribute + * @param s human-readable string + * @param data set to value in binary encoding (will be allocated) + * @param data_size set to number of bytes in @a data + * @return #GNUNET_OK on success + */ +typedef int (*GNUNET_IDENTITY_ATTRIBUTE_StringToValueFunction) (void *cls, + uint32_t type, + const char *s, + void **data, + size_t *data_size); + + +/** + * Function called to convert a type name to the + * corresponding number. + * + * @param cls closure + * @param typename name to convert + * @return corresponding number, UINT32_MAX on error + */ +typedef uint32_t (*GNUNET_IDENTITY_ATTRIBUTE_TypenameToNumberFunction) (void *cls, + const char *typename); + + +/** + * Function called to convert a type number (i.e. 1) to the + * corresponding type string + * + * @param cls closure + * @param type number of a type to convert + * @return corresponding typestring, NULL on error + */ +typedef const char * (*GNUNET_IDENTITY_ATTRIBUTE_NumberToTypenameFunction) (void *cls, + uint32_t type); + + +/** + * Each plugin is required to return a pointer to a struct of this + * type as the return value from its entry point. + */ +struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions +{ + + /** + * Closure for all of the callbacks. + */ + void *cls; + + /** + * Conversion to string. + */ + GNUNET_IDENTITY_ATTRIBUTE_ValueToStringFunction value_to_string; + + /** + * Conversion to binary. + */ + GNUNET_IDENTITY_ATTRIBUTE_StringToValueFunction string_to_value; + + /** + * Typename to number. + */ + GNUNET_IDENTITY_ATTRIBUTE_TypenameToNumberFunction typename_to_number; + + /** + * Number to typename. + */ + GNUNET_IDENTITY_ATTRIBUTE_NumberToTypenameFunction number_to_typename; + +}; + + +#if 0 /* keep Emacsens' auto-indent happy */ +{ +#endif +#ifdef __cplusplus +} +#endif + +#endif + +/** @} */ /* end of group */ diff --git a/src/include/gnunet_identity_provider_plugin.h b/src/include/gnunet_identity_provider_plugin.h index c0a258ab6..4b5098d58 100644 --- a/src/include/gnunet_identity_provider_plugin.h +++ b/src/include/gnunet_identity_provider_plugin.h @@ -51,7 +51,7 @@ extern "C" */ typedef void (*GNUNET_IDENTITY_PROVIDER_TicketIterator) (void *cls, const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs); + const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs); /** @@ -74,7 +74,7 @@ struct GNUNET_IDENTITY_PROVIDER_PluginFunctions */ int (*store_ticket) (void *cls, const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs); + const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs); /** * Delete a ticket from the database. @@ -111,7 +111,6 @@ struct GNUNET_IDENTITY_PROVIDER_PluginFunctions void *iter_cls); }; - #if 0 /* keep Emacsens' auto-indent happy */ { #endif diff --git a/src/include/gnunet_identity_provider_service.h b/src/include/gnunet_identity_provider_service.h index d17a1cc9c..6bc05d0f4 100644 --- a/src/include/gnunet_identity_provider_service.h +++ b/src/include/gnunet_identity_provider_service.h @@ -39,7 +39,7 @@ extern "C" #endif #include "gnunet_util_lib.h" - +#include "gnunet_identity_attribute_lib.h" /** * Version number of GNUnet Identity Provider API. @@ -82,92 +82,6 @@ struct GNUNET_IDENTITY_PROVIDER_Ticket */ struct GNUNET_IDENTITY_PROVIDER_Operation; -/** - * Flags that can be set for an attribute. - */ -enum GNUNET_IDENTITY_PROVIDER_AttributeType -{ - - /** - * No value attribute. - */ - GNUNET_IDENTITY_PROVIDER_AT_NULL = 0, - - /** - * String attribute. - */ - GNUNET_IDENTITY_PROVIDER_AT_STRING = 1, - -}; - - - -/** - * An attribute. - */ -struct GNUNET_IDENTITY_PROVIDER_Attribute -{ - - /** - * Type of Attribute. - */ - uint32_t attribute_type; - - /** - * Attribute version - */ - uint32_t attribute_version; - - /** - * Number of bytes in @e data. - */ - size_t data_size; - - /** - * The name of the attribute. Note "name" must never be individually - * free'd - */ - const char* name; - - /** - * Binary value stored as attribute value. Note: "data" must never - * be individually 'malloc'ed, but instead always points into some - * existing data area. - */ - const void *data; - -}; - -struct GNUNET_IDENTITY_PROVIDER_AttributeList -{ - /** - * List head - */ - struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *list_head; - - /** - * List tail - */ - struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *list_tail; -}; - -struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry -{ - /** - * DLL - */ - struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *prev; - - /** - * DLL - */ - struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *next; - - /** - * The attribute - */ - struct GNUNET_IDENTITY_PROVIDER_Attribute *attribute; -}; /** * Connect to the identity provider service. @@ -208,26 +122,11 @@ typedef void struct GNUNET_IDENTITY_PROVIDER_Operation * GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle *h, const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey, - const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr, + const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr, GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cont, void *cont_cls); -/** - * Create a new attribute. - * - * @param name the attribute name - * @param type the attribute type - * @param data the attribute value - * @param data_size the attribute value size - * @return the new attribute - */ -struct GNUNET_IDENTITY_PROVIDER_Attribute * -GNUNET_IDENTITY_PROVIDER_attribute_new (const char* attr_name, - uint32_t attr_type, - const void* data, - size_t data_size); - /** * Process an attribute that was stored in the idp. * @@ -237,7 +136,7 @@ GNUNET_IDENTITY_PROVIDER_attribute_new (const char* attr_name, typedef void (*GNUNET_IDENTITY_PROVIDER_AttributeResult) (void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, - const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr); + const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr); @@ -327,7 +226,7 @@ struct GNUNET_IDENTITY_PROVIDER_Operation * GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *id, const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss, const struct GNUNET_CRYPTO_EcdsaPublicKey *rp, - const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs, + const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs, GNUNET_IDENTITY_PROVIDER_TicketCallback cb, void *cb_cls); -- cgit v1.2.3 From f485d0399e8ef0c388a321bbad7ae424935752bc Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 4 Dec 2017 16:37:28 +0100 Subject: -fix makefile --- po/POTFILES.in | 2 +- src/identity-attribute/Makefile.am | 2 +- src/identity-attribute/identity_attribute.c | 176 ++++++++++++++++++++++++++++ src/identity-provider/gnunet-idp.c | 12 +- src/include/gnunet_identity_attribute_lib.h | 45 +++++++ 5 files changed, 231 insertions(+), 6 deletions(-) diff --git a/po/POTFILES.in b/po/POTFILES.in index b06eb3a9f..01c197fcd 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -197,7 +197,7 @@ src/hostlist/gnunet-daemon-hostlist.c src/hostlist/gnunet-daemon-hostlist_client.c src/hostlist/gnunet-daemon-hostlist_server.c src/identity-attribute/identity_attribute.c -src/identity-attribute/plugin_identity_attribute_type_gnuid.c +src/identity-attribute/plugin_identity_attribute_gnuid.c src/identity-provider/gnunet-idp.c src/identity-provider/gnunet-service-identity-provider.c src/identity-provider/identity_provider_api.c diff --git a/src/identity-attribute/Makefile.am b/src/identity-attribute/Makefile.am index 770bc2ead..583545344 100644 --- a/src/identity-attribute/Makefile.am +++ b/src/identity-attribute/Makefile.am @@ -38,7 +38,7 @@ libgnunet_plugin_identity_attribute_gnuid_la_SOURCES = \ libgnunet_plugin_identity_attribute_gnuid_la_LIBADD = \ $(top_builddir)/src/util/libgnunetutil.la \ $(LTLIBINTL) -libgnunet_plugin_gnsrecord_dns_la_LDFLAGS = \ +libgnunet_plugin_identity_attribute_gnuid_la_LDFLAGS = \ $(GN_PLUGIN_LDFLAGS) diff --git a/src/identity-attribute/identity_attribute.c b/src/identity-attribute/identity_attribute.c index 377eb3211..05cdcdaf0 100644 --- a/src/identity-attribute/identity_attribute.c +++ b/src/identity-attribute/identity_attribute.c @@ -26,6 +26,182 @@ #include "platform.h" #include "gnunet_util_lib.h" #include "identity_attribute.h" +#include "gnunet_identity_attribute_plugin.h" + +/** + * Handle for a plugin + */ +struct Plugin +{ + /** + * Name of the plugin + */ + char *library_name; + + /** + * Plugin API + */ + struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions *api; +}; + +/** + * Plugins + */ +static struct Plugin **attr_plugins; + +/** + * Number of plugins + */ +static unsigned int num_plugins; + +/** + * Init canary + */ +static int initialized; + +/** + * Add a plugin + */ +static void +add_plugin (void* cls, + const char *library_name, + void *lib_ret) +{ + struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions *api = lib_ret; + struct Plugin *plugin; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Loading attribute plugin `%s'\n", + library_name); + plugin = GNUNET_new (struct Plugin); + plugin->api = api; + plugin->library_name = GNUNET_strdup (library_name); + GNUNET_array_append (attr_plugins, num_plugins, plugin); +} + +/** + * Load plugins + */ +static void +init() +{ + if (GNUNET_YES == initialized) + return; + initialized = GNUNET_YES; + GNUNET_PLUGIN_load_all ("libgnunet_plugin_attribute_", NULL, + &add_plugin, NULL); +} + +/** + * Convert a type name to the corresponding number + * + * @param typename name to convert + * @return corresponding number, UINT32_MAX on error + */ +uint32_t +GNUNET_IDENTITY_ATTRIBUTE_typename_to_number (const char *typename) +{ + unsigned int i; + struct Plugin *plugin; + uint32_t ret; + + init (); + for (i = 0; i < num_plugins; i++) + { + plugin = attr_plugins[i]; + if (UINT32_MAX != (ret = plugin->api->typename_to_number (plugin->api->cls, + typename))) + return ret; + } + return UINT32_MAX; +} + +/** + * Convert a type number to the corresponding type string + * + * @param type number of a type + * @return corresponding typestring, NULL on error + */ +const char* +GNUNET_IDENTITY_ATTRIBUTE_number_to_typename (uint32_t type) +{ + unsigned int i; + struct Plugin *plugin; + const char *ret; + + init (); + for (i = 0; i < num_plugins; i++) + { + plugin = attr_plugins[i]; + if (NULL != (ret = plugin->api->number_to_typename (plugin->api->cls, + type))) + return ret; + } + return NULL; +} + +/** + * Convert human-readable version of a 'claim' of an attribute to the binary + * representation + * + * @param type type of the claim + * @param s human-readable string + * @param data set to value in binary encoding (will be allocated) + * @param data_size set to number of bytes in @a data + * @return #GNUNET_OK on success + */ +int +GNUNET_IDENTITY_ATTRIBUTE_string_to_claim (uint32_t type, + const char *s, + void **data, + size_t *data_size) +{ + unsigned int i; + struct Plugin *plugin; + + init (); + for (i = 0; i < num_plugins; i++) + { + plugin = attr_plugins[i]; + if (GNUNET_OK == plugin->api->string_to_value (plugin->api->cls, + type, + s, + data, + data_size)) + return GNUNET_OK; + } + return GNUNET_SYSERR; +} + +/** + * Convert the 'claim' of an attribute to a string + * + * @param type the type of attribute + * @param data claim in binary encoding + * @param data_size number of bytes in @a data + * @return NULL on error, otherwise human-readable representation of the claim + */ +char * +GNUNET_IDENTITY_ATTRIBUTE_claim_to_string (uint32_t type, + const void* data, + size_t data_size) +{ + unsigned int i; + struct Plugin *plugin; + char *ret; + + init(); + for (i = 0; i < num_plugins; i++) + { + plugin = attr_plugins[i]; + if (NULL != (ret = plugin->api->value_to_string (plugin->api->cls, + type, + data, + data_size))) + return ret; + } + return NULL; +} /** * Create a new attribute. diff --git a/src/identity-provider/gnunet-idp.c b/src/identity-provider/gnunet-idp.c index 18a5676c0..78da1cb4d 100644 --- a/src/identity-provider/gnunet-idp.c +++ b/src/identity-provider/gnunet-idp.c @@ -168,6 +168,7 @@ process_attrs (void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr) { + char *claim; if (NULL == identity) { GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); @@ -178,8 +179,11 @@ process_attrs (void *cls, ret = 1; return; } + claim = GNUNET_IDENTITY_ATTRIBUTE_claim_to_string (attr->type, + attr->data, + attr->data_size); GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - "%s: %s\n", attr->name, (char*)attr->data); + "%s: %s\n", attr->name, claim); } @@ -245,9 +249,9 @@ iter_finished (void *cls) return; } attr = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr_name, - GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING, - attr_value, - strlen (attr_value) + 1); + GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING, + attr_value, + strlen (attr_value) + 1); idp_op = GNUNET_IDENTITY_PROVIDER_attribute_store (idp_handle, pkey, attr, diff --git a/src/include/gnunet_identity_attribute_lib.h b/src/include/gnunet_identity_attribute_lib.h index 039b50351..4e32c2ae1 100644 --- a/src/include/gnunet_identity_attribute_lib.h +++ b/src/include/gnunet_identity_attribute_lib.h @@ -213,7 +213,52 @@ GNUNET_IDENTITY_ATTRIBUTE_deserialize (const char* data, struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList* GNUNET_IDENTITY_ATTRIBUTE_list_dup (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs); +/** + * Convert a type name to the corresponding number + * + * @param typename name to convert + * @return corresponding number, UINT32_MAX on error + */ +uint32_t +GNUNET_IDENTITY_ATTRIBUTE_typename_to_number (const char *typename); + +/** + * Convert human-readable version of a 'claim' of an attribute to the binary + * representation + * + * @param type type of the claim + * @param s human-readable string + * @param data set to value in binary encoding (will be allocated) + * @param data_size set to number of bytes in @a data + * @return #GNUNET_OK on success + */ +int +GNUNET_IDENTITY_ATTRIBUTE_string_to_claim (uint32_t type, + const char *s, + void **data, + size_t *data_size); +/** + * Convert the 'claim' of an attribute to a string + * + * @param type the type of attribute + * @param data claim in binary encoding + * @param data_size number of bytes in @a data + * @return NULL on error, otherwise human-readable representation of the claim + */ +char * +GNUNET_IDENTITY_ATTRIBUTE_claim_to_string (uint32_t type, + const void* data, + size_t data_size); + +/** + * Convert a type number to the corresponding type string + * + * @param type number of a type + * @return corresponding typestring, NULL on error + */ +const char* +GNUNET_IDENTITY_ATTRIBUTE_number_to_typename (uint32_t type); #if 0 /* keep Emacsens' auto-indent happy */ { -- cgit v1.2.3 From 02861d7594513ad336f86ff20162a861489f20b1 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 4 Dec 2017 17:10:54 +0100 Subject: -fix --- src/identity-attribute/identity_attribute.c | 6 ++-- .../plugin_identity_attribute_gnuid.c | 4 +-- src/identity-provider/gnunet-idp.c | 40 +++++++++++++++++----- src/include/gnunet_identity_attribute_lib.h | 4 +-- 4 files changed, 38 insertions(+), 16 deletions(-) diff --git a/src/identity-attribute/identity_attribute.c b/src/identity-attribute/identity_attribute.c index 05cdcdaf0..a8aae6ced 100644 --- a/src/identity-attribute/identity_attribute.c +++ b/src/identity-attribute/identity_attribute.c @@ -88,7 +88,7 @@ init() if (GNUNET_YES == initialized) return; initialized = GNUNET_YES; - GNUNET_PLUGIN_load_all ("libgnunet_plugin_attribute_", NULL, + GNUNET_PLUGIN_load_all ("libgnunet_plugin_identity_attribute_", NULL, &add_plugin, NULL); } @@ -151,7 +151,7 @@ GNUNET_IDENTITY_ATTRIBUTE_number_to_typename (uint32_t type) * @return #GNUNET_OK on success */ int -GNUNET_IDENTITY_ATTRIBUTE_string_to_claim (uint32_t type, +GNUNET_IDENTITY_ATTRIBUTE_string_to_value (uint32_t type, const char *s, void **data, size_t *data_size) @@ -182,7 +182,7 @@ GNUNET_IDENTITY_ATTRIBUTE_string_to_claim (uint32_t type, * @return NULL on error, otherwise human-readable representation of the claim */ char * -GNUNET_IDENTITY_ATTRIBUTE_claim_to_string (uint32_t type, +GNUNET_IDENTITY_ATTRIBUTE_value_to_string (uint32_t type, const void* data, size_t data_size) { diff --git a/src/identity-attribute/plugin_identity_attribute_gnuid.c b/src/identity-attribute/plugin_identity_attribute_gnuid.c index ba460d0a5..0ff44d199 100644 --- a/src/identity-attribute/plugin_identity_attribute_gnuid.c +++ b/src/identity-attribute/plugin_identity_attribute_gnuid.c @@ -153,7 +153,7 @@ gnuid_number_to_typename (void *cls, * @return the exported block API */ void * -libgnunet_plugin_attribute_type_gnuid_init (void *cls) +libgnunet_plugin_identity_attribute_gnuid_init (void *cls) { struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions *api; @@ -173,7 +173,7 @@ libgnunet_plugin_attribute_type_gnuid_init (void *cls) * @return NULL */ void * -libgnunet_plugin_attribute_type_gnuid_done (void *cls) +libgnunet_plugin_identity_attribute_gnuid_done (void *cls) { struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions *api = cls; diff --git a/src/identity-provider/gnunet-idp.c b/src/identity-provider/gnunet-idp.c index 78da1cb4d..62f07842b 100644 --- a/src/identity-provider/gnunet-idp.c +++ b/src/identity-provider/gnunet-idp.c @@ -66,6 +66,11 @@ static char* issue_attrs; */ static char* consume_ticket; +/** + * Attribute type + */ +static char* type_str; + /** * Ticket to revoke */ @@ -168,7 +173,7 @@ process_attrs (void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr) { - char *claim; + char *value_str; if (NULL == identity) { GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); @@ -179,11 +184,11 @@ process_attrs (void *cls, ret = 1; return; } - claim = GNUNET_IDENTITY_ATTRIBUTE_claim_to_string (attr->type, + value_str = GNUNET_IDENTITY_ATTRIBUTE_value_to_string (attr->type, attr->data, attr->data_size); GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - "%s: %s\n", attr->name, claim); + "%s: %s\n", attr->name, value_str); } @@ -211,7 +216,10 @@ process_rvk (void *cls, int success, const char* msg) static void iter_finished (void *cls) { - struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr; + struct GNUNET_IDENTITY_ATTRIBUTE_Claim *claim; + char *data; + size_t data_size; + int type; attr_iterator = NULL; if (list) @@ -248,13 +256,22 @@ iter_finished (void *cls) NULL); return; } - attr = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr_name, - GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING, - attr_value, - strlen (attr_value) + 1); + if (NULL == type_str) + type = GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING; + else + type = GNUNET_IDENTITY_ATTRIBUTE_typename_to_number (type_str); + + GNUNET_assert (GNUNET_SYSERR != GNUNET_IDENTITY_ATTRIBUTE_string_to_value (type, + attr_value, + (void**)&data, + &data_size)); + claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr_name, + type, + data, + data_size); idp_op = GNUNET_IDENTITY_PROVIDER_attribute_store (idp_handle, pkey, - attr, + claim, &store_attr_cont, NULL); @@ -408,6 +425,11 @@ main(int argc, char *const argv[]) NULL, gettext_noop ("Revoke a ticket"), &revoke_ticket), + GNUNET_GETOPT_option_string ('t', + "type", + NULL, + gettext_noop ("Type of attribute"), + &type_str), GNUNET_GETOPT_OPTION_END }; GNUNET_PROGRAM_run (argc, argv, "ct", diff --git a/src/include/gnunet_identity_attribute_lib.h b/src/include/gnunet_identity_attribute_lib.h index 4e32c2ae1..a43b509da 100644 --- a/src/include/gnunet_identity_attribute_lib.h +++ b/src/include/gnunet_identity_attribute_lib.h @@ -233,7 +233,7 @@ GNUNET_IDENTITY_ATTRIBUTE_typename_to_number (const char *typename); * @return #GNUNET_OK on success */ int -GNUNET_IDENTITY_ATTRIBUTE_string_to_claim (uint32_t type, +GNUNET_IDENTITY_ATTRIBUTE_string_to_value (uint32_t type, const char *s, void **data, size_t *data_size); @@ -247,7 +247,7 @@ GNUNET_IDENTITY_ATTRIBUTE_string_to_claim (uint32_t type, * @return NULL on error, otherwise human-readable representation of the claim */ char * -GNUNET_IDENTITY_ATTRIBUTE_claim_to_string (uint32_t type, +GNUNET_IDENTITY_ATTRIBUTE_value_to_string (uint32_t type, const void* data, size_t data_size); -- cgit v1.2.3 From 24a0b84d503375bf66b5df932cd18631cc88cf8d Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 4 Dec 2017 17:39:36 +0100 Subject: -start jwt --- src/identity-attribute/Makefile.am | 3 +- src/identity-attribute/jwt.c | 180 ++++++++++++++++++++++++++++ src/identity-provider/jwt.c | 172 -------------------------- src/include/gnunet_identity_attribute_lib.h | 14 +++ 4 files changed, 196 insertions(+), 173 deletions(-) create mode 100644 src/identity-attribute/jwt.c delete mode 100644 src/identity-provider/jwt.c diff --git a/src/identity-attribute/Makefile.am b/src/identity-attribute/Makefile.am index 583545344..b84ad3492 100644 --- a/src/identity-attribute/Makefile.am +++ b/src/identity-attribute/Makefile.am @@ -20,7 +20,8 @@ lib_LTLIBRARIES = \ libgnunetidentityattribute.la libgnunetidentityattribute_la_SOURCES = \ - identity_attribute.c + identity_attribute.c \ + jwt.c libgnunetidentityattribute_la_LIBADD = \ $(top_builddir)/src/util/libgnunetutil.la \ $(GN_LIBINTL) diff --git a/src/identity-attribute/jwt.c b/src/identity-attribute/jwt.c new file mode 100644 index 000000000..935e0a79d --- /dev/null +++ b/src/identity-attribute/jwt.c @@ -0,0 +1,180 @@ +/* + This file is part of GNUnet + Copyright (C) 2010-2015 GNUnet e.V. + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. + */ + +/** + * @file identity-provider/jwt.c + * @brief helper library for JSON-Web-Tokens + * @author Martin Schanzenbach + */ +#include "platform.h" +#include "gnunet_util_lib.h" +#include "gnunet_signatures.h" +#include "gnunet_identity_attribute_lib.h" +#include + + +#define JWT_ALG "alg" + +/*TODO is this the correct way to define new algs? */ +#define JWT_ALG_VALUE "ED512" + +#define JWT_TYP "typ" + +#define JWT_TYP_VALUE "jwt" + +static char* +create_jwt_header(void) +{ + json_t *root; + char *json_str; + + root = json_object (); + json_object_set_new (root, JWT_ALG, json_string (JWT_ALG_VALUE)); + json_object_set_new (root, JWT_TYP, json_string (JWT_TYP_VALUE)); + + json_str = json_dumps (root, JSON_INDENT(1)); + json_decref (root); + return json_str; +} + +/** + * Create a JWT from attributes + * + * @param sub_key the public of the subject + * @param attrs the attribute list + * @param priv_key the key used to sign the JWT + * @return a new base64-encoded JWT string. + */ +char* +GNUNET_IDENTITY_ATTRIBUTE_jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, + const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key) +{ + struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; + struct GNUNET_CRYPTO_EcdsaPublicKey iss_key; + struct GNUNET_CRYPTO_EcdsaSignature signature; + struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; + char* audience; + char* issuer; + char* header; + char* padding; + char* body_str; + char* result; + char* header_base64; + char* body_base64; + char* signature_target; + char* signature_base64; + char* attr_val_str; + json_t* body; + + GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, &iss_key); + /* TODO maybe we should use a local identity here */ + issuer = GNUNET_STRINGS_data_to_string_alloc (&iss_key, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + audience = GNUNET_STRINGS_data_to_string_alloc (sub_key, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + header = create_jwt_header (); + body = json_object (); + /* TODO who is the issuer? local IdP or subject ? See self-issued tokens? */ + json_object_set_new (body, + "iss", json_string (issuer)); + json_object_set_new (body, + "sub", json_string (issuer)); + /* TODO what should be in here exactly? */ + json_object_set_new (body, + "aud", json_string (audience)); + for (le = attrs->list_head; NULL != le; le = le->next) + { + /** + * TODO here we should have a function that + * calls the Attribute plugins to create a + * json representation for its value + */ + attr_val_str = GNUNET_IDENTITY_ATTRIBUTE_value_to_string (le->claim->type, + le->claim->data, + le->claim->data_size); + json_object_set_new (body, + le->claim->name, + json_string (attr_val_str)); + GNUNET_free (attr_val_str); + } + body_str = json_dumps (body, JSON_INDENT(0)); + json_decref (body); + + GNUNET_STRINGS_base64_encode (header, + strlen (header), + &header_base64); + //Remove GNUNET padding of base64 + padding = strtok(header_base64, "="); + while (NULL != padding) + padding = strtok(NULL, "="); + + GNUNET_STRINGS_base64_encode (body_str, + strlen (body_str), + &body_base64); + + //Remove GNUNET padding of base64 + padding = strtok(body_base64, "="); + while (NULL != padding) + padding = strtok(NULL, "="); + + GNUNET_free (issuer); + GNUNET_free (audience); + + /** + * TODO + * Creating the JWT signature. This might not be + * standards compliant, check. + */ + GNUNET_asprintf (&signature_target, "%s,%s", header_base64, body_base64); + + purpose = + GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + + strlen (signature_target)); + purpose->size = + htonl (strlen (signature_target) + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose)); + purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN); + GNUNET_memcpy (&purpose[1], signature_target, strlen (signature_target)); + if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_sign (priv_key, + purpose, + (struct GNUNET_CRYPTO_EcdsaSignature *)&signature)) + { + GNUNET_free (signature_target); + GNUNET_free (body_str); + GNUNET_free (body_base64); + GNUNET_free (header_base64); + GNUNET_free (purpose); + return NULL; + } + GNUNET_STRINGS_base64_encode ((const char*)&signature, + sizeof (struct GNUNET_CRYPTO_EcdsaSignature), + &signature_base64); + GNUNET_asprintf (&result, "%s.%s.%s", + header_base64, body_base64, signature_base64); + + GNUNET_free (signature_target); + GNUNET_free (header); + GNUNET_free (body_str); + GNUNET_free (signature_base64); + GNUNET_free (body_base64); + GNUNET_free (header_base64); + GNUNET_free (purpose); + return result; +} diff --git a/src/identity-provider/jwt.c b/src/identity-provider/jwt.c deleted file mode 100644 index c8bc67806..000000000 --- a/src/identity-provider/jwt.c +++ /dev/null @@ -1,172 +0,0 @@ -/* - This file is part of GNUnet - Copyright (C) 2010-2015 GNUnet e.V. - - GNUnet is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published - by the Free Software Foundation; either version 3, or (at your - option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received a copy of the GNU General Public License - along with GNUnet; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. - */ - -/** - * @file identity-provider/jwt.c - * @brief helper library for JSON-Web-Tokens - * @author Martin Schanzenbach - */ -#include "platform.h" -#include "gnunet_util_lib.h" -#include "gnunet_signatures.h" -#include "identity_attribute.h" -#include - - -#define JWT_ALG "alg" - -/*TODO is this the correct way to define new algs? */ -#define JWT_ALG_VALUE "ED512" - -#define JWT_TYP "typ" - -#define JWT_TYP_VALUE "jwt" - -static char* -create_jwt_header(void) -{ - json_t *root; - char *json_str; - - root = json_object (); - json_object_set_new (root, JWT_ALG, json_string (JWT_ALG_VALUE)); - json_object_set_new (root, JWT_TYP, json_string (JWT_TYP_VALUE)); - - json_str = json_dumps (root, JSON_INDENT(1)); - json_decref (root); - return json_str; -} - -/** - * Create a JWT from a ticket and attributes - * - * @param ticket the ticket - * @param attrs the attribute list - * @return a new base64-encoded JWT string. - */ -char* -jwt_create (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, - const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key) -{ - struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le; - struct GNUNET_CRYPTO_EcdsaSignature signature; - struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; - char* audience; - char* issuer; - char* header; - char* padding; - char* body_str; - char* result; - char* header_base64; - char* body_base64; - char* signature_target; - char* signature_base64; - json_t* body; - - /* TODO maybe we should use a local identity here */ - issuer = GNUNET_STRINGS_data_to_string_alloc (&ticket->identity, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - audience = GNUNET_STRINGS_data_to_string_alloc (&ticket->audience, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - header = create_jwt_header (); - body = json_object (); - /* TODO who is the issuer? local IdP or subject ? See self-issued tokens? */ - json_object_set_new (body, - "iss", json_string (issuer)); - json_object_set_new (body, - "sub", json_string (issuer)); - /* TODO what should be in here exactly? */ - json_object_set_new (body, - "aud", json_string (audience)); - for (le = attrs->list_head; NULL != le; le = le->next) - { - /** - * TODO here we should have a function that - * calls the Attribute plugins to create a - * json representation for its value - */ - json_object_set_new (body, - le->attribute->name, - json_string (le->attribute->data)); - } - body_str = json_dumps (body, JSON_INDENT(0)); - json_decref (body); - - GNUNET_STRINGS_base64_encode (header, - strlen (header), - &header_base64); - //Remove GNUNET padding of base64 - padding = strtok(header_base64, "="); - while (NULL != padding) - padding = strtok(NULL, "="); - - GNUNET_STRINGS_base64_encode (body_str, - strlen (body_str), - &body_base64); - - //Remove GNUNET padding of base64 - padding = strtok(body_base64, "="); - while (NULL != padding) - padding = strtok(NULL, "="); - - GNUNET_free (issuer); - GNUNET_free (audience); - - /** - * TODO - * Creating the JWT signature. This might not be - * standards compliant, check. - */ - GNUNET_asprintf (&signature_target, "%s,%s", header_base64, body_base64); - - purpose = - GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + - strlen (signature_target)); - purpose->size = - htonl (strlen (signature_target) + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose)); - purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN); - GNUNET_memcpy (&purpose[1], signature_target, strlen (signature_target)); - if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_sign (priv_key, - purpose, - (struct GNUNET_CRYPTO_EcdsaSignature *)&signature)) - { - GNUNET_free (signature_target); - GNUNET_free (body_str); - GNUNET_free (body_base64); - GNUNET_free (header_base64); - GNUNET_free (purpose); - return NULL; - } - GNUNET_STRINGS_base64_encode ((const char*)&signature, - sizeof (struct GNUNET_CRYPTO_EcdsaSignature), - &signature_base64); - GNUNET_asprintf (&result, "%s.%s.%s", - header_base64, body_base64, signature_base64); - - GNUNET_free (signature_target); - GNUNET_free (header); - GNUNET_free (body_str); - GNUNET_free (signature_base64); - GNUNET_free (body_base64); - GNUNET_free (header_base64); - GNUNET_free (purpose); - return result; -} diff --git a/src/include/gnunet_identity_attribute_lib.h b/src/include/gnunet_identity_attribute_lib.h index a43b509da..4c765515b 100644 --- a/src/include/gnunet_identity_attribute_lib.h +++ b/src/include/gnunet_identity_attribute_lib.h @@ -260,6 +260,20 @@ GNUNET_IDENTITY_ATTRIBUTE_value_to_string (uint32_t type, const char* GNUNET_IDENTITY_ATTRIBUTE_number_to_typename (uint32_t type); + +/** + * Create a JWT from attributes + * + * @param sub_key the public of the subject + * @param attrs the attribute list + * @param priv_key the key used to sign the JWT + * @return a new base64-encoded JWT string. + */ +char* +GNUNET_IDENTITY_ATTRIBUTE_jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, + const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key); + #if 0 /* keep Emacsens' auto-indent happy */ { #endif -- cgit v1.2.3 From 6e0922fc29b7bf481bf97c6ed269f85eadadd43e Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 4 Dec 2017 17:48:22 +0100 Subject: -move jwt back into idp --- src/identity-attribute/Makefile.am | 3 +- src/identity-attribute/jwt.c | 180 ---------------------------- src/identity-provider/Makefile.am | 3 +- src/identity-provider/jwt.c | 180 ++++++++++++++++++++++++++++ src/include/gnunet_identity_attribute_lib.h | 13 -- 5 files changed, 183 insertions(+), 196 deletions(-) delete mode 100644 src/identity-attribute/jwt.c create mode 100644 src/identity-provider/jwt.c diff --git a/src/identity-attribute/Makefile.am b/src/identity-attribute/Makefile.am index b84ad3492..2c73a443e 100644 --- a/src/identity-attribute/Makefile.am +++ b/src/identity-attribute/Makefile.am @@ -20,8 +20,7 @@ lib_LTLIBRARIES = \ libgnunetidentityattribute.la libgnunetidentityattribute_la_SOURCES = \ - identity_attribute.c \ - jwt.c + identity_attribute.c libgnunetidentityattribute_la_LIBADD = \ $(top_builddir)/src/util/libgnunetutil.la \ $(GN_LIBINTL) diff --git a/src/identity-attribute/jwt.c b/src/identity-attribute/jwt.c deleted file mode 100644 index 935e0a79d..000000000 --- a/src/identity-attribute/jwt.c +++ /dev/null @@ -1,180 +0,0 @@ -/* - This file is part of GNUnet - Copyright (C) 2010-2015 GNUnet e.V. - - GNUnet is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published - by the Free Software Foundation; either version 3, or (at your - option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received a copy of the GNU General Public License - along with GNUnet; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. - */ - -/** - * @file identity-provider/jwt.c - * @brief helper library for JSON-Web-Tokens - * @author Martin Schanzenbach - */ -#include "platform.h" -#include "gnunet_util_lib.h" -#include "gnunet_signatures.h" -#include "gnunet_identity_attribute_lib.h" -#include - - -#define JWT_ALG "alg" - -/*TODO is this the correct way to define new algs? */ -#define JWT_ALG_VALUE "ED512" - -#define JWT_TYP "typ" - -#define JWT_TYP_VALUE "jwt" - -static char* -create_jwt_header(void) -{ - json_t *root; - char *json_str; - - root = json_object (); - json_object_set_new (root, JWT_ALG, json_string (JWT_ALG_VALUE)); - json_object_set_new (root, JWT_TYP, json_string (JWT_TYP_VALUE)); - - json_str = json_dumps (root, JSON_INDENT(1)); - json_decref (root); - return json_str; -} - -/** - * Create a JWT from attributes - * - * @param sub_key the public of the subject - * @param attrs the attribute list - * @param priv_key the key used to sign the JWT - * @return a new base64-encoded JWT string. - */ -char* -GNUNET_IDENTITY_ATTRIBUTE_jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, - const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key) -{ - struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; - struct GNUNET_CRYPTO_EcdsaPublicKey iss_key; - struct GNUNET_CRYPTO_EcdsaSignature signature; - struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; - char* audience; - char* issuer; - char* header; - char* padding; - char* body_str; - char* result; - char* header_base64; - char* body_base64; - char* signature_target; - char* signature_base64; - char* attr_val_str; - json_t* body; - - GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, &iss_key); - /* TODO maybe we should use a local identity here */ - issuer = GNUNET_STRINGS_data_to_string_alloc (&iss_key, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - audience = GNUNET_STRINGS_data_to_string_alloc (sub_key, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - header = create_jwt_header (); - body = json_object (); - /* TODO who is the issuer? local IdP or subject ? See self-issued tokens? */ - json_object_set_new (body, - "iss", json_string (issuer)); - json_object_set_new (body, - "sub", json_string (issuer)); - /* TODO what should be in here exactly? */ - json_object_set_new (body, - "aud", json_string (audience)); - for (le = attrs->list_head; NULL != le; le = le->next) - { - /** - * TODO here we should have a function that - * calls the Attribute plugins to create a - * json representation for its value - */ - attr_val_str = GNUNET_IDENTITY_ATTRIBUTE_value_to_string (le->claim->type, - le->claim->data, - le->claim->data_size); - json_object_set_new (body, - le->claim->name, - json_string (attr_val_str)); - GNUNET_free (attr_val_str); - } - body_str = json_dumps (body, JSON_INDENT(0)); - json_decref (body); - - GNUNET_STRINGS_base64_encode (header, - strlen (header), - &header_base64); - //Remove GNUNET padding of base64 - padding = strtok(header_base64, "="); - while (NULL != padding) - padding = strtok(NULL, "="); - - GNUNET_STRINGS_base64_encode (body_str, - strlen (body_str), - &body_base64); - - //Remove GNUNET padding of base64 - padding = strtok(body_base64, "="); - while (NULL != padding) - padding = strtok(NULL, "="); - - GNUNET_free (issuer); - GNUNET_free (audience); - - /** - * TODO - * Creating the JWT signature. This might not be - * standards compliant, check. - */ - GNUNET_asprintf (&signature_target, "%s,%s", header_base64, body_base64); - - purpose = - GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + - strlen (signature_target)); - purpose->size = - htonl (strlen (signature_target) + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose)); - purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN); - GNUNET_memcpy (&purpose[1], signature_target, strlen (signature_target)); - if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_sign (priv_key, - purpose, - (struct GNUNET_CRYPTO_EcdsaSignature *)&signature)) - { - GNUNET_free (signature_target); - GNUNET_free (body_str); - GNUNET_free (body_base64); - GNUNET_free (header_base64); - GNUNET_free (purpose); - return NULL; - } - GNUNET_STRINGS_base64_encode ((const char*)&signature, - sizeof (struct GNUNET_CRYPTO_EcdsaSignature), - &signature_base64); - GNUNET_asprintf (&result, "%s.%s.%s", - header_base64, body_base64, signature_base64); - - GNUNET_free (signature_target); - GNUNET_free (header); - GNUNET_free (body_str); - GNUNET_free (signature_base64); - GNUNET_free (body_base64); - GNUNET_free (header_base64); - GNUNET_free (purpose); - return result; -} diff --git a/src/identity-provider/Makefile.am b/src/identity-provider/Makefile.am index 3b072e59d..5c5ddaa57 100644 --- a/src/identity-provider/Makefile.am +++ b/src/identity-provider/Makefile.am @@ -87,7 +87,8 @@ libgnunetidentityprovider_la_LDFLAGS = \ -version-info 0:0:0 libgnunet_plugin_rest_identity_provider_la_SOURCES = \ - plugin_rest_identity_provider.c + plugin_rest_identity_provider.c \ + jwt.c libgnunet_plugin_rest_identity_provider_la_LIBADD = \ $(top_builddir)/src/identity/libgnunetidentity.la \ libgnunetidentityprovider.la \ diff --git a/src/identity-provider/jwt.c b/src/identity-provider/jwt.c new file mode 100644 index 000000000..2f1e3240b --- /dev/null +++ b/src/identity-provider/jwt.c @@ -0,0 +1,180 @@ +/* + This file is part of GNUnet + Copyright (C) 2010-2015 GNUnet e.V. + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. + */ + +/** + * @file identity-provider/jwt.c + * @brief helper library for JSON-Web-Tokens + * @author Martin Schanzenbach + */ +#include "platform.h" +#include "gnunet_util_lib.h" +#include "gnunet_signatures.h" +#include "gnunet_identity_attribute_lib.h" +#include + + +#define JWT_ALG "alg" + +/*TODO is this the correct way to define new algs? */ +#define JWT_ALG_VALUE "ED512" + +#define JWT_TYP "typ" + +#define JWT_TYP_VALUE "jwt" + +static char* +create_jwt_header(void) +{ + json_t *root; + char *json_str; + + root = json_object (); + json_object_set_new (root, JWT_ALG, json_string (JWT_ALG_VALUE)); + json_object_set_new (root, JWT_TYP, json_string (JWT_TYP_VALUE)); + + json_str = json_dumps (root, JSON_INDENT(1)); + json_decref (root); + return json_str; +} + +/** + * Create a JWT from attributes + * + * @param sub_key the public of the subject + * @param attrs the attribute list + * @param priv_key the key used to sign the JWT + * @return a new base64-encoded JWT string. + */ +char* +jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, + const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key) +{ + struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; + struct GNUNET_CRYPTO_EcdsaPublicKey iss_key; + struct GNUNET_CRYPTO_EcdsaSignature signature; + struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; + char* audience; + char* issuer; + char* header; + char* padding; + char* body_str; + char* result; + char* header_base64; + char* body_base64; + char* signature_target; + char* signature_base64; + char* attr_val_str; + json_t* body; + + GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, &iss_key); + /* TODO maybe we should use a local identity here */ + issuer = GNUNET_STRINGS_data_to_string_alloc (&iss_key, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + audience = GNUNET_STRINGS_data_to_string_alloc (sub_key, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + header = create_jwt_header (); + body = json_object (); + /* TODO who is the issuer? local IdP or subject ? See self-issued tokens? */ + json_object_set_new (body, + "iss", json_string (issuer)); + json_object_set_new (body, + "sub", json_string (issuer)); + /* TODO what should be in here exactly? */ + json_object_set_new (body, + "aud", json_string (audience)); + for (le = attrs->list_head; NULL != le; le = le->next) + { + /** + * TODO here we should have a function that + * calls the Attribute plugins to create a + * json representation for its value + */ + attr_val_str = GNUNET_IDENTITY_ATTRIBUTE_value_to_string (le->claim->type, + le->claim->data, + le->claim->data_size); + json_object_set_new (body, + le->claim->name, + json_string (attr_val_str)); + GNUNET_free (attr_val_str); + } + body_str = json_dumps (body, JSON_INDENT(0)); + json_decref (body); + + GNUNET_STRINGS_base64_encode (header, + strlen (header), + &header_base64); + //Remove GNUNET padding of base64 + padding = strtok(header_base64, "="); + while (NULL != padding) + padding = strtok(NULL, "="); + + GNUNET_STRINGS_base64_encode (body_str, + strlen (body_str), + &body_base64); + + //Remove GNUNET padding of base64 + padding = strtok(body_base64, "="); + while (NULL != padding) + padding = strtok(NULL, "="); + + GNUNET_free (issuer); + GNUNET_free (audience); + + /** + * TODO + * Creating the JWT signature. This might not be + * standards compliant, check. + */ + GNUNET_asprintf (&signature_target, "%s,%s", header_base64, body_base64); + + purpose = + GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + + strlen (signature_target)); + purpose->size = + htonl (strlen (signature_target) + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose)); + purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN); + GNUNET_memcpy (&purpose[1], signature_target, strlen (signature_target)); + if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_sign (priv_key, + purpose, + (struct GNUNET_CRYPTO_EcdsaSignature *)&signature)) + { + GNUNET_free (signature_target); + GNUNET_free (body_str); + GNUNET_free (body_base64); + GNUNET_free (header_base64); + GNUNET_free (purpose); + return NULL; + } + GNUNET_STRINGS_base64_encode ((const char*)&signature, + sizeof (struct GNUNET_CRYPTO_EcdsaSignature), + &signature_base64); + GNUNET_asprintf (&result, "%s.%s.%s", + header_base64, body_base64, signature_base64); + + GNUNET_free (signature_target); + GNUNET_free (header); + GNUNET_free (body_str); + GNUNET_free (signature_base64); + GNUNET_free (body_base64); + GNUNET_free (header_base64); + GNUNET_free (purpose); + return result; +} diff --git a/src/include/gnunet_identity_attribute_lib.h b/src/include/gnunet_identity_attribute_lib.h index 4c765515b..a6c9e1f1c 100644 --- a/src/include/gnunet_identity_attribute_lib.h +++ b/src/include/gnunet_identity_attribute_lib.h @@ -261,19 +261,6 @@ const char* GNUNET_IDENTITY_ATTRIBUTE_number_to_typename (uint32_t type); -/** - * Create a JWT from attributes - * - * @param sub_key the public of the subject - * @param attrs the attribute list - * @param priv_key the key used to sign the JWT - * @return a new base64-encoded JWT string. - */ -char* -GNUNET_IDENTITY_ATTRIBUTE_jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, - const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key); - #if 0 /* keep Emacsens' auto-indent happy */ { #endif -- cgit v1.2.3 From 92d8c8a77e242a61927acc0e22fcecea479e6c43 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Tue, 2 Jan 2018 16:37:08 +0100 Subject: -move idp experimental --- src/Makefile.am | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index 68878b5a0..fcdd44bfb 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -12,13 +12,11 @@ endif if HAVE_EXPERIMENTAL EXP_DIR = \ rps -endif # dv (FTBFS) - -if HAVE_JSON -if HAVE_MHD - ATTRIBUTE_DIR = identity-attribute - PROVIDER_DIR = identity-provider +if HAVE_ABE + EXP_DIR += identity-attribute \ + identity-provider \ + credential endif endif @@ -117,7 +115,6 @@ SUBDIRS = \ revocation \ vpn \ gns \ - credential \ zonemaster \ $(CONVERSATION_DIR) \ fs \ @@ -131,8 +128,6 @@ SUBDIRS = \ psyc \ social \ $(AUCTION_DIR) \ - $(EXP_DIR) \ - $(ATTRIBUTE_DIR) \ - $(PROVIDER_DIR) + $(EXP_DIR) endif -- cgit v1.2.3 From fb85cf602c67994646c156aa9e05d2b9aa10816c Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Wed, 3 Jan 2018 10:11:40 +0100 Subject: -move abe functionality out of util; prepare for release --- Dockerfile | 63 ---- configure.ac | 1 + contrib/Dockerfile | 63 ++++ contrib/docker-entrypoint.sh | 3 + docker-entrypoint.sh | 3 - po/POTFILES.in | 1 + src/Makefile.am | 7 +- src/abe/Makefile.am | 50 +++ src/abe/abe.c | 417 +++++++++++++++++++++ src/abe/test_cpabe.c | 87 +++++ src/identity-provider/Makefile.am | 1 + .../gnunet-service-identity-provider.c | 77 ++-- src/include/gnunet_abe_lib.h | 143 +++++++ src/include/gnunet_crypto_lib.h | 82 ---- src/util/Makefile.am | 23 -- src/util/test_crypto_abe.c | 86 ----- 16 files changed, 809 insertions(+), 298 deletions(-) delete mode 100644 Dockerfile create mode 100644 contrib/Dockerfile create mode 100644 contrib/docker-entrypoint.sh delete mode 100644 docker-entrypoint.sh create mode 100644 src/abe/Makefile.am create mode 100644 src/abe/abe.c create mode 100644 src/abe/test_cpabe.c create mode 100644 src/include/gnunet_abe_lib.h delete mode 100644 src/util/test_crypto_abe.c diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 5a193a46d..000000000 --- a/Dockerfile +++ /dev/null @@ -1,63 +0,0 @@ -from fedora:26 - -# Install the required build tools -RUN dnf -y update && dnf -y install which git automake texinfo gettext-devel autoconf libtool libtool-ltdl-devel libidn-devel libunistring-devel glpk libextractor-devel libmicrohttpd-devel gnutls libgcrypt-devel jansson-devel sqlite-devel npm - -WORKDIR /usr/src - -# Install gnurl from source at version gnurl-7.54.0 -RUN git clone https://git.taler.net/gnurl.git --branch gnurl-7.54.0 -WORKDIR /usr/src/gnurl -RUN autoreconf -i -RUN ./configure --enable-ipv6 --with-gnutls --without-libssh2 \ ---without-libmetalink --without-winidn --without-librtmp \ ---without-nghttp2 --without-nss --without-cyassl \ ---without-polarssl --without-ssl --without-winssl \ ---without-darwinssl --disable-sspi --disable-ntlm-wb --disable-ldap \ ---disable-rtsp --disable-dict --disable-telnet --disable-tftp \ ---disable-pop3 --disable-imap --disable-smtp --disable-gopher \ ---disable-file --disable-ftp --disable-smb -RUN make install -WORKDIR /usr/src - -RUN dnf -y install wget flex bison - -# Install libpbc -RUN wget https://crypto.stanford.edu/pbc/files/pbc-0.5.14.tar.gz -RUN tar xvzpf pbc-0.5.14.tar.gz -WORKDIR /usr/src/pbc-0.5.14 -RUN ./configure --prefix=/usr -RUN make install -WORKDIR /usr/src - -RUN dnf -y install glib2-devel - -# Install libbswabe -RUN git clone https://github.com/schanzen/libgabe.git -WORKDIR /usr/src/libgabe -RUN ./configure --prefix=/usr -RUN make install - -# Install WebUI -WORKDIR /usr/src/ -RUN git clone https://github.com/schanzen/gnunet-webui.git -WORKDIR /usr/src/gnunet-webui -RUN git checkout gnuidentity - -RUN mkdir /usr/src/gnunet -WORKDIR /usr/src/gnunet -ADD . . -ARG NUM_JOBS -RUN ./bootstrap -RUN ./configure --prefix=/usr/local -RUN make -j$NUM_JOBS -RUN make install - -RUN groupadd gnunetdns -RUN adduser --system -m --home-dir /var/lib/gnunet gnunet -RUN chown gnunet:gnunet /var/lib/gnunet -RUN echo '[arm]\nSYSTEM_ONLY = YES\nUSER_ONLY = NO\n' > /etc/gnunet.conf - -ADD docker-entrypoint.sh . - -CMD ["sh", "docker-entrypoint.sh"] diff --git a/configure.ac b/configure.ac index ac00bd5d6..017b4836c 100644 --- a/configure.ac +++ b/configure.ac @@ -1658,6 +1658,7 @@ src/vpn/vpn.conf src/zonemaster/Makefile src/zonemaster/zonemaster.conf src/rest/Makefile +src/abe/Makefile src/identity-attribute/Makefile src/identity-provider/Makefile pkgconfig/Makefile diff --git a/contrib/Dockerfile b/contrib/Dockerfile new file mode 100644 index 000000000..5a193a46d --- /dev/null +++ b/contrib/Dockerfile @@ -0,0 +1,63 @@ +from fedora:26 + +# Install the required build tools +RUN dnf -y update && dnf -y install which git automake texinfo gettext-devel autoconf libtool libtool-ltdl-devel libidn-devel libunistring-devel glpk libextractor-devel libmicrohttpd-devel gnutls libgcrypt-devel jansson-devel sqlite-devel npm + +WORKDIR /usr/src + +# Install gnurl from source at version gnurl-7.54.0 +RUN git clone https://git.taler.net/gnurl.git --branch gnurl-7.54.0 +WORKDIR /usr/src/gnurl +RUN autoreconf -i +RUN ./configure --enable-ipv6 --with-gnutls --without-libssh2 \ +--without-libmetalink --without-winidn --without-librtmp \ +--without-nghttp2 --without-nss --without-cyassl \ +--without-polarssl --without-ssl --without-winssl \ +--without-darwinssl --disable-sspi --disable-ntlm-wb --disable-ldap \ +--disable-rtsp --disable-dict --disable-telnet --disable-tftp \ +--disable-pop3 --disable-imap --disable-smtp --disable-gopher \ +--disable-file --disable-ftp --disable-smb +RUN make install +WORKDIR /usr/src + +RUN dnf -y install wget flex bison + +# Install libpbc +RUN wget https://crypto.stanford.edu/pbc/files/pbc-0.5.14.tar.gz +RUN tar xvzpf pbc-0.5.14.tar.gz +WORKDIR /usr/src/pbc-0.5.14 +RUN ./configure --prefix=/usr +RUN make install +WORKDIR /usr/src + +RUN dnf -y install glib2-devel + +# Install libbswabe +RUN git clone https://github.com/schanzen/libgabe.git +WORKDIR /usr/src/libgabe +RUN ./configure --prefix=/usr +RUN make install + +# Install WebUI +WORKDIR /usr/src/ +RUN git clone https://github.com/schanzen/gnunet-webui.git +WORKDIR /usr/src/gnunet-webui +RUN git checkout gnuidentity + +RUN mkdir /usr/src/gnunet +WORKDIR /usr/src/gnunet +ADD . . +ARG NUM_JOBS +RUN ./bootstrap +RUN ./configure --prefix=/usr/local +RUN make -j$NUM_JOBS +RUN make install + +RUN groupadd gnunetdns +RUN adduser --system -m --home-dir /var/lib/gnunet gnunet +RUN chown gnunet:gnunet /var/lib/gnunet +RUN echo '[arm]\nSYSTEM_ONLY = YES\nUSER_ONLY = NO\n' > /etc/gnunet.conf + +ADD docker-entrypoint.sh . + +CMD ["sh", "docker-entrypoint.sh"] diff --git a/contrib/docker-entrypoint.sh b/contrib/docker-entrypoint.sh new file mode 100644 index 000000000..807d86d6f --- /dev/null +++ b/contrib/docker-entrypoint.sh @@ -0,0 +1,3 @@ +#!/bin/bash +gnunet-arm -s > $HOME/gnunet.log 2>&1 +exec bash \ No newline at end of file diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh deleted file mode 100644 index 807d86d6f..000000000 --- a/docker-entrypoint.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash -gnunet-arm -s > $HOME/gnunet.log 2>&1 -exec bash \ No newline at end of file diff --git a/po/POTFILES.in b/po/POTFILES.in index e0654d4b4..2fcb74c09 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -1,3 +1,4 @@ +src/abe/abe.c src/arm/arm_api.c src/arm/arm_monitor_api.c src/arm/gnunet-arm.c diff --git a/src/Makefile.am b/src/Makefile.am index fcdd44bfb..6d0284157 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -14,9 +14,10 @@ if HAVE_EXPERIMENTAL rps # dv (FTBFS) if HAVE_ABE - EXP_DIR += identity-attribute \ - identity-provider \ - credential + EXP_DIR += abe \ + credential \ + identity-attribute \ + identity-provider endif endif diff --git a/src/abe/Makefile.am b/src/abe/Makefile.am new file mode 100644 index 000000000..308e6c67c --- /dev/null +++ b/src/abe/Makefile.am @@ -0,0 +1,50 @@ +# This Makefile.am is in the public domain +AM_CPPFLAGS = -I$(top_srcdir)/src/include + +plugindir = $(libdir)/gnunet + +libexecdir= $(pkglibdir)/libexec/ + +pkgcfgdir= $(pkgdatadir)/config.d/ + +dist_pkgcfg_DATA = \ + abe.conf + +if USE_COVERAGE + AM_CFLAGS = --coverage -O0 + XLIB = -lgcov +endif + +libgnunetabe_la_SOURCES = abe.c + +libgnunetabe_la_LIBADD = \ + $(GCLIBADD)\ + $(LIBGCRYPT_LIBS) \ + $(LTLIBICONV) \ + $(LTLIBINTL) \ + $(ABE_LIBADD) \ + -lgabe \ + -lpbc \ + -lglib-2.0 \ + -lltdl $(Z_LIBS) -lunistring $(XLIB) + +libgnunetabe_la_LDFLAGS = \ + $(GN_LIB_LDFLAGS) \ + -version-info 1:0:0 + +lib_LTLIBRARIES = libgnunetabe.la + +if ENABLE_TEST_RUN +AM_TESTS_ENVIRONMENT=export GNUNET_PREFIX=$${GNUNET_PREFIX:-@libdir@};export PATH=$${GNUNET_PREFIX:-@prefix@}/bin:$$PATH;unset XDG_DATA_HOME;unset XDG_CONFIG_HOME; +TESTS = $(check_PROGRAMS) +endif + +check_PROGRAMS = test_cpabe + +test_cpabe_SOURCES = \ + test_cpabe.c +test_cpabe_LDADD = \ + libgnunetabe.la \ + $(top_builddir)/src/util/libgnunetutil.la +check_PROGRAMS += \ + test_cpabe diff --git a/src/abe/abe.c b/src/abe/abe.c new file mode 100644 index 000000000..d008cc522 --- /dev/null +++ b/src/abe/abe.c @@ -0,0 +1,417 @@ +/* + This file is part of GNUnet. Copyright (C) 2001-2014 Christian Grothoff + (and other contributing authors) + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. + +*/ + +/** + * @file util/crypto_random.c + * @brief functions to gather random numbers + * @author Christian Grothoff + */ + + +#include "platform.h" +#include +#include + +#include "gnunet_crypto_lib.h" +#include "gnunet_abe_lib.h" + +struct GNUNET_ABE_AbeMasterKey +{ + gabe_pub_t* pub; + gabe_msk_t* msk; +}; + +struct GNUNET_ABE_AbeKey +{ + gabe_pub_t* pub; + gabe_prv_t* prv; +}; + +static int +init_aes( element_t k, int enc, + gcry_cipher_hd_t* handle, + struct GNUNET_CRYPTO_SymmetricSessionKey *key, + unsigned char* iv) +{ + int rc; + int key_len; + unsigned char* key_buf; + + key_len = element_length_in_bytes(k) < 33 ? 3 : element_length_in_bytes(k); + key_buf = (unsigned char*) malloc(key_len); + element_to_bytes(key_buf, k); + + memcpy (key->aes_key, key_buf, GNUNET_CRYPTO_AES_KEY_LENGTH); + GNUNET_assert (0 == + gcry_cipher_open (handle, GCRY_CIPHER_AES256, + GCRY_CIPHER_MODE_CFB, 0)); + rc = gcry_cipher_setkey (*handle, + key->aes_key, + sizeof (key->aes_key)); + GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY)); + memset (iv, 0, 16); //TODO make reasonable + rc = gcry_cipher_setiv (*handle, + iv, + 16); + GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY)); + + free(key_buf); + return rc; +} + +static int +aes_128_cbc_encrypt( char* pt, + int size, + element_t k, + char **ct ) +{ + gcry_cipher_hd_t handle; + struct GNUNET_CRYPTO_SymmetricSessionKey skey; + unsigned char iv[16]; + char* buf; + int padding; + int buf_size; + uint8_t len[4]; + init_aes(k, 1, &handle, &skey, iv); + + /* TODO make less crufty */ + + /* stuff in real length (big endian) before padding */ + len[0] = (size & 0xff000000)>>24; + len[1] = (size & 0xff0000)>>16; + len[2] = (size & 0xff00)>>8; + len[3] = (size & 0xff)>>0; + padding = 16 - ((4+size) % 16); + buf_size = 4 + size + padding; + buf = GNUNET_malloc (buf_size); + GNUNET_memcpy (buf, len, 4); + GNUNET_memcpy (buf+4, pt, size); + *ct = GNUNET_malloc (buf_size); + + GNUNET_assert (0 == gcry_cipher_encrypt (handle, *ct, buf_size, buf, buf_size)); + gcry_cipher_close (handle); + //AES_cbc_encrypt(pt->data, ct->data, pt->len, &key, iv, AES_ENCRYPT); + GNUNET_free (buf); + return buf_size; +} + +static int +aes_128_cbc_decrypt( char* ct, + int size, + element_t k, + char **pt ) +{ + struct GNUNET_CRYPTO_SymmetricSessionKey skey; + gcry_cipher_hd_t handle; + unsigned char iv[16]; + char* tmp; + uint32_t len; + + init_aes(k, 1, &handle, &skey, iv); + + tmp = GNUNET_malloc (size); + + //AES_cbc_encrypt(ct->data, pt->data, ct->len, &key, iv, AES_DECRYPT); + GNUNET_assert (0 == gcry_cipher_decrypt (handle, tmp, size, ct, size)); + gcry_cipher_close (handle); + /* TODO make less crufty */ + + /* get real length */ + len = 0; + len = len + | ((tmp[0])<<24) | ((tmp[1])<<16) + | ((tmp[2])<<8) | ((tmp[3])<<0); + /* truncate any garbage from the padding */ + *pt = GNUNET_malloc (len); + GNUNET_memcpy (*pt, tmp+4, len); + GNUNET_free (tmp); + return len; +} + +struct GNUNET_ABE_AbeMasterKey* +GNUNET_ABE_cpabe_create_master_key (void) +{ + struct GNUNET_ABE_AbeMasterKey* key; + key = GNUNET_new (struct GNUNET_ABE_AbeMasterKey); + gabe_setup(&key->pub, &key->msk); + GNUNET_assert (NULL != key->pub); + GNUNET_assert (NULL != key->msk); + return key; +} + +void +GNUNET_ABE_cpabe_delete_master_key (struct GNUNET_ABE_AbeMasterKey *key) +{ + gabe_msk_free (key->msk); + gabe_pub_free (key->pub); + //GNUNET_free (key->msk); + //gabe_msk_free (key->msk); //For some reason free of pub implicit? + GNUNET_free (key); +} + +struct GNUNET_ABE_AbeKey* +GNUNET_ABE_cpabe_create_key (struct GNUNET_ABE_AbeMasterKey *key, + char **attrs) +{ + struct GNUNET_ABE_AbeKey *prv_key; + int size; + char *tmp; + + prv_key = GNUNET_new (struct GNUNET_ABE_AbeKey); + prv_key->prv = gabe_keygen(key->pub, key->msk, attrs); + size = gabe_pub_serialize(key->pub, &tmp); + prv_key->pub = gabe_pub_unserialize(tmp, size); + GNUNET_free (tmp); + GNUNET_assert (NULL != prv_key->prv); + return prv_key; +} + +void +GNUNET_ABE_cpabe_delete_key (struct GNUNET_ABE_AbeKey *key, + int delete_pub) +{ + //Memory management in gabe is buggy + gabe_prv_free (key->prv); + if (GNUNET_YES == delete_pub) + gabe_pub_free (key->pub); + GNUNET_free (key); +} + +ssize_t +write_cpabe (void **result, + uint32_t file_len, + char* cph_buf, + int cph_buf_len, + char* aes_buf, + int aes_buf_len) +{ + char *ptr; + uint32_t *len; + + *result = GNUNET_malloc (12 + cph_buf_len + aes_buf_len); + ptr = *result; + len = (uint32_t*) ptr; + *len = htonl (file_len); + ptr += 4; + len = (uint32_t*) ptr; + *len = htonl (aes_buf_len); + ptr += 4; + memcpy (ptr, aes_buf, aes_buf_len); + ptr += aes_buf_len; + len = (uint32_t*) ptr; + *len = htonl (cph_buf_len); + ptr += 4; + memcpy (ptr, cph_buf, cph_buf_len); + return 12 + cph_buf_len + aes_buf_len; +} + +ssize_t +read_cpabe (const void *data, + char** cph_buf, + int *cph_buf_len, + char** aes_buf, + int *aes_buf_len) +{ + int buf_len; + char *ptr; + uint32_t *len; + + ptr = (char*)data; + len = (uint32_t*)ptr; + buf_len = ntohl (*len); + ptr += 4; + len = (uint32_t*)ptr; + *aes_buf_len = ntohl (*len); + ptr += 4; + *aes_buf = GNUNET_malloc (*aes_buf_len); + memcpy(*aes_buf, ptr, *aes_buf_len); + ptr += *aes_buf_len; + len = (uint32_t*)ptr; + *cph_buf_len = ntohl (*len); + ptr += 4; + *cph_buf = GNUNET_malloc (*cph_buf_len); + memcpy(*cph_buf, ptr, *cph_buf_len); + + return buf_len; +} + +ssize_t +GNUNET_ABE_cpabe_encrypt (const void *block, + size_t size, + const char *policy, + const struct GNUNET_ABE_AbeMasterKey *key, + void **result) +{ + gabe_cph_t* cph; + char* plt; + char* cph_buf; + char* aes_buf; + element_t m; + int cph_buf_len; + int aes_buf_len; + ssize_t result_len; + + if( !(cph = gabe_enc(key->pub, m, (char*)policy)) ) + return GNUNET_SYSERR; + cph_buf_len = gabe_cph_serialize(cph, + &cph_buf); + gabe_cph_free(cph); + GNUNET_free (cph); + plt = GNUNET_memdup (block, size); + aes_buf_len = aes_128_cbc_encrypt(plt, size, m, &aes_buf); + GNUNET_free (plt); + element_clear(m); + result_len = write_cpabe(result, size, cph_buf, cph_buf_len, aes_buf, aes_buf_len); + GNUNET_free(cph_buf); + GNUNET_free(aes_buf); + return result_len; +} + +ssize_t +GNUNET_ABE_cpabe_decrypt (const void *block, + size_t size, + const struct GNUNET_ABE_AbeKey *key, + void **result) +{ + char* aes_buf; + char* cph_buf; + gabe_cph_t* cph; + element_t m; + int cph_buf_size; + int aes_buf_size; + int plt_len; + + read_cpabe(block, &cph_buf, &cph_buf_size, &aes_buf, &aes_buf_size); + cph = gabe_cph_unserialize(key->pub, cph_buf, cph_buf_size); + if( !gabe_dec(key->pub, key->prv, cph, m) ) { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "%s\n", gabe_error()); + GNUNET_free (aes_buf); + GNUNET_free (cph_buf); + gabe_cph_free(cph); + GNUNET_free (cph); + element_clear (m); + return GNUNET_SYSERR; + } + gabe_cph_free(cph); + GNUNET_free (cph); + plt_len = aes_128_cbc_decrypt(aes_buf, aes_buf_size, m, (char**)result); + GNUNET_free (cph_buf); + GNUNET_free (aes_buf); + element_clear (m); + //freeing is buggy in gabe + //gabe_prv_free (prv); + //gabe_pub_free (pub); + return plt_len; +} + +ssize_t +GNUNET_ABE_cpabe_serialize_key (const struct GNUNET_ABE_AbeKey *key, + void **result) +{ + ssize_t len; + char *pub; + char *prv; + int pub_len; + int prv_len; + + pub_len = gabe_pub_serialize (key->pub, &pub); + prv_len = gabe_prv_serialize (key->prv, &prv); + + len = pub_len + prv_len + 12; + write_cpabe (result, len, pub, pub_len, prv, prv_len); + + GNUNET_free (pub); + GNUNET_free (prv); + + return len; +} + +struct GNUNET_ABE_AbeKey* +GNUNET_ABE_cpabe_deserialize_key (const void *data, + size_t len) +{ + struct GNUNET_ABE_AbeKey *key; + char *pub; + char *prv; + int prv_len; + int pub_len; + + key = GNUNET_new (struct GNUNET_ABE_AbeKey); + read_cpabe (data, + &pub, + &pub_len, + &prv, + &prv_len); + key->pub = gabe_pub_unserialize (pub, pub_len); + key->prv = gabe_prv_unserialize (key->pub, prv, prv_len); + + GNUNET_free (pub); + GNUNET_free (prv); + return key; +} + +ssize_t +GNUNET_ABE_cpabe_serialize_master_key (const struct GNUNET_ABE_AbeMasterKey *key, + void **result) +{ + ssize_t len; + char *pub; + char *msk; + int pub_len; + int msk_len; + + pub_len = gabe_pub_serialize (key->pub, &pub); + msk_len = gabe_msk_serialize (key->msk, &msk); + + len = pub_len + msk_len + 12; + write_cpabe (result, len, pub, pub_len, msk, msk_len); + + GNUNET_free (pub); + GNUNET_free (msk); + + return len; +} + +struct GNUNET_ABE_AbeMasterKey* +GNUNET_ABE_cpabe_deserialize_master_key (const void *data, + size_t len) +{ + struct GNUNET_ABE_AbeMasterKey *key; + char *msk; + char *pub; + int msk_len; + int pub_len; + + key = GNUNET_new (struct GNUNET_ABE_AbeMasterKey); + read_cpabe (data, + &pub, + &pub_len, + &msk, + &msk_len); + key->pub = gabe_pub_unserialize (pub, pub_len); + key->msk = gabe_msk_unserialize (key->pub, msk, msk_len); + + GNUNET_free (pub); + GNUNET_free (msk); + + return key; +} diff --git a/src/abe/test_cpabe.c b/src/abe/test_cpabe.c new file mode 100644 index 000000000..9b2062b23 --- /dev/null +++ b/src/abe/test_cpabe.c @@ -0,0 +1,87 @@ +/* + This file is part of GNUnet. + Copyright (C) 2002, 2003, 2004, 2006 GNUnet e.V. + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. + +*/ +/** + * @author Martin Schanzenbach + * @file util/test_crypto_abe.c + * @brief test for ABE ciphers + */ +#include "platform.h" +#include "gnunet_util_lib.h" +#include "gnunet_abe_lib.h" + +#define TESTSTRING "Hello World!" + +static int +testAbecipher () +{ + struct GNUNET_ABE_AbeMasterKey *msk; + struct GNUNET_ABE_AbeKey *key; + char *result; + char **attrs; + int size; + char *res; + msk = GNUNET_ABE_cpabe_create_master_key (); + size = GNUNET_ABE_cpabe_encrypt (TESTSTRING, strlen (TESTSTRING) + 1, + "testattr", //Policy + msk, + (void*)&result); + GNUNET_assert (-1 != size); + attrs = GNUNET_malloc (2 * sizeof (char*)); + attrs[0] = "testattr"; + attrs[1] = NULL; + key = GNUNET_ABE_cpabe_create_key (msk, + attrs); + + size = GNUNET_ABE_cpabe_decrypt (result, size, + key, + (void*)&res); + if (strlen (TESTSTRING) + 1 != size) + { + printf ("abeciphertest failed: decryptBlock returned %d\n", size); + return 1; + } + if (0 != strcmp (res, TESTSTRING)) + { + printf ("abeciphertest failed: %s != %s\n", res, TESTSTRING); + return 1; + } + else + return 0; +} + + +int +main (int argc, char *argv[]) +{ + int failureCount = 0; + + GNUNET_log_setup ("test-crypto-abe", "WARNING", NULL); + failureCount += testAbecipher (); + + if (failureCount != 0) + { + printf ("%d TESTS FAILED!\n", failureCount); + return -1; + } + return 0; +} + +/* end of test_crypto_aes.c */ diff --git a/src/identity-provider/Makefile.am b/src/identity-provider/Makefile.am index 5c5ddaa57..adf6af3b3 100644 --- a/src/identity-provider/Makefile.am +++ b/src/identity-provider/Makefile.am @@ -70,6 +70,7 @@ gnunet_service_identity_provider_LDADD = \ $(top_builddir)/src/namestore/libgnunetnamestore.la \ $(top_builddir)/src/identity/libgnunetidentity.la \ $(top_builddir)/src/statistics/libgnunetstatistics.la \ + $(top_builddir)/src/abe/libgnunetabe.la \ $(top_builddir)/src/credential/libgnunetcredential.la \ $(top_builddir)/src/identity-attribute/libgnunetidentityattribute.la \ libgnunetidentityprovider.la \ diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index a5c178aa5..351308c3a 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -30,6 +30,7 @@ #include "gnunet_identity_service.h" #include "gnunet_gnsrecord_lib.h" #include "gnunet_namestore_service.h" +#include "gnunet_abe_lib.h" #include "gnunet_credential_service.h" #include "gnunet_statistics_service.h" #include "gnunet_gns_service.h" @@ -205,7 +206,7 @@ struct TicketIteration */ typedef void (*AbeBootstrapResult) (void *cls, - struct GNUNET_CRYPTO_AbeMasterKey *abe_key); + struct GNUNET_ABE_AbeMasterKey *abe_key); struct AbeBootstrapHandle @@ -233,7 +234,7 @@ struct AbeBootstrapHandle /** * The issuer egos ABE master key */ - struct GNUNET_CRYPTO_AbeMasterKey *abe_key; + struct GNUNET_ABE_AbeMasterKey *abe_key; }; /** @@ -264,7 +265,7 @@ struct AttributeIterator /** * The issuer egos ABE master key */ - struct GNUNET_CRYPTO_AbeMasterKey *abe_key; + struct GNUNET_ABE_AbeMasterKey *abe_key; /** * Namestore iterator @@ -355,7 +356,7 @@ struct AttributeStoreHandle /** * The issuer egos ABE master key */ - struct GNUNET_CRYPTO_AbeMasterKey *abe_key; + struct GNUNET_ABE_AbeMasterKey *abe_key; /** * QueueEntry @@ -423,7 +424,7 @@ struct ConsumeTicketHandle /** * The ABE key */ - struct GNUNET_CRYPTO_AbeKey *key; + struct GNUNET_ABE_AbeKey *key; /** * Attributes @@ -520,7 +521,7 @@ struct TicketRevocationHandle /** * The ABE master key */ - struct GNUNET_CRYPTO_AbeMasterKey *abe_key; + struct GNUNET_ABE_AbeMasterKey *abe_key; /** * Offset @@ -690,7 +691,7 @@ bootstrap_store_task (void *cls) struct GNUNET_GNSRECORD_Data rd[1]; char *key; - rd[0].data_size = GNUNET_CRYPTO_cpabe_serialize_master_key (abh->abe_key, + rd[0].data_size = GNUNET_ABE_cpabe_serialize_master_key (abh->abe_key, (void**)&key); rd[0].data = key; rd[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_MASTER; @@ -730,13 +731,13 @@ bootstrap_abe_result (void *cls, const struct GNUNET_GNSRECORD_Data *rd) { struct AbeBootstrapHandle *abh = cls; - struct GNUNET_CRYPTO_AbeMasterKey *abe_key; + struct GNUNET_ABE_AbeMasterKey *abe_key; int i; for (i=0;iproc (abh->proc_cls, abe_key); GNUNET_free (abh); @@ -744,7 +745,7 @@ bootstrap_abe_result (void *cls, } //No ABE master found, bootstrapping... - abh->abe_key = GNUNET_CRYPTO_cpabe_create_master_key (); + abh->abe_key = GNUNET_ABE_cpabe_create_master_key (); GNUNET_SCHEDULER_add_now (&bootstrap_store_task, abh); } @@ -767,7 +768,7 @@ bootstrap_abe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, abh->identity = *identity; if (GNUNET_YES == recreate) { - abh->abe_key = GNUNET_CRYPTO_cpabe_create_master_key (); + abh->abe_key = GNUNET_ABE_cpabe_create_master_key (); GNUNET_SCHEDULER_add_now (&bootstrap_store_task, abh); } else { abh->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle, @@ -874,7 +875,7 @@ store_ticket_issue_cont (void *cls, int serialize_abe_keyinfo2 (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs, - const struct GNUNET_CRYPTO_AbeKey *rp_key, + const struct GNUNET_ABE_AbeKey *rp_key, struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey, char **result) { @@ -892,7 +893,7 @@ serialize_abe_keyinfo2 (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, struct GNUNET_HashCode new_key_hash; ssize_t enc_size; - size = GNUNET_CRYPTO_cpabe_serialize_key (rp_key, + size = GNUNET_ABE_cpabe_serialize_key (rp_key, (void**)&serialized_key); attrs_str_len = 0; for (le = attrs->list_head; NULL != le; le = le->next) { @@ -951,13 +952,13 @@ serialize_abe_keyinfo2 (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, static void issue_ticket_after_abe_bootstrap (void *cls, - struct GNUNET_CRYPTO_AbeMasterKey *abe_key) + struct GNUNET_ABE_AbeMasterKey *abe_key) { struct TicketIssueHandle *ih = cls; struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; struct GNUNET_GNSRECORD_Data code_record[1]; - struct GNUNET_CRYPTO_AbeKey *rp_key; + struct GNUNET_ABE_AbeKey *rp_key; char *code_record_data; char **attrs; char *label; @@ -983,7 +984,7 @@ issue_ticket_after_abe_bootstrap (void *cls, i++; } attrs[i] = NULL; - rp_key = GNUNET_CRYPTO_cpabe_create_key (abe_key, + rp_key = GNUNET_ABE_cpabe_create_key (abe_key, attrs); //TODO review this wireformat @@ -1014,9 +1015,9 @@ issue_ticket_after_abe_bootstrap (void *cls, GNUNET_free (label); GNUNET_free (attrs); GNUNET_free (code_record_data); - GNUNET_CRYPTO_cpabe_delete_key (rp_key, + GNUNET_ABE_cpabe_delete_key (rp_key, GNUNET_YES); - GNUNET_CRYPTO_cpabe_delete_master_key (abe_key); + GNUNET_ABE_cpabe_delete_master_key (abe_key); } @@ -1091,7 +1092,7 @@ cleanup_revoke_ticket_handle (struct TicketRevocationHandle *handle) if (NULL != handle->rvk_attrs) GNUNET_IDENTITY_ATTRIBUTE_list_destroy (handle->rvk_attrs); if (NULL != handle->abe_key) - GNUNET_CRYPTO_cpabe_delete_master_key (handle->abe_key); + GNUNET_ABE_cpabe_delete_master_key (handle->abe_key); if (NULL != handle->ns_qe) GNUNET_NAMESTORE_cancel (handle->ns_qe); if (NULL != handle->ns_it) @@ -1183,7 +1184,7 @@ ticket_reissue_proc (void *cls, struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le_rollover; struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; struct GNUNET_GNSRECORD_Data code_record[1]; - struct GNUNET_CRYPTO_AbeKey *rp_key; + struct GNUNET_ABE_AbeKey *rp_key; char *code_record_data; char **attr_arr; char *label; @@ -1263,7 +1264,7 @@ ticket_reissue_proc (void *cls, i++; } attr_arr[i] = NULL; - rp_key = GNUNET_CRYPTO_cpabe_create_key (rh->abe_key, + rp_key = GNUNET_ABE_cpabe_create_key (rh->abe_key, attr_arr); //TODO review this wireformat @@ -1294,7 +1295,7 @@ ticket_reissue_proc (void *cls, GNUNET_free (label); GNUNET_free (attr_arr); GNUNET_free (code_record_data); - GNUNET_CRYPTO_cpabe_delete_key (rp_key, GNUNET_YES); + GNUNET_ABE_cpabe_delete_key (rp_key, GNUNET_YES); } @@ -1362,7 +1363,7 @@ reenc_next_attribute (struct TicketRevocationHandle *rh) /** * Encrypt the attribute value and store in namestore */ - enc_size = GNUNET_CRYPTO_cpabe_encrypt (buf, + enc_size = GNUNET_ABE_cpabe_encrypt (buf, buf_size, policy, //Policy rh->abe_key, @@ -1463,7 +1464,7 @@ process_attributes_to_update (void *cls, static void get_ticket_after_abe_bootstrap (void *cls, - struct GNUNET_CRYPTO_AbeMasterKey *abe_key) + struct GNUNET_ABE_AbeMasterKey *abe_key) { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Finished ABE bootstrap\n"); @@ -1534,7 +1535,7 @@ static void cleanup_consume_ticket_handle (struct ConsumeTicketHandle *handle) { if (NULL != handle->key) - GNUNET_CRYPTO_cpabe_delete_key (handle->key, + GNUNET_ABE_cpabe_delete_key (handle->key, GNUNET_YES); if (NULL != handle->attrs) GNUNET_IDENTITY_ATTRIBUTE_list_destroy (handle->attrs); @@ -1603,7 +1604,7 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count, if (rd->record_type == GNUNET_GNSRECORD_TYPE_ID_ATTR) { decrypt_duration = GNUNET_TIME_absolute_get (); - attr_len = GNUNET_CRYPTO_cpabe_decrypt (rd->data + sizeof (uint32_t), + attr_len = GNUNET_ABE_cpabe_decrypt (rd->data + sizeof (uint32_t), rd->data_size - sizeof (uint32_t), handle->key, (void**)&data); @@ -1745,7 +1746,7 @@ process_consume_abe_key (void *cls, uint32_t rd_count, scopes = GNUNET_strdup (buf); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Scopes %s\n", scopes); - handle->key = GNUNET_CRYPTO_cpabe_deserialize_key ((void*)(buf + strlen (scopes) + 1), + handle->key = GNUNET_ABE_cpabe_deserialize_key ((void*)(buf + strlen (scopes) + 1), rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) - strlen (scopes) - 1); @@ -1833,7 +1834,7 @@ cleanup_as_handle (struct AttributeStoreHandle *handle) if (NULL != handle->claim) GNUNET_free (handle->claim); if (NULL != handle->abe_key) - GNUNET_CRYPTO_cpabe_delete_master_key (handle->abe_key); + GNUNET_ABE_cpabe_delete_master_key (handle->abe_key); GNUNET_free (handle); } @@ -1897,7 +1898,7 @@ attr_store_task (void *cls) /** * Encrypt the attribute value and store in namestore */ - enc_size = GNUNET_CRYPTO_cpabe_encrypt (buf, + enc_size = GNUNET_ABE_cpabe_encrypt (buf, buf_size, policy, //Policy as_handle->abe_key, @@ -1931,7 +1932,7 @@ attr_store_task (void *cls) static void store_after_abe_bootstrap (void *cls, - struct GNUNET_CRYPTO_AbeMasterKey *abe_key) + struct GNUNET_ABE_AbeMasterKey *abe_key) { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Finished ABE bootstrap\n"); @@ -2001,7 +2002,7 @@ static void cleanup_iter_handle (struct AttributeIterator *ai) { if (NULL != ai->abe_key) - GNUNET_CRYPTO_cpabe_delete_master_key (ai->abe_key); + GNUNET_ABE_cpabe_delete_master_key (ai->abe_key); GNUNET_CONTAINER_DLL_remove (ai->client->op_head, ai->client->op_tail, ai); @@ -2043,7 +2044,7 @@ attr_iter_cb (void *cls, { struct AttributeIterator *ai = cls; struct AttributeResultMessage *arm; - struct GNUNET_CRYPTO_AbeKey *key; + struct GNUNET_ABE_AbeKey *key; struct GNUNET_MQ_Envelope *env; ssize_t msg_extra_len; char* attr_ser; @@ -2067,14 +2068,14 @@ attr_iter_cb (void *cls, label, attr_ver); attrs[0] = policy; attrs[1] = 0; - key = GNUNET_CRYPTO_cpabe_create_key (ai->abe_key, + key = GNUNET_ABE_cpabe_create_key (ai->abe_key, attrs); - msg_extra_len = GNUNET_CRYPTO_cpabe_decrypt (rd->data+sizeof (uint32_t), + msg_extra_len = GNUNET_ABE_cpabe_decrypt (rd->data+sizeof (uint32_t), rd->data_size-sizeof (uint32_t), key, (void**)&attr_ser); - GNUNET_CRYPTO_cpabe_delete_key (key, + GNUNET_ABE_cpabe_delete_key (key, GNUNET_YES); //GNUNET_free (policy); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, @@ -2092,14 +2093,14 @@ attr_iter_cb (void *cls, msg_extra_len); GNUNET_MQ_send (ai->client->mq, env); GNUNET_free (attr_ser); - GNUNET_CRYPTO_cpabe_delete_master_key (ai->abe_key); + GNUNET_ABE_cpabe_delete_master_key (ai->abe_key); ai->abe_key = NULL; } void iterate_after_abe_bootstrap (void *cls, - struct GNUNET_CRYPTO_AbeMasterKey *abe_key) + struct GNUNET_ABE_AbeMasterKey *abe_key) { struct AttributeIterator *ai = cls; ai->abe_key = abe_key; @@ -2115,7 +2116,7 @@ iterate_after_abe_bootstrap (void *cls, void iterate_next_after_abe_bootstrap (void *cls, - struct GNUNET_CRYPTO_AbeMasterKey *abe_key) + struct GNUNET_ABE_AbeMasterKey *abe_key) { struct AttributeIterator *ai = cls; ai->abe_key = abe_key; diff --git a/src/include/gnunet_abe_lib.h b/src/include/gnunet_abe_lib.h new file mode 100644 index 000000000..77b0f9e99 --- /dev/null +++ b/src/include/gnunet_abe_lib.h @@ -0,0 +1,143 @@ +/* + This file is part of GNUnet. + Copyright (C) 2001-2018 GNUnet e.V. + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. +*/ + +/** + * @file include/gnunet_crypto_lib.h + * @brief cryptographic primitives for GNUnet + * + * @author Martin Schanzenbach + * + * @defgroup abe ABE Crypto library: Attribute-Based Encryption operations + * + */ +#ifndef GNUNET_ABE_LIB_H +#define GNUNET_ABE_LIB_H + +#ifdef __cplusplus +extern "C" +{ +#if 0 /* keep Emacsens' auto-indent happy */ +} +#endif +#endif + +#include "gnunet_common.h" +#include + +/** + * @brief type for ABE master keys + */ +struct GNUNET_CRYPTO_AbeMasterKey; + +/** + * @brief type for ABE keys + */ +struct GNUNET_CRYPTO_AbeKey; + + + +/** + * @ingroup abe + * Create a new CP-ABE master key. Caller must free return value. + * + * @return fresh private key; free using #GNUNET_free + */ +struct GNUNET_ABE_AbeMasterKey * +GNUNET_ABE_cpabe_create_master_key (void); +void +GNUNET_ABE_cpabe_delete_master_key (struct GNUNET_ABE_AbeMasterKey *key); + +/** + * @ingroup abe + * Create a new CP-ABE key. Caller must free return value. + * + * @return fresh private key; free using #GNUNET_free + */ +struct GNUNET_ABE_AbeKey * +GNUNET_ABE_cpabe_create_key (struct GNUNET_ABE_AbeMasterKey *msk, + char **attrs); +void +GNUNET_ABE_cpabe_delete_key (struct GNUNET_ABE_AbeKey *key, + int delete_pub); + + +/** + * @ingroup abe + * Encrypt a block using sessionkey. + * + * @param block the block to encrypt + * @param size the size of the @a block + * @param sessionkey the key used to encrypt + * @param iv the initialization vector to use, use INITVALUE + * for streams. + * @return the size of the encrypted block, -1 for errors + */ +ssize_t +GNUNET_ABE_cpabe_encrypt (const void *block, + size_t size, + const char *policy, + const struct GNUNET_ABE_AbeMasterKey *key, + void **result); + +/** + * @ingroup abe + * Encrypt a block using sessionkey. + * + * @param block the block to encrypt + * @param size the size of the @a block + * @param sessionkey the key used to encrypt + * @param iv the initialization vector to use, use INITVALUE + * for streams. + * @return the size of the encrypted block, -1 for errors + */ +ssize_t +GNUNET_ABE_cpabe_decrypt (const void *block, + size_t size, + const struct GNUNET_ABE_AbeKey *key, + void **result); + +ssize_t +GNUNET_ABE_cpabe_serialize_key (const struct GNUNET_ABE_AbeKey *key, + void **result); + +struct GNUNET_ABE_AbeKey* +GNUNET_ABE_cpabe_deserialize_key (const void *data, + size_t len); + +ssize_t +GNUNET_ABE_cpabe_serialize_master_key (const struct GNUNET_ABE_AbeMasterKey *key, + void **result); + +struct GNUNET_ABE_AbeMasterKey* +GNUNET_ABE_cpabe_deserialize_master_key (const void *data, + size_t len); + + +#if 0 /* keep Emacsens' auto-indent happy */ +{ +#endif +#ifdef __cplusplus +} +#endif + + +/* ifndef GNUNET_ABE_LIB_H */ +#endif +/* end of gnunet_abe_lib.h */ diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 2fd67ae1b..e886a561c 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h @@ -395,11 +395,6 @@ struct GNUNET_CRYPTO_PaillierCiphertext unsigned char bits[GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8]; }; -/** - * @brief type for ABE master keys - */ -struct GNUNET_CRYPTO_AbeMasterKey; - /* **************** Functions and Macros ************* */ @@ -2142,83 +2137,6 @@ GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash, const struct GNUNET_CRYPTO_RsaPublicKey *public_key); -/** - * @ingroup crypto - * Create a new CP-ABE master key. Caller must free return value. - * - * @return fresh private key; free using #GNUNET_free - */ -struct GNUNET_CRYPTO_AbeMasterKey * -GNUNET_CRYPTO_cpabe_create_master_key (void); -void -GNUNET_CRYPTO_cpabe_delete_master_key (struct GNUNET_CRYPTO_AbeMasterKey *key); - -/** - * @ingroup crypto - * Create a new CP-ABE key. Caller must free return value. - * - * @return fresh private key; free using #GNUNET_free - */ -struct GNUNET_CRYPTO_AbeKey * -GNUNET_CRYPTO_cpabe_create_key (struct GNUNET_CRYPTO_AbeMasterKey *msk, - char **attrs); -void -GNUNET_CRYPTO_cpabe_delete_key (struct GNUNET_CRYPTO_AbeKey *key, - int delete_pub); - - -/** - * @ingroup crypto - * Encrypt a block using sessionkey. - * - * @param block the block to encrypt - * @param size the size of the @a block - * @param sessionkey the key used to encrypt - * @param iv the initialization vector to use, use INITVALUE - * for streams. - * @return the size of the encrypted block, -1 for errors - */ -ssize_t -GNUNET_CRYPTO_cpabe_encrypt (const void *block, - size_t size, - const char *policy, - const struct GNUNET_CRYPTO_AbeMasterKey *key, - void **result); - -/** - * @ingroup crypto - * Encrypt a block using sessionkey. - * - * @param block the block to encrypt - * @param size the size of the @a block - * @param sessionkey the key used to encrypt - * @param iv the initialization vector to use, use INITVALUE - * for streams. - * @return the size of the encrypted block, -1 for errors - */ -ssize_t -GNUNET_CRYPTO_cpabe_decrypt (const void *block, - size_t size, - const struct GNUNET_CRYPTO_AbeKey *key, - void **result); - -ssize_t -GNUNET_CRYPTO_cpabe_serialize_key (const struct GNUNET_CRYPTO_AbeKey *key, - void **result); - -struct GNUNET_CRYPTO_AbeKey* -GNUNET_CRYPTO_cpabe_deserialize_key (const void *data, - size_t len); - -ssize_t -GNUNET_CRYPTO_cpabe_serialize_master_key (const struct GNUNET_CRYPTO_AbeMasterKey *key, - void **result); - -struct GNUNET_CRYPTO_AbeMasterKey* -GNUNET_CRYPTO_cpabe_deserialize_master_key (const void *data, - size_t len); - - #if 0 /* keep Emacsens' auto-indent happy */ { #endif diff --git a/src/util/Makefile.am b/src/util/Makefile.am index cc9ff4745..eb655157d 100644 --- a/src/util/Makefile.am +++ b/src/util/Makefile.am @@ -119,18 +119,6 @@ libgnunetutil_la_LIBADD = \ $(LTLIBINTL) \ -lltdl $(Z_LIBS) -lunistring $(XLIB) -if HAVE_PBC -if HAVE_ABE -libgnunetutil_la_SOURCES += \ - crypto_abe.c -libgnunetutil_la_LIBADD += \ - $(ABE_LIBADD) \ - -lgabe \ - -lpbc \ - -lglib-2.0 -endif -endif - libgnunetutil_la_LDFLAGS = \ $(GN_LIB_LDFLAGS) \ -version-info 13:0:0 @@ -564,17 +552,6 @@ test_speedup_SOURCES = \ test_speedup_LDADD = \ libgnunetutil.la -if HAVE_PBC -if HAVE_ABE -test_crypto_abe_SOURCES = \ - test_crypto_abe.c -test_crypto_abe_LDADD = \ - libgnunetutil.la -check_PROGRAMS += \ - test_crypto_abe -endif -endif - perf_crypto_hash_SOURCES = \ perf_crypto_hash.c perf_crypto_hash_LDADD = \ diff --git a/src/util/test_crypto_abe.c b/src/util/test_crypto_abe.c deleted file mode 100644 index cb36dccae..000000000 --- a/src/util/test_crypto_abe.c +++ /dev/null @@ -1,86 +0,0 @@ -/* - This file is part of GNUnet. - Copyright (C) 2002, 2003, 2004, 2006 GNUnet e.V. - - GNUnet is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published - by the Free Software Foundation; either version 3, or (at your - option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received a copy of the GNU General Public License - along with GNUnet; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. - -*/ -/** - * @author Martin Schanzenbach - * @file util/test_crypto_abe.c - * @brief test for ABE ciphers - */ -#include "platform.h" -#include "gnunet_util_lib.h" - -#define TESTSTRING "Hello World!" - -static int -testAbecipher () -{ - struct GNUNET_CRYPTO_AbeMasterKey *msk; - struct GNUNET_CRYPTO_AbeKey *key; - char *result; - char **attrs; - int size; - char *res; - msk = GNUNET_CRYPTO_cpabe_create_master_key (); - size = GNUNET_CRYPTO_cpabe_encrypt (TESTSTRING, strlen (TESTSTRING) + 1, - "testattr", //Policy - msk, - (void*)&result); - GNUNET_assert (-1 != size); - attrs = GNUNET_malloc (2 * sizeof (char*)); - attrs[0] = "testattr"; - attrs[1] = NULL; - key = GNUNET_CRYPTO_cpabe_create_key (msk, - attrs); - - size = GNUNET_CRYPTO_cpabe_decrypt (result, size, - key, - (void*)&res); - if (strlen (TESTSTRING) + 1 != size) - { - printf ("abeciphertest failed: decryptBlock returned %d\n", size); - return 1; - } - if (0 != strcmp (res, TESTSTRING)) - { - printf ("abeciphertest failed: %s != %s\n", res, TESTSTRING); - return 1; - } - else - return 0; -} - - -int -main (int argc, char *argv[]) -{ - int failureCount = 0; - - GNUNET_log_setup ("test-crypto-abe", "WARNING", NULL); - failureCount += testAbecipher (); - - if (failureCount != 0) - { - printf ("%d TESTS FAILED!\n", failureCount); - return -1; - } - return 0; -} - -/* end of test_crypto_aes.c */ -- cgit v1.2.3 From 272921672ec094644a1ddbbfacb96581e72ed443 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Thu, 4 Jan 2018 12:49:29 +0100 Subject: update README --- README | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/README b/README index db64bc17a..ef30fe7e3 100644 --- a/README +++ b/README @@ -15,8 +15,11 @@ GNU package (http://www.gnu.org/). This is an ALPHA release. There are known and significant bugs as well as many missing features in this release. +GNUnet is free software released under the GNU General Public License +(v3 or later). For details see the COPYING file in this directory. + Additional documentation about GNUnet can be found at -https://gnunet.org/. +https://gnunet.org/ and in the doc/ folder. Dependencies: @@ -63,6 +66,8 @@ How to install? The fastest way is to use a binary package if it is available for your system. For a more detailed description, read the installation instructions on the webpage at https://gnunet.org/installation. +Generic installation instructions are in the INSTALL file in this +directory. Note that some functions of GNUnet require "root" access. GNUnet will install (tiny) SUID binaries for those functions is you run "make @@ -300,7 +305,7 @@ Stay tuned * https://gnunet.org/ * https://gnunet.org/bugs/ -* https://gnunet.org/svn/ +* https://gnunet.org/git/ * http://www.gnu.org/software/gnunet/ * http://mail.gnu.org/mailman/listinfo/gnunet-developers * http://mail.gnu.org/mailman/listinfo/help-gnunet -- cgit v1.2.3 From 78705d5a49d7066a01b832546d2507456a3c5d2c Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Thu, 4 Jan 2018 15:28:02 +0100 Subject: -cleanup doc; fixes --- src/abe/abe.c | 94 ++++++++++++- src/credential/credential.h | 2 +- src/credential/credential_api.c | 18 ++- src/credential/credential_misc.c | 3 +- src/credential/credential_serialization.c | 13 +- src/credential/gnunet-credential.c | 16 +-- src/credential/gnunet-service-credential.c | 116 +++------------- src/credential/plugin_gnsrecord_credential.c | 2 +- src/credential/plugin_rest_credential.c | 43 +----- src/identity-attribute/identity_attribute.c | 8 +- src/identity-attribute/identity_attribute.h | 4 +- .../plugin_identity_attribute_gnuid.c | 2 +- .../gnunet-service-identity-provider.c | 147 ++++----------------- src/identity-provider/identity_provider.h | 8 +- src/identity-provider/identity_provider_api.c | 20 ++- .../plugin_gnsrecord_identity_provider.c | 4 +- .../plugin_identity_provider_sqlite.c | 4 +- .../plugin_rest_identity_provider.c | 11 -- src/include/gnunet_abe_lib.h | 74 +++++++++-- src/include/gnunet_credential_service.h | 33 ++--- src/include/gnunet_identity_attribute_lib.h | 2 +- src/include/gnunet_identity_provider_service.h | 19 +-- src/include/gnunet_rest_lib.h | 4 +- src/include/gnunet_rest_plugin.h | 2 +- 24 files changed, 263 insertions(+), 386 deletions(-) diff --git a/src/abe/abe.c b/src/abe/abe.c index d008cc522..3f1f6dc5b 100644 --- a/src/abe/abe.c +++ b/src/abe/abe.c @@ -1,5 +1,5 @@ /* - This file is part of GNUnet. Copyright (C) 2001-2014 Christian Grothoff + This file is part of GNUnet. Copyright (C) 2001-2018 Christian Grothoff (and other contributing authors) GNUnet is free software; you can redistribute it and/or modify @@ -20,9 +20,9 @@ */ /** - * @file util/crypto_random.c - * @brief functions to gather random numbers - * @author Christian Grothoff + * @file abe/abe.c + * @brief functions for Attribute-Based Encryption + * @author Martin Schanzenbach */ @@ -146,6 +146,12 @@ aes_128_cbc_decrypt( char* ct, return len; } +/** + * @ingroup abe + * Create a new CP-ABE master key. Caller must free return value. + * + * @return fresh private key; free using #GNUNET_ABE_cpabe_delete_master_key + */ struct GNUNET_ABE_AbeMasterKey* GNUNET_ABE_cpabe_create_master_key (void) { @@ -157,6 +163,13 @@ GNUNET_ABE_cpabe_create_master_key (void) return key; } +/** + * @ingroup abe + * Delete a CP-ABE master key. + * + * @param key the master key + * @return fresh private key; free using #GNUNET_free + */ void GNUNET_ABE_cpabe_delete_master_key (struct GNUNET_ABE_AbeMasterKey *key) { @@ -167,6 +180,14 @@ GNUNET_ABE_cpabe_delete_master_key (struct GNUNET_ABE_AbeMasterKey *key) GNUNET_free (key); } +/** + * @ingroup abe + * Create a new CP-ABE key. Caller must free return value. + * + * @param key the master key + * @param attrs the attributes to append to the key + * @return fresh private key; free using #GNUNET_ABE_cpabe_delete_key + */ struct GNUNET_ABE_AbeKey* GNUNET_ABE_cpabe_create_key (struct GNUNET_ABE_AbeMasterKey *key, char **attrs) @@ -184,6 +205,14 @@ GNUNET_ABE_cpabe_create_key (struct GNUNET_ABE_AbeMasterKey *key, return prv_key; } +/** + * @ingroup abe + * Delete a CP-ABE key. + * + * @param key the key to delete + * @param delete_pub GNUNE_YES if the public key should also be freed (bug in gabe) + * @return fresh private key; free using #GNUNET_free + */ void GNUNET_ABE_cpabe_delete_key (struct GNUNET_ABE_AbeKey *key, int delete_pub) @@ -195,7 +224,7 @@ GNUNET_ABE_cpabe_delete_key (struct GNUNET_ABE_AbeKey *key, GNUNET_free (key); } -ssize_t +static ssize_t write_cpabe (void **result, uint32_t file_len, char* cph_buf, @@ -223,7 +252,7 @@ write_cpabe (void **result, return 12 + cph_buf_len + aes_buf_len; } -ssize_t +static ssize_t read_cpabe (const void *data, char** cph_buf, int *cph_buf_len, @@ -253,6 +282,17 @@ read_cpabe (const void *data, return buf_len; } +/** + * @ingroup abe + * Encrypt a block using sessionkey. + * + * @param block the block to encrypt + * @param size the size of the @a block + * @param policy the ABE policy + * @param key the key used to encrypt + * @param result the result buffer. Will be allocated. Free using #GNUNET_free + * @return the size of the encrypted block, -1 for errors + */ ssize_t GNUNET_ABE_cpabe_encrypt (const void *block, size_t size, @@ -285,6 +325,16 @@ GNUNET_ABE_cpabe_encrypt (const void *block, return result_len; } +/** + * @ingroup abe + * Decrypt a block using the ABE key. + * + * @param block the block to encrypt + * @param size the size of the @a block + * @param key the key used to decrypt + * @param result the result buffer. Will be allocated. Free using #GNUNET_free + * @return the size of the encrypted block, -1 for errors + */ ssize_t GNUNET_ABE_cpabe_decrypt (const void *block, size_t size, @@ -323,6 +373,14 @@ GNUNET_ABE_cpabe_decrypt (const void *block, return plt_len; } +/** + * @ingroup abe + * Serialize an ABE key. + * + * @param key the key to serialize + * @param result the result buffer. Will be allocated. Free using #GNUNET_free + * @return the size of the encrypted block, -1 for errors + */ ssize_t GNUNET_ABE_cpabe_serialize_key (const struct GNUNET_ABE_AbeKey *key, void **result) @@ -345,6 +403,14 @@ GNUNET_ABE_cpabe_serialize_key (const struct GNUNET_ABE_AbeKey *key, return len; } +/** + * @ingroup abe + * Deserialize a serialized ABE key. + * + * @param data the data to deserialize + * @param len the length of the data. + * @return the ABE key. NULL of unsuccessful + */ struct GNUNET_ABE_AbeKey* GNUNET_ABE_cpabe_deserialize_key (const void *data, size_t len) @@ -369,6 +435,14 @@ GNUNET_ABE_cpabe_deserialize_key (const void *data, return key; } +/** + * @ingroup abe + * Serialize an ABE master key. + * + * @param key the key to serialize + * @param result the result buffer. Will be allocated. Free using #GNUNET_free + * @return the size of the encrypted block, -1 for errors + */ ssize_t GNUNET_ABE_cpabe_serialize_master_key (const struct GNUNET_ABE_AbeMasterKey *key, void **result) @@ -391,6 +465,14 @@ GNUNET_ABE_cpabe_serialize_master_key (const struct GNUNET_ABE_AbeMasterKey *key return len; } +/** + * @ingroup abe + * Deserialize an ABE master key. + * + * @param data the data to deserialize + * @param len the length of the data. + * @return the ABE key. NULL of unsuccessful + */ struct GNUNET_ABE_AbeMasterKey* GNUNET_ABE_cpabe_deserialize_master_key (const void *data, size_t len) diff --git a/src/credential/credential.h b/src/credential/credential.h index f16249c1b..66a4636fc 100644 --- a/src/credential/credential.h +++ b/src/credential/credential.h @@ -20,7 +20,7 @@ /** * @file credential/credential.h * @brief IPC messages between CREDENTIAL API and CREDENTIAL service - * @author Adnan Husain + * @author Martin Schanzenbach */ #ifndef CREDENTIAL_H #define CREDENTIAL_H diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index ca54137ad..677cb9ad4 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c @@ -20,7 +20,7 @@ /** * @file credential/credential_api.c * @brief library to access the CREDENTIAL service - * @author Adnan Husain + * @author Martin Schanzenbach */ #include "platform.h" #include "gnunet_util_lib.h" @@ -189,7 +189,7 @@ mq_error_handler (void *cls, * Check validity of message received from the CREDENTIAL service * * @param cls the `struct GNUNET_CREDENTIAL_Handle *` - * @param loookup_msg the incoming message + * @param vr_msg the incoming message */ static int check_result (void *cls, @@ -204,7 +204,7 @@ check_result (void *cls, * Handler for messages received from the CREDENTIAL service * * @param cls the `struct GNUNET_CREDENTIAL_Handle *` - * @param loookup_msg the incoming message + * @param vr_msg the incoming message */ static void handle_result (void *cls, @@ -348,15 +348,15 @@ GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle) * @param lr the verify request to cancel */ void -GNUNET_CREDENTIAL_request_cancel (struct GNUNET_CREDENTIAL_Request *vr) +GNUNET_CREDENTIAL_request_cancel (struct GNUNET_CREDENTIAL_Request *lr) { - struct GNUNET_CREDENTIAL_Handle *handle = vr->credential_handle; + struct GNUNET_CREDENTIAL_Handle *handle = lr->credential_handle; GNUNET_CONTAINER_DLL_remove (handle->request_head, handle->request_tail, - vr); - GNUNET_MQ_discard (vr->env); - GNUNET_free (vr); + lr); + GNUNET_MQ_discard (lr->env); + GNUNET_free (lr); } @@ -369,8 +369,6 @@ GNUNET_CREDENTIAL_request_cancel (struct GNUNET_CREDENTIAL_Request *vr) * @param issuer_key the issuer public key * @param issuer_attribute the issuer attribute * @param subject_key the subject public key - * @param credential_count number of credentials provided - * @param credentials subject credentials * @param proc function to call on result * @param proc_cls closure for processor * @return handle to the queued request diff --git a/src/credential/credential_misc.c b/src/credential/credential_misc.c index 7849e81e6..c94c33919 100644 --- a/src/credential/credential_misc.c +++ b/src/credential/credential_misc.c @@ -20,7 +20,7 @@ /** - * @file credential/credential_mic.c + * @file credential/credential_misc.c * @brief Misc API for credentials * * @author Martin Schanzenbach @@ -113,7 +113,6 @@ GNUNET_CREDENTIAL_credential_from_string (const char* s) /** * Issue an attribute to a subject * - * @param handle handle to the Credential service * @param issuer the ego that should be used to issue the attribute * @param subject the subject of the attribute * @param attribute the name of the attribute diff --git a/src/credential/credential_serialization.c b/src/credential/credential_serialization.c index 1fc72c203..1d23bb08c 100644 --- a/src/credential/credential_serialization.c +++ b/src/credential/credential_serialization.c @@ -34,11 +34,10 @@ /** * Calculate how many bytes we will need to serialize - * the given delegation chain and credential + * the given delegation chain * - * @param d_count number of delegation chain entries - * @param dd array of #GNUNET_CREDENTIAL_Delegation - * @param cd a #GNUNET_CREDENTIAL_Credential + * @param ds_count number of delegation chain entries + * @param dsr array of #GNUNET_CREDENTIAL_DelegationSet * @return the required size to serialize */ size_t @@ -62,8 +61,7 @@ GNUNET_CREDENTIAL_delegation_set_get_size (unsigned int ds_count, * Serizalize the given delegation chain entries and credential * * @param d_count number of delegation chain entries - * @param dd array of #GNUNET_CREDENTIAL_Delegation - * @param cd a #GNUNET_CREDENTIAL_Credential + * @param dsr array of #GNUNET_CREDENTIAL_DelegationSet * @param dest_size size of the destination * @param dest where to store the result * @return the size of the data, -1 on failure @@ -108,8 +106,7 @@ GNUNET_CREDENTIAL_delegation_set_serialize (unsigned int d_count, * @param len size of the serialized delegation chain and cred * @param src the serialized data * @param d_count the number of delegation chain entries - * @param dd where to put the delegation chain entries - * @param cd where to put the credential data + * @param dsr where to put the delegation chain entries * @return #GNUNET_OK on success, #GNUNET_SYSERR on error */ int diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index 4a6dc5ccd..03f959b95 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c @@ -20,7 +20,7 @@ /** * @file gnunet-credential.c * @brief command line tool to access command line Credential service - * @author Adnan Husain + * @author Martin Schanzenbach */ #include "platform.h" #include @@ -158,13 +158,6 @@ do_timeout (void *cls) GNUNET_SCHEDULER_shutdown (); } -/** - * Function called with the result of a Credential lookup. - * - * @param cls the 'const char *' name that was resolved - * @param cd_count number of records returned - * @param cd array of @a cd_count records with the results - */ static void handle_collect_result (void *cls, unsigned int d_count, @@ -192,13 +185,6 @@ handle_collect_result (void *cls, } -/** - * Function called with the result of a Credential lookup. - * - * @param cls the 'const char *' name that was resolved - * @param cd_count number of records returned - * @param cd array of @a cd_count records with the results - */ static void handle_verify_result (void *cls, unsigned int d_count, diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index be75e485e..be88839e9 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -18,9 +18,9 @@ Boston, MA 02110-1301, USA. */ /** - * @file gns/gnunet-service-credential.c - * @brief GNU Credential Service (main service) - * @author Adnan Husain + * @file credential/gnunet-service-credential.c + * @brief GNUnet Credential Service (main service) + * @author Martin Schanzenbach */ #include "platform.h" #include "gnunet_util_lib.h" @@ -377,16 +377,11 @@ cleanup_delegation_set (struct DelegationSetQueueEntry *ds_entry) } GNUNET_free (dq_entry); } - if (NULL != ds_entry->issuer_key) - GNUNET_free (ds_entry->issuer_key); - if (NULL != ds_entry->lookup_attribute) - GNUNET_free (ds_entry->lookup_attribute); - if (NULL != ds_entry->issuer_attribute) - GNUNET_free (ds_entry->issuer_attribute); - if (NULL != ds_entry->unresolved_attribute_delegation) - GNUNET_free (ds_entry->unresolved_attribute_delegation); - if (NULL != ds_entry->attr_trailer) - GNUNET_free (ds_entry->attr_trailer); + GNUNET_free_non_null (ds_entry->issuer_key); + GNUNET_free_non_null (ds_entry->lookup_attribute); + GNUNET_free_non_null (ds_entry->issuer_attribute); + GNUNET_free_non_null (ds_entry->unresolved_attribute_delegation); + GNUNET_free_non_null (ds_entry->attr_trailer); if (NULL != ds_entry->lookup_request) { GNUNET_GNS_lookup_cancel (ds_entry->lookup_request); @@ -394,10 +389,8 @@ cleanup_delegation_set (struct DelegationSetQueueEntry *ds_entry) } if (NULL != ds_entry->delegation_chain_entry) { - if (NULL != ds_entry->delegation_chain_entry->subject_attribute) - GNUNET_free (ds_entry->delegation_chain_entry->subject_attribute); - if (NULL != ds_entry->delegation_chain_entry->issuer_attribute) - GNUNET_free (ds_entry->delegation_chain_entry->issuer_attribute); + GNUNET_free_non_null (ds_entry->delegation_chain_entry->subject_attribute); + GNUNET_free_non_null (ds_entry->delegation_chain_entry->issuer_attribute); GNUNET_free (ds_entry->delegation_chain_entry); } GNUNET_free (ds_entry); @@ -415,8 +408,7 @@ cleanup_handle (struct VerifyRequestHandle *vrh) vrh->lookup_request = NULL; } cleanup_delegation_set (vrh->root_set); - if (NULL != vrh->issuer_attribute) - GNUNET_free (vrh->issuer_attribute); + GNUNET_free_non_null (vrh->issuer_attribute); for (cr_entry = vrh->cred_chain_head; NULL != vrh->cred_chain_head; cr_entry = vrh->cred_chain_head) @@ -424,19 +416,12 @@ cleanup_handle (struct VerifyRequestHandle *vrh) GNUNET_CONTAINER_DLL_remove (vrh->cred_chain_head, vrh->cred_chain_tail, cr_entry); - if (NULL != cr_entry->credential); - GNUNET_free (cr_entry->credential); + GNUNET_free_non_null (cr_entry->credential); GNUNET_free (cr_entry); } GNUNET_free (vrh); } -/** - * Task run during shutdown. - * - * @param cls unused - * @param tc unused - */ static void shutdown_task (void *cls) { @@ -475,11 +460,6 @@ shutdown_task (void *cls) -/** - * Send. - * - * @param handle the handle to the request - */ static void send_lookup_response (struct VerifyRequestHandle *vrh) { @@ -491,12 +471,11 @@ send_lookup_response (struct VerifyRequestHandle *vrh) struct CredentialRecordEntry *cd; struct CredentialRecordEntry *tmp; size_t size; - int i; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Sending response\n"); dce = vrh->delegation_chain_head; - for (i=0;idelegation_chain_size;i++) + for (uint32_t i=0;idelegation_chain_size;i++) { dd[i].issuer_key = dce->issuer_key; dd[i].subject_key = dce->subject_key; @@ -537,7 +516,7 @@ send_lookup_response (struct VerifyRequestHandle *vrh) * Append at the end of rmsg */ cd = vrh->cred_chain_head; - for (i=0;icred_chain_size;i++) + for (uint32_t i=0;icred_chain_size;i++) { cred[i].issuer_key = cd->credential->issuer_key; cred[i].subject_key = cd->credential->subject_key; @@ -598,8 +577,6 @@ backward_resolution (void* cls, struct DelegationQueueEntry *dq_entry; char *expanded_attr; char *lookup_attribute; - int i; - int j; current_set = cls; @@ -610,7 +587,7 @@ backward_resolution (void* cls, "Got %d attrs\n", rd_count); // Each OR - for (i=0; i < rd_count; i++) + for (uint32_t i=0; i < rd_count; i++) { if (GNUNET_GNSRECORD_TYPE_ATTRIBUTE != rd[i].record_type) continue; @@ -637,7 +614,7 @@ backward_resolution (void* cls, current_set->queue_entries_tail, dq_entry); // Each AND - for (j=0; jset_count); j++) + for (uint32_t j=0; jset_count); j++) { ds_entry = GNUNET_new (struct DelegationSetQueueEntry); if (NULL != current_set->attr_trailer) @@ -793,8 +770,6 @@ backward_resolution (void* cls, * Result from GNS lookup. * * @param cls the closure (our client lookup handle) - * @param rd_count the number of records in @a rd - * @param rd the record data */ static void delegation_chain_resolution_start (void* cls) @@ -858,13 +833,6 @@ delegation_chain_resolution_start (void* cls) ds_entry); } -/** - * Checks a #GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY message - * - * @param cls client sending the message - * @param v_msg message of type `struct VerifyMessage` - * @return #GNUNET_OK if @a v_msg is well-formed - */ static int check_verify (void *cls, const struct VerifyMessage *v_msg) @@ -893,13 +861,6 @@ check_verify (void *cls, return GNUNET_OK; } -/** - * Handle Credential verification requests from client - * - * @param cls the closure - * @param client the client - * @param message the message - */ static void handle_verify (void *cls, const struct VerifyMessage *v_msg) @@ -909,7 +870,6 @@ handle_verify (void *cls, struct CredentialRecordEntry *cr_entry; uint32_t credentials_count; uint32_t credential_data_size; - int i; char attr[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; char issuer_attribute[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; char *attrptr = attr; @@ -958,7 +918,7 @@ handle_verify (void *cls, return; } - for (i=0;icredential = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_Credential) + credentials[i].issuer_attribute_len); @@ -979,9 +939,6 @@ handle_verify (void *cls, } -/** - * We encountered an error while collecting - */ static void handle_cred_collection_error_cb (void *cls) { @@ -1001,9 +958,6 @@ collect_next (void *cls) GNUNET_NAMESTORE_zone_iterator_next (vrh->cred_collection_iter); } -/** - * Store credential - */ static void handle_cred_collection_cb (void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, @@ -1015,10 +969,9 @@ handle_cred_collection_cb (void *cls, struct GNUNET_CREDENTIAL_Credential *crd; struct CredentialRecordEntry *cr_entry; int cred_record_count; - int i; cred_record_count = 0; - for (i=0; i < rd_count; i++) + for (uint32_t i=0; i < rd_count; i++) { if (GNUNET_GNSRECORD_TYPE_CREDENTIAL != rd[i].record_type) continue; @@ -1042,9 +995,6 @@ handle_cred_collection_cb (void *cls, vrh); } -/** - * We encountered an error while collecting - */ static void handle_cred_collection_finished_cb (void *cls) { @@ -1055,13 +1005,6 @@ handle_cred_collection_finished_cb (void *cls) delegation_chain_resolution_start (vrh); } -/** - * Handle Credential collection requests from client - * - * @param cls the closure - * @param client the client - * @param message the message - */ static void handle_collect (void *cls, const struct CollectMessage *c_msg) @@ -1113,13 +1056,6 @@ handle_collect (void *cls, } -/** - * Checks a #GNUNET_MESSAGE_TYPE_CREDENTIAL_COLLECT message - * - * @param cls client sending the message - * @param v_msg message of type `struct CollectMessage` - * @return #GNUNET_OK if @a v_msg is well-formed - */ static int check_collect (void *cls, const struct CollectMessage *c_msg) @@ -1149,12 +1085,6 @@ check_collect (void *cls, return GNUNET_OK; } -/** - * One of our clients disconnected, clean up after it. - * - * @param cls NULL - * @param client the client that disconnected - */ static void client_disconnect_cb (void *cls, struct GNUNET_SERVICE_Client *client, @@ -1165,14 +1095,6 @@ client_disconnect_cb (void *cls, client); } -/** - * Add a client to our list of active clients. - * - * @param cls NULL - * @param client client to add - * @param mq message queue for @a client - * @return this client - */ static void * client_connect_cb (void *cls, struct GNUNET_SERVICE_Client *client, @@ -1188,8 +1110,8 @@ client_connect_cb (void *cls, * Process Credential requests. * * @param cls closure - * @param server the initialized server * @param c configuration to use + * @param handle service handle */ static void run (void *cls, diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index 72d6b53f5..342790b7a 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c @@ -21,7 +21,7 @@ /** * @file credential/plugin_gnsrecord_credential.c * @brief gnsrecord plugin to provide the API for CREDENTIAL records - * @author Adnan Husain + * @author Martin Schanzenbach */ #include "platform.h" diff --git a/src/credential/plugin_rest_credential.c b/src/credential/plugin_rest_credential.c index 48d48fba0..480658822 100644 --- a/src/credential/plugin_rest_credential.c +++ b/src/credential/plugin_rest_credential.c @@ -19,7 +19,7 @@ */ /** * @author Martin Schanzenbach - * @file gns/plugin_rest_credential.c + * @file credential/plugin_rest_credential.c * @brief GNUnet CREDENTIAL REST plugin * */ @@ -194,12 +194,6 @@ cleanup_handle (struct RequestHandle *handle) } -/** - * Task run on shutdown. Cleans up everything. - * - * @param cls unused - * @param tc scheduler context - */ static void do_error (void *cls) { @@ -213,7 +207,8 @@ do_error (void *cls) /** * Attribute delegation to JSON - * @param attr the attribute + * + * @param delegation_chain_entry the DSE * @return JSON, NULL if failed */ static json_t* @@ -257,6 +252,7 @@ attribute_delegation_to_json (struct GNUNET_CREDENTIAL_Delegation *delegation_ch /** * JSONAPI resource to Credential + * * @param res the JSONAPI resource * @return the resulting credential, NULL if failed */ @@ -327,6 +323,7 @@ json_to_credential (json_t *res) /** * Credential to JSON + * * @param cred the credential * @return the resulting json, NULL if failed */ @@ -373,13 +370,6 @@ credential_to_json (struct GNUNET_CREDENTIAL_Credential *cred) return cred_obj; } -/** - * Function called with the result of a Credential lookup. - * - * @param cls the 'const char *' name that was resolved - * @param cd_count number of records returned - * @param cd array of @a cd_count records with the results - */ static void handle_collect_response (void *cls, unsigned int d_count, @@ -470,13 +460,6 @@ subject_ego_lookup (void *cls, -/** - * Function called with the result of a Credential lookup. - * - * @param cls the 'const char *' name that was resolved - * @param cd_count number of records returned - * @param cd array of @a cd_count records with the results - */ static void handle_verify_response (void *cls, unsigned int d_count, @@ -1062,11 +1045,6 @@ issue_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle, handle); } -/** - * Handle rest request - * - * @param handle the lookup handle - */ static void options_cont (struct GNUNET_REST_RequestHandle *con_handle, const char* url, @@ -1087,17 +1065,6 @@ options_cont (struct GNUNET_REST_RequestHandle *con_handle, } -/** - * Function processing the REST call - * - * @param method HTTP method - * @param url URL of the HTTP request - * @param data body of the HTTP request (optional) - * @param data_size length of the body - * @param proc callback function for the result - * @param proc_cls closure for callback function - * @return GNUNET_OK if request accepted - */ static void rest_credential_process_request(struct GNUNET_REST_RequestHandle *conndata_handle, GNUNET_REST_ResultProcessor proc, diff --git a/src/identity-attribute/identity_attribute.c b/src/identity-attribute/identity_attribute.c index a8aae6ced..cf50d058e 100644 --- a/src/identity-attribute/identity_attribute.c +++ b/src/identity-attribute/identity_attribute.c @@ -19,7 +19,7 @@ */ /** - * @file identity-provider/identity_attribute.c + * @file identity-attribute/identity_attribute.c * @brief helper library to manage identity attributes * @author Martin Schanzenbach */ @@ -206,7 +206,7 @@ GNUNET_IDENTITY_ATTRIBUTE_value_to_string (uint32_t type, /** * Create a new attribute. * - * @param name the attribute name + * @param attr_name the attribute name * @param type the attribute type * @param data the attribute value * @param data_size the attribute value size @@ -214,7 +214,7 @@ GNUNET_IDENTITY_ATTRIBUTE_value_to_string (uint32_t type, */ struct GNUNET_IDENTITY_ATTRIBUTE_Claim * GNUNET_IDENTITY_ATTRIBUTE_claim_new (const char* attr_name, - uint32_t attr_type, + uint32_t type, const void* data, size_t data_size) { @@ -224,7 +224,7 @@ GNUNET_IDENTITY_ATTRIBUTE_claim_new (const char* attr_name, attr = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_ATTRIBUTE_Claim) + strlen (attr_name) + 1 + data_size); - attr->type = attr_type; + attr->type = type; attr->data_size = data_size; attr->version = 0; write_ptr = (char*)&attr[1]; diff --git a/src/identity-attribute/identity_attribute.h b/src/identity-attribute/identity_attribute.h index 046321807..8dfc17521 100644 --- a/src/identity-attribute/identity_attribute.h +++ b/src/identity-attribute/identity_attribute.h @@ -19,8 +19,8 @@ */ /** * @author Martin Schanzenbach - * @file identity-provider/identity_attribute.h - * @brief GNUnet Identity Provider library + * @file identity-attribute/identity_attribute.h + * @brief GNUnet Identity attributes * */ #ifndef IDENTITY_ATTRIBUTE_H diff --git a/src/identity-attribute/plugin_identity_attribute_gnuid.c b/src/identity-attribute/plugin_identity_attribute_gnuid.c index 0ff44d199..006b45ea2 100644 --- a/src/identity-attribute/plugin_identity_attribute_gnuid.c +++ b/src/identity-attribute/plugin_identity_attribute_gnuid.c @@ -19,7 +19,7 @@ */ /** - * @file identity-provider/plugin_identity_attribute_gnuid.c + * @file identity-attribute/plugin_identity_attribute_gnuid.c * @brief identity attribute plugin to provide the API for fundamental * attribute types. * diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 351308c3a..4e1de36cd 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -637,10 +637,8 @@ cleanup() GNUNET_NAMESTORE_disconnect (ns_handle); if (NULL != stats_handle) GNUNET_STATISTICS_destroy (stats_handle, GNUNET_NO); - if (NULL != token) - GNUNET_free (token); - if (NULL != label) - GNUNET_free (label); + GNUNET_free_non_null (token); + GNUNET_free_non_null (label); } @@ -648,7 +646,6 @@ cleanup() * Shutdown task * * @param cls NULL - * @param tc task context */ static void do_shutdown (void *cls) @@ -732,9 +729,8 @@ bootstrap_abe_result (void *cls, { struct AbeBootstrapHandle *abh = cls; struct GNUNET_ABE_AbeMasterKey *abe_key; - int i; - for (i=0;iattrs) - GNUNET_IDENTITY_ATTRIBUTE_list_destroy (handle->attrs); - if (NULL != handle->rvk_attrs) - GNUNET_IDENTITY_ATTRIBUTE_list_destroy (handle->rvk_attrs); - if (NULL != handle->abe_key) - GNUNET_ABE_cpabe_delete_master_key (handle->abe_key); - if (NULL != handle->ns_qe) - GNUNET_NAMESTORE_cancel (handle->ns_qe); - if (NULL != handle->ns_it) - GNUNET_NAMESTORE_zone_iteration_stop (handle->ns_it); - GNUNET_free (handle); +cleanup_revoke_ticket_handle (struct TicketRevocationHandle *rh) +{ + if (NULL != rh->attrs) + GNUNET_IDENTITY_ATTRIBUTE_list_destroy (rh->attrs); + if (NULL != rh->rvk_attrs) + GNUNET_IDENTITY_ATTRIBUTE_list_destroy (rh->rvk_attrs); + if (NULL != rh->abe_key) + GNUNET_ABE_cpabe_delete_master_key (rh->abe_key); + if (NULL != rh->ns_qe) + GNUNET_NAMESTORE_cancel (rh->ns_qe); + if (NULL != rh->ns_it) + GNUNET_NAMESTORE_zone_iteration_stop (rh->ns_it); + GNUNET_free (rh); } /** * Send revocation result + * + * @param rh ticket revocation handle + * @param success GNUNET_OK if successful result */ static void send_revocation_finished (struct TicketRevocationHandle *rh, @@ -1190,7 +1176,7 @@ ticket_reissue_proc (void *cls, char *label; char *policy; int attrs_len; - int i; + uint32_t i; int reissue_ticket; size_t code_record_len; @@ -1476,13 +1462,6 @@ get_ticket_after_abe_bootstrap (void *cls, rh); } -/** - * Checks a ticket revocation message - * - * @param cls client sending the message - * @param im message of type `struct RevokeTicketMessage` - * @return #GNUNET_OK if @a im is well-formed - */ static int check_revoke_ticket_message(void *cls, const struct RevokeTicketMessage *im) @@ -1497,14 +1476,7 @@ check_revoke_ticket_message(void *cls, } return GNUNET_OK; } -/** - * - * Handler for ticket revocation message - * - * @param cls unused - * @param client who sent the message - * @param message the message - */ + static void handle_revoke_ticket_message (void *cls, const struct RevokeTicketMessage *rm) @@ -1544,13 +1516,6 @@ cleanup_consume_ticket_handle (struct ConsumeTicketHandle *handle) -/** - * Checks a ticket consume message - * - * @param cls client sending the message - * @param im message of type `struct ConsumeTicketMessage` - * @return #GNUNET_OK if @a im is well-formed - */ static int check_consume_ticket_message(void *cls, const struct ConsumeTicketMessage *cm) @@ -1782,14 +1747,6 @@ process_consume_abe_key (void *cls, uint32_t rd_count, } -/** - * - * Handler for ticket issue message - * - * @param cls unused - * @param client who sent the message - * @param message the message - */ static void handle_consume_ticket_message (void *cls, const struct ConsumeTicketMessage *cm) @@ -1941,13 +1898,6 @@ store_after_abe_bootstrap (void *cls, GNUNET_SCHEDULER_add_now (&attr_store_task, ash); } -/** - * Checks a store message - * - * @param cls client sending the message - * @param sam message of type `struct AttributeStoreMessage` - * @return #GNUNET_OK if @a im is well-formed - */ static int check_attribute_store_message(void *cls, const struct AttributeStoreMessage *sam) @@ -1964,14 +1914,6 @@ check_attribute_store_message(void *cls, } -/** - * - * Handler for store message - * - * @param cls unused - * @param client who sent the message - * @param message the message - */ static void handle_attribute_store_message (void *cls, const struct AttributeStoreMessage *sam) @@ -2125,12 +2067,6 @@ iterate_next_after_abe_bootstrap (void *cls, -/** - * Handles a #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ITERATION_START message - * - * @param cls the client sending the message - * @param zis_msg message from the client - */ static void handle_iteration_start (void *cls, const struct AttributeIterationStartMessage *ais_msg) @@ -2153,12 +2089,6 @@ handle_iteration_start (void *cls, } -/** - * Handles a #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ITERATION_STOP message - * - * @param cls the client sending the message - * @param ais_msg message from the client - */ static void handle_iteration_stop (void *cls, const struct AttributeIterationStopMessage *ais_msg) @@ -2188,12 +2118,6 @@ handle_iteration_stop (void *cls, } -/** - * Handles a #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_NEXT message - * - * @param cls the client sending the message - * @param message message from the client - */ static void handle_iteration_next (void *cls, const struct AttributeIterationNextMessage *ais_msg) @@ -2351,12 +2275,6 @@ run_ticket_iteration_round (struct TicketIteration *ti) cleanup_ticket_iter_handle (ti); } -/** - * Handles a #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START message - * - * @param cls the client sending the message - * @param tis_msg message from the client - */ static void handle_ticket_iteration_start (void *cls, const struct TicketIterationStartMessage *tis_msg) @@ -2381,12 +2299,6 @@ handle_ticket_iteration_start (void *cls, } -/** - * Handles a #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP message - * - * @param cls the client sending the message - * @param tis_msg message from the client - */ static void handle_ticket_iteration_stop (void *cls, const struct TicketIterationStopMessage *tis_msg) @@ -2416,12 +2328,6 @@ handle_ticket_iteration_stop (void *cls, } -/** - * Handles a #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT message - * - * @param cls the client sending the message - * @param message message from the client - */ static void handle_ticket_iteration_next (void *cls, const struct TicketIterationNextMessage *tis_msg) @@ -2453,9 +2359,8 @@ handle_ticket_iteration_next (void *cls, * Main function that will be run * * @param cls closure - * @param args remaining command-line arguments - * @param cfgfile name of the configuration file used (for saving, can be NULL) - * @param c configuration + * @param c the configuration used + * @param server the service handle */ static void run (void *cls, diff --git a/src/identity-provider/identity_provider.h b/src/identity-provider/identity_provider.h index be9fdc6f5..b1fe6e1fd 100644 --- a/src/identity-provider/identity_provider.h +++ b/src/identity-provider/identity_provider.h @@ -248,7 +248,7 @@ struct TicketIterationStopMessage struct IssueTicketMessage { /** - * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ISSUE + * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_TICKET */ struct GNUNET_MessageHeader header; @@ -281,7 +281,7 @@ struct IssueTicketMessage struct RevokeTicketMessage { /** - * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ISSUE + * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET */ struct GNUNET_MessageHeader header; @@ -309,7 +309,7 @@ struct RevokeTicketMessage struct RevokeTicketResultMessage { /** - * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ISSUE + * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT */ struct GNUNET_MessageHeader header; @@ -348,7 +348,7 @@ struct TicketResultMessage struct ConsumeTicketMessage { /** - * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ISSUE + * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET */ struct GNUNET_MessageHeader header; diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c index 6fc8d228a..d0ece80fe 100644 --- a/src/identity-provider/identity_provider_api.c +++ b/src/identity-provider/identity_provider_api.c @@ -317,14 +317,13 @@ struct GNUNET_IDENTITY_PROVIDER_Handle }; - /** * Try again to connect to the service. * - * @param cls handle to the service. + * @param h handle to the identity provider service. */ static void -reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *handle); +reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h); /** * Reconnect @@ -344,7 +343,7 @@ reconnect_task (void *cls) /** * Disconnect from service and then reconnect. * - * @param handle our handle + * @param handle our service */ static void force_reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *handle) @@ -775,7 +774,7 @@ handle_revoke_ticket_result (void *cls, /** * Try again to connect to the service. * - * @param cls handle to the identity provider service. + * @param h handle to the identity provider service. */ static void reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h) @@ -895,8 +894,7 @@ GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h) * * @param h handle to the identity provider * @param pkey private key of the identity - * @param name the attribute name - * @param value the attribute value + * @param attr the attribute value * @param cont continuation to call when done * @param cont_cls closure for @a cont * @return handle to abort the request @@ -1061,7 +1059,7 @@ GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_At * @param h the identity provider to use * @param iss the issuing identity * @param rp the subject of the ticket (the relying party) - * @param attr the attributes that the relying party is given access to + * @param attrs the attributes that the relying party is given access to * @param cb the callback * @param cb_cls the callback closure * @return handle to abort the operation @@ -1108,7 +1106,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h * Consumes an issued ticket. The ticket is persisted * and used to retrieve identity information from the issuer * - * @param id the identity provider to use + * @param h the identity provider to use * @param identity the identity that is the subject of the issued ticket (the relying party) * @param ticket the issued ticket to consume * @param cb the callback to call @@ -1218,7 +1216,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER * Lists all tickets that have been issued to remote * identites (relying parties) * - * @param id the identity provider to use + * @param h the identity provider to use * @param identity the issuing identity * @param error_cb function to call on error (i.e. disconnect), * the handle is afterwards invalid @@ -1324,7 +1322,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (struct GNUNET_IDENTITY_PROVIDER_ * Revoked an issued ticket. The relying party will be unable to retrieve * updated attributes. * - * @param id the identity provider to use + * @param h the identity provider to use * @param identity the issuing identity * @param ticket the ticket to revoke * @param cb the callback diff --git a/src/identity-provider/plugin_gnsrecord_identity_provider.c b/src/identity-provider/plugin_gnsrecord_identity_provider.c index ad5a95dc7..6ed0b0852 100644 --- a/src/identity-provider/plugin_gnsrecord_identity_provider.c +++ b/src/identity-provider/plugin_gnsrecord_identity_provider.c @@ -19,9 +19,9 @@ */ /** - * @file identity/plugin_gnsrecord_identity.c + * @file identity-provider/plugin_gnsrecord_identity_provider.c * @brief gnsrecord plugin to provide the API for identity records - * @author Christian Grothoff + * @author Martin Schanzenbach */ #include "platform.h" #include "gnunet_util_lib.h" diff --git a/src/identity-provider/plugin_identity_provider_sqlite.c b/src/identity-provider/plugin_identity_provider_sqlite.c index 594e4788d..0071528b9 100644 --- a/src/identity-provider/plugin_identity_provider_sqlite.c +++ b/src/identity-provider/plugin_identity_provider_sqlite.c @@ -368,6 +368,7 @@ database_shutdown (struct Plugin *plugin) * * @param cls closure (internal context for the plugin) * @param ticket the ticket to persist + * @param attrs the attributes associated with the ticket * @return #GNUNET_OK on success, else #GNUNET_SYSERR */ static int @@ -581,8 +582,7 @@ get_ticket_and_call_iterator (struct Plugin *plugin, * Lookup tickets in the datastore. * * @param cls closure (internal context for the plugin) - * @param zone private key of the zone - * @param label name of the record in the zone + * @param ticket the ticket to retrieve attributes for * @param iter function to call with the result * @param iter_cls closure for @a iter * @return #GNUNET_OK on success, else #GNUNET_SYSERR diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index c27662a0d..6eb856435 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c @@ -1103,17 +1103,6 @@ list_ego (void *cls, } -/** - * Function processing the REST call - * - * @param method HTTP method - * @param url URL of the HTTP request - * @param data body of the HTTP request (optional) - * @param data_size length of the body - * @param proc callback function for the result - * @param proc_cls closure for callback function - * @return GNUNET_OK if request accepted - */ static void rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle, GNUNET_REST_ResultProcessor proc, diff --git a/src/include/gnunet_abe_lib.h b/src/include/gnunet_abe_lib.h index 77b0f9e99..f73ea2431 100644 --- a/src/include/gnunet_abe_lib.h +++ b/src/include/gnunet_abe_lib.h @@ -19,8 +19,8 @@ */ /** - * @file include/gnunet_crypto_lib.h - * @brief cryptographic primitives for GNUnet + * @file include/gnunet_abe_lib.h + * @brief Attribute-Based Encryption primitives for GNUnet * * @author Martin Schanzenbach * @@ -57,10 +57,18 @@ struct GNUNET_CRYPTO_AbeKey; * @ingroup abe * Create a new CP-ABE master key. Caller must free return value. * - * @return fresh private key; free using #GNUNET_free + * @return fresh private key; free using #GNUNET_ABE_cpabe_delete_master_key */ struct GNUNET_ABE_AbeMasterKey * GNUNET_ABE_cpabe_create_master_key (void); + +/** + * @ingroup abe + * Delete a CP-ABE master key. + * + * @param key the master key + * @return fresh private key; free using #GNUNET_free + */ void GNUNET_ABE_cpabe_delete_master_key (struct GNUNET_ABE_AbeMasterKey *key); @@ -68,11 +76,22 @@ GNUNET_ABE_cpabe_delete_master_key (struct GNUNET_ABE_AbeMasterKey *key); * @ingroup abe * Create a new CP-ABE key. Caller must free return value. * - * @return fresh private key; free using #GNUNET_free + * @param key the master key + * @param attrs the attributes to append to the key + * @return fresh private key; free using #GNUNET_ABE_cpabe_delete_key */ struct GNUNET_ABE_AbeKey * -GNUNET_ABE_cpabe_create_key (struct GNUNET_ABE_AbeMasterKey *msk, +GNUNET_ABE_cpabe_create_key (struct GNUNET_ABE_AbeMasterKey *key, char **attrs); + +/** + * @ingroup abe + * Delete a CP-ABE key. + * + * @param key the key to delete + * @param delete_pub GNUNE_YES if the public key should also be freed (bug in gabe) + * @return fresh private key; free using #GNUNET_free + */ void GNUNET_ABE_cpabe_delete_key (struct GNUNET_ABE_AbeKey *key, int delete_pub); @@ -84,9 +103,9 @@ GNUNET_ABE_cpabe_delete_key (struct GNUNET_ABE_AbeKey *key, * * @param block the block to encrypt * @param size the size of the @a block - * @param sessionkey the key used to encrypt - * @param iv the initialization vector to use, use INITVALUE - * for streams. + * @param policy the ABE policy + * @param key the key used to encrypt + * @param result the result buffer. Will be allocated. Free using #GNUNET_free * @return the size of the encrypted block, -1 for errors */ ssize_t @@ -98,13 +117,12 @@ GNUNET_ABE_cpabe_encrypt (const void *block, /** * @ingroup abe - * Encrypt a block using sessionkey. + * Decrypt a block using the ABE key. * * @param block the block to encrypt * @param size the size of the @a block - * @param sessionkey the key used to encrypt - * @param iv the initialization vector to use, use INITVALUE - * for streams. + * @param key the key used to decrypt + * @param result the result buffer. Will be allocated. Free using #GNUNET_free * @return the size of the encrypted block, -1 for errors */ ssize_t @@ -113,18 +131,50 @@ GNUNET_ABE_cpabe_decrypt (const void *block, const struct GNUNET_ABE_AbeKey *key, void **result); +/** + * @ingroup abe + * Serialize an ABE key. + * + * @param key the key to serialize + * @param result the result buffer. Will be allocated. Free using #GNUNET_free + * @return the size of the encrypted block, -1 for errors + */ ssize_t GNUNET_ABE_cpabe_serialize_key (const struct GNUNET_ABE_AbeKey *key, void **result); +/** + * @ingroup abe + * Deserialize a serialized ABE key. + * + * @param data the data to deserialize + * @param len the length of the data. + * @return the ABE key. NULL of unsuccessful + */ struct GNUNET_ABE_AbeKey* GNUNET_ABE_cpabe_deserialize_key (const void *data, size_t len); +/** + * @ingroup abe + * Serialize an ABE master key. + * + * @param key the key to serialize + * @param result the result buffer. Will be allocated. Free using #GNUNET_free + * @return the size of the encrypted block, -1 for errors + */ ssize_t GNUNET_ABE_cpabe_serialize_master_key (const struct GNUNET_ABE_AbeMasterKey *key, void **result); +/** + * @ingroup abe + * Deserialize an ABE master key. + * + * @param data the data to deserialize + * @param len the length of the data. + * @return the ABE key. NULL of unsuccessful + */ struct GNUNET_ABE_AbeMasterKey* GNUNET_ABE_cpabe_deserialize_master_key (const void *data, size_t len); diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h index 67c2f2b4c..7d6f9e973 100644 --- a/src/include/gnunet_credential_service.h +++ b/src/include/gnunet_credential_service.h @@ -20,7 +20,6 @@ /** * @author Martin Schanzenbach - * @author Adnan Husain * * @file * API to the Credential service @@ -274,7 +273,8 @@ typedef void (*GNUNET_CREDENTIAL_RemoveDelegateResultProcessor) (void *cls, * @param issuer_key the issuer public key * @param issuer_attribute the issuer attribute * @param subject_key the subject public key - * @param subject_attribute the attribute claimed by the subject + * @param credential_count number of credentials + * @param credentials the subject credentials * @param proc function to call on result * @param proc_cls closure for processor * @return handle to the queued request @@ -305,6 +305,8 @@ GNUNET_CREDENTIAL_collect (struct GNUNET_CREDENTIAL_Handle *handle, * @param attribute the name of the attribute to delegate * @param subject the subject of the delegation * @param delegated_attribute the name of the attribute that is delegated to + * @param proc the result callback + * @param proc_cls the result closure context * @return handle to the queued request */ struct GNUNET_CREDENTIAL_Request * @@ -322,6 +324,8 @@ GNUNET_CREDENTIAL_add_delegation (struct GNUNET_CREDENTIAL_Handle *handle, * @param handle handle to the Credential service * @param issuer the ego that was used to delegate the attribute * @param attribute the name of the attribute that is delegated + * @param proc the callback + * @param proc_cls callback closure * @return handle to the queued request */ struct GNUNET_CREDENTIAL_Request * @@ -336,7 +340,6 @@ GNUNET_CREDENTIAL_remove_delegation (struct GNUNET_CREDENTIAL_Handle *handle, /** * Issue an attribute to a subject * - * @param handle handle to the Credential service * @param issuer the ego that should be used to issue the attribute * @param subject the subject of the attribute * @param attribute the name of the attribute @@ -344,32 +347,12 @@ GNUNET_CREDENTIAL_remove_delegation (struct GNUNET_CREDENTIAL_Handle *handle, * @return handle to the queued request */ struct GNUNET_CREDENTIAL_Credential* -GNUNET_CREDENTIAL_credential_issue ( - const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, +GNUNET_CREDENTIAL_credential_issue (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, struct GNUNET_CRYPTO_EcdsaPublicKey *subject, const char *attribute, struct GNUNET_TIME_Absolute *expiration); -/** - * Remove a credential - * - * @param handle handle to the Credential service - * @param issuer the identity that issued the credential - * @param subject the subject of the credential - * @param credential the name of the credential - * @return handle to the queued request - */ -/** - struct GNUNET_CREDENTIAL_IssueRequest * - GNUNET_CREDENTIAL_remove (struct GNUNET_CREDENTIAL_Handle *handle, - struct GNUNET_IDENTITY_Ego *issuer, - struct GNUNET_IDENTITY_Ego *subject, - const char *credential, - GNUNET_CREDENTIAL_IssueResultProcessor proc, - void *proc_cls); - */ - /** * Cancel pending lookup request @@ -377,7 +360,7 @@ GNUNET_CREDENTIAL_credential_issue ( * @param lr the lookup request to cancel */ void -GNUNET_CREDENTIAL_request_cancel (struct GNUNET_CREDENTIAL_Request *vr); +GNUNET_CREDENTIAL_request_cancel (struct GNUNET_CREDENTIAL_Request *lr); #if 0 /* keep Emacsens' auto-indent happy */ diff --git a/src/include/gnunet_identity_attribute_lib.h b/src/include/gnunet_identity_attribute_lib.h index a6c9e1f1c..316b0bf95 100644 --- a/src/include/gnunet_identity_attribute_lib.h +++ b/src/include/gnunet_identity_attribute_lib.h @@ -122,7 +122,7 @@ struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry /** * Create a new attribute claim. * - * @param name the attribute name + * @param attr_name the attribute name * @param type the attribute type * @param data the attribute value * @param data_size the attribute value size diff --git a/src/include/gnunet_identity_provider_service.h b/src/include/gnunet_identity_provider_service.h index 6bc05d0f4..be935e898 100644 --- a/src/include/gnunet_identity_provider_service.h +++ b/src/include/gnunet_identity_provider_service.h @@ -131,6 +131,7 @@ GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle * Process an attribute that was stored in the idp. * * @param cls closure + * @param identity the identity * @param attr the attribute */ typedef void @@ -211,19 +212,19 @@ typedef void /** * Issues a ticket to another identity. The identity may use - * @GNUNET_IDENTITY_PROVIDER_authorization_ticket_consume to consume the ticket + * GNUNET_IDENTITY_PROVIDER_ticket_consume to consume the ticket * and retrieve the attributes specified in the AttributeList. * - * @param id the identity provider to use + * @param h the identity provider to use * @param iss the issuing identity * @param rp the subject of the ticket (the relying party) - * @param attr the attributes that the relying party is given access to + * @param attrs the attributes that the relying party is given access to * @param cb the callback * @param cb_cls the callback closure * @return handle to abort the operation */ struct GNUNET_IDENTITY_PROVIDER_Operation * -GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *id, +GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h, const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss, const struct GNUNET_CRYPTO_EcdsaPublicKey *rp, const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs, @@ -234,7 +235,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *i * Revoked an issued ticket. The relying party will be unable to retrieve * updated attributes. * - * @param id the identity provider to use + * @param h the identity provider to use * @param identity the issuing identity * @param ticket the ticket to revoke * @param cb the callback @@ -242,7 +243,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *i * @return handle to abort the operation */ struct GNUNET_IDENTITY_PROVIDER_Operation * -GNUNET_IDENTITY_PROVIDER_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle *id, +GNUNET_IDENTITY_PROVIDER_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle *h, const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cb, @@ -254,7 +255,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle * * Consumes an issued ticket. The ticket is persisted * and used to retrieve identity information from the issuer * - * @param id the identity provider to use + * @param h the identity provider to use * @param identity the identity that is the subject of the issued ticket (the audience) * @param ticket the issued ticket to consume * @param cb the callback to call @@ -262,7 +263,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle * * @return handle to abort the operation */ struct GNUNET_IDENTITY_PROVIDER_Operation * -GNUNET_IDENTITY_PROVIDER_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *id, +GNUNET_IDENTITY_PROVIDER_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *h, const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, GNUNET_IDENTITY_PROVIDER_AttributeResult cb, @@ -299,7 +300,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER * Lists all tickets that have been issued to remote * identites (relying parties) * - * @param id the identity provider to use + * @param h the identity provider to use * @param identity the issuing identity * @param error_cb function to call on error (i.e. disconnect), * the handle is afterwards invalid diff --git a/src/include/gnunet_rest_lib.h b/src/include/gnunet_rest_lib.h index a4dbb0696..e571eead3 100644 --- a/src/include/gnunet_rest_lib.h +++ b/src/include/gnunet_rest_lib.h @@ -89,7 +89,7 @@ typedef void (*GNUNET_REST_ResultProcessor) (void *cls, * * @param url URL to check * @param namespace namespace to check against - * @retun GNUNET_YES if namespace matches + * @return GNUNET_YES if namespace matches */ int GNUNET_REST_namespace_match (const char *url, const char *namespace); @@ -98,7 +98,7 @@ GNUNET_REST_namespace_match (const char *url, const char *namespace); * Create REST MHD response * * @param data result - * @retun MHD response + * @return MHD response */ struct MHD_Response* GNUNET_REST_create_response (const char *data); diff --git a/src/include/gnunet_rest_plugin.h b/src/include/gnunet_rest_plugin.h index ecd5f66f1..424dbb1fc 100644 --- a/src/include/gnunet_rest_plugin.h +++ b/src/include/gnunet_rest_plugin.h @@ -57,7 +57,7 @@ struct GNUNET_REST_Plugin /** * Plugin name. Used as the namespace for the API. - * e.g. http://hostname:port/ + * e.g. http://hostname:port/name */ char *name; -- cgit v1.2.3