From e75869506cc08e08056168383bd4ab02e1f007de Mon Sep 17 00:00:00 2001 From: Martin Schanzenbach Date: Wed, 19 Aug 2020 19:05:23 +0200 Subject: - towards separation between credentials and presentations thereof, wip, ftbfs --- src/reclaim/Makefile.am | 18 +- src/reclaim/gnunet-reclaim.c | 216 +++++----- src/reclaim/gnunet-service-reclaim.c | 272 ++++++------- src/reclaim/gnunet-service-reclaim_tickets.c | 194 ++++----- src/reclaim/gnunet-service-reclaim_tickets.h | 2 +- src/reclaim/json_reclaim.c | 60 +-- src/reclaim/json_reclaim.h | 11 +- src/reclaim/oidc_helper.c | 110 +++--- src/reclaim/oidc_helper.h | 13 +- src/reclaim/plugin_reclaim_attestation_jwt.c | 321 --------------- src/reclaim/plugin_reclaim_credential_jwt.c | 320 +++++++++++++++ src/reclaim/plugin_rest_openid_connect.c | 142 +++---- src/reclaim/plugin_rest_reclaim.c | 144 +++---- src/reclaim/reclaim.h | 28 +- src/reclaim/reclaim_api.c | 161 ++++---- src/reclaim/reclaim_attestation.c | 570 --------------------------- src/reclaim/reclaim_attestation.h | 64 --- src/reclaim/reclaim_attribute.c | 18 +- src/reclaim/reclaim_attribute.h | 37 +- src/reclaim/reclaim_credential.c | 570 +++++++++++++++++++++++++++ src/reclaim/reclaim_credential.h | 64 +++ 21 files changed, 1663 insertions(+), 1672 deletions(-) delete mode 100644 src/reclaim/plugin_reclaim_attestation_jwt.c create mode 100644 src/reclaim/plugin_reclaim_credential_jwt.c delete mode 100644 src/reclaim/reclaim_attestation.c delete mode 100644 src/reclaim/reclaim_attestation.h create mode 100644 src/reclaim/reclaim_credential.c create mode 100644 src/reclaim/reclaim_credential.h (limited to 'src/reclaim') diff --git a/src/reclaim/Makefile.am b/src/reclaim/Makefile.am index 9b75c11aa..a58127abf 100644 --- a/src/reclaim/Makefile.am +++ b/src/reclaim/Makefile.am @@ -13,8 +13,8 @@ REST_PLUGIN = \ libgnunet_plugin_rest_openid_connect.la \ libgnunet_plugin_rest_reclaim.la -ATTESTATION_PLUGIN = \ - libgnunet_plugin_reclaim_attestation_jwt.la +CREDENTIAL_PLUGIN = \ + libgnunet_plugin_reclaim_credential_jwt.la EXTRA_DIST = \ reclaim.conf \ @@ -34,7 +34,7 @@ lib_LTLIBRARIES = \ plugin_LTLIBRARIES = \ libgnunet_plugin_gnsrecord_reclaim.la \ libgnunet_plugin_reclaim_attribute_basic.la \ - $(ATTESTATION_PLUGIN) \ + $(CREDENTIAL_PLUGIN) \ $(REST_PLUGIN) bin_PROGRAMS = \ @@ -115,8 +115,8 @@ libgnunetreclaim_la_SOURCES = \ reclaim.h \ reclaim_attribute.c \ reclaim_attribute.h \ - reclaim_attestation.c \ - reclaim_attestation.h + reclaim_credential.c \ + reclaim_credential.h libgnunetreclaim_la_LIBADD = \ $(top_builddir)/src/util/libgnunetutil.la \ $(GN_LIBINTL) $(XLIB) @@ -133,14 +133,14 @@ libgnunet_plugin_reclaim_attribute_basic_la_LIBADD = \ libgnunet_plugin_reclaim_attribute_basic_la_LDFLAGS = \ $(GN_PLUGIN_LDFLAGS) -libgnunet_plugin_reclaim_attestation_jwt_la_SOURCES = \ - plugin_reclaim_attestation_jwt.c -libgnunet_plugin_reclaim_attestation_jwt_la_LIBADD = \ +libgnunet_plugin_reclaim_credential_jwt_la_SOURCES = \ + plugin_reclaim_credential_jwt.c +libgnunet_plugin_reclaim_credential_jwt_la_LIBADD = \ $(top_builddir)/src/util/libgnunetutil.la \ libgnunetreclaim.la \ -ljansson\ $(LTLIBINTL) -libgnunet_plugin_reclaim_attestation_jwt_la_LDFLAGS = \ +libgnunet_plugin_reclaim_credential_jwt_la_LDFLAGS = \ $(GN_PLUGIN_LDFLAGS) gnunet_reclaim_SOURCES = \ diff --git a/src/reclaim/gnunet-reclaim.c b/src/reclaim/gnunet-reclaim.c index 6bef5b6fe..a59053f5f 100644 --- a/src/reclaim/gnunet-reclaim.c +++ b/src/reclaim/gnunet-reclaim.c @@ -43,29 +43,34 @@ static int ret; static int list; /** - * List attestations flag + * List credentials flag */ -static int list_attestations; +static int list_credentials; /** - * Attestation ID string + * Credential ID string */ -static char *attestation_id; +static char *credential_id; /** - * Attestation ID + * Credential ID */ -static struct GNUNET_RECLAIM_Identifier attestation; +static struct GNUNET_RECLAIM_Identifier credential; /** - * Attestation name + * Credential name */ -static char *attestation_name; +static char *credential_name; /** - * Attestation exists + * Credential type */ -static int attestation_exists; +static char *credential_type; + +/** + * Credential exists + */ +static int credential_exists; /** * Relying party @@ -133,9 +138,9 @@ static struct GNUNET_RECLAIM_Operation *reclaim_op; static struct GNUNET_RECLAIM_AttributeIterator *attr_iterator; /** - * Attestation iterator + * Credential iterator */ -static struct GNUNET_RECLAIM_AttestationIterator *attest_iterator; +static struct GNUNET_RECLAIM_CredentialIterator *cred_iterator; /** @@ -143,10 +148,6 @@ static struct GNUNET_RECLAIM_AttestationIterator *attest_iterator; */ static struct GNUNET_RECLAIM_TicketIterator *ticket_iterator; -/** - * Master ABE key - */ -static struct GNUNET_CRYPTO_AbeMasterKey *abe_key; /** * ego private key @@ -208,20 +209,20 @@ do_cleanup (void *cls) GNUNET_RECLAIM_cancel (reclaim_op); if (NULL != attr_iterator) GNUNET_RECLAIM_get_attributes_stop (attr_iterator); - if (NULL != attest_iterator) - GNUNET_RECLAIM_get_attestations_stop (attest_iterator); + if (NULL != cred_iterator) + GNUNET_RECLAIM_get_credentials_stop (cred_iterator); if (NULL != ticket_iterator) GNUNET_RECLAIM_ticket_iteration_stop (ticket_iterator); if (NULL != reclaim_handle) GNUNET_RECLAIM_disconnect (reclaim_handle); if (NULL != identity_handle) GNUNET_IDENTITY_disconnect (identity_handle); - if (NULL != abe_key) - GNUNET_free (abe_key); if (NULL != attr_list) GNUNET_free (attr_list); if (NULL != attr_to_delete) GNUNET_free (attr_to_delete); + if (NULL == credential_type) + GNUNET_free (credential_type); } @@ -260,7 +261,7 @@ static void process_attrs (void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, const struct GNUNET_RECLAIM_Attribute *attr, - const struct GNUNET_RECLAIM_Attestation *attest) + const struct GNUNET_RECLAIM_Presentation *presentation) { char *value_str; char *id; @@ -280,7 +281,7 @@ process_attrs (void *cls, attr_type = GNUNET_RECLAIM_attribute_number_to_typename (attr->type); id = GNUNET_STRINGS_data_to_string_alloc (&attr->id, sizeof(attr->id)); value_str = NULL; - if (NULL == attest) + if (NULL == presentation) { value_str = GNUNET_RECLAIM_attribute_value_to_string (attr->type, attr->data, @@ -290,7 +291,7 @@ process_attrs (void *cls, { struct GNUNET_RECLAIM_AttributeListEntry *ale; struct GNUNET_RECLAIM_AttributeList *al - = GNUNET_RECLAIM_attestation_get_attributes (attest); + = GNUNET_RECLAIM_presentation_get_attributes (presentation); for (ale = al->list_head; NULL != ale; ale = ale->next) { @@ -298,10 +299,8 @@ process_attrs (void *cls, continue; value_str = GNUNET_RECLAIM_attribute_value_to_string (ale->attribute->type, - ale->attribute-> - data, - ale->attribute-> - data_size); + ale->attribute->data, + ale->attribute->data_size); break; } } @@ -312,7 +311,7 @@ process_attrs (void *cls, attr_type, attr->flag, id, - (NULL == attest) ? "" : "(ATTESTED)"); + (NULL == presentation) ? "" : "(ATTESTED)"); GNUNET_free (value_str); GNUNET_free (id); } @@ -362,7 +361,7 @@ static void iter_error (void *cls) { attr_iterator = NULL; - attest_iterator = NULL; + cred_iterator = NULL; fprintf (stderr, "Failed\n"); cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); @@ -489,9 +488,9 @@ iter_finished (void *cls) claim = GNUNET_RECLAIM_attribute_new (attr_name, NULL, type, data, data_size); } - if (NULL != attestation_id) + if (NULL != credential_id) { - claim->attestation = attestation; + claim->credential = credential; } reclaim_op = GNUNET_RECLAIM_attribute_store (reclaim_handle, pkey, @@ -524,7 +523,7 @@ iter_cb (void *cls, if (0 == strcasecmp (attr_name, attr->name)) { claim = GNUNET_RECLAIM_attribute_new (attr->name, - &attr->attestation, + &attr->credential, attr->type, attr->data, attr->data_size); @@ -543,7 +542,7 @@ iter_cb (void *cls, } le = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); le->attribute = GNUNET_RECLAIM_attribute_new (attr->name, - &attr->attestation, + &attr->credential, attr->type, attr->data, attr->data_size); @@ -562,7 +561,7 @@ iter_cb (void *cls, if (0 == strcasecmp (attr_delete, label)) { attr_to_delete = GNUNET_RECLAIM_attribute_new (attr->name, - &attr->attestation, + &attr->credential, attr->type, attr->data, attr->data_size); @@ -577,7 +576,7 @@ iter_cb (void *cls, attr->data_size); attr_type = GNUNET_RECLAIM_attribute_number_to_typename (attr->type); id = GNUNET_STRINGS_data_to_string_alloc (&attr->id, sizeof(attr->id)); - if (GNUNET_YES == GNUNET_RECLAIM_id_is_zero (&attr->attestation)) + if (GNUNET_YES == GNUNET_RECLAIM_id_is_zero (&attr->credential)) { fprintf (stdout, "%s: ``%s'' (%s); ID: %s\n", @@ -588,17 +587,17 @@ iter_cb (void *cls, } else { - char *attest_id = - GNUNET_STRINGS_data_to_string_alloc (&attr->attestation, - sizeof(attr->attestation)); + char *cred_id = + GNUNET_STRINGS_data_to_string_alloc (&attr->credential, + sizeof(attr->credential)); fprintf (stdout, - "%s: <``%s'' in attestation %s> (%s); ID: %s\n", + "%s: ``%s'' in credential presentation `%s' (%s); ID: %s\n", attr->name, attr_str, - attest_id, + cred_id, attr_type, id); - GNUNET_free (attest_id); + GNUNET_free (cred_id); } GNUNET_free (id); @@ -608,29 +607,31 @@ iter_cb (void *cls, static void -attest_iter_finished (void *cls) +cred_iter_finished (void *cls) { - attest_iterator = NULL; + cred_iterator = NULL; - // Add new attestation - if ((NULL != attestation_name) && + // Add new credential + if ((NULL != credential_name) && (NULL != attr_value)) { - struct GNUNET_RECLAIM_Attestation *attestation = - GNUNET_RECLAIM_attestation_new (attestation_name, - GNUNET_RECLAIM_ATTESTATION_TYPE_JWT, // FIXME hardcoded - attr_value, - strlen (attr_value)); - reclaim_op = GNUNET_RECLAIM_attestation_store (reclaim_handle, - pkey, - attestation, - &exp_interval, - store_cont, - NULL); + enum GNUNET_RECLAIM_CredentialType ctype = + GNUNET_RECLAIM_credential_typename_to_number (credential_type); + struct GNUNET_RECLAIM_Credential *credential = + GNUNET_RECLAIM_credential_new (credential_name, + ctype, + attr_value, + strlen (attr_value)); + reclaim_op = GNUNET_RECLAIM_credential_store (reclaim_handle, + pkey, + credential, + &exp_interval, + store_cont, + NULL); return; } - if (list_attestations) + if (list_credentials) { cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); return; @@ -648,34 +649,34 @@ attest_iter_finished (void *cls) static void -attest_iter_cb (void *cls, - const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, - const struct GNUNET_RECLAIM_Attestation *attest) +cred_iter_cb (void *cls, + const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, + const struct GNUNET_RECLAIM_Credential *cred) { - char *attest_str; + char *cred_str; char *attr_str; char *id; - const char *attest_type; + const char *cred_type; struct GNUNET_RECLAIM_AttributeListEntry *ale; - if (GNUNET_YES == GNUNET_RECLAIM_id_is_equal (&attestation, - &attest->id)) - attestation_exists = GNUNET_YES; - if (list_attestations) + if (GNUNET_YES == GNUNET_RECLAIM_id_is_equal (&credential, + &cred->id)) + credential_exists = GNUNET_YES; + if (list_credentials) { - attest_str = GNUNET_RECLAIM_attestation_value_to_string (attest->type, - attest->data, - attest->data_size); - attest_type = GNUNET_RECLAIM_attestation_number_to_typename (attest->type); - id = GNUNET_STRINGS_data_to_string_alloc (&attest->id, sizeof(attest->id)); + cred_str = GNUNET_RECLAIM_credential_value_to_string (cred->type, + cred->data, + cred->data_size); + cred_type = GNUNET_RECLAIM_credential_number_to_typename (cred->type); + id = GNUNET_STRINGS_data_to_string_alloc (&cred->id, sizeof(cred->id)); fprintf (stdout, "%s: ``%s'' (%s); ID: %s\n", - attest->name, - attest_str, - attest_type, + cred->name, + cred_str, + cred_type, id); struct GNUNET_RECLAIM_AttributeList *attrs = - GNUNET_RECLAIM_attestation_get_attributes (attest); + GNUNET_RECLAIM_credential_get_attributes (cred); if (NULL != attrs) { fprintf (stdout, @@ -684,11 +685,8 @@ attest_iter_cb (void *cls, { attr_str = GNUNET_RECLAIM_attribute_value_to_string ( ale->attribute->type, - ale->attribute-> - data, - ale->attribute-> - data_size); - + ale->attribute->data, + ale->attribute->data_size); fprintf (stdout, "\t %s: %s\n", ale->attribute->name, attr_str); GNUNET_free (attr_str); @@ -697,7 +695,7 @@ attest_iter_cb (void *cls, } GNUNET_free (id); } - GNUNET_RECLAIM_get_attestations_next (attest_iterator); + GNUNET_RECLAIM_get_credentials_next (cred_iterator); } @@ -710,12 +708,14 @@ start_process () cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); return; } - attestation = GNUNET_RECLAIM_ID_ZERO; - if (NULL != attestation_id) - GNUNET_STRINGS_string_to_data (attestation_id, - strlen (attestation_id), - &attestation, sizeof(attestation)); - attestation_exists = GNUNET_NO; + if (NULL == credential_type) + credential_type = GNUNET_strdup ("JWT"); + credential = GNUNET_RECLAIM_ID_ZERO; + if (NULL != credential_id) + GNUNET_STRINGS_string_to_data (credential_id, + strlen (credential_id), + &credential, sizeof(credential)); + credential_exists = GNUNET_NO; if (list_tickets) { ticket_iterator = GNUNET_RECLAIM_ticket_iteration_start (reclaim_handle, @@ -750,15 +750,14 @@ start_process () attr_list = GNUNET_new (struct GNUNET_RECLAIM_AttributeList); claim = NULL; - attest_iterator = GNUNET_RECLAIM_get_attestations_start (reclaim_handle, - pkey, - &iter_error, - NULL, - &attest_iter_cb, - NULL, - & - attest_iter_finished, - NULL); + cred_iterator = GNUNET_RECLAIM_get_credentials_start (reclaim_handle, + pkey, + &iter_error, + NULL, + &cred_iter_cb, + NULL, + &cred_iter_finished, + NULL); } @@ -856,20 +855,20 @@ main (int argc, char *const argv[]) gettext_noop ("List attributes for EGO"), &list), GNUNET_GETOPT_option_flag ('A', - "attestations", - gettext_noop ("List attestations for EGO"), - &list_attestations), + "credentials", + gettext_noop ("List credentials for EGO"), + &list_credentials), GNUNET_GETOPT_option_string ('I', - "Attestation ID", - "ATTESTATION_ID", + "Credential ID", + "CREDENTIAL_ID", gettext_noop ( - "Attestation to use for attribute"), - &attestation_id), + "Credential to use for attribute"), + &credential_id), GNUNET_GETOPT_option_string ('N', - "attestation-name", + "credential-name", "NAME", - gettext_noop ("Attestation name"), - &attestation_name), + gettext_noop ("Credential name"), + &credential_name), GNUNET_GETOPT_option_string ('i', "issue", "A1,A2,...", @@ -891,6 +890,11 @@ main (int argc, char *const argv[]) "TYPE", gettext_noop ("Type of attribute"), &type_str), + GNUNET_GETOPT_option_string ('u', + "credential-type", + "TYPE", + gettext_noop ("Type of credential"), + &credential_type), GNUNET_GETOPT_option_flag ('T', "tickets", gettext_noop ("List tickets of ego"), diff --git a/src/reclaim/gnunet-service-reclaim.c b/src/reclaim/gnunet-service-reclaim.c index 84afd482e..30a84b3e8 100644 --- a/src/reclaim/gnunet-service-reclaim.c +++ b/src/reclaim/gnunet-service-reclaim.c @@ -170,17 +170,17 @@ struct IdpClient /** * Head of the DLL of - * Attribute iteration operations in + * Credential iteration operations in * progress initiated by this client */ - struct Iterator *attest_iter_head; + struct Iterator *cred_iter_head; /** * Tail of the DLL of - * Attribute iteration operations + * Credential iteration operations * in progress initiated by this client */ - struct Iterator *attest_iter_tail; + struct Iterator *cred_iter_tail; /** * Head of DLL of ticket iteration ops @@ -285,9 +285,9 @@ struct AttributeDeleteHandle struct GNUNET_RECLAIM_Attribute *claim; /** - * The attestation to delete + * The credential to delete */ - struct GNUNET_RECLAIM_Attestation *attest; + struct GNUNET_RECLAIM_Credential *credential; /** * Tickets to update @@ -352,9 +352,9 @@ struct AttributeStoreHandle struct GNUNET_RECLAIM_Attribute *claim; /** - * The attestation to store + * The credential to store */ - struct GNUNET_RECLAIM_Attestation *attest; + struct GNUNET_RECLAIM_Credential *credential; /** * The attribute expiration interval @@ -488,8 +488,8 @@ cleanup_adh (struct AttributeDeleteHandle *adh) GNUNET_free (adh->label); if (NULL != adh->claim) GNUNET_free (adh->claim); - if (NULL != adh->attest) - GNUNET_free (adh->attest); + if (NULL != adh->credential) + GNUNET_free (adh->credential); while (NULL != (le = adh->tickets_to_update_head)) { GNUNET_CONTAINER_DLL_remove (adh->tickets_to_update_head, @@ -517,8 +517,8 @@ cleanup_as_handle (struct AttributeStoreHandle *ash) GNUNET_NAMESTORE_cancel (ash->ns_qe); if (NULL != ash->claim) GNUNET_free (ash->claim); - if (NULL != ash->attest) - GNUNET_free (ash->attest); + if (NULL != ash->credential) + GNUNET_free (ash->credential); GNUNET_free (ash); } @@ -569,9 +569,9 @@ cleanup_client (struct IdpClient *idp) GNUNET_CONTAINER_DLL_remove (idp->attr_iter_head, idp->attr_iter_tail, ai); GNUNET_free (ai); } - while (NULL != (ai = idp->attest_iter_head)) + while (NULL != (ai = idp->cred_iter_head)) { - GNUNET_CONTAINER_DLL_remove (idp->attest_iter_head, idp->attest_iter_tail, + GNUNET_CONTAINER_DLL_remove (idp->cred_iter_head, idp->cred_iter_tail, ai); GNUNET_free (ai); } @@ -847,7 +847,7 @@ static void consume_result_cb (void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, const struct GNUNET_RECLAIM_AttributeList *attrs, - const struct GNUNET_RECLAIM_AttestationList *attests, + const struct GNUNET_RECLAIM_PresentationList *presentations, int32_t success, const char *emsg) { @@ -856,28 +856,28 @@ consume_result_cb (void *cls, struct GNUNET_MQ_Envelope *env; char *data_tmp; size_t attrs_len = 0; - size_t attests_len = 0; + size_t pres_len = 0; if (GNUNET_OK != success) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error consuming ticket: %s\n", emsg); } attrs_len = GNUNET_RECLAIM_attribute_list_serialize_get_size (attrs); - attests_len = GNUNET_RECLAIM_attestation_list_serialize_get_size (attests); + pres_len = GNUNET_RECLAIM_presentation_list_serialize_get_size (presentations); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Sending CONSUME_TICKET_RESULT message\n"); env = GNUNET_MQ_msg_extra (crm, - attrs_len + attests_len, + attrs_len + pres_len, GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET_RESULT); crm->id = htonl (cop->r_id); crm->attrs_len = htons (attrs_len); - crm->attestations_len = htons (attests_len); + crm->pres_len = htons (pres_len); crm->identity = *identity; crm->result = htonl (success); data_tmp = (char *) &crm[1]; GNUNET_RECLAIM_attribute_list_serialize (attrs, data_tmp); data_tmp += attrs_len; - GNUNET_RECLAIM_attestation_list_serialize (attests, data_tmp); + GNUNET_RECLAIM_presentation_list_serialize (presentations, data_tmp); GNUNET_MQ_send (cop->client->mq, env); GNUNET_CONTAINER_DLL_remove (cop->client->consume_op_head, cop->client->consume_op_tail, @@ -1075,14 +1075,14 @@ handle_attribute_store_message (void *cls, /** - * Attestation store result handler + * Credential store result handler * * @param cls our attribute store handle * @param success GNUNET_OK if successful * @param emsg error message (NULL if success=GNUNET_OK) */ static void -attest_store_cont (void *cls, int32_t success, const char *emsg) +cred_store_cont (void *cls, int32_t success, const char *emsg) { struct AttributeStoreHandle *ash = cls; struct GNUNET_MQ_Envelope *env; @@ -1096,7 +1096,7 @@ attest_store_cont (void *cls, int32_t success, const char *emsg) if (GNUNET_SYSERR == success) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Failed to store attestation %s\n", + "Failed to store credential: %s\n", emsg); cleanup_as_handle (ash); GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); @@ -1113,16 +1113,16 @@ attest_store_cont (void *cls, int32_t success, const char *emsg) /** - * Error looking up potential attestation. Abort. + * Error looking up potential credential. Abort. * * @param cls our attribute store handle */ static void -attest_error (void *cls) +cred_error (void *cls) { struct AttributeStoreHandle *ash = cls; GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Failed to check for existing Attestation\n"); + "Failed to check for existing credential.\n"); cleanup_as_handle (ash); GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); return; @@ -1130,7 +1130,7 @@ attest_error (void *cls) /** -* Check for existing record before storing attestation +* Check for existing record before storing credential * * @param cls our attribute store handle * @param zone zone we are iterating @@ -1139,33 +1139,34 @@ attest_error (void *cls) * @param rd records */ static void -attest_add_cb (void *cls, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, - const char *label, - unsigned int rd_count, - const struct GNUNET_GNSRECORD_Data *rd) +cred_add_cb (void *cls, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, + const char *label, + unsigned int rd_count, + const struct GNUNET_GNSRECORD_Data *rd) { struct AttributeStoreHandle *ash = cls; + struct GNUNET_GNSRECORD_Data rd_new[1]; char *buf; size_t buf_size; - buf_size = GNUNET_RECLAIM_attestation_serialize_get_size (ash->attest); + + buf_size = GNUNET_RECLAIM_credential_serialize_get_size (ash->credential); buf = GNUNET_malloc (buf_size); - GNUNET_RECLAIM_attestation_serialize (ash->attest, buf); + GNUNET_RECLAIM_presentation_serialize (ash->credential, buf); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Storing new Attestation\n"); - struct GNUNET_GNSRECORD_Data rd_new[1]; + "Storing new credential under `%s'.\n", + label); rd_new[0].data_size = buf_size; rd_new[0].data = buf; - rd_new[0].record_type = GNUNET_GNSRECORD_TYPE_RECLAIM_ATTESTATION; + rd_new[0].record_type = GNUNET_GNSRECORD_TYPE_RECLAIM_CREDENTIAL; rd_new[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; rd_new[0].expiration_time = ash->exp.rel_value_us; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Encrypting with label %s\n", label); ash->ns_qe = GNUNET_NAMESTORE_records_store (nsh, &ash->identity, label, 1, rd_new, - &attest_store_cont, + &cred_store_cont, ash); GNUNET_free (buf); return; @@ -1173,44 +1174,43 @@ attest_add_cb (void *cls, /** - * Add a new attestation + * Add a new credential * * @param cls the AttributeStoreHandle */ static void -attest_store_task (void *cls) +cred_store_task (void *cls) { struct AttributeStoreHandle *ash = cls; char *label; // Give the ash a new id if unset - if (GNUNET_YES == GNUNET_RECLAIM_id_is_zero (&ash->attest->id)) - GNUNET_RECLAIM_id_generate (&ash->attest->id); - label = GNUNET_STRINGS_data_to_string_alloc (&ash->attest->id, - sizeof (ash->attest->id)); + if (GNUNET_YES == GNUNET_RECLAIM_id_is_zero (&ash->credential->id)) + GNUNET_RECLAIM_id_generate (&ash->credential->id); + label = GNUNET_STRINGS_data_to_string_alloc (&ash->credential->id, + sizeof (ash->credential->id)); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Looking up existing data under label %s\n", label); -// Test for the content of the existing ID + "Looking up existing data under label `%s'\n", label); ash->ns_qe = GNUNET_NAMESTORE_records_lookup (nsh, &ash->identity, label, - &attest_error, + &cred_error, ash, - &attest_add_cb, + &cred_add_cb, ash); GNUNET_free (label); } /** - * Check an attestation store message + * Check an credential store message * * @param cls unused * @param sam the message to check */ static int -check_attestation_store_message (void *cls, - const struct AttributeStoreMessage *sam) +check_credential_store_message (void *cls, + const struct AttributeStoreMessage *sam) { uint16_t size; @@ -1225,26 +1225,26 @@ check_attestation_store_message (void *cls, /** -* Handle an attestation store message +* Handle a credential store message * * @param cls our client * @param sam the message to handle */ static void -handle_attestation_store_message (void *cls, +handle_credential_store_message (void *cls, const struct AttributeStoreMessage *sam) { struct AttributeStoreHandle *ash; struct IdpClient *idp = cls; size_t data_len; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received ATTESTATION_STORE message\n"); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received CREDENTIAL_STORE message\n"); data_len = ntohs (sam->attr_len); ash = GNUNET_new (struct AttributeStoreHandle); - ash->attest = GNUNET_RECLAIM_attestation_deserialize ((char *) &sam[1], - data_len); + ash->credential = GNUNET_RECLAIM_credential_deserialize ((char *) &sam[1], + data_len); ash->r_id = ntohl (sam->id); ash->identity = sam->identity; @@ -1254,7 +1254,7 @@ handle_attestation_store_message (void *cls, GNUNET_SERVICE_client_continue (idp->client); ash->client = idp; GNUNET_CONTAINER_DLL_insert (idp->store_op_head, idp->store_op_tail, ash); - GNUNET_SCHEDULER_add_now (&attest_store_task, ash); + GNUNET_SCHEDULER_add_now (&cred_store_task, ash); } @@ -1310,12 +1310,12 @@ ticket_iter (void *cls, if (GNUNET_YES != GNUNET_RECLAIM_id_is_equal (rd[i].data, &adh->claim->id)) continue; - if (adh->attest != NULL) + if (adh->credential != NULL) if (GNUNET_YES != GNUNET_RECLAIM_id_is_equal (rd[i].data, - &adh->attest->id)) + &adh->credential->id)) continue; GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Attribute or Attestation to delete found (%s)\n", + "Attribute to delete found (%s)\n", adh->label); has_changed = GNUNET_YES; break; @@ -1410,10 +1410,10 @@ update_tickets (void *cls) && (GNUNET_YES == GNUNET_RECLAIM_id_is_equal (rd[i].data, &adh->claim->id))) continue; - if (adh->attest != NULL) + if (adh->credential != NULL) if ((GNUNET_GNSRECORD_TYPE_RECLAIM_ATTRIBUTE_REF == rd[i].record_type) && (GNUNET_YES == GNUNET_RECLAIM_id_is_equal (rd[i].data, - &adh->attest->id))) + &adh->credential->id))) continue; rd_new[j] = rd[i]; j++; @@ -1557,7 +1557,7 @@ handle_attribute_delete_message (void *cls, GNUNET_RECLAIM_attribute_deserialize ((char *) &dam[1], data_len, &adh->claim); - adh->attest = NULL; + adh->credential = NULL; adh->r_id = ntohl (dam->id); adh->identity = dam->identity; @@ -1578,14 +1578,14 @@ handle_attribute_delete_message (void *cls, /** - * Attestation deleted callback + * Credential deleted callback * * @param cls our handle * @param success success status * @param emsg error message (NULL if success=GNUNET_OK) */ static void -attest_delete_cont (void *cls, int32_t success, const char *emsg) +cred_delete_cont (void *cls, int32_t success, const char *emsg) { struct AttributeDeleteHandle *adh = cls; @@ -1593,7 +1593,7 @@ attest_delete_cont (void *cls, int32_t success, const char *emsg) if (GNUNET_SYSERR == success) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Error deleting attestation %s\n", + "Error deleting credential `%s'\n", adh->label); send_delete_response (adh, GNUNET_SYSERR); cleanup_adh (adh); @@ -1605,13 +1605,13 @@ attest_delete_cont (void *cls, int32_t success, const char *emsg) /** - * Check attestation delete message format + * Check credential delete message format * * @cls unused * @dam message to check */ static int -check_attestation_delete_message (void *cls, +check_cred_delete_message (void *cls, const struct AttributeDeleteMessage *dam) { uint16_t size; @@ -1627,33 +1627,33 @@ check_attestation_delete_message (void *cls, /** - * Handle attestation deletion + * Handle credential deletion * * @param cls our client * @param dam deletion message */ static void -handle_attestation_delete_message (void *cls, +handle_credential_delete_message (void *cls, const struct AttributeDeleteMessage *dam) { struct AttributeDeleteHandle *adh; struct IdpClient *idp = cls; size_t data_len; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received ATTESTATION_DELETE message\n"); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received CREDENTIAL_DELETE message\n"); data_len = ntohs (dam->attr_len); adh = GNUNET_new (struct AttributeDeleteHandle); - adh->attest = GNUNET_RECLAIM_attestation_deserialize ((char *) &dam[1], - data_len); + adh->credential = GNUNET_RECLAIM_credential_deserialize ((char *) &dam[1], + data_len); adh->claim = NULL; adh->r_id = ntohl (dam->id); adh->identity = dam->identity; adh->label - = GNUNET_STRINGS_data_to_string_alloc (&adh->attest->id, - sizeof(adh->attest->id)); + = GNUNET_STRINGS_data_to_string_alloc (&adh->credential->id, + sizeof(adh->credential->id)); GNUNET_SERVICE_client_continue (idp->client); adh->client = idp; GNUNET_CONTAINER_DLL_insert (idp->delete_op_head, idp->delete_op_tail, adh); @@ -1662,7 +1662,7 @@ handle_attestation_delete_message (void *cls, adh->label, 0, NULL, - &attest_delete_cont, + &cred_delete_cont, adh); } @@ -1712,7 +1712,7 @@ attr_iter_error (void *cls) /** - * Got record. Return if it is an attribute or attestation. + * Got record. Return if it is an attribute. * * @param cls our attribute iterator * @param zone zone we are iterating @@ -1852,51 +1852,51 @@ handle_iteration_next (void *cls, /************************************************* -* Attestation iteration +* Credential iteration *************************************************/ /** - * Done iterating over attestations + * Done iterating over credentials * * @param cls our iterator handle */ static void -attest_iter_finished (void *cls) +cred_iter_finished (void *cls) { struct Iterator *ai = cls; struct GNUNET_MQ_Envelope *env; - struct AttestationResultMessage *arm; + struct CredentialResultMessage *arm; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Sending ATTESTATION_RESULT message\n"); - env = GNUNET_MQ_msg (arm, GNUNET_MESSAGE_TYPE_RECLAIM_ATTESTATION_RESULT); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Sending CREDENTIAL_RESULT message\n"); + env = GNUNET_MQ_msg (arm, GNUNET_MESSAGE_TYPE_RECLAIM_CREDENTIAL_RESULT); arm->id = htonl (ai->request_id); - arm->attestation_len = htons (0); + arm->credential_len = htons (0); GNUNET_MQ_send (ai->client->mq, env); - GNUNET_CONTAINER_DLL_remove (ai->client->attest_iter_head, - ai->client->attest_iter_tail, + GNUNET_CONTAINER_DLL_remove (ai->client->cred_iter_head, + ai->client->cred_iter_tail, ai); GNUNET_free (ai); } /** - * Error iterating over attestations. Abort. + * Error iterating over credentials. Abort. * * @param cls our attribute iteration handle */ static void -attest_iter_error (void *cls) +cred_iter_error (void *cls) { struct Iterator *ai = cls; - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to iterate over attestations\n"); - attest_iter_finished (ai); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to iterate over credentials\n"); + cred_iter_finished (ai); } /** - * Got record. Return attestation. + * Got record. Return credential. * * @param cls our attribute iterator * @param zone zone we are iterating @@ -1905,32 +1905,32 @@ attest_iter_error (void *cls) * @param rd records */ static void -attest_iter_cb (void *cls, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, - const char *label, - unsigned int rd_count, - const struct GNUNET_GNSRECORD_Data *rd) +cred_iter_cb (void *cls, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, + const char *label, + unsigned int rd_count, + const struct GNUNET_GNSRECORD_Data *rd) { struct Iterator *ai = cls; struct GNUNET_MQ_Envelope *env; - struct AttestationResultMessage *arm; + struct CredentialResultMessage *arm; char *data_tmp; if ((rd_count != 1) || - (GNUNET_GNSRECORD_TYPE_RECLAIM_ATTESTATION != rd->record_type)) + (GNUNET_GNSRECORD_TYPE_RECLAIM_CREDENTIAL != rd->record_type)) { GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it, 1); return; } - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found attestation under: %s\n", + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found credential under: %s\n", label); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Sending ATTESTATION_RESULT message\n"); + "Sending CREDENTIAL_RESULT message\n"); env = GNUNET_MQ_msg_extra (arm, rd->data_size, - GNUNET_MESSAGE_TYPE_RECLAIM_ATTESTATION_RESULT); + GNUNET_MESSAGE_TYPE_RECLAIM_CREDENTIAL_RESULT); arm->id = htonl (ai->request_id); - arm->attestation_len = htons (rd->data_size); + arm->credential_len = htons (rd->data_size); GNUNET_CRYPTO_ecdsa_key_get_public (zone, &arm->identity); data_tmp = (char *) &arm[1]; GNUNET_memcpy (data_tmp, rd->data, rd->data_size); @@ -1946,29 +1946,29 @@ attest_iter_cb (void *cls, * @param ais_msg the iteration message to start */ static void -handle_attestation_iteration_start (void *cls, - const struct - AttestationIterationStartMessage *ais_msg) +handle_credential_iteration_start (void *cls, + const struct + CredentialIterationStartMessage *ais_msg) { struct IdpClient *idp = cls; struct Iterator *ai; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Received ATTESTATION_ITERATION_START message\n"); + "Received CREDENTIAL_ITERATION_START message\n"); ai = GNUNET_new (struct Iterator); ai->request_id = ntohl (ais_msg->id); ai->client = idp; ai->identity = ais_msg->identity; - GNUNET_CONTAINER_DLL_insert (idp->attest_iter_head, idp->attest_iter_tail, + GNUNET_CONTAINER_DLL_insert (idp->cred_iter_head, idp->cred_iter_tail, ai); ai->ns_it = GNUNET_NAMESTORE_zone_iteration_start (nsh, &ai->identity, - &attest_iter_error, + &cred_iter_error, ai, - &attest_iter_cb, + &cred_iter_cb, ai, - &attest_iter_finished, + &cred_iter_finished, ai); GNUNET_SERVICE_client_continue (idp->client); } @@ -1981,9 +1981,9 @@ handle_attestation_iteration_start (void *cls, * @param ais_msg the stop message */ static void -handle_attestation_iteration_stop (void *cls, - const struct - AttestationIterationStopMessage *ais_msg) +handle_credential_iteration_stop (void *cls, + const struct + CredentialIterationStopMessage *ais_msg) { struct IdpClient *idp = cls; struct Iterator *ai; @@ -1991,9 +1991,9 @@ handle_attestation_iteration_stop (void *cls, GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received `%s' message\n", - "ATTESTATION_ITERATION_STOP"); + "CREDENTIAL_ITERATION_STOP"); rid = ntohl (ais_msg->id); - for (ai = idp->attest_iter_head; NULL != ai; ai = ai->next) + for (ai = idp->cred_iter_head; NULL != ai; ai = ai->next) if (ai->request_id == rid) break; if (NULL == ai) @@ -2002,7 +2002,7 @@ handle_attestation_iteration_stop (void *cls, GNUNET_SERVICE_client_drop (idp->client); return; } - GNUNET_CONTAINER_DLL_remove (idp->attest_iter_head, idp->attest_iter_tail, + GNUNET_CONTAINER_DLL_remove (idp->cred_iter_head, idp->cred_iter_tail, ai); GNUNET_free (ai); GNUNET_SERVICE_client_continue (idp->client); @@ -2010,24 +2010,24 @@ handle_attestation_iteration_stop (void *cls, /** - * Client requests next attestation from iterator + * Client requests next credential from iterator * * @param cls the client * @param ais_msg the message */ static void -handle_attestation_iteration_next (void *cls, - const struct - AttestationIterationNextMessage *ais_msg) +handle_credential_iteration_next (void *cls, + const struct + CredentialIterationNextMessage *ais_msg) { struct IdpClient *idp = cls; struct Iterator *ai; uint32_t rid; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Received ATTESTATION_ITERATION_NEXT message\n"); + "Received CREDENTIAL_ITERATION_NEXT message\n"); rid = ntohl (ais_msg->id); - for (ai = idp->attest_iter_head; NULL != ai; ai = ai->next) + for (ai = idp->cred_iter_head; NULL != ai; ai = ai->next) if (ai->request_id == rid) break; if (NULL == ai) @@ -2269,16 +2269,16 @@ GNUNET_SERVICE_MAIN ( GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE, struct AttributeStoreMessage, NULL), - GNUNET_MQ_hd_var_size (attestation_store_message, - GNUNET_MESSAGE_TYPE_RECLAIM_ATTESTATION_STORE, + GNUNET_MQ_hd_var_size (credential_store_message, + GNUNET_MESSAGE_TYPE_RECLAIM_CREDENTIAL_STORE, struct AttributeStoreMessage, NULL), GNUNET_MQ_hd_var_size (attribute_delete_message, GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_DELETE, struct AttributeDeleteMessage, NULL), - GNUNET_MQ_hd_var_size (attestation_delete_message, - GNUNET_MESSAGE_TYPE_RECLAIM_ATTESTATION_DELETE, + GNUNET_MQ_hd_var_size (credential_delete_message, + GNUNET_MESSAGE_TYPE_RECLAIM_CREDENTIAL_DELETE, struct AttributeDeleteMessage, NULL), GNUNET_MQ_hd_fixed_size (iteration_start, @@ -2293,17 +2293,17 @@ GNUNET_SERVICE_MAIN ( GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_STOP, struct AttributeIterationStopMessage, NULL), - GNUNET_MQ_hd_fixed_size (attestation_iteration_start, - GNUNET_MESSAGE_TYPE_RECLAIM_ATTESTATION_ITERATION_START, - struct AttestationIterationStartMessage, + GNUNET_MQ_hd_fixed_size (credential_iteration_start, + GNUNET_MESSAGE_TYPE_RECLAIM_CREDENTIAL_ITERATION_START, + struct CredentialIterationStartMessage, NULL), - GNUNET_MQ_hd_fixed_size (attestation_iteration_next, - GNUNET_MESSAGE_TYPE_RECLAIM_ATTESTATION_ITERATION_NEXT, - struct AttestationIterationNextMessage, + GNUNET_MQ_hd_fixed_size (credential_iteration_next, + GNUNET_MESSAGE_TYPE_RECLAIM_CREDENTIAL_ITERATION_NEXT, + struct CredentialIterationNextMessage, NULL), - GNUNET_MQ_hd_fixed_size (attestation_iteration_stop, - GNUNET_MESSAGE_TYPE_RECLAIM_ATTESTATION_ITERATION_STOP, - struct AttestationIterationStopMessage, + GNUNET_MQ_hd_fixed_size (credential_iteration_stop, + GNUNET_MESSAGE_TYPE_RECLAIM_CREDENTIAL_ITERATION_STOP, + struct CredentialIterationStopMessage, NULL), GNUNET_MQ_hd_var_size (issue_ticket_message, diff --git a/src/reclaim/gnunet-service-reclaim_tickets.c b/src/reclaim/gnunet-service-reclaim_tickets.c index af01d8ec7..18b173aaa 100644 --- a/src/reclaim/gnunet-service-reclaim_tickets.c +++ b/src/reclaim/gnunet-service-reclaim_tickets.c @@ -114,9 +114,9 @@ struct RECLAIM_TICKETS_ConsumeHandle struct GNUNET_RECLAIM_AttributeList *attrs; /** - * Attestations + * Credentials */ - struct GNUNET_RECLAIM_AttestationList *attests; + struct GNUNET_RECLAIM_CredentialList *credentials; /** * Lookup time @@ -715,20 +715,20 @@ rvk_move_attr_cb (void *cls, GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute %s\n", new_label); GNUNET_free (claim); } - else if (GNUNET_GNSRECORD_TYPE_RECLAIM_ATTESTATION == rd[i].record_type) + else if (GNUNET_GNSRECORD_TYPE_RECLAIM_CREDENTIAL == rd[i].record_type) { - struct GNUNET_RECLAIM_Attestation *attest; - attest = GNUNET_RECLAIM_attestation_deserialize (rd[i].data, - rd[i].data_size); + struct GNUNET_RECLAIM_Credential *credential; + credential = GNUNET_RECLAIM_credential_deserialize (rd[i].data, + rd[i].data_size); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Attestation to update: Name=%s\n", - attest->name); - attest->id = rvk->move_attr->new_id; + "Credential to update: Name=%s\n", + credential->name); + credential->id = rvk->move_attr->new_id; new_rd[i].data_size = - GNUNET_RECLAIM_attestation_serialize_get_size (attest); + GNUNET_RECLAIM_credential_serialize_get_size (credential); attr_data = GNUNET_malloc (rd[i].data_size); - new_rd[i].data_size = GNUNET_RECLAIM_attestation_serialize (attest, - attr_data); + new_rd[i].data_size = GNUNET_RECLAIM_credential_serialize (credential, + attr_data); new_rd[i].data = attr_data; new_rd[i].record_type = rd[i].record_type; new_rd[i].flags = rd[i].flags; @@ -736,9 +736,9 @@ rvk_move_attr_cb (void *cls, new_label = GNUNET_STRINGS_data_to_string_alloc (&rvk->move_attr->new_id, sizeof (rvk->move_attr->new_id)); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attestation %s\n", + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding credential %s\n", new_label); - GNUNET_free (attest); + GNUNET_free (credential); } } rvk->ns_qe = GNUNET_NAMESTORE_records_store (nsh, @@ -981,8 +981,8 @@ cleanup_cth (struct RECLAIM_TICKETS_ConsumeHandle *cth) if (NULL != cth->attrs) GNUNET_RECLAIM_attribute_list_destroy (cth->attrs); - if (NULL != cth->attests) - GNUNET_RECLAIM_attestation_list_destroy (cth->attests); + if (NULL != cth->credentials) + GNUNET_RECLAIM_credential_list_destroy (cth->credentials); GNUNET_free (cth); } @@ -1027,40 +1027,20 @@ process_parallel_lookup_result (void *cls, // REMARK: It is possible now to find rd_count > 1 for (int i = 0; i < rd_count; i++) { - if (GNUNET_GNSRECORD_TYPE_RECLAIM_ATTRIBUTE == rd[i].record_type) - { - attr_le = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); - GNUNET_RECLAIM_attribute_deserialize (rd[i].data, rd[i].data_size, - &attr_le->attribute); - GNUNET_CONTAINER_DLL_insert (cth->attrs->list_head, - cth->attrs->list_tail, - attr_le); - } - else if (GNUNET_GNSRECORD_TYPE_RECLAIM_ATTESTATION == rd[i].record_type) - { - struct GNUNET_RECLAIM_AttestationListEntry *ale; - ale = GNUNET_new (struct GNUNET_RECLAIM_AttestationListEntry); - ale->attestation = - GNUNET_RECLAIM_attestation_deserialize (rd[i].data, - rd[i].data_size); - GNUNET_CONTAINER_DLL_insert (cth->attests->list_head, - cth->attests->list_tail, - ale); - } - else - { - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Parallel Lookup of Reference without Attestation"); + if (GNUNET_GNSRECORD_TYPE_RECLAIM_ATTRIBUTE != rd[i].record_type) continue; - } - - + attr_le = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); + GNUNET_RECLAIM_attribute_deserialize (rd[i].data, rd[i].data_size, + &attr_le->attribute); + GNUNET_CONTAINER_DLL_insert (cth->attrs->list_head, + cth->attrs->list_tail, + attr_le); } if (NULL != cth->parallel_lookups_head) return; // Wait for more /* Else we are done */ cth->cb (cth->cb_cls, &cth->ticket.identity, - cth->attrs, cth->attests, GNUNET_OK, NULL); + cth->attrs, cth->credentials, GNUNET_OK, NULL); cleanup_cth (cth); } @@ -1126,26 +1106,45 @@ lookup_authz_cb (void *cls, for (int i = 0; i < rd_count; i++) { - if ((GNUNET_GNSRECORD_TYPE_RECLAIM_ATTRIBUTE_REF != rd[i].record_type) && - (GNUNET_GNSRECORD_TYPE_RECLAIM_ATTESTATION_REF != rd[i].record_type)) - continue; - lbl = GNUNET_STRINGS_data_to_string_alloc (rd[i].data, rd[i].data_size); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Ticket reference found %s\n", lbl); - parallel_lookup = GNUNET_new (struct ParallelLookup); - parallel_lookup->handle = cth; - parallel_lookup->label = lbl; - parallel_lookup->lookup_start_time = GNUNET_TIME_absolute_get (); - parallel_lookup->lookup_request = - GNUNET_GNS_lookup (gns, - lbl, - &cth->ticket.identity, - GNUNET_GNSRECORD_TYPE_ANY, - GNUNET_GNS_LO_DEFAULT, - &process_parallel_lookup_result, - parallel_lookup); - GNUNET_CONTAINER_DLL_insert (cth->parallel_lookups_head, - cth->parallel_lookups_tail, - parallel_lookup); + /** + * Check if record is a credential presentation or an attribute + * reference. + */ + switch (rd[i].record_type) + { + case GNUNET_GNSRECORD_TYPE_RECLAIM_PRESENTATION: + struct GNUNET_RECLAIM_CredentialListEntry *ale; + ale = GNUNET_new (struct GNUNET_RECLAIM_CredentialListEntry); + ale->credential = + GNUNET_RECLAIM_credential_deserialize (rd[i].data, + rd[i].data_size); + GNUNET_CONTAINER_DLL_insert (cth->credentials->list_head, + cth->credentials->list_tail, + ale); + break; + case GNUNET_GNSRECORD_TYPE_RECLAIM_ATTRIBUTE_REF: + lbl = GNUNET_STRINGS_data_to_string_alloc (rd[i].data, rd[i].data_size); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Ticket reference found %s\n", lbl); + parallel_lookup = GNUNET_new (struct ParallelLookup); + parallel_lookup->handle = cth; + parallel_lookup->label = lbl; + parallel_lookup->lookup_start_time = GNUNET_TIME_absolute_get (); + parallel_lookup->lookup_request = + GNUNET_GNS_lookup (gns, + lbl, + &cth->ticket.identity, + GNUNET_GNSRECORD_TYPE_ANY, + GNUNET_GNS_LO_DEFAULT, + &process_parallel_lookup_result, + parallel_lookup); + GNUNET_CONTAINER_DLL_insert (cth->parallel_lookups_head, + cth->parallel_lookups_tail, + parallel_lookup); + break; + default: + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Ignoring unknown record type %d", rd[i].record_type); + } } /** * We started lookups. Add a timeout task. @@ -1163,7 +1162,7 @@ lookup_authz_cb (void *cls, * No references found, return empty attribute list */ cth->cb (cth->cb_cls, &cth->ticket.identity, - cth->attrs, cth->attests, GNUNET_OK, NULL); + cth->attrs, cth->credentials, GNUNET_OK, NULL); cleanup_cth (cth); } @@ -1193,7 +1192,7 @@ RECLAIM_TICKETS_consume (const struct GNUNET_CRYPTO_EcdsaPrivateKey *id, cth->identity = *id; GNUNET_CRYPTO_ecdsa_key_get_public (&cth->identity, &cth->identity_pub); cth->attrs = GNUNET_new (struct GNUNET_RECLAIM_AttributeList); - cth->attests = GNUNET_new (struct GNUNET_RECLAIM_AttestationList); + cth->credentials = GNUNET_new (struct GNUNET_RECLAIM_CredentialList); cth->ticket = *ticket; cth->cb = cb; cth->cb_cls = cb_cls; @@ -1293,7 +1292,7 @@ issue_ticket (struct TicketIssueHandle *ih) for (le = ih->attrs->list_head; NULL != le; le = le->next) attrs_count++; - // Worst case we have one attestation per attribute + // Worst case we have one credential per attribute attrs_record = GNUNET_malloc (2 * attrs_count * sizeof(struct GNUNET_GNSRECORD_Data)); i = 0; @@ -1308,26 +1307,31 @@ issue_ticket (struct TicketIssueHandle *ih) attrs_record[i].record_type = GNUNET_GNSRECORD_TYPE_RECLAIM_ATTRIBUTE_REF; attrs_record[i].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; i++; - if (GNUNET_NO == GNUNET_RECLAIM_id_is_zero (&le->attribute->attestation)) + if (GNUNET_NO == GNUNET_RECLAIM_id_is_zero (&le->attribute->credential)) { + struct GNUNET_RECLAIM_Presentation *pres; int j; for (j = 0; j < i; j++) { if (attrs_record[j].record_type - != GNUNET_GNSRECORD_TYPE_RECLAIM_ATTESTATION_REF) + != GNUNET_GNSRECORD_TYPE_RECLAIM_PRESENTATION) continue; - if (0 == memcmp (attrs_record[j].data, - &le->attribute->attestation, - sizeof (le->attribute->attestation))) + pres = attrs_record[j].data; + if (0 == memcmp (pres->credential_id, + &le->attribute->credential, + sizeof (le->attribute->credential))) break; } if (j < i) - continue; // Skip as we have already added this attestation. - attrs_record[i].data = &le->attribute->attestation; - attrs_record[i].data_size = sizeof(le->attribute->attestation); + continue; // Skip as we have already added this credential presentation. + /** + * FIXME: Create a new presentation from the credential. + */ + attrs_record[i].data = &le->attribute->credential; + attrs_record[i].data_size = sizeof(le->attribute->credential); attrs_record[i].expiration_time = ticket_refresh_interval.rel_value_us; attrs_record[i].record_type = - GNUNET_GNSRECORD_TYPE_RECLAIM_ATTESTATION_REF; + GNUNET_GNSRECORD_TYPE_RECLAIM_PRESENTATION; attrs_record[i].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; i++; } @@ -1401,22 +1405,23 @@ filter_tickets_cb (void *cls, { struct TicketIssueHandle *tih = cls; struct GNUNET_RECLAIM_Ticket *ticket = NULL; + struct GNUNET_RECLAIM_Presentation *pres; // figure out the number of requested attributes struct GNUNET_RECLAIM_AttributeListEntry *le; unsigned int attr_cnt = 0; - unsigned int attest_cnt = 0; + unsigned int cred_cnt = 0; for (le = tih->attrs->list_head; NULL != le; le = le->next) { attr_cnt++; - if (GNUNET_NO == GNUNET_RECLAIM_id_is_zero (&le->attribute->attestation)) - attest_cnt++; + if (GNUNET_NO == GNUNET_RECLAIM_id_is_zero (&le->attribute->credential)) + pres_cnt++; } // ticket search unsigned int found_attrs_cnt = 0; - unsigned int found_attests_cnt = 0; + unsigned int found_pres_cnt = 0; for (int i = 0; i < rd_count; i++) { @@ -1436,20 +1441,25 @@ filter_tickets_cb (void *cls, } // cmp requested attributes with ticket attributes - if ((GNUNET_GNSRECORD_TYPE_RECLAIM_ATTRIBUTE_REF != rd[i].record_type) && - (GNUNET_GNSRECORD_TYPE_RECLAIM_ATTESTATION_REF != rd[i].record_type)) - continue; - for (le = tih->attrs->list_head; NULL != le; le = le->next) + if (GNUNET_GNSRECORD_TYPE_RECLAIM_ATTRIBUTE_REF == rd[i].record_type) { - if (GNUNET_YES == GNUNET_RECLAIM_id_is_equal (rd[i].data, - &le->attribute->id)) - found_attrs_cnt++; + for (le = tih->attrs->list_head; NULL != le; le = le->next) + { + if (GNUNET_YES == GNUNET_RECLAIM_id_is_equal (rd[i].data, + &le->attribute->id)) + found_attrs_cnt++; + } } - for (le = tih->attrs->list_head; NULL != le; le = le->next) + if (GNUNET_GNSRECORD_TYPE_RECLAIM_PRESENTATION == rd[i].record_type) { - if (GNUNET_YES == GNUNET_RECLAIM_id_is_equal (rd[i].data, - &le->attribute->attestation)) - found_attests_cnt++; + for (le = tih->attrs->list_head; NULL != le; le = le->next) + { + pres = rd[i].data; + if (GNUNET_YES == GNUNET_RECLAIM_id_is_equal (pres->credential_id, + &le->attribute->credential)) + found_pres_cnt++; + // FIXME should we store credentials here for later use?? + } } } @@ -1458,7 +1468,7 @@ filter_tickets_cb (void *cls, * we are done. */ if ((attr_cnt == found_attrs_cnt) && - (attest_cnt == found_attests_cnt) && + (pres_cnt == found_pres_cnt) && (NULL != ticket)) { GNUNET_NAMESTORE_zone_iteration_stop (tih->ns_it); diff --git a/src/reclaim/gnunet-service-reclaim_tickets.h b/src/reclaim/gnunet-service-reclaim_tickets.h index 1c7214d42..404b9c837 100644 --- a/src/reclaim/gnunet-service-reclaim_tickets.h +++ b/src/reclaim/gnunet-service-reclaim_tickets.h @@ -137,7 +137,7 @@ typedef void (*RECLAIM_TICKETS_ConsumeCallback) ( void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, const struct GNUNET_RECLAIM_AttributeList *attributes, - const struct GNUNET_RECLAIM_AttestationList *attestations, + const struct GNUNET_RECLAIM_CredentialList *credentials, int32_t success, const char *emsg); diff --git a/src/reclaim/json_reclaim.c b/src/reclaim/json_reclaim.c index c470ea567..c8b944326 100644 --- a/src/reclaim/json_reclaim.c +++ b/src/reclaim/json_reclaim.c @@ -46,7 +46,7 @@ parse_attr (void *cls, json_t *root, struct GNUNET_JSON_Specification *spec) const char *val_str = NULL; const char *type_str = NULL; const char *id_str = NULL; - const char *attest_str = NULL; + const char *cred_str = NULL; const char *flag_str = NULL; char *data; int unpack_state; @@ -68,8 +68,8 @@ parse_attr (void *cls, json_t *root, struct GNUNET_JSON_Specification *spec) &name_str, "id", &id_str, - "attestation", - &attest_str, + "credential", + &cred_str, "type", &type_str, "value", @@ -95,12 +95,12 @@ parse_attr (void *cls, json_t *root, struct GNUNET_JSON_Specification *spec) } attr = GNUNET_RECLAIM_attribute_new (name_str, NULL, type, data, data_size); - if ((NULL != attest_str) && (0 != strlen (attest_str))) + if ((NULL != cred_str) && (0 != strlen (cred_str))) { - GNUNET_STRINGS_string_to_data (attest_str, - strlen (attest_str), - &attr->attestation, - sizeof(attr->attestation)); + GNUNET_STRINGS_string_to_data (cred_str, + strlen (cred_str), + &attr->credential, + sizeof(attr->credential)); } if ((NULL == id_str) || (0 == strlen (id_str))) memset (&attr->id, 0, sizeof (attr->id)); @@ -142,7 +142,7 @@ clean_attr (void *cls, struct GNUNET_JSON_Specification *spec) * @return JSON Specification */ struct GNUNET_JSON_Specification -GNUNET_RECLAIM_JSON_spec_claim (struct GNUNET_RECLAIM_Attribute **attr) +GNUNET_RECLAIM_JSON_spec_attribute (struct GNUNET_RECLAIM_Attribute **attr) { struct GNUNET_JSON_Specification ret = { .parser = &parse_attr, .cleaner = &clean_attr, @@ -279,7 +279,7 @@ GNUNET_RECLAIM_JSON_spec_ticket (struct GNUNET_RECLAIM_Ticket **ticket) /** - * Parse given JSON object to an attestation claim + * Parse given JSON object to a credential claim * * @param cls closure, NULL * @param root the json object representing data @@ -287,9 +287,9 @@ GNUNET_RECLAIM_JSON_spec_ticket (struct GNUNET_RECLAIM_Ticket **ticket) * @return #GNUNET_OK upon successful parsing; #GNUNET_SYSERR upon error */ static int -parse_attest (void *cls, json_t *root, struct GNUNET_JSON_Specification *spec) +parse_credential (void *cls, json_t *root, struct GNUNET_JSON_Specification *spec) { - struct GNUNET_RECLAIM_Attestation *attr; + struct GNUNET_RECLAIM_Credential *cred; const char *name_str = NULL; const char *val_str = NULL; const char *type_str = NULL; @@ -325,17 +325,17 @@ parse_attest (void *cls, json_t *root, struct GNUNET_JSON_Specification *spec) "Error json object has a wrong format!\n"); return GNUNET_SYSERR; } - type = GNUNET_RECLAIM_attestation_typename_to_number (type_str); + type = GNUNET_RECLAIM_credential_typename_to_number (type_str); if (GNUNET_SYSERR == - (GNUNET_RECLAIM_attestation_string_to_value (type, - val_str, - (void **) &data, - &data_size))) + (GNUNET_RECLAIM_credential_string_to_value (type, + val_str, + (void **) &data, + &data_size))) { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Attestation value invalid!\n"); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Credential value invalid!\n"); return GNUNET_SYSERR; } - attr = GNUNET_RECLAIM_attestation_new (name_str, type, data, data_size); + attr = GNUNET_RECLAIM_credential_new (name_str, type, data, data_size); if ((NULL == id_str) || (0 == strlen (id_str))) memset (&attr->id, 0, sizeof (attr->id)); else @@ -344,7 +344,7 @@ parse_attest (void *cls, json_t *root, struct GNUNET_JSON_Specification *spec) &attr->id, sizeof(attr->id)); - *(struct GNUNET_RECLAIM_Attestation **) spec->ptr = attr; + *(struct GNUNET_RECLAIM_Credential **) spec->ptr = attr; return GNUNET_OK; } @@ -356,11 +356,11 @@ parse_attest (void *cls, json_t *root, struct GNUNET_JSON_Specification *spec) * @param[out] spec where to free the data */ static void -clean_attest (void *cls, struct GNUNET_JSON_Specification *spec) +clean_credential (void *cls, struct GNUNET_JSON_Specification *spec) { - struct GNUNET_RECLAIM_Attestation **attr; + struct GNUNET_RECLAIM_Credential **attr; - attr = (struct GNUNET_RECLAIM_Attestation **) spec->ptr; + attr = (struct GNUNET_RECLAIM_Credential **) spec->ptr; if (NULL != *attr) { GNUNET_free (*attr); @@ -370,23 +370,23 @@ clean_attest (void *cls, struct GNUNET_JSON_Specification *spec) /** - * JSON Specification for Reclaim attestation claims. + * JSON Specification for credential claims. * - * @param ticket struct of GNUNET_RECLAIM_ATTESTATION_Claim to fill + * @param attr struct of GNUNET_RECLAIM_Credential to fill * @return JSON Specification */ struct GNUNET_JSON_Specification -GNUNET_RECLAIM_JSON_spec_claim_attest (struct - GNUNET_RECLAIM_Attestation **attr) +GNUNET_RECLAIM_JSON_spec_credential (struct + GNUNET_RECLAIM_Credential **cred) { - struct GNUNET_JSON_Specification ret = { .parser = &parse_attest, - .cleaner = &clean_attest, + struct GNUNET_JSON_Specification ret = { .parser = &parse_credential, + .cleaner = &clean_credential, .cls = NULL, .field = NULL, .ptr = attr, .ptr_size = 0, .size_ptr = NULL }; - *attr = NULL; + *cred = NULL; return ret; } diff --git a/src/reclaim/json_reclaim.h b/src/reclaim/json_reclaim.h index c57971dcb..8911cf92d 100644 --- a/src/reclaim/json_reclaim.h +++ b/src/reclaim/json_reclaim.h @@ -32,11 +32,11 @@ /** * JSON Specification for Reclaim claims. * - * @param ticket struct of GNUNET_RECLAIM_ATTRIBUTE_Claim to fill + * @param attr struct of GNUNET_RECLAIM_Attribute to fill * @return JSON Specification */ struct GNUNET_JSON_Specification -GNUNET_RECLAIM_JSON_spec_claim (struct GNUNET_RECLAIM_Attribute **attr); +GNUNET_RECLAIM_JSON_spec_attribute (struct GNUNET_RECLAIM_Attribute **attr); /** * JSON Specification for Reclaim tickets. @@ -48,11 +48,10 @@ struct GNUNET_JSON_Specification GNUNET_RECLAIM_JSON_spec_ticket (struct GNUNET_RECLAIM_Ticket **ticket); /** - * JSON Specification for Reclaim attestation claims. + * JSON Specification for credentials. * - * @param ticket struct of GNUNET_RECLAIM_Attestation to fill + * @param cred struct of GNUNET_RECLAIM_Credential to fill * @return JSON Specification */ struct GNUNET_JSON_Specification -GNUNET_RECLAIM_JSON_spec_claim_attest (struct - GNUNET_RECLAIM_Attestation **attr); +GNUNET_RECLAIM_JSON_spec_credential (struct GNUNET_RECLAIM_Attestation **cred); diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c index eab12db33..9c7e79c41 100644 --- a/src/reclaim/oidc_helper.c +++ b/src/reclaim/oidc_helper.c @@ -62,9 +62,9 @@ struct OIDC_Parameters uint32_t attr_list_len GNUNET_PACKED; /** - * The length of the attestation list + * The length of the presentation list */ - uint32_t attest_list_len GNUNET_PACKED; + uint32_t pres_list_len GNUNET_PACKED; }; GNUNET_NETWORK_STRUCT_END @@ -157,24 +157,24 @@ fix_base64 (char *str) static json_t* generate_userinfo_json(const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, struct GNUNET_RECLAIM_AttributeList *attrs, - struct GNUNET_RECLAIM_AttestationList *attests) + struct GNUNET_RECLAIM_PresentationList *presentations) { struct GNUNET_RECLAIM_AttributeListEntry *le; - struct GNUNET_RECLAIM_AttestationListEntry *ale; + struct GNUNET_RECLAIM_PresentationListEntry *ple; char *subject; char *source_name; char *attr_val_str; - char *attest_val_str; + char *pres_val_str; json_t *body; json_t *aggr_names; json_t *aggr_sources; json_t *aggr_sources_jwt; json_t *addr_claim = NULL; - int num_attestations = 0; + int num_presentations = 0; for (le = attrs->list_head; NULL != le; le = le->next) { - if (GNUNET_NO == GNUNET_RECLAIM_id_is_zero (&le->attribute->attestation)) - num_attestations++; + if (GNUNET_NO == GNUNET_RECLAIM_id_is_zero (&le->attribute->credential)) + num_presentations++; } subject = @@ -191,23 +191,25 @@ generate_userinfo_json(const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, json_object_set_new (body, "iss", json_string (SERVER_ADDRESS)); // sub REQUIRED public key identity, not exceed 255 ASCII length json_object_set_new (body, "sub", json_string (subject)); - attest_val_str = NULL; + pres_val_str = NULL; source_name = NULL; int i = 0; - for (ale = attests->list_head; NULL != ale; ale = ale->next) + for (ple = presentations->list_head; NULL != ple; ple = ple->next) { - // New Attestation + // New presentation GNUNET_asprintf (&source_name, "src%d", i); aggr_sources_jwt = json_object (); - attest_val_str = - GNUNET_RECLAIM_attestation_value_to_string (ale->attestation->type, - ale->attestation->data, - ale->attestation->data_size); - json_object_set_new (aggr_sources_jwt, "JWT", - json_string (attest_val_str) ); + pres_val_str = + GNUNET_RECLAIM_presentation_value_to_string (ple->presentation->type, + ple->presentation->data, + ple->presentation->data_size); + json_object_set_new (aggr_sources_jwt, + GNUNET_RECLAIM_presentation_number_to_typename (ple->presentation->type), + json_string (pres_val_str) ); json_object_set_new (aggr_sources, source_name, aggr_sources_jwt); + GNUNET_free (pres_val_str); GNUNET_free (source_name); source_name = NULL; i++; @@ -216,7 +218,7 @@ generate_userinfo_json(const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, for (le = attrs->list_head; NULL != le; le = le->next) { - if (GNUNET_YES == GNUNET_RECLAIM_id_is_zero (&le->attribute->attestation)) + if (GNUNET_YES == GNUNET_RECLAIM_id_is_zero (&le->attribute->credential)) { attr_val_str = @@ -247,18 +249,24 @@ generate_userinfo_json(const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, } else { - // Check if attest is there + // Check if presentation is there int j = 0; - for (ale = attests->list_head; NULL != ale; ale = ale->next) + for (ple = presentations->list_head; NULL != ple; ple = ple->next) { if (GNUNET_YES == - GNUNET_RECLAIM_id_is_equal (&ale->attestation->id, - &le->attribute->attestation)) + GNUNET_RECLAIM_id_is_equal (&ple->presentation->credential_id, + &le->attribute->credential)) break; j++; } - GNUNET_assert (NULL != ale); - // Attestation is existing, hence take the respective source str + if (NULL == ple) + { + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "Presentation for `%s' missing...\n", + le->attribute->name); + continue; + } + // Presentation exists, hence take the respective source str GNUNET_asprintf (&source_name, "src%d", j); @@ -269,9 +277,6 @@ generate_userinfo_json(const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, } if (NULL != addr_claim) json_object_set_new (body, "address", addr_claim); - - if (NULL != attest_val_str) - GNUNET_free (attest_val_str); if (0 != i) { json_object_set_new (body, "_claim_names", aggr_names); @@ -286,18 +291,18 @@ generate_userinfo_json(const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, * * @param sub_key the subject (user) * @param attrs user attribute list - * @param attests user attribute attestation list (may be empty) + * @param presentations credential presentation list (may be empty) * @return Userinfo JSON */ char * OIDC_generate_userinfo (const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, struct GNUNET_RECLAIM_AttributeList *attrs, - struct GNUNET_RECLAIM_AttestationList *attests) + struct GNUNET_RECLAIM_PresentationList *presentations) { char *body_str; json_t* body = generate_userinfo_json (sub_key, attrs, - attests); + presentations); body_str = json_dumps (body, JSON_INDENT (0) | JSON_COMPACT); json_decref (body); return body_str; @@ -310,6 +315,7 @@ OIDC_generate_userinfo (const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, * @param aud_key the public of the audience * @param sub_key the public key of the subject * @param attrs the attribute list + * @param presentations credential presentation list (may be empty) * @param expiration_time the validity of the token * @param secret_key the key used to sign the JWT * @return a new base64-encoded JWT string. @@ -318,7 +324,7 @@ char * OIDC_generate_id_token (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, struct GNUNET_RECLAIM_AttributeList *attrs, - struct GNUNET_RECLAIM_AttestationList *attests, + struct GNUNET_RECLAIM_PresentationList *presentations, const struct GNUNET_TIME_Relative *expiration_time, const char *nonce, const char *secret_key) @@ -339,7 +345,7 @@ OIDC_generate_id_token (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, body = generate_userinfo_json (sub_key, attrs, - attests); + presentations); // iat REQUIRED time now time_now = GNUNET_TIME_absolute_get (); // exp REQUIRED time expired from config @@ -426,6 +432,7 @@ OIDC_generate_id_token (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, * @param issuer the issuer of the ticket, used to sign the ticket and nonce * @param ticket the ticket to include in the code * @param attrs list of attributes which are shared + * @param presentations credential presentation list (may be empty) * @param nonce the nonce to include in the code * @param code_challenge PKCE code challenge * @return a new authorization code (caller must free) @@ -434,7 +441,7 @@ char * OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, const struct GNUNET_RECLAIM_Ticket *ticket, struct GNUNET_RECLAIM_AttributeList *attrs, - struct GNUNET_RECLAIM_AttestationList *attests, + struct GNUNET_RECLAIM_PresentationList *presentations, const char *nonce_str, const char *code_challenge) { @@ -447,7 +454,7 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, size_t payload_len; size_t code_payload_len; size_t attr_list_len = 0; - size_t attests_list_len = 0; + size_t pres_list_len = 0; size_t code_challenge_len = 0; uint32_t nonce_len = 0; struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; @@ -481,17 +488,17 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, // Get serialized attributes payload_len += attr_list_len; } - if (NULL != attests) + if (NULL != presentations) { // Get length - attests_list_len = - GNUNET_RECLAIM_attestation_list_serialize_get_size (attests); - params.attest_list_len = htonl (attests_list_len); + pres_list_len = + GNUNET_RECLAIM_presentation_list_serialize_get_size (presentations); + params.pres_list_len = htonl (pres_list_len); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Length of serialized attestations: %lu\n", - attests_list_len); + "Length of serialized presentations: %lu\n", + pres_list_len); // Get serialized attributes - payload_len += attests_list_len; + payload_len += pres_list_len; } // Get plaintext length @@ -510,8 +517,8 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, } if (0 < attr_list_len) GNUNET_RECLAIM_attribute_list_serialize (attrs, tmp); - if (0 < attests_list_len) - GNUNET_RECLAIM_attestation_list_serialize (attests, tmp); + if (0 < pres_list_len) + GNUNET_RECLAIM_presentation_list_serialize (presentations, tmp); /** END **/ @@ -564,7 +571,7 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, * if used in request. * @param ticket where to store the ticket * @param attrs the attributes in the code - * @param attests the attestations in the code (if any) + * @param presentations credential presentation list * @param nonce_str where to store the nonce (if contained) * @return GNUNET_OK if successful, else GNUNET_SYSERR */ @@ -574,14 +581,14 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience, const char *code_verifier, struct GNUNET_RECLAIM_Ticket *ticket, struct GNUNET_RECLAIM_AttributeList **attrs, - struct GNUNET_RECLAIM_AttestationList **attests, + struct GNUNET_RECLAIM_PresentationList **presentations, char **nonce_str) { char *code_payload; char *ptr; char *plaintext; char *attrs_ser; - char *attests_ser; + char *presentations_ser; char *expected_code_challenge; char *code_challenge; char *code_verifier_hash; @@ -589,7 +596,7 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience, struct GNUNET_CRYPTO_EcdsaSignature *signature; uint32_t code_challenge_len; uint32_t attrs_ser_len; - uint32_t attests_ser_len; + uint32_t presentations_ser_len; size_t plaintext_len; size_t code_payload_len; uint32_t nonce_len = 0; @@ -692,10 +699,11 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience, attrs_ser = ((char *) ¶ms[1]) + code_challenge_len + nonce_len; attrs_ser_len = ntohl (params->attr_list_len); *attrs = GNUNET_RECLAIM_attribute_list_deserialize (attrs_ser, attrs_ser_len); - attests_ser = ((char*) attrs_ser) + attrs_ser_len; - attests_ser_len = ntohl (params->attest_list_len); - *attests = GNUNET_RECLAIM_attestation_list_deserialize (attests_ser, - attests_ser_len); + presentations_ser = ((char*) attrs_ser) + attrs_ser_len; + pres_ser_len = ntohl (params->pres_list_len); + *presentations = + GNUNET_RECLAIM_presentations_list_deserialize (presentations_ser, + pres_ser_len); GNUNET_free (code_payload); return GNUNET_OK; diff --git a/src/reclaim/oidc_helper.h b/src/reclaim/oidc_helper.h index e713dab62..789a2acc7 100644 --- a/src/reclaim/oidc_helper.h +++ b/src/reclaim/oidc_helper.h @@ -44,6 +44,7 @@ * @param aud_key the public of the audience * @param sub_key the public key of the subject * @param attrs the attribute list + * @param presentations credential presentation list (may be empty) * @param expiration_time the validity of the token * @param secret_key the key used to sign the JWT * @return a new base64-encoded JWT string. @@ -52,7 +53,7 @@ char* OIDC_generate_id_token (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, struct GNUNET_RECLAIM_AttributeList *attrs, - struct GNUNET_RECLAIM_AttestationList *attests, + struct GNUNET_RECLAIM_PresentationList *presentations, const struct GNUNET_TIME_Relative *expiration_time, const char *nonce, const char *secret_key); @@ -64,6 +65,7 @@ OIDC_generate_id_token (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, * @param issuer the issuer of the ticket, used to sign the ticket and nonce * @param ticket the ticket to include in the code * @param attrs list of attributes to share + * @param presentations credential presentation list * @param nonce the nonce to include in the code * @param code_challenge PKCE code challenge * @return a new authorization code (caller must free) @@ -72,7 +74,7 @@ char* OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, const struct GNUNET_RECLAIM_Ticket *ticket, struct GNUNET_RECLAIM_AttributeList *attrs, - struct GNUNET_RECLAIM_AttestationList *attests, + struct GNUNET_RECLAIM_PresentationList *presentations, const char *nonce, const char *code_challenge); @@ -86,6 +88,7 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, * @param code_verfier PKCE code verifier * @param ticket where to store the ticket * @param attrs the attributes found in the code + * @param presentations credential presentation list * @param nonce where to store the nonce * @return GNUNET_OK if successful, else GNUNET_SYSERR */ @@ -95,7 +98,7 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *ecdsa_pub, const char *code_verifier, struct GNUNET_RECLAIM_Ticket *ticket, struct GNUNET_RECLAIM_AttributeList **attrs, - struct GNUNET_RECLAIM_AttestationList **attests, + struct GNUNET_RECLAIM_PresentationList **presentations, char **nonce); /** @@ -145,12 +148,12 @@ OIDC_check_scopes_for_claim_request (const char*scopes, * * @param sub_key the subject (user) * @param attrs user attribute list - * @param attests user attribute attestation list (may be empty) + * @param presentations credential presentation list * @return Userinfo JSON */ char * OIDC_generate_userinfo (const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, struct GNUNET_RECLAIM_AttributeList *attrs, - struct GNUNET_RECLAIM_AttestationList *attests); + struct GNUNET_RECLAIM_PresentationList *presentations); #endif diff --git a/src/reclaim/plugin_reclaim_attestation_jwt.c b/src/reclaim/plugin_reclaim_attestation_jwt.c deleted file mode 100644 index c87d3e61a..000000000 --- a/src/reclaim/plugin_reclaim_attestation_jwt.c +++ /dev/null @@ -1,321 +0,0 @@ -/* - This file is part of GNUnet - Copyright (C) 2013, 2014, 2016 GNUnet e.V. - - GNUnet is free software: you can redistribute it and/or modify it - under the terms of the GNU Affero General Public License as published - by the Free Software Foundation, either version 3 of the License, - or (at your option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . - - SPDX-License-Identifier: AGPL3.0-or-later - */ - -/** - * @file reclaim-attribute/plugin_reclaim_attestation_gnuid.c - * @brief reclaim-attribute-plugin-gnuid attribute plugin to provide the API for - * fundamental - * attribute types. - * - * @author Martin Schanzenbach - */ -#include "platform.h" -#include "gnunet_util_lib.h" -#include "gnunet_reclaim_plugin.h" -#include -#include - -/** - * Convert the 'value' of an attestation to a string. - * - * @param cls closure, unused - * @param type type of the attestation - * @param data value in binary encoding - * @param data_size number of bytes in @a data - * @return NULL on error, otherwise human-readable representation of the value - */ -static char * -jwt_value_to_string (void *cls, - uint32_t type, - const void *data, - size_t data_size) -{ - switch (type) - { - case GNUNET_RECLAIM_ATTESTATION_TYPE_JWT: - return GNUNET_strndup (data, data_size); - - default: - return NULL; - } -} - - -/** - * Convert human-readable version of a 'value' of an attestation to the binary - * representation. - * - * @param cls closure, unused - * @param type type of the attestation - * @param s human-readable string - * @param data set to value in binary encoding (will be allocated) - * @param data_size set to number of bytes in @a data - * @return #GNUNET_OK on success - */ -static int -jwt_string_to_value (void *cls, - uint32_t type, - const char *s, - void **data, - size_t *data_size) -{ - if (NULL == s) - return GNUNET_SYSERR; - switch (type) - { - case GNUNET_RECLAIM_ATTESTATION_TYPE_JWT: - *data = GNUNET_strdup (s); - *data_size = strlen (s); - return GNUNET_OK; - - default: - return GNUNET_SYSERR; - } -} - - -/** - * Mapping of attestation type numbers to human-readable - * attestation type names. - */ -static struct -{ - const char *name; - uint32_t number; -} jwt_attest_name_map[] = { { "JWT", GNUNET_RECLAIM_ATTESTATION_TYPE_JWT }, - { NULL, UINT32_MAX } }; - -/** - * Convert a type name to the corresponding number. - * - * @param cls closure, unused - * @param jwt_typename name to convert - * @return corresponding number, UINT32_MAX on error - */ -static uint32_t -jwt_typename_to_number (void *cls, const char *jwt_typename) -{ - unsigned int i; - - i = 0; - while ((NULL != jwt_attest_name_map[i].name) && - (0 != strcasecmp (jwt_typename, jwt_attest_name_map[i].name))) - i++; - return jwt_attest_name_map[i].number; -} - - -/** - * Convert a type number (i.e. 1) to the corresponding type string - * - * @param cls closure, unused - * @param type number of a type to convert - * @return corresponding typestring, NULL on error - */ -static const char * -jwt_number_to_typename (void *cls, uint32_t type) -{ - unsigned int i; - - i = 0; - while ((NULL != jwt_attest_name_map[i].name) && (type != - jwt_attest_name_map[i]. - number)) - i++; - return jwt_attest_name_map[i].name; -} - - -/** - * Parse a JWT and return the respective claim value as Attribute - * - * @param cls the plugin - * @param attest the jwt attestation - * @return a GNUNET_RECLAIM_Attribute, containing the new value - */ -struct GNUNET_RECLAIM_AttributeList * -jwt_parse_attributes (void *cls, - const struct GNUNET_RECLAIM_Attestation *attest) -{ - char *jwt_string; - struct GNUNET_RECLAIM_AttributeList *attrs; - char delim[] = "."; - char *val_str = NULL; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n"); - char *decoded_jwt; - json_t *json_val; - json_error_t *json_err = NULL; - - /* GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "%s\n", attest->data); (not OK: 'data' is not defined as 0-terminated text, but binary) */ - if (GNUNET_RECLAIM_ATTESTATION_TYPE_JWT != attest->type) - return NULL; - attrs = GNUNET_new (struct GNUNET_RECLAIM_AttributeList); - - jwt_string = GNUNET_strdup (attest->data); - const char *jwt_body = strtok (jwt_string, delim); - jwt_body = strtok (NULL, delim); - GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), - (void **) &decoded_jwt); - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", decoded_jwt); - GNUNET_assert (NULL != decoded_jwt); - json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); - const char *key; - json_t *value; - json_object_foreach (json_val, key, value) { - if (0 == strcmp ("iss", key)) - continue; - if (0 == strcmp ("exp", key)) - continue; - if (0 == strcmp ("iat", key)) - continue; - if (0 == strcmp ("nbf", key)) - continue; - if (0 == strcmp ("aud", key)) - continue; - val_str = json_dumps (value, JSON_ENCODE_ANY); - GNUNET_RECLAIM_attribute_list_add (attrs, - key, - NULL, - GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,// FIXME - val_str, - strlen (val_str)); - GNUNET_free (val_str); - } - GNUNET_free (jwt_string); - return attrs; -} - - -/** - * Parse a JWT and return the issuer - * - * @param cls the plugin - * @param attest the jwt attestation - * @return a string, containing the isser - */ -char * -jwt_get_issuer (void *cls, - const struct GNUNET_RECLAIM_Attestation *attest) -{ - const char *jwt_body; - char *jwt_string; - char delim[] = "."; - char *issuer = NULL; - char *decoded_jwt; - json_t *issuer_json; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n"); - json_t *json_val; - json_error_t *json_err = NULL; - - if (GNUNET_RECLAIM_ATTESTATION_TYPE_JWT != attest->type) - return NULL; - jwt_string = GNUNET_strdup (attest->data); - jwt_body = strtok (jwt_string, delim); - jwt_body = strtok (NULL, delim); - GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), - (void **) &decoded_jwt); - json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); - issuer_json = json_object_get (json_val, "iss"); - if ((NULL == issuer_json) || (! json_is_string (issuer_json))) - return NULL; - issuer = GNUNET_strdup (json_string_value (issuer_json)); - GNUNET_free (jwt_string); - return issuer; -} - - -/** - * Parse a JWT and return the expiration - * - * @param cls the plugin - * @param attest the jwt attestation - * @return a string, containing the isser - */ -int -jwt_get_expiration (void *cls, - const struct GNUNET_RECLAIM_Attestation *attest, - struct GNUNET_TIME_Absolute *exp) -{ - const char *jwt_body; - char *jwt_string; - char delim[] = "."; - char *decoded_jwt; - json_t *exp_json; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n"); - json_t *json_val; - json_error_t *json_err = NULL; - - if (GNUNET_RECLAIM_ATTESTATION_TYPE_JWT != attest->type) - return GNUNET_NO; - jwt_string = GNUNET_strdup (attest->data); - jwt_body = strtok (jwt_string, delim); - jwt_body = strtok (NULL, delim); - GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), - (void **) &decoded_jwt); - json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); - exp_json = json_object_get (json_val, "exp"); - if ((NULL == exp_json) || (! json_is_integer (exp_json))) - return GNUNET_SYSERR; - exp->abs_value_us = json_integer_value (exp_json) * 1000 * 1000; - GNUNET_free (jwt_string); - return GNUNET_OK; -} - - -/** - * Entry point for the plugin. - * - * @param cls NULL - * @return the exported block API - */ -void * -libgnunet_plugin_reclaim_attestation_jwt_init (void *cls) -{ - struct GNUNET_RECLAIM_AttestationPluginFunctions *api; - - api = GNUNET_new (struct GNUNET_RECLAIM_AttestationPluginFunctions); - api->value_to_string = &jwt_value_to_string; - api->string_to_value = &jwt_string_to_value; - api->typename_to_number = &jwt_typename_to_number; - api->number_to_typename = &jwt_number_to_typename; - api->get_attributes = &jwt_parse_attributes; - api->get_issuer = &jwt_get_issuer; - api->get_expiration = &jwt_get_expiration; - return api; -} - - -/** - * Exit point from the plugin. - * - * @param cls the return value from #libgnunet_plugin_block_test_init() - * @return NULL - */ -void * -libgnunet_plugin_reclaim_attestation_jwt_done (void *cls) -{ - struct GNUNET_RECLAIM_AttestationPluginFunctions *api = cls; - - GNUNET_free (api); - return NULL; -} - - -/* end of plugin_reclaim_attestation_type_gnuid.c */ diff --git a/src/reclaim/plugin_reclaim_credential_jwt.c b/src/reclaim/plugin_reclaim_credential_jwt.c new file mode 100644 index 000000000..38effcf78 --- /dev/null +++ b/src/reclaim/plugin_reclaim_credential_jwt.c @@ -0,0 +1,320 @@ +/* + This file is part of GNUnet + Copyright (C) 2013, 2014, 2016 GNUnet e.V. + + GNUnet is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, + or (at your option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + + SPDX-License-Identifier: AGPL3.0-or-later + */ + +/** + * @file reclaim/plugin_reclaim_credential_jwt.c + * @brief reclaim-credential-plugin-jwt attribute plugin to provide the API for + * JWT credentials. + * + * @author Martin Schanzenbach + */ +#include "platform.h" +#include "gnunet_util_lib.h" +#include "gnunet_reclaim_plugin.h" +#include +#include + +/** + * Convert the 'value' of an credential to a string. + * + * @param cls closure, unused + * @param type type of the credential + * @param data value in binary encoding + * @param data_size number of bytes in @a data + * @return NULL on error, otherwise human-readable representation of the value + */ +static char * +jwt_value_to_string (void *cls, + uint32_t type, + const void *data, + size_t data_size) +{ + switch (type) + { + case GNUNET_RECLAIM_credential_TYPE_JWT: + return GNUNET_strndup (data, data_size); + + default: + return NULL; + } +} + + +/** + * Convert human-readable version of a 'value' of an credential to the binary + * representation. + * + * @param cls closure, unused + * @param type type of the credential + * @param s human-readable string + * @param data set to value in binary encoding (will be allocated) + * @param data_size set to number of bytes in @a data + * @return #GNUNET_OK on success + */ +static int +jwt_string_to_value (void *cls, + uint32_t type, + const char *s, + void **data, + size_t *data_size) +{ + if (NULL == s) + return GNUNET_SYSERR; + switch (type) + { + case GNUNET_RECLAIM_credential_TYPE_JWT: + *data = GNUNET_strdup (s); + *data_size = strlen (s); + return GNUNET_OK; + + default: + return GNUNET_SYSERR; + } +} + + +/** + * Mapping of credential type numbers to human-readable + * credential type names. + */ +static struct +{ + const char *name; + uint32_t number; +} jwt_cred_name_map[] = { { "JWT", GNUNET_RECLAIM_credential_TYPE_JWT }, + { NULL, UINT32_MAX } }; + +/** + * Convert a type name to the corresponding number. + * + * @param cls closure, unused + * @param jwt_typename name to convert + * @return corresponding number, UINT32_MAX on error + */ +static uint32_t +jwt_typename_to_number (void *cls, const char *jwt_typename) +{ + unsigned int i; + + i = 0; + while ((NULL != jwt_cred_name_map[i].name) && + (0 != strcasecmp (jwt_typename, jwt_cred_name_map[i].name))) + i++; + return jwt_cred_name_map[i].number; +} + + +/** + * Convert a type number (i.e. 1) to the corresponding type string + * + * @param cls closure, unused + * @param type number of a type to convert + * @return corresponding typestring, NULL on error + */ +static const char * +jwt_number_to_typename (void *cls, uint32_t type) +{ + unsigned int i; + + i = 0; + while ((NULL != jwt_cred_name_map[i].name) && (type != + jwt_cred_name_map[i]. + number)) + i++; + return jwt_cred_name_map[i].name; +} + + +/** + * Parse a JWT and return the respective claim value as Attribute + * + * @param cls the plugin + * @param cred the jwt credential + * @return a GNUNET_RECLAIM_Attribute, containing the new value + */ +struct GNUNET_RECLAIM_AttributeList * +jwt_parse_attributes (void *cls, + const struct GNUNET_RECLAIM_Credential *cred) +{ + char *jwt_string; + struct GNUNET_RECLAIM_AttributeList *attrs; + char delim[] = "."; + char *val_str = NULL; + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n"); + char *decoded_jwt; + json_t *json_val; + json_error_t *json_err = NULL; + + /* GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "%s\n", cred->data); (not OK: 'data' is not defined as 0-terminated text, but binary) */ + if (GNUNET_RECLAIM_credential_TYPE_JWT != cred->type) + return NULL; + attrs = GNUNET_new (struct GNUNET_RECLAIM_AttributeList); + + jwt_string = GNUNET_strdup (cred->data); + const char *jwt_body = strtok (jwt_string, delim); + jwt_body = strtok (NULL, delim); + GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), + (void **) &decoded_jwt); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", decoded_jwt); + GNUNET_assert (NULL != decoded_jwt); + json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); + const char *key; + json_t *value; + json_object_foreach (json_val, key, value) { + if (0 == strcmp ("iss", key)) + continue; + if (0 == strcmp ("exp", key)) + continue; + if (0 == strcmp ("iat", key)) + continue; + if (0 == strcmp ("nbf", key)) + continue; + if (0 == strcmp ("aud", key)) + continue; + val_str = json_dumps (value, JSON_ENCODE_ANY); + GNUNET_RECLAIM_attribute_list_add (attrs, + key, + NULL, + GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,// FIXME + val_str, + strlen (val_str)); + GNUNET_free (val_str); + } + GNUNET_free (jwt_string); + return attrs; +} + + +/** + * Parse a JWT and return the issuer + * + * @param cls the plugin + * @param cred the jwt credential + * @return a string, containing the isser + */ +char * +jwt_get_issuer (void *cls, + const struct GNUNET_RECLAIM_Credential *cred) +{ + const char *jwt_body; + char *jwt_string; + char delim[] = "."; + char *issuer = NULL; + char *decoded_jwt; + json_t *issuer_json; + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n"); + json_t *json_val; + json_error_t *json_err = NULL; + + if (GNUNET_RECLAIM_credential_TYPE_JWT != cred->type) + return NULL; + jwt_string = GNUNET_strdup (cred->data); + jwt_body = strtok (jwt_string, delim); + jwt_body = strtok (NULL, delim); + GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), + (void **) &decoded_jwt); + json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); + issuer_json = json_object_get (json_val, "iss"); + if ((NULL == issuer_json) || (! json_is_string (issuer_json))) + return NULL; + issuer = GNUNET_strdup (json_string_value (issuer_json)); + GNUNET_free (jwt_string); + return issuer; +} + + +/** + * Parse a JWT and return the expiration + * + * @param cls the plugin + * @param cred the jwt credential + * @return a string, containing the isser + */ +int +jwt_get_expiration (void *cls, + const struct GNUNET_RECLAIM_Credential *cred, + struct GNUNET_TIME_Absolute *exp) +{ + const char *jwt_body; + char *jwt_string; + char delim[] = "."; + char *decoded_jwt; + json_t *exp_json; + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n"); + json_t *json_val; + json_error_t *json_err = NULL; + + if (GNUNET_RECLAIM_credential_TYPE_JWT != cred->type) + return GNUNET_NO; + jwt_string = GNUNET_strdup (cred->data); + jwt_body = strtok (jwt_string, delim); + jwt_body = strtok (NULL, delim); + GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), + (void **) &decoded_jwt); + json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); + exp_json = json_object_get (json_val, "exp"); + if ((NULL == exp_json) || (! json_is_integer (exp_json))) + return GNUNET_SYSERR; + exp->abs_value_us = json_integer_value (exp_json) * 1000 * 1000; + GNUNET_free (jwt_string); + return GNUNET_OK; +} + + +/** + * Entry point for the plugin. + * + * @param cls NULL + * @return the exported block API + */ +void * +libgnunet_plugin_reclaim_credential_jwt_init (void *cls) +{ + struct GNUNET_RECLAIM_CredentialPluginFunctions *api; + + api = GNUNET_new (struct GNUNET_RECLAIM_CredentialPluginFunctions); + api->value_to_string = &jwt_value_to_string; + api->string_to_value = &jwt_string_to_value; + api->typename_to_number = &jwt_typename_to_number; + api->number_to_typename = &jwt_number_to_typename; + api->get_attributes = &jwt_parse_attributes; + api->get_issuer = &jwt_get_issuer; + api->get_expiration = &jwt_get_expiration; + return api; +} + + +/** + * Exit point from the plugin. + * + * @param cls the return value from #libgnunet_plugin_block_test_init() + * @return NULL + */ +void * +libgnunet_plugin_reclaim_credential_jwt_done (void *cls) +{ + struct GNUNET_RECLAIM_CredentialPluginFunctions *api = cls; + + GNUNET_free (api); + return NULL; +} + + +/* end of plugin_reclaim_credential_type_jwt.c */ diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index 2f44917c9..5ae6565af 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c @@ -439,9 +439,9 @@ struct RequestHandle struct GNUNET_RECLAIM_AttributeList *attr_userinfo_list; /** - * Attestation list + * Credential list */ - struct GNUNET_RECLAIM_AttestationList *attests_list; + struct GNUNET_RECLAIM_CredentialList *creds_list; /** @@ -461,9 +461,9 @@ struct RequestHandle struct GNUNET_RECLAIM_AttributeIterator *attr_it; /** - * Attestation iterator + * Credential iterator */ - struct GNUNET_RECLAIM_AttestationIterator *attest_it; + struct GNUNET_RECLAIM_CredentialIterator *cred_it; /** @@ -561,8 +561,8 @@ cleanup_handle (struct RequestHandle *handle) GNUNET_SCHEDULER_cancel (handle->timeout_task); if (NULL != handle->attr_it) GNUNET_RECLAIM_get_attributes_stop (handle->attr_it); - if (NULL != handle->attest_it) - GNUNET_RECLAIM_get_attestations_stop (handle->attest_it); + if (NULL != handle->cred_it) + GNUNET_RECLAIM_get_credentials_stop (handle->cred_it); if (NULL != handle->ticket_it) GNUNET_RECLAIM_ticket_iteration_stop (handle->ticket_it); if (NULL != handle->idp_op) @@ -590,8 +590,8 @@ cleanup_handle (struct RequestHandle *handle) GNUNET_RECLAIM_attribute_list_destroy (handle->attr_idtoken_list); if (NULL!=handle->attr_userinfo_list) GNUNET_RECLAIM_attribute_list_destroy (handle->attr_userinfo_list); - if (NULL!=handle->attests_list) - GNUNET_RECLAIM_attestation_list_destroy (handle->attests_list); + if (NULL!=handle->creds_list) + GNUNET_RECLAIM_credential_list_destroy (handle->creds_list); GNUNET_CONTAINER_DLL_remove (requests_head, requests_tail, handle); @@ -957,7 +957,7 @@ oidc_ticket_issue_cb (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket) code_string = OIDC_build_authz_code (&handle->priv_key, &handle->ticket, handle->attr_idtoken_list, - handle->attests_list, + handle->creds_list, handle->oidc->nonce, handle->oidc->code_challenge); if ((NULL != handle->redirect_prefix) && (NULL != handle->redirect_suffix) && @@ -1010,13 +1010,13 @@ attribute_list_merge (struct GNUNET_RECLAIM_AttributeList *list_a, le_m = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); le_m->attribute = GNUNET_RECLAIM_attribute_new (le_a->attribute->name, &le_a->attribute-> - attestation, + credential, le_a->attribute->type, le_a->attribute->data, le_a->attribute->data_size); le_m->attribute->id = le_a->attribute->id; le_m->attribute->flag = le_a->attribute->flag; - le_m->attribute->attestation = le_a->attribute->attestation; + le_m->attribute->credential = le_a->attribute->credential; GNUNET_CONTAINER_DLL_insert (merged_list->list_head, merged_list->list_tail, le_m); @@ -1035,13 +1035,13 @@ attribute_list_merge (struct GNUNET_RECLAIM_AttributeList *list_a, le_m = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); le_m->attribute = GNUNET_RECLAIM_attribute_new (le_b->attribute->name, &le_b->attribute-> - attestation, + credential, le_b->attribute->type, le_b->attribute->data, le_b->attribute->data_size); le_m->attribute->id = le_b->attribute->id; le_m->attribute->flag = le_b->attribute->flag; - le_m->attribute->attestation = le_b->attribute->attestation; + le_m->attribute->credential = le_b->attribute->credential; GNUNET_CONTAINER_DLL_insert (merged_list->list_head, merged_list->list_tail, le_m); @@ -1051,13 +1051,13 @@ attribute_list_merge (struct GNUNET_RECLAIM_AttributeList *list_a, static void -oidc_attest_collect_finished_cb (void *cls) +oidc_cred_collect_finished_cb (void *cls) { struct RequestHandle *handle = cls; struct GNUNET_RECLAIM_AttributeList *merged_list; struct GNUNET_RECLAIM_AttributeListEntry *le_m; - handle->attest_it = NULL; + handle->cred_it = NULL; merged_list = attribute_list_merge (handle->attr_idtoken_list, handle->attr_userinfo_list); for (le_m = merged_list->list_head; NULL != le_m; le_m = le_m->next) @@ -1078,40 +1078,40 @@ oidc_attest_collect_finished_cb (void *cls) * Collects all attributes for an ego if in scope parameter */ static void -oidc_attest_collect (void *cls, - const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, - const struct GNUNET_RECLAIM_Attestation *attest) +oidc_cred_collect (void *cls, + const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, + const struct GNUNET_RECLAIM_Credential *cred) { struct RequestHandle *handle = cls; struct GNUNET_RECLAIM_AttributeListEntry *le; - struct GNUNET_RECLAIM_AttestationListEntry *ale; + struct GNUNET_RECLAIM_CredentialListEntry *ale; - for (ale = handle->attests_list->list_head; NULL != ale; ale = ale->next) + for (ale = handle->creds_list->list_head; NULL != ale; ale = ale->next) { - if (GNUNET_NO == GNUNET_RECLAIM_id_is_equal (&ale->attestation->id, - &attest->id)) + if (GNUNET_NO == GNUNET_RECLAIM_id_is_equal (&ale->credential->id, + &cred->id)) continue; - /** Attestation already in list **/ - GNUNET_RECLAIM_get_attestations_next (handle->attest_it); + /** Credential already in list **/ + GNUNET_RECLAIM_get_credentials_next (handle->cred_it); return; } for (le = handle->attr_idtoken_list->list_head; NULL != le; le = le->next) { - if (GNUNET_NO == GNUNET_RECLAIM_id_is_equal (&le->attribute->attestation, - &attest->id)) + if (GNUNET_NO == GNUNET_RECLAIM_id_is_equal (&le->attribute->credential, + &cred->id)) continue; - /** Attestation matches for attribute, add **/ - ale = GNUNET_new (struct GNUNET_RECLAIM_AttestationListEntry); - ale->attestation = GNUNET_RECLAIM_attestation_new (attest->name, - attest->type, - attest->data, - attest->data_size); - GNUNET_CONTAINER_DLL_insert (handle->attests_list->list_head, - handle->attests_list->list_tail, + /** Credential matches for attribute, add **/ + ale = GNUNET_new (struct GNUNET_RECLAIM_CredentialListEntry); + ale->credential = GNUNET_RECLAIM_credential_new (cred->name, + cred->type, + cred->data, + cred->data_size); + GNUNET_CONTAINER_DLL_insert (handle->creds_list->list_head, + handle->creds_list->list_tail, ale); } - GNUNET_RECLAIM_get_attestations_next (handle->attest_it); + GNUNET_RECLAIM_get_credentials_next (handle->cred_it); } @@ -1129,16 +1129,16 @@ oidc_attr_collect_finished_cb (void *cls) GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); return; } - handle->attests_list = GNUNET_new (struct GNUNET_RECLAIM_AttestationList); - handle->attest_it = - GNUNET_RECLAIM_get_attestations_start (idp, - &handle->priv_key, - &oidc_iteration_error, - handle, - &oidc_attest_collect, - handle, - &oidc_attest_collect_finished_cb, - handle); + handle->creds_list = GNUNET_new (struct GNUNET_RECLAIM_CredentialList); + handle->cred_it = + GNUNET_RECLAIM_get_credentials_start (idp, + &handle->priv_key, + &oidc_iteration_error, + handle, + &oidc_cred_collect, + handle, + &oidc_cred_collect_finished_cb, + handle); } @@ -1212,13 +1212,13 @@ oidc_attr_collect (void *cls, { le = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); le->attribute = GNUNET_RECLAIM_attribute_new (attr->name, - &attr->attestation, + &attr->credential, attr->type, attr->data, attr->data_size); le->attribute->id = attr->id; le->attribute->flag = attr->flag; - le->attribute->attestation = attr->attestation; + le->attribute->credential = attr->credential; GNUNET_CONTAINER_DLL_insert (handle->attr_idtoken_list->list_head, handle->attr_idtoken_list->list_tail, le); @@ -1227,13 +1227,13 @@ oidc_attr_collect (void *cls, { le = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); le->attribute = GNUNET_RECLAIM_attribute_new (attr->name, - &attr->attestation, + &attr->credential, attr->type, attr->data, attr->data_size); le->attribute->id = attr->id; le->attribute->flag = attr->flag; - le->attribute->attestation = attr->attestation; + le->attribute->credential = attr->credential; GNUNET_CONTAINER_DLL_insert (handle->attr_userinfo_list->list_head, handle->attr_userinfo_list->list_tail, le); @@ -1982,7 +1982,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, const struct EgoEntry *ego_entry; struct GNUNET_TIME_Relative expiration_time; struct GNUNET_RECLAIM_AttributeList *cl = NULL; - struct GNUNET_RECLAIM_AttestationList *al = NULL; + struct GNUNET_RECLAIM_CredentialList *al = NULL; struct GNUNET_RECLAIM_Ticket ticket; struct GNUNET_CRYPTO_EcdsaPublicKey cid; struct GNUNET_HashCode cache_key; @@ -2124,7 +2124,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, MHD_add_response_header (resp, "Content-Type", "application/json"); handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); GNUNET_RECLAIM_attribute_list_destroy (cl); - GNUNET_RECLAIM_attestation_list_destroy (al); + GNUNET_RECLAIM_credential_list_destroy (al); GNUNET_free (access_token); GNUNET_free (json_response); GNUNET_free (id_token); @@ -2139,11 +2139,11 @@ static void consume_ticket (void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, const struct GNUNET_RECLAIM_Attribute *attr, - const struct GNUNET_RECLAIM_Attestation *attest) + const struct GNUNET_RECLAIM_Credential *cred) { struct RequestHandle *handle = cls; struct GNUNET_RECLAIM_AttributeListEntry *ale; - struct GNUNET_RECLAIM_AttestationListEntry *atle; + struct GNUNET_RECLAIM_CredentialListEntry *atle; struct MHD_Response *resp; char *result_str; handle->idp_op = NULL; @@ -2152,7 +2152,7 @@ consume_ticket (void *cls, { result_str = OIDC_generate_userinfo (&handle->ticket.identity, handle->attr_userinfo_list, - handle->attests_list); + handle->creds_list); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Userinfo: %s\n", result_str); resp = GNUNET_REST_create_response (result_str); handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); @@ -2162,35 +2162,35 @@ consume_ticket (void *cls, } ale = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); ale->attribute = GNUNET_RECLAIM_attribute_new (attr->name, - &attr->attestation, + &attr->credential, attr->type, attr->data, attr->data_size); ale->attribute->id = attr->id; ale->attribute->flag = attr->flag; - ale->attribute->attestation = attr->attestation; + ale->attribute->credential = attr->credential; GNUNET_CONTAINER_DLL_insert (handle->attr_userinfo_list->list_head, handle->attr_userinfo_list->list_tail, ale); - if (NULL == attest) + if (NULL == cred) return; - for (atle = handle->attests_list->list_head; NULL != atle; atle = atle->next) + for (atle = handle->creds_list->list_head; NULL != atle; atle = atle->next) { - if (GNUNET_NO == GNUNET_RECLAIM_id_is_equal (&atle->attestation->id, - &attest->id)) + if (GNUNET_NO == GNUNET_RECLAIM_id_is_equal (&atle->credential->id, + &cred->id)) continue; break; /** already in list **/ } if (NULL == atle) { - /** Attestation matches for attribute, add **/ - atle = GNUNET_new (struct GNUNET_RECLAIM_AttestationListEntry); - atle->attestation = GNUNET_RECLAIM_attestation_new (attest->name, - attest->type, - attest->data, - attest->data_size); - GNUNET_CONTAINER_DLL_insert (handle->attests_list->list_head, - handle->attests_list->list_tail, + /** Credential matches for attribute, add **/ + atle = GNUNET_new (struct GNUNET_RECLAIM_CredentialListEntry); + atle->credential = GNUNET_RECLAIM_credential_new (cred->name, + cred->type, + cred->data, + cred->data_size); + GNUNET_CONTAINER_DLL_insert (handle->creds_list->list_head, + handle->creds_list->list_tail, atle); } } @@ -2289,8 +2289,8 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, privkey = GNUNET_IDENTITY_ego_get_private_key (aud_ego->ego); handle->attr_userinfo_list = GNUNET_new (struct GNUNET_RECLAIM_AttributeList); - handle->attests_list = - GNUNET_new (struct GNUNET_RECLAIM_AttestationList); + handle->creds_list = + GNUNET_new (struct GNUNET_RECLAIM_CredentialList); handle->idp_op = GNUNET_RECLAIM_ticket_consume (idp, privkey, @@ -2611,6 +2611,7 @@ libgnunet_plugin_rest_openid_connect_init (void *cls) return api; } + static int cleanup_hashmap (void *cls, const struct GNUNET_HashCode *key, void *value) { @@ -2618,6 +2619,7 @@ cleanup_hashmap (void *cls, const struct GNUNET_HashCode *key, void *value) return GNUNET_YES; } + /** * Exit point from the plugin. * diff --git a/src/reclaim/plugin_rest_reclaim.c b/src/reclaim/plugin_rest_reclaim.c index 870baa7f3..a51d992e1 100644 --- a/src/reclaim/plugin_rest_reclaim.c +++ b/src/reclaim/plugin_rest_reclaim.c @@ -48,9 +48,9 @@ #define GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES "/reclaim/attributes" /** - * Attestation namespace + * Credential namespace */ -#define GNUNET_REST_API_NS_RECLAIM_ATTESTATION "/reclaim/attestation" +#define GNUNET_REST_API_NS_RECLAIM_CREDENTIAL "/reclaim/credential" /** * Ticket namespace @@ -202,7 +202,7 @@ struct RequestHandle /** * Attribute iterator */ - struct GNUNET_RECLAIM_AttestationIterator *attest_it; + struct GNUNET_RECLAIM_CredentialIterator *cred_it; /** * Ticket iterator @@ -282,8 +282,8 @@ cleanup_handle (void *cls) GNUNET_SCHEDULER_cancel (handle->timeout_task); if (NULL != handle->attr_it) GNUNET_RECLAIM_get_attributes_stop (handle->attr_it); - if (NULL != handle->attest_it) - GNUNET_RECLAIM_get_attestations_stop (handle->attest_it); + if (NULL != handle->cred_it) + GNUNET_RECLAIM_get_credentials_stop (handle->cred_it); if (NULL != handle->ticket_it) GNUNET_RECLAIM_ticket_iteration_stop (handle->ticket_it); if (NULL != handle->url) @@ -413,7 +413,7 @@ collect_finished_cb (void *cls) // Done handle->attr_it = NULL; - handle->attest_it = NULL; + handle->cred_it = NULL; handle->ticket_it = NULL; GNUNET_SCHEDULER_add_now (&return_response, handle); } @@ -460,7 +460,7 @@ ticket_collect (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket) static void -add_attestation_cont (struct GNUNET_REST_RequestHandle *con_handle, +add_credential_cont (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls) { @@ -468,19 +468,19 @@ add_attestation_cont (struct GNUNET_REST_RequestHandle *con_handle, const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity_priv; const char *identity; struct EgoEntry *ego_entry; - struct GNUNET_RECLAIM_Attestation *attribute; + struct GNUNET_RECLAIM_Credential *attribute; struct GNUNET_TIME_Relative exp; char term_data[handle->rest_handle->data_size + 1]; json_t *data_json; json_error_t err; struct GNUNET_JSON_Specification attrspec[] = - { GNUNET_RECLAIM_JSON_spec_claim_attest (&attribute), + { GNUNET_RECLAIM_JSON_spec_claim_cred (&attribute), GNUNET_JSON_spec_end () }; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Adding an attestation for %s.\n", + "Adding an credential for %s.\n", handle->url); - if (strlen (GNUNET_REST_API_NS_RECLAIM_ATTESTATION) >= strlen ( + if (strlen (GNUNET_REST_API_NS_RECLAIM_CREDENTIAL) >= strlen ( handle->url)) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No identity given.\n"); @@ -488,7 +488,7 @@ add_attestation_cont (struct GNUNET_REST_RequestHandle *con_handle, return; } identity = handle->url + strlen ( - GNUNET_REST_API_NS_RECLAIM_ATTESTATION) + 1; + GNUNET_REST_API_NS_RECLAIM_CREDENTIAL) + 1; for (ego_entry = ego_head; NULL != ego_entry; ego_entry = ego_entry->next) @@ -518,7 +518,7 @@ add_attestation_cont (struct GNUNET_REST_RequestHandle *con_handle, if (NULL == attribute) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Unable to parse attestation from %s\n", + "Unable to parse credential from %s\n", term_data); GNUNET_SCHEDULER_add_now (&do_error, handle); return; @@ -529,7 +529,7 @@ add_attestation_cont (struct GNUNET_REST_RequestHandle *con_handle, if (GNUNET_YES == GNUNET_RECLAIM_id_is_zero (&attribute->id)) GNUNET_RECLAIM_id_generate (&attribute->id); exp = GNUNET_TIME_UNIT_HOURS; - handle->idp_op = GNUNET_RECLAIM_attestation_store (idp, + handle->idp_op = GNUNET_RECLAIM_credential_store (idp, identity_priv, attribute, &exp, @@ -540,52 +540,52 @@ add_attestation_cont (struct GNUNET_REST_RequestHandle *con_handle, /** - * Collect all attestations for an ego + * Collect all credentials for an ego * */ static void -attest_collect (void *cls, +cred_collect (void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, - const struct GNUNET_RECLAIM_Attestation *attest) + const struct GNUNET_RECLAIM_Credential *cred) { struct RequestHandle *handle = cls; struct GNUNET_RECLAIM_AttributeList *attrs; struct GNUNET_RECLAIM_AttributeListEntry *ale; struct GNUNET_TIME_Absolute exp; json_t *attr_obj; - json_t *attest_obj; + json_t *cred_obj; const char *type; char *tmp_value; char *id_str; char *issuer; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attestation: %s\n", - attest->name); - attrs = GNUNET_RECLAIM_attestation_get_attributes (attest); - issuer = GNUNET_RECLAIM_attestation_get_issuer (attest); - tmp_value = GNUNET_RECLAIM_attestation_value_to_string (attest->type, - attest->data, - attest->data_size); - attest_obj = json_object (); - json_object_set_new (attest_obj, "value", json_string (tmp_value)); - json_object_set_new (attest_obj, "name", json_string (attest->name)); - type = GNUNET_RECLAIM_attestation_number_to_typename (attest->type); - json_object_set_new (attest_obj, "type", json_string (type)); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding credential: %s\n", + cred->name); + attrs = GNUNET_RECLAIM_credential_get_attributes (cred); + issuer = GNUNET_RECLAIM_credential_get_issuer (cred); + tmp_value = GNUNET_RECLAIM_credential_value_to_string (cred->type, + cred->data, + cred->data_size); + cred_obj = json_object (); + json_object_set_new (cred_obj, "value", json_string (tmp_value)); + json_object_set_new (cred_obj, "name", json_string (cred->name)); + type = GNUNET_RECLAIM_credential_number_to_typename (cred->type); + json_object_set_new (cred_obj, "type", json_string (type)); if (NULL != issuer) { - json_object_set_new (attest_obj, "issuer", json_string (issuer)); + json_object_set_new (cred_obj, "issuer", json_string (issuer)); GNUNET_free (issuer); } - if (GNUNET_OK == GNUNET_RECLAIM_attestation_get_expiration (attest, + if (GNUNET_OK == GNUNET_RECLAIM_credential_get_expiration (cred, &exp)) { - json_object_set_new (attest_obj, "expiration", json_integer ( + json_object_set_new (cred_obj, "expiration", json_integer ( exp.abs_value_us)); } - id_str = GNUNET_STRINGS_data_to_string_alloc (&attest->id, - sizeof(attest->id)); - json_object_set_new (attest_obj, "id", json_string (id_str)); + id_str = GNUNET_STRINGS_data_to_string_alloc (&cred->id, + sizeof(cred->id)); + json_object_set_new (cred_obj, "id", json_string (id_str)); GNUNET_free (tmp_value); GNUNET_free (id_str); if (NULL != attrs) @@ -606,27 +606,27 @@ attest_collect (void *cls, type = GNUNET_RECLAIM_attribute_number_to_typename (ale->attribute->type); json_object_set_new (attr_obj, "type", json_string (type)); json_object_set_new (attr_obj, "id", json_string ("")); - json_object_set_new (attr_obj, "attestation", json_string ("")); + json_object_set_new (attr_obj, "credential", json_string ("")); json_array_append_new (attr_arr, attr_obj); GNUNET_free (tmp_value); } - json_object_set_new (attest_obj, "attributes", attr_arr); + json_object_set_new (cred_obj, "attributes", attr_arr); } - json_array_append_new (handle->resp_object, attest_obj); + json_array_append_new (handle->resp_object, cred_obj); GNUNET_RECLAIM_attribute_list_destroy (attrs); - GNUNET_RECLAIM_get_attestations_next (handle->attest_it); + GNUNET_RECLAIM_get_credentials_next (handle->cred_it); } /** - * Lists attestation for identity request + * Lists credential for identity request * * @param con_handle the connection handle * @param url the url * @param cls the RequestHandle */ static void -list_attestation_cont (struct GNUNET_REST_RequestHandle *con_handle, +list_credential_cont (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls) { @@ -636,9 +636,9 @@ list_attestation_cont (struct GNUNET_REST_RequestHandle *con_handle, char *identity; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Getting attestations for %s.\n", + "Getting credentials for %s.\n", handle->url); - if (strlen (GNUNET_REST_API_NS_RECLAIM_ATTESTATION) >= strlen ( + if (strlen (GNUNET_REST_API_NS_RECLAIM_CREDENTIAL) >= strlen ( handle->url)) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No identity given.\n"); @@ -646,7 +646,7 @@ list_attestation_cont (struct GNUNET_REST_RequestHandle *con_handle, return; } identity = handle->url + strlen ( - GNUNET_REST_API_NS_RECLAIM_ATTESTATION) + 1; + GNUNET_REST_API_NS_RECLAIM_CREDENTIAL) + 1; for (ego_entry = ego_head; NULL != ego_entry; ego_entry = ego_entry->next) @@ -663,11 +663,11 @@ list_attestation_cont (struct GNUNET_REST_RequestHandle *con_handle, return; } priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); - handle->attest_it = GNUNET_RECLAIM_get_attestations_start (idp, + handle->cred_it = GNUNET_RECLAIM_get_credentials_start (idp, priv_key, &collect_error_cb, handle, - &attest_collect, + &cred_collect, handle, & collect_finished_cb, @@ -676,27 +676,27 @@ list_attestation_cont (struct GNUNET_REST_RequestHandle *con_handle, /** - * Deletes attestation from an identity + * Deletes credential from an identity * * @param con_handle the connection handle * @param url the url * @param cls the RequestHandle */ static void -delete_attestation_cont (struct GNUNET_REST_RequestHandle *con_handle, +delete_credential_cont (struct GNUNET_REST_RequestHandle *con_handle, const char *url, void *cls) { struct RequestHandle *handle = cls; const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; - struct GNUNET_RECLAIM_Attestation attr; + struct GNUNET_RECLAIM_Credential attr; struct EgoEntry *ego_entry; char *identity_id_str; char *identity; char *id; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Deleting attestation.\n"); - if (strlen (GNUNET_REST_API_NS_RECLAIM_ATTESTATION) >= strlen ( + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Deleting credential.\n"); + if (strlen (GNUNET_REST_API_NS_RECLAIM_CREDENTIAL) >= strlen ( handle->url)) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No identity given.\n"); @@ -705,7 +705,7 @@ delete_attestation_cont (struct GNUNET_REST_RequestHandle *con_handle, } identity_id_str = strdup (handle->url + strlen ( - GNUNET_REST_API_NS_RECLAIM_ATTESTATION) + 1); + GNUNET_REST_API_NS_RECLAIM_CREDENTIAL) + 1); identity = strtok (identity_id_str, "/"); id = strtok (NULL, "/"); if ((NULL == identity) || (NULL == id)) @@ -730,10 +730,10 @@ delete_attestation_cont (struct GNUNET_REST_RequestHandle *con_handle, return; } priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); - memset (&attr, 0, sizeof(struct GNUNET_RECLAIM_Attestation)); + memset (&attr, 0, sizeof(struct GNUNET_RECLAIM_Credential)); GNUNET_STRINGS_string_to_data (id, strlen (id), &attr.id, sizeof(attr.id)); attr.name = ""; - handle->idp_op = GNUNET_RECLAIM_attestation_delete (idp, + handle->idp_op = GNUNET_RECLAIM_credential_delete (idp, priv_key, &attr, &delete_finished_cb, @@ -877,13 +877,13 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle, /** * Parse a JWT and return the respective claim value as Attribute * - * @param attest the jwt attestation + * @param cred the jwt credential * @param claim the name of the claim in the JWT * * @return a GNUNET_RECLAIM_Attribute, containing the new value */ struct GNUNET_RECLAIM_Attribute * -parse_jwt (const struct GNUNET_RECLAIM_Attestation *attest, +parse_jwt (const struct GNUNET_RECLAIM_Credential *cred, const char *claim) { char *jwt_string; @@ -899,9 +899,9 @@ parse_jwt (const struct GNUNET_RECLAIM_Attestation *attest, json_t *json_val; json_error_t *json_err = NULL; - jwt_string = GNUNET_RECLAIM_attestation_value_to_string (attest->type, - attest->data, - attest->data_size); + jwt_string = GNUNET_RECLAIM_credential_value_to_string (cred->type, + cred->data, + cred->data_size); char *jwt_body = strtok (jwt_string, delim); jwt_body = strtok (NULL, delim); GNUNET_STRINGS_base64_decode (jwt_body, strlen (jwt_body), @@ -927,16 +927,16 @@ parse_jwt (const struct GNUNET_RECLAIM_Attestation *attest, "Error: Referenced Claim Name not Found", (void **) &data, &data_size); - attr = GNUNET_RECLAIM_attribute_new (claim, &attest->id, + attr = GNUNET_RECLAIM_attribute_new (claim, &cred->id, type, data, data_size); - attr->id = attest->id; + attr->id = cred->id; attr->flag = 1; } else { - attr = GNUNET_RECLAIM_attribute_new (claim, &attest->id, + attr = GNUNET_RECLAIM_attribute_new (claim, &cred->id, type, data, data_size); - attr->id = attest->id; + attr->id = cred->id; attr->flag = 1; } return attr; @@ -965,7 +965,7 @@ attr_collect (void *cls, json_object_set_new (attr_obj, "value", json_string (tmp_value)); json_object_set_new (attr_obj, "name", json_string (attr->name)); - if (GNUNET_RECLAIM_id_is_zero (&attr->attestation)) + if (GNUNET_RECLAIM_id_is_zero (&attr->credential)) json_object_set_new (attr_obj, "flag", json_string ("0")); else json_object_set_new (attr_obj, "flag", json_string ("1")); @@ -974,9 +974,9 @@ attr_collect (void *cls, id_str = GNUNET_STRINGS_data_to_string_alloc (&attr->id, sizeof(attr->id)); json_object_set_new (attr_obj, "id", json_string (id_str)); - id_str = GNUNET_STRINGS_data_to_string_alloc (&attr->attestation, - sizeof(attr->attestation)); - json_object_set_new (attr_obj, "attestation", json_string (id_str)); + id_str = GNUNET_STRINGS_data_to_string_alloc (&attr->credential, + sizeof(attr->credential)); + json_object_set_new (attr_obj, "credential", json_string (id_str)); json_array_append (handle->resp_object, attr_obj); json_decref (attr_obj); GNUNET_free (tmp_value); @@ -1180,7 +1180,7 @@ static void consume_cont (void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, const struct GNUNET_RECLAIM_Attribute *attr, - const struct GNUNET_RECLAIM_Attestation *attest) + const struct GNUNET_RECLAIM_Credential *cred) { struct RequestHandle *handle = cls; char *val_str; @@ -1427,11 +1427,11 @@ rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle, { MHD_HTTP_METHOD_DELETE, GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES, &delete_attribute_cont }, { MHD_HTTP_METHOD_GET, - GNUNET_REST_API_NS_RECLAIM_ATTESTATION, &list_attestation_cont }, + GNUNET_REST_API_NS_RECLAIM_CREDENTIAL, &list_credential_cont }, { MHD_HTTP_METHOD_POST, - GNUNET_REST_API_NS_RECLAIM_ATTESTATION, &add_attestation_cont }, + GNUNET_REST_API_NS_RECLAIM_CREDENTIAL, &add_credential_cont }, { MHD_HTTP_METHOD_DELETE, - GNUNET_REST_API_NS_RECLAIM_ATTESTATION, &delete_attestation_cont }, + GNUNET_REST_API_NS_RECLAIM_CREDENTIAL, &delete_credential_cont }, { MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TICKETS, &list_tickets_cont }, { MHD_HTTP_METHOD_POST, diff --git a/src/reclaim/reclaim.h b/src/reclaim/reclaim.h index 7b5d7ab19..6ba9fdcd7 100644 --- a/src/reclaim/reclaim.h +++ b/src/reclaim/reclaim.h @@ -139,9 +139,9 @@ struct AttributeResultMessage uint16_t attr_len GNUNET_PACKED; /** - * Length of serialized attestation data + * Length of serialized credential data */ - uint16_t attestation_len GNUNET_PACKED; + uint16_t credential_len GNUNET_PACKED; /** * always zero (for alignment) @@ -159,9 +159,9 @@ struct AttributeResultMessage }; /** - * Attestation is returned from the idp. + * Credential is returned from the idp. */ -struct AttestationResultMessage +struct CredentialResultMessage { /** * Message header @@ -176,7 +176,7 @@ struct AttestationResultMessage /** * Length of serialized attribute data */ - uint16_t attestation_len GNUNET_PACKED; + uint16_t credential_len GNUNET_PACKED; /** * always zero (for alignment) @@ -189,7 +189,7 @@ struct AttestationResultMessage struct GNUNET_CRYPTO_EcdsaPublicKey identity; /* followed by: - * serialized attestation data + * serialized credential data */ }; @@ -234,9 +234,9 @@ struct AttributeIterationNextMessage /** - * Start a attestation iteration for the given identity + * Start a credential iteration for the given identity */ -struct AttestationIterationStartMessage +struct CredentialIterationStartMessage { /** * Message @@ -256,9 +256,9 @@ struct AttestationIterationStartMessage /** - * Ask for next result of attestation iteration for the given operation + * Ask for next result of credential iteration for the given operation */ -struct AttestationIterationNextMessage +struct CredentialIterationNextMessage { /** * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_NEXT @@ -273,9 +273,9 @@ struct AttestationIterationNextMessage /** - * Stop attestation iteration for the given operation + * Stop credential iteration for the given operation */ -struct AttestationIterationStopMessage +struct CredentialIterationStopMessage { /** * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_STOP @@ -520,9 +520,9 @@ struct ConsumeTicketResultMessage uint16_t attrs_len GNUNET_PACKED; /** - * Length of attestation data + * Length of presentation data */ - uint16_t attestations_len; + uint16_t presentations_len; /** * always zero (for alignment) diff --git a/src/reclaim/reclaim_api.c b/src/reclaim/reclaim_api.c index b432b4f2a..2cfcbad09 100644 --- a/src/reclaim/reclaim_api.c +++ b/src/reclaim/reclaim_api.c @@ -77,9 +77,9 @@ struct GNUNET_RECLAIM_Operation GNUNET_RECLAIM_AttributeTicketResult atr_cb; /** - * Attestation result callback + * Credential result callback */ - GNUNET_RECLAIM_AttestationResult at_cb; + GNUNET_RECLAIM_CredentialResult at_cb; /** * Revocation result callback @@ -239,19 +239,19 @@ struct GNUNET_RECLAIM_AttributeIterator }; /** - * Handle for a attestation iterator operation + * Handle for a credential iterator operation */ -struct GNUNET_RECLAIM_AttestationIterator +struct GNUNET_RECLAIM_CredentialIterator { /** * Kept in a DLL. */ - struct GNUNET_RECLAIM_AttestationIterator *next; + struct GNUNET_RECLAIM_CredentialIterator *next; /** * Kept in a DLL. */ - struct GNUNET_RECLAIM_AttestationIterator *prev; + struct GNUNET_RECLAIM_CredentialIterator *prev; /** * Main handle to access the service. @@ -271,7 +271,7 @@ struct GNUNET_RECLAIM_AttestationIterator /** * The continuation to call with the results */ - GNUNET_RECLAIM_AttestationResult proc; + GNUNET_RECLAIM_CredentialResult proc; /** * Closure for @e proc. @@ -349,12 +349,12 @@ struct GNUNET_RECLAIM_Handle /** * Head of active iterations */ - struct GNUNET_RECLAIM_AttestationIterator *ait_head; + struct GNUNET_RECLAIM_CredentialIterator *ait_head; /** * Tail of active iterations */ - struct GNUNET_RECLAIM_AttestationIterator *ait_tail; + struct GNUNET_RECLAIM_CredentialIterator *ait_tail; /** * Head of active iterations @@ -464,7 +464,7 @@ free_it (struct GNUNET_RECLAIM_AttributeIterator *it) * @param ait entry to free */ static void -free_ait (struct GNUNET_RECLAIM_AttestationIterator *ait) +free_ait (struct GNUNET_RECLAIM_CredentialIterator *ait) { struct GNUNET_RECLAIM_Handle *h = ait->h; @@ -561,13 +561,13 @@ check_consume_ticket_result (void *cls, { size_t msg_len; size_t attrs_len; - size_t attests_len; + size_t pl_len; msg_len = ntohs (msg->header.size); attrs_len = ntohs (msg->attrs_len); - attests_len = ntohs (msg->attestations_len); + pl_len = ntohs (msg->presentations_len); if (msg_len != - sizeof(struct ConsumeTicketResultMessage) + attrs_len + attests_len) + sizeof(struct ConsumeTicketResultMessage) + attrs_len + pl_len) { GNUNET_break (0); return GNUNET_SYSERR; @@ -590,12 +590,12 @@ handle_consume_ticket_result (void *cls, struct GNUNET_RECLAIM_Handle *h = cls; struct GNUNET_RECLAIM_Operation *op; size_t attrs_len; - size_t attests_len; + size_t pl_len; uint32_t r_id = ntohl (msg->id); char *read_ptr; attrs_len = ntohs (msg->attrs_len); - attests_len = ntohs (msg->attestations_len); + pl_len = ntohs (msg->presentations_len); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Processing ticket result.\n"); @@ -608,13 +608,12 @@ handle_consume_ticket_result (void *cls, { struct GNUNET_RECLAIM_AttributeList *attrs; struct GNUNET_RECLAIM_AttributeListEntry *le; - struct GNUNET_RECLAIM_AttestationList *attests; - struct GNUNET_RECLAIM_AttestationListEntry *ale; + struct GNUNET_RECLAIM_PresentationList *pl; + struct GNUNET_RECLAIM_PresentationListEntry *ple; attrs = GNUNET_RECLAIM_attribute_list_deserialize ((char *) &msg[1], attrs_len); read_ptr = ((char *) &msg[1]) + attrs_len; - attests = - GNUNET_RECLAIM_attestation_list_deserialize (read_ptr, attests_len); + pl = GNUNET_RECLAIM_presentation_list_deserialize (read_ptr, pl_len); if (NULL != op->atr_cb) { if (NULL == attrs) @@ -626,22 +625,22 @@ handle_consume_ticket_result (void *cls, for (le = attrs->list_head; NULL != le; le = le->next) { if (GNUNET_NO == - GNUNET_RECLAIM_id_is_zero (&le->attribute->attestation)) + GNUNET_RECLAIM_id_is_zero (&le->attribute->credential)) { - for (ale = attests->list_head; NULL != ale; ale = ale->next) + for (ple = pl->list_head; NULL != ple; ple = ple->next) { if (GNUNET_YES == - GNUNET_RECLAIM_id_is_equal (&le->attribute->attestation, - &ale->attestation->id)) + GNUNET_RECLAIM_id_is_equal (&le->attribute->credential, + &ple->presentation->credential_id)) { op->atr_cb (op->cls, &msg->identity, - le->attribute, ale->attestation); + le->attribute, ple->presentation); break; } } } - else // No attestations + else // No credentials { op->atr_cb (op->cls, &msg->identity, le->attribute, NULL); @@ -649,10 +648,10 @@ handle_consume_ticket_result (void *cls, } if (NULL != attrs) GNUNET_RECLAIM_attribute_list_destroy (attrs); - if (NULL != attests) - GNUNET_RECLAIM_attestation_list_destroy (attests); + if (NULL != pl) + GNUNET_RECLAIM_presentation_list_destroy (pl); attrs = NULL; - attests = NULL; + pl = NULL; } op->atr_cb (op->cls, NULL, NULL, NULL); } @@ -768,21 +767,21 @@ handle_attribute_result (void *cls, const struct AttributeResultMessage *msg) /** * Handle an incoming message of type - * #GNUNET_MESSAGE_TYPE_RECLAIM_attestation_RESULT + * #GNUNET_MESSAGE_TYPE_RECLAIM_credential_RESULT * * @param cls * @param msg the message we received * @return #GNUNET_OK on success, #GNUNET_SYSERR on error */ static int -check_attestation_result (void *cls, const struct AttestationResultMessage *msg) +check_credential_result (void *cls, const struct CredentialResultMessage *msg) { size_t msg_len; - size_t attest_len; + size_t cred_len; msg_len = ntohs (msg->header.size); - attest_len = ntohs (msg->attestation_len); - if (msg_len != sizeof(struct AttestationResultMessage) + attest_len) + cred_len = ntohs (msg->credential_len); + if (msg_len != sizeof(struct CredentialResultMessage) + cred_len) { GNUNET_break (0); return GNUNET_SYSERR; @@ -793,24 +792,24 @@ check_attestation_result (void *cls, const struct AttestationResultMessage *msg) /** * Handle an incoming message of type - * #GNUNET_MESSAGE_TYPE_RECLAIM_attestation_RESULT + * #GNUNET_MESSAGE_TYPE_RECLAIM_credential_RESULT * * @param cls * @param msg the message we received */ static void -handle_attestation_result (void *cls, const struct - AttestationResultMessage *msg) +handle_credential_result (void *cls, const struct + CredentialResultMessage *msg) { static struct GNUNET_CRYPTO_EcdsaPrivateKey identity_dummy; struct GNUNET_RECLAIM_Handle *h = cls; - struct GNUNET_RECLAIM_AttestationIterator *it; + struct GNUNET_RECLAIM_CredentialIterator *it; struct GNUNET_RECLAIM_Operation *op; size_t att_len; uint32_t r_id = ntohl (msg->id); - att_len = ntohs (msg->attestation_len); - LOG (GNUNET_ERROR_TYPE_DEBUG, "Processing attestation result.\n"); + att_len = ntohs (msg->credential_len); + LOG (GNUNET_ERROR_TYPE_DEBUG, "Processing credential result.\n"); for (it = h->ait_head; NULL != it; it = it->next) @@ -848,8 +847,8 @@ handle_attestation_result (void *cls, const struct } { - struct GNUNET_RECLAIM_Attestation *att; - att = GNUNET_RECLAIM_attestation_deserialize ((char *) &msg[1], att_len); + struct GNUNET_RECLAIM_Credential *att; + att = GNUNET_RECLAIM_credential_deserialize ((char *) &msg[1], att_len); if (NULL != it) { @@ -986,9 +985,9 @@ reconnect (struct GNUNET_RECLAIM_Handle *h) GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT, struct AttributeResultMessage, h), - GNUNET_MQ_hd_var_size (attestation_result, - GNUNET_MESSAGE_TYPE_RECLAIM_ATTESTATION_RESULT, - struct AttestationResultMessage, + GNUNET_MQ_hd_var_size (credential_result, + GNUNET_MESSAGE_TYPE_RECLAIM_CREDENTIAL_RESULT, + struct CredentialResultMessage, h), GNUNET_MQ_hd_fixed_size (ticket_result, GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT, @@ -1175,22 +1174,22 @@ GNUNET_RECLAIM_attribute_delete ( /** - * Store an attestation. If the attestation is already present, - * it is replaced with the new attestation. + * Store an credential. If the credential is already present, + * it is replaced with the new credential. * * @param h handle to the re:claimID service * @param pkey private key of the identity - * @param attr the attestation value - * @param exp_interval the relative expiration interval for the attestation + * @param attr the credential value + * @param exp_interval the relative expiration interval for the credential * @param cont continuation to call when done * @param cont_cls closure for @a cont * @return handle to abort the request */ struct GNUNET_RECLAIM_Operation * -GNUNET_RECLAIM_attestation_store ( +GNUNET_RECLAIM_credential_store ( struct GNUNET_RECLAIM_Handle *h, const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey, - const struct GNUNET_RECLAIM_Attestation *attr, + const struct GNUNET_RECLAIM_Credential *attr, const struct GNUNET_TIME_Relative *exp_interval, GNUNET_RECLAIM_ContinuationWithStatus cont, void *cont_cls) @@ -1205,15 +1204,15 @@ GNUNET_RECLAIM_attestation_store ( op->cls = cont_cls; op->r_id = h->r_id_gen++; GNUNET_CONTAINER_DLL_insert_tail (h->op_head, h->op_tail, op); - attr_len = GNUNET_RECLAIM_attestation_serialize_get_size (attr); + attr_len = GNUNET_RECLAIM_credential_serialize_get_size (attr); op->env = GNUNET_MQ_msg_extra (sam, attr_len, - GNUNET_MESSAGE_TYPE_RECLAIM_ATTESTATION_STORE); + GNUNET_MESSAGE_TYPE_RECLAIM_CREDENTIAL_STORE); sam->identity = *pkey; sam->id = htonl (op->r_id); sam->exp = GNUNET_htonll (exp_interval->rel_value_us); - GNUNET_RECLAIM_attestation_serialize (attr, (char *) &sam[1]); + GNUNET_RECLAIM_credential_serialize (attr, (char *) &sam[1]); sam->attr_len = htons (attr_len); if (NULL != h->mq) @@ -1223,21 +1222,21 @@ GNUNET_RECLAIM_attestation_store ( /** - * Delete an attestation. Tickets used to share this attestation are updated + * Delete an credential. Tickets used to share this credential are updated * accordingly. * * @param h handle to the re:claimID service * @param pkey Private key of the identity to add an attribute to - * @param attr The attestation + * @param attr The credential * @param cont Continuation to call when done * @param cont_cls Closure for @a cont * @return handle Used to to abort the request */ struct GNUNET_RECLAIM_Operation * -GNUNET_RECLAIM_attestation_delete ( +GNUNET_RECLAIM_credential_delete ( struct GNUNET_RECLAIM_Handle *h, const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey, - const struct GNUNET_RECLAIM_Attestation *attr, + const struct GNUNET_RECLAIM_Credential *attr, GNUNET_RECLAIM_ContinuationWithStatus cont, void *cont_cls) { @@ -1251,13 +1250,13 @@ GNUNET_RECLAIM_attestation_delete ( op->cls = cont_cls; op->r_id = h->r_id_gen++; GNUNET_CONTAINER_DLL_insert_tail (h->op_head, h->op_tail, op); - attr_len = GNUNET_RECLAIM_attestation_serialize_get_size (attr); + attr_len = GNUNET_RECLAIM_credential_serialize_get_size (attr); op->env = GNUNET_MQ_msg_extra (dam, attr_len, - GNUNET_MESSAGE_TYPE_RECLAIM_ATTESTATION_DELETE); + GNUNET_MESSAGE_TYPE_RECLAIM_CREDENTIAL_DELETE); dam->identity = *pkey; dam->id = htonl (op->r_id); - GNUNET_RECLAIM_attestation_serialize (attr, (char *) &dam[1]); + GNUNET_RECLAIM_credential_serialize (attr, (char *) &dam[1]); dam->attr_len = htons (attr_len); if (NULL != h->mq) @@ -1376,12 +1375,12 @@ GNUNET_RECLAIM_get_attributes_stop (struct GNUNET_RECLAIM_AttributeIterator *it) /** - * List all attestations for a local identity. + * List all credentials for a local identity. * This MUST lock the `struct GNUNET_RECLAIM_Handle` - * for any other calls than #GNUNET_RECLAIM_get_attestations_next() and - * #GNUNET_RECLAIM_get_attestations_stop. @a proc will be called once + * for any other calls than #GNUNET_RECLAIM_get_credentials_next() and + * #GNUNET_RECLAIM_get_credentials_stop. @a proc will be called once * immediately, and then again after - * #GNUNET_RECLAIM_get_attestations_next() is invoked. + * #GNUNET_RECLAIM_get_credentials_next() is invoked. * * On error (disconnect), @a error_cb will be invoked. * On normal completion, @a finish_cb proc will be @@ -1392,31 +1391,31 @@ GNUNET_RECLAIM_get_attributes_stop (struct GNUNET_RECLAIM_AttributeIterator *it) * @param error_cb Function to call on error (i.e. disconnect), * the handle is afterwards invalid * @param error_cb_cls Closure for @a error_cb - * @param proc Function to call on each attestation + * @param proc Function to call on each credential * @param proc_cls Closure for @a proc * @param finish_cb Function to call on completion * the handle is afterwards invalid * @param finish_cb_cls Closure for @a finish_cb * @return an iterator Handle to use for iteration */ -struct GNUNET_RECLAIM_AttestationIterator * -GNUNET_RECLAIM_get_attestations_start ( +struct GNUNET_RECLAIM_CredentialIterator * +GNUNET_RECLAIM_get_credentials_start ( struct GNUNET_RECLAIM_Handle *h, const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, GNUNET_SCHEDULER_TaskCallback error_cb, void *error_cb_cls, - GNUNET_RECLAIM_AttestationResult proc, + GNUNET_RECLAIM_CredentialResult proc, void *proc_cls, GNUNET_SCHEDULER_TaskCallback finish_cb, void *finish_cb_cls) { - struct GNUNET_RECLAIM_AttestationIterator *ait; + struct GNUNET_RECLAIM_CredentialIterator *ait; struct GNUNET_MQ_Envelope *env; - struct AttestationIterationStartMessage *msg; + struct CredentialIterationStartMessage *msg; uint32_t rid; rid = h->r_id_gen++; - ait = GNUNET_new (struct GNUNET_RECLAIM_AttestationIterator); + ait = GNUNET_new (struct GNUNET_RECLAIM_CredentialIterator); ait->h = h; ait->error_cb = error_cb; ait->error_cb_cls = error_cb_cls; @@ -1429,7 +1428,7 @@ GNUNET_RECLAIM_get_attestations_start ( GNUNET_CONTAINER_DLL_insert_tail (h->ait_head, h->ait_tail, ait); env = GNUNET_MQ_msg (msg, - GNUNET_MESSAGE_TYPE_RECLAIM_ATTESTATION_ITERATION_START); + GNUNET_MESSAGE_TYPE_RECLAIM_CREDENTIAL_ITERATION_START); msg->id = htonl (rid); msg->identity = *identity; if (NULL == h->mq) @@ -1441,21 +1440,21 @@ GNUNET_RECLAIM_get_attestations_start ( /** - * Calls the record processor specified in #GNUNET_RECLAIM_get_attestation_start + * Calls the record processor specified in #GNUNET_RECLAIM_get_credential_start * for the next record. * * @param it the iterator */ void -GNUNET_RECLAIM_get_attestations_next (struct - GNUNET_RECLAIM_AttestationIterator *ait) +GNUNET_RECLAIM_get_credentials_next (struct + GNUNET_RECLAIM_CredentialIterator *ait) { struct GNUNET_RECLAIM_Handle *h = ait->h; - struct AttestationIterationNextMessage *msg; + struct CredentialIterationNextMessage *msg; struct GNUNET_MQ_Envelope *env; env = - GNUNET_MQ_msg (msg, GNUNET_MESSAGE_TYPE_RECLAIM_ATTESTATION_ITERATION_NEXT); + GNUNET_MQ_msg (msg, GNUNET_MESSAGE_TYPE_RECLAIM_CREDENTIAL_ITERATION_NEXT); msg->id = htonl (ait->r_id); GNUNET_MQ_send (h->mq, env); } @@ -1469,18 +1468,18 @@ GNUNET_RECLAIM_get_attestations_next (struct * @param it the iterator */ void -GNUNET_RECLAIM_get_attestations_stop (struct - GNUNET_RECLAIM_AttestationIterator *ait) +GNUNET_RECLAIM_get_credentials_stop (struct + GNUNET_RECLAIM_CredentialIterator *ait) { struct GNUNET_RECLAIM_Handle *h = ait->h; struct GNUNET_MQ_Envelope *env; - struct AttestationIterationStopMessage *msg; + struct CredentialIterationStopMessage *msg; if (NULL != h->mq) { env = GNUNET_MQ_msg (msg, - GNUNET_MESSAGE_TYPE_RECLAIM_ATTESTATION_ITERATION_STOP); + GNUNET_MESSAGE_TYPE_RECLAIM_CREDENTIAL_ITERATION_STOP); msg->id = htonl (ait->r_id); GNUNET_MQ_send (h->mq, env); } diff --git a/src/reclaim/reclaim_attestation.c b/src/reclaim/reclaim_attestation.c deleted file mode 100644 index 1f2b1890b..000000000 --- a/src/reclaim/reclaim_attestation.c +++ /dev/null @@ -1,570 +0,0 @@ -/* - This file is part of GNUnet - Copyright (C) 2010-2015 GNUnet e.V. - - GNUnet is free software: you can redistribute it and/or modify it - under the terms of the GNU Affero General Public License as published - by the Free Software Foundation, either version 3 of the License, - or (at your option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . - - SPDX-License-Identifier: AGPL3.0-or-later - */ - -/** - * @file reclaim-attribute/reclaim_attestation.c - * @brief helper library to manage identity attribute attestations - * @author Martin Schanzenbach - */ -#include "platform.h" -#include "gnunet_util_lib.h" -#include "gnunet_reclaim_plugin.h" -#include "reclaim_attestation.h" - - -/** - * Handle for a plugin - */ -struct Plugin -{ - /** - * Name of the plugin - */ - char *library_name; - - /** - * Plugin API - */ - struct GNUNET_RECLAIM_AttestationPluginFunctions *api; -}; - - -/** - * Plugins - */ -static struct Plugin **attest_plugins; - - -/** - * Number of plugins - */ -static unsigned int num_plugins; - - -/** - * Init canary - */ -static int initialized; - - -/** - * Add a plugin - * - * @param cls closure - * @param library_name name of the API library - * @param lib_ret the plugin API pointer - */ -static void -add_plugin (void *cls, const char *library_name, void *lib_ret) -{ - struct GNUNET_RECLAIM_AttestationPluginFunctions *api = lib_ret; - struct Plugin *plugin; - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Loading attestation plugin `%s'\n", - library_name); - plugin = GNUNET_new (struct Plugin); - plugin->api = api; - plugin->library_name = GNUNET_strdup (library_name); - GNUNET_array_append (attest_plugins, num_plugins, plugin); -} - - -/** - * Load plugins - */ -static void -init () -{ - if (GNUNET_YES == initialized) - return; - initialized = GNUNET_YES; - GNUNET_PLUGIN_load_all ("libgnunet_plugin_reclaim_attestation_", - NULL, - &add_plugin, - NULL); -} - - -/** - * Convert an attestation type name to the corresponding number - * - * @param typename name to convert - * @return corresponding number, UINT32_MAX on error - */ -uint32_t -GNUNET_RECLAIM_attestation_typename_to_number (const char *typename) -{ - unsigned int i; - struct Plugin *plugin; - uint32_t ret; - init (); - for (i = 0; i < num_plugins; i++) - { - plugin = attest_plugins[i]; - if (UINT32_MAX != - (ret = plugin->api->typename_to_number (plugin->api->cls, - typename))) - return ret; - } - return UINT32_MAX; -} - - -/** - * Convert an attestation type number to the corresponding attestation type string - * - * @param type number of a type - * @return corresponding typestring, NULL on error - */ -const char * -GNUNET_RECLAIM_attestation_number_to_typename (uint32_t type) -{ - unsigned int i; - struct Plugin *plugin; - const char *ret; - - init (); - for (i = 0; i < num_plugins; i++) - { - plugin = attest_plugins[i]; - if (NULL != - (ret = plugin->api->number_to_typename (plugin->api->cls, type))) - return ret; - } - return NULL; -} - - -/** - * Convert human-readable version of a 'claim' of an attestation to the binary - * representation - * - * @param type type of the claim - * @param s human-readable string - * @param data set to value in binary encoding (will be allocated) - * @param data_size set to number of bytes in @a data - * @return #GNUNET_OK on success - */ -int -GNUNET_RECLAIM_attestation_string_to_value (uint32_t type, - const char *s, - void **data, - size_t *data_size) -{ - unsigned int i; - struct Plugin *plugin; - - init (); - for (i = 0; i < num_plugins; i++) - { - plugin = attest_plugins[i]; - if (GNUNET_OK == plugin->api->string_to_value (plugin->api->cls, - type, - s, - data, - data_size)) - return GNUNET_OK; - } - return GNUNET_SYSERR; -} - - -/** - * Convert the 'claim' of an attestation to a string - * - * @param type the type of attestation - * @param data claim in binary encoding - * @param data_size number of bytes in @a data - * @return NULL on error, otherwise human-readable representation of the claim - */ -char * -GNUNET_RECLAIM_attestation_value_to_string (uint32_t type, - const void *data, - size_t data_size) -{ - unsigned int i; - struct Plugin *plugin; - char *ret; - - init (); - for (i = 0; i < num_plugins; i++) - { - plugin = attest_plugins[i]; - if (NULL != (ret = plugin->api->value_to_string (plugin->api->cls, - type, - data, - data_size))) - return ret; - } - return NULL; -} - - -/** - * Create a new attestation. - * - * @param attr_name the attestation name - * @param type the attestation type - * @param data the attestation value - * @param data_size the attestation value size - * @return the new attestation - */ -struct GNUNET_RECLAIM_Attestation * -GNUNET_RECLAIM_attestation_new (const char *attr_name, - uint32_t type, - const void *data, - size_t data_size) -{ - struct GNUNET_RECLAIM_Attestation *attr; - char *write_ptr; - char *attr_name_tmp = GNUNET_strdup (attr_name); - - GNUNET_STRINGS_utf8_tolower (attr_name, attr_name_tmp); - - attr = GNUNET_malloc (sizeof(struct GNUNET_RECLAIM_Attestation) - + strlen (attr_name_tmp) + 1 + data_size); - attr->type = type; - attr->data_size = data_size; - attr->flag = 0; - write_ptr = (char *) &attr[1]; - GNUNET_memcpy (write_ptr, attr_name_tmp, strlen (attr_name_tmp) + 1); - attr->name = write_ptr; - write_ptr += strlen (attr->name) + 1; - GNUNET_memcpy (write_ptr, data, data_size); - attr->data = write_ptr; - GNUNET_free (attr_name_tmp); - return attr; -} - - -/** - * Get required size for serialization buffer - * - * @param attrs the attribute list to serialize - * @return the required buffer size - */ -size_t -GNUNET_RECLAIM_attestation_list_serialize_get_size ( - const struct GNUNET_RECLAIM_AttestationList *attestations) -{ - struct GNUNET_RECLAIM_AttestationListEntry *le; - size_t len = 0; - - for (le = attestations->list_head; NULL != le; le = le->next) - { - GNUNET_assert (NULL != le->attestation); - len += GNUNET_RECLAIM_attestation_serialize_get_size (le->attestation); - len += sizeof(struct GNUNET_RECLAIM_AttestationListEntry); - } - return len; -} - - -/** - * Serialize an attribute list - * - * @param attrs the attribute list to serialize - * @param result the serialized attribute - * @return length of serialized data - */ -size_t -GNUNET_RECLAIM_attestation_list_serialize ( - const struct GNUNET_RECLAIM_AttestationList *attestations, - char *result) -{ - struct GNUNET_RECLAIM_AttestationListEntry *le; - size_t len; - size_t total_len; - char *write_ptr; - write_ptr = result; - total_len = 0; - for (le = attestations->list_head; NULL != le; le = le->next) - { - GNUNET_assert (NULL != le->attestation); - len = GNUNET_RECLAIM_attestation_serialize (le->attestation, write_ptr); - total_len += len; - write_ptr += len; - } - return total_len; -} - - -/** - * Deserialize an attestation list - * - * @param data the serialized attribute list - * @param data_size the length of the serialized data - * @return a GNUNET_IDENTITY_PROVIDER_AttributeList, must be free'd by caller - */ -struct GNUNET_RECLAIM_AttestationList * -GNUNET_RECLAIM_attestation_list_deserialize (const char *data, size_t data_size) -{ - struct GNUNET_RECLAIM_AttestationList *al; - struct GNUNET_RECLAIM_AttestationListEntry *ale; - size_t att_len; - const char *read_ptr; - - al = GNUNET_new (struct GNUNET_RECLAIM_AttestationList); - - if ((data_size < sizeof(struct - Attestation) - + sizeof(struct GNUNET_RECLAIM_AttestationListEntry))) - return al; - - read_ptr = data; - while (((data + data_size) - read_ptr) >= sizeof(struct Attestation)) - { - ale = GNUNET_new (struct GNUNET_RECLAIM_AttestationListEntry); - ale->attestation = - GNUNET_RECLAIM_attestation_deserialize (read_ptr, - data_size - (read_ptr - data)); - if (NULL == ale->attestation) - { - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - "Failed to deserialize malformed attestation.\n"); - GNUNET_free (ale); - return al; - } - GNUNET_CONTAINER_DLL_insert (al->list_head, al->list_tail, ale); - att_len = GNUNET_RECLAIM_attestation_serialize_get_size (ale->attestation); - read_ptr += att_len; - } - return al; -} - - -/** - * Make a (deep) copy of the attestation list - * @param attrs claim list to copy - * @return copied claim list - */ -struct GNUNET_RECLAIM_AttestationList * -GNUNET_RECLAIM_attestation_list_dup ( - const struct GNUNET_RECLAIM_AttestationList *al) -{ - struct GNUNET_RECLAIM_AttestationListEntry *ale; - struct GNUNET_RECLAIM_AttestationListEntry *result_ale; - struct GNUNET_RECLAIM_AttestationList *result; - - result = GNUNET_new (struct GNUNET_RECLAIM_AttestationList); - for (ale = al->list_head; NULL != ale; ale = ale->next) - { - result_ale = GNUNET_new (struct GNUNET_RECLAIM_AttestationListEntry); - GNUNET_assert (NULL != ale->attestation); - result_ale->attestation = - GNUNET_RECLAIM_attestation_new (ale->attestation->name, - ale->attestation->type, - ale->attestation->data, - ale->attestation->data_size); - result_ale->attestation->id = ale->attestation->id; - GNUNET_CONTAINER_DLL_insert (result->list_head, - result->list_tail, - result_ale); - } - return result; -} - - -/** - * Destroy attestation list - * - * @param attrs list to destroy - */ -void -GNUNET_RECLAIM_attestation_list_destroy ( - struct GNUNET_RECLAIM_AttestationList *al) -{ - struct GNUNET_RECLAIM_AttestationListEntry *ale; - struct GNUNET_RECLAIM_AttestationListEntry *tmp_ale; - - for (ale = al->list_head; NULL != ale;) - { - if (NULL != ale->attestation) - GNUNET_free (ale->attestation); - tmp_ale = ale; - ale = ale->next; - GNUNET_free (tmp_ale); - } - GNUNET_free (al); -} - - -/** - * Get required size for serialization buffer - * - * @param attr the attestation to serialize - * @return the required buffer size - */ -size_t -GNUNET_RECLAIM_attestation_serialize_get_size ( - const struct GNUNET_RECLAIM_Attestation *attestation) -{ - return sizeof(struct Attestation) + strlen (attestation->name) - + attestation->data_size; -} - - -/** - * Serialize an attestation - * - * @param attr the attestation to serialize - * @param result the serialized attestation - * @return length of serialized data - */ -size_t -GNUNET_RECLAIM_attestation_serialize ( - const struct GNUNET_RECLAIM_Attestation *attestation, - char *result) -{ - size_t data_len_ser; - size_t name_len; - struct Attestation *atts; - char *write_ptr; - - atts = (struct Attestation *) result; - atts->attestation_type = htons (attestation->type); - atts->attestation_flag = htonl (attestation->flag); - atts->attestation_id = attestation->id; - name_len = strlen (attestation->name); - atts->name_len = htons (name_len); - write_ptr = (char *) &atts[1]; - GNUNET_memcpy (write_ptr, attestation->name, name_len); - write_ptr += name_len; - // TODO plugin-ize - // data_len_ser = plugin->serialize_attribute_value (attr, - // &attr_ser[1]); - data_len_ser = attestation->data_size; - GNUNET_memcpy (write_ptr, attestation->data, attestation->data_size); - atts->data_size = htons (data_len_ser); - - return sizeof(struct Attestation) + strlen (attestation->name) - + attestation->data_size; -} - - -/** - * Deserialize an attestation - * - * @param data the serialized attestation - * @param data_size the length of the serialized data - * - * @return a GNUNET_IDENTITY_PROVIDER_Attribute, must be free'd by caller - */ -struct GNUNET_RECLAIM_Attestation * -GNUNET_RECLAIM_attestation_deserialize (const char *data, size_t data_size) -{ - struct GNUNET_RECLAIM_Attestation *attestation; - struct Attestation *atts; - size_t data_len; - size_t name_len; - char *write_ptr; - - if (data_size < sizeof(struct Attestation)) - return NULL; - - atts = (struct Attestation *) data; - data_len = ntohs (atts->data_size); - name_len = ntohs (atts->name_len); - if (data_size < sizeof(struct Attestation) + data_len + name_len) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Buffer too small to deserialize\n"); - return NULL; - } - attestation = GNUNET_malloc (sizeof(struct GNUNET_RECLAIM_Attestation) - + data_len + name_len + 1); - attestation->type = ntohs (atts->attestation_type); - attestation->flag = ntohl (atts->attestation_flag); - attestation->id = atts->attestation_id; - attestation->data_size = data_len; - - write_ptr = (char *) &attestation[1]; - GNUNET_memcpy (write_ptr, &atts[1], name_len); - write_ptr[name_len] = '\0'; - attestation->name = write_ptr; - - write_ptr += name_len + 1; - GNUNET_memcpy (write_ptr, (char *) &atts[1] + name_len, - attestation->data_size); - attestation->data = write_ptr; - return attestation; -} - - -struct GNUNET_RECLAIM_AttributeList* -GNUNET_RECLAIM_attestation_get_attributes (const struct - GNUNET_RECLAIM_Attestation *attest) -{ - unsigned int i; - struct Plugin *plugin; - struct GNUNET_RECLAIM_AttributeList *ret; - init (); - for (i = 0; i < num_plugins; i++) - { - plugin = attest_plugins[i]; - if (NULL != - (ret = plugin->api->get_attributes (plugin->api->cls, - attest))) - return ret; - } - return NULL; -} - - -char* -GNUNET_RECLAIM_attestation_get_issuer (const struct - GNUNET_RECLAIM_Attestation *attest) -{ - unsigned int i; - struct Plugin *plugin; - char *ret; - init (); - for (i = 0; i < num_plugins; i++) - { - plugin = attest_plugins[i]; - if (NULL != - (ret = plugin->api->get_issuer (plugin->api->cls, - attest))) - return ret; - } - return NULL; -} - - -int -GNUNET_RECLAIM_attestation_get_expiration (const struct - GNUNET_RECLAIM_Attestation *attest, - struct GNUNET_TIME_Absolute*exp) -{ - unsigned int i; - struct Plugin *plugin; - init (); - for (i = 0; i < num_plugins; i++) - { - plugin = attest_plugins[i]; - if (GNUNET_OK != plugin->api->get_expiration (plugin->api->cls, - attest, - exp)) - continue; - return GNUNET_OK; - } - return GNUNET_SYSERR; -} diff --git a/src/reclaim/reclaim_attestation.h b/src/reclaim/reclaim_attestation.h deleted file mode 100644 index 5747d8896..000000000 --- a/src/reclaim/reclaim_attestation.h +++ /dev/null @@ -1,64 +0,0 @@ -/* - This file is part of GNUnet. - Copyright (C) 2012-2015 GNUnet e.V. - - GNUnet is free software: you can redistribute it and/or modify it - under the terms of the GNU Affero General Public License as published - by the Free Software Foundation, either version 3 of the License, - or (at your option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . - - SPDX-License-Identifier: AGPL3.0-or-later - */ -/** - * @author Martin Schanzenbach - * @file reclaim-attribute/reclaim_attestation.h - * @brief GNUnet reclaim identity attribute attestations - * - */ -#ifndef RECLAIM_ATTESTATION_H -#define RECLAIM_ATTESTATION_H - -#include "gnunet_reclaim_service.h" - -/** - * Serialized attestation claim - */ -struct Attestation -{ - /** - * Attestation type - */ - uint32_t attestation_type; - - /** - * Attestation flag - */ - uint32_t attestation_flag; - - /** - * Attestation ID - */ - struct GNUNET_RECLAIM_Identifier attestation_id; - - /** - * Name length - */ - uint32_t name_len; - - /** - * Data size - */ - uint32_t data_size; - - // followed by data_size Attestation value data -}; - -#endif diff --git a/src/reclaim/reclaim_attribute.c b/src/reclaim/reclaim_attribute.c index 971bfce23..2217987ac 100644 --- a/src/reclaim/reclaim_attribute.c +++ b/src/reclaim/reclaim_attribute.c @@ -222,7 +222,7 @@ GNUNET_RECLAIM_attribute_value_to_string (uint32_t type, * Create a new attribute. * * @param attr_name the attribute name - * @param attestation attestation ID of the attribute (maybe NULL) + * @param credential credential ID of the attribute (maybe NULL) * @param type the attribute type * @param data the attribute value * @param data_size the attribute value size @@ -231,7 +231,7 @@ GNUNET_RECLAIM_attribute_value_to_string (uint32_t type, struct GNUNET_RECLAIM_Attribute * GNUNET_RECLAIM_attribute_new (const char *attr_name, const struct - GNUNET_RECLAIM_Identifier *attestation, + GNUNET_RECLAIM_Identifier *credential, uint32_t type, const void *data, size_t data_size) @@ -244,8 +244,8 @@ GNUNET_RECLAIM_attribute_new (const char *attr_name, attr = GNUNET_malloc (sizeof(struct GNUNET_RECLAIM_Attribute) + strlen (attr_name_tmp) + 1 + data_size); - if (NULL != attestation) - attr->attestation = *attestation; + if (NULL != credential) + attr->credential = *credential; attr->type = type; attr->data_size = data_size; attr->flag = 0; @@ -272,7 +272,7 @@ void GNUNET_RECLAIM_attribute_list_add ( struct GNUNET_RECLAIM_AttributeList *al, const char *attr_name, - const struct GNUNET_RECLAIM_Identifier *attestation, + const struct GNUNET_RECLAIM_Identifier *credential, uint32_t type, const void *data, size_t data_size) @@ -281,7 +281,7 @@ GNUNET_RECLAIM_attribute_list_add ( ale = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); ale->attribute = - GNUNET_RECLAIM_attribute_new (attr_name, attestation, + GNUNET_RECLAIM_attribute_new (attr_name, credential, type, data, data_size); GNUNET_CONTAINER_DLL_insert (al->list_head, al->list_tail, @@ -403,7 +403,7 @@ GNUNET_RECLAIM_attribute_list_dup ( { result_ale->attribute = GNUNET_RECLAIM_attribute_new (ale->attribute->name, - &ale->attribute->attestation, + &ale->attribute->credential, ale->attribute->type, ale->attribute->data, ale->attribute->data_size); @@ -478,7 +478,7 @@ GNUNET_RECLAIM_attribute_serialize ( attr_ser->attribute_type = htons (attr->type); attr_ser->attribute_flag = htonl (attr->flag); attr_ser->attribute_id = attr->id; - attr_ser->attestation_id = attr->attestation; + attr_ser->credential_id = attr->credential; name_len = strlen (attr->name); attr_ser->name_len = htons (name_len); write_ptr = (char *) &attr_ser[1]; @@ -530,7 +530,7 @@ GNUNET_RECLAIM_attribute_deserialize (const char *data, size_t data_size, attribute->type = ntohs (attr_ser->attribute_type); attribute->flag = ntohl (attr_ser->attribute_flag); attribute->id = attr_ser->attribute_id; - attribute->attestation = attr_ser->attestation_id; + attribute->credential = attr_ser->credential_id; attribute->data_size = data_len; write_ptr = (char *) &attribute[1]; diff --git a/src/reclaim/reclaim_attribute.h b/src/reclaim/reclaim_attribute.h index 203c88a34..285d75d83 100644 --- a/src/reclaim/reclaim_attribute.h +++ b/src/reclaim/reclaim_attribute.h @@ -51,9 +51,9 @@ struct Attribute struct GNUNET_RECLAIM_Identifier attribute_id; /** - * Attestation ID + * Credential ID */ - struct GNUNET_RECLAIM_Identifier attestation_id; + struct GNUNET_RECLAIM_Identifier credential_id; /** * Name length @@ -68,39 +68,6 @@ struct Attribute // followed by data_size Attribute value data }; -/** - * Serialized attestation claim - */ -struct Attestation -{ - /** - * Attestation type - */ - uint32_t attestation_type GNUNET_PACKED; - - /** - * Attestation flag - */ - uint32_t attestation_flag GNUNET_PACKED; - - /** - * Attestation ID - */ - struct GNUNET_RECLAIM_Identifier attestation_id; - - /** - * Name length - */ - uint32_t name_len GNUNET_PACKED; - - /** - * Data size - */ - uint32_t data_size GNUNET_PACKED; - - // followed by data_size Attestation value data -}; - GNUNET_NETWORK_STRUCT_BEGIN #endif diff --git a/src/reclaim/reclaim_credential.c b/src/reclaim/reclaim_credential.c new file mode 100644 index 000000000..10b17ae96 --- /dev/null +++ b/src/reclaim/reclaim_credential.c @@ -0,0 +1,570 @@ +/* + This file is part of GNUnet + Copyright (C) 2010-2015 GNUnet e.V. + + GNUnet is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, + or (at your option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + + SPDX-License-Identifier: AGPL3.0-or-later + */ + +/** + * @file reclaim/reclaim_credential.c + * @brief helper library to manage identity attribute credentials + * @author Martin Schanzenbach + */ +#include "platform.h" +#include "gnunet_util_lib.h" +#include "gnunet_reclaim_plugin.h" +#include "reclaim_credential.h" + + +/** + * Handle for a plugin + */ +struct Plugin +{ + /** + * Name of the plugin + */ + char *library_name; + + /** + * Plugin API + */ + struct GNUNET_RECLAIM_CredentialPluginFunctions *api; +}; + + +/** + * Plugins + */ +static struct Plugin **credential_plugins; + + +/** + * Number of plugins + */ +static unsigned int num_plugins; + + +/** + * Init canary + */ +static int initialized; + + +/** + * Add a plugin + * + * @param cls closure + * @param library_name name of the API library + * @param lib_ret the plugin API pointer + */ +static void +add_plugin (void *cls, const char *library_name, void *lib_ret) +{ + struct GNUNET_RECLAIM_CredentialPluginFunctions *api = lib_ret; + struct Plugin *plugin; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Loading credential plugin `%s'\n", + library_name); + plugin = GNUNET_new (struct Plugin); + plugin->api = api; + plugin->library_name = GNUNET_strdup (library_name); + GNUNET_array_append (credential_plugins, num_plugins, plugin); +} + + +/** + * Load plugins + */ +static void +init () +{ + if (GNUNET_YES == initialized) + return; + initialized = GNUNET_YES; + GNUNET_PLUGIN_load_all ("libgnunet_plugin_reclaim_credential_", + NULL, + &add_plugin, + NULL); +} + + +/** + * Convert an credential type name to the corresponding number + * + * @param typename name to convert + * @return corresponding number, UINT32_MAX on error + */ +uint32_t +GNUNET_RECLAIM_credential_typename_to_number (const char *typename) +{ + unsigned int i; + struct Plugin *plugin; + uint32_t ret; + init (); + for (i = 0; i < num_plugins; i++) + { + plugin = credential_plugins[i]; + if (UINT32_MAX != + (ret = plugin->api->typename_to_number (plugin->api->cls, + typename))) + return ret; + } + return UINT32_MAX; +} + + +/** + * Convert an credential type number to the corresponding credential type string + * + * @param type number of a type + * @return corresponding typestring, NULL on error + */ +const char * +GNUNET_RECLAIM_credential_number_to_typename (uint32_t type) +{ + unsigned int i; + struct Plugin *plugin; + const char *ret; + + init (); + for (i = 0; i < num_plugins; i++) + { + plugin = credential_plugins[i]; + if (NULL != + (ret = plugin->api->number_to_typename (plugin->api->cls, type))) + return ret; + } + return NULL; +} + + +/** + * Convert human-readable version of a 'claim' of an credential to the binary + * representation + * + * @param type type of the claim + * @param s human-readable string + * @param data set to value in binary encoding (will be allocated) + * @param data_size set to number of bytes in @a data + * @return #GNUNET_OK on success + */ +int +GNUNET_RECLAIM_credential_string_to_value (uint32_t type, + const char *s, + void **data, + size_t *data_size) +{ + unsigned int i; + struct Plugin *plugin; + + init (); + for (i = 0; i < num_plugins; i++) + { + plugin = credential_plugins[i]; + if (GNUNET_OK == plugin->api->string_to_value (plugin->api->cls, + type, + s, + data, + data_size)) + return GNUNET_OK; + } + return GNUNET_SYSERR; +} + + +/** + * Convert the 'claim' of an credential to a string + * + * @param type the type of credential + * @param data claim in binary encoding + * @param data_size number of bytes in @a data + * @return NULL on error, otherwise human-readable representation of the claim + */ +char * +GNUNET_RECLAIM_credential_value_to_string (uint32_t type, + const void *data, + size_t data_size) +{ + unsigned int i; + struct Plugin *plugin; + char *ret; + + init (); + for (i = 0; i < num_plugins; i++) + { + plugin = credential_plugins[i]; + if (NULL != (ret = plugin->api->value_to_string (plugin->api->cls, + type, + data, + data_size))) + return ret; + } + return NULL; +} + + +/** + * Create a new credential. + * + * @param attr_name the credential name + * @param type the credential type + * @param data the credential value + * @param data_size the credential value size + * @return the new credential + */ +struct GNUNET_RECLAIM_Credential * +GNUNET_RECLAIM_credential_new (const char *attr_name, + uint32_t type, + const void *data, + size_t data_size) +{ + struct GNUNET_RECLAIM_Credential *attr; + char *write_ptr; + char *attr_name_tmp = GNUNET_strdup (attr_name); + + GNUNET_STRINGS_utf8_tolower (attr_name, attr_name_tmp); + + attr = GNUNET_malloc (sizeof(struct GNUNET_RECLAIM_Credential) + + strlen (attr_name_tmp) + 1 + data_size); + attr->type = type; + attr->data_size = data_size; + attr->flag = 0; + write_ptr = (char *) &attr[1]; + GNUNET_memcpy (write_ptr, attr_name_tmp, strlen (attr_name_tmp) + 1); + attr->name = write_ptr; + write_ptr += strlen (attr->name) + 1; + GNUNET_memcpy (write_ptr, data, data_size); + attr->data = write_ptr; + GNUNET_free (attr_name_tmp); + return attr; +} + + +/** + * Get required size for serialization buffer + * + * @param attrs the attribute list to serialize + * @return the required buffer size + */ +size_t +GNUNET_RECLAIM_credential_list_serialize_get_size ( + const struct GNUNET_RECLAIM_CredentialList *credentials) +{ + struct GNUNET_RECLAIM_CredentialListEntry *le; + size_t len = 0; + + for (le = credentials->list_head; NULL != le; le = le->next) + { + GNUNET_assert (NULL != le->credential); + len += GNUNET_RECLAIM_credential_serialize_get_size (le->credential); + len += sizeof(struct GNUNET_RECLAIM_CredentialListEntry); + } + return len; +} + + +/** + * Serialize an attribute list + * + * @param attrs the attribute list to serialize + * @param result the serialized attribute + * @return length of serialized data + */ +size_t +GNUNET_RECLAIM_credential_list_serialize ( + const struct GNUNET_RECLAIM_CredentialList *credentials, + char *result) +{ + struct GNUNET_RECLAIM_CredentialListEntry *le; + size_t len; + size_t total_len; + char *write_ptr; + write_ptr = result; + total_len = 0; + for (le = credentials->list_head; NULL != le; le = le->next) + { + GNUNET_assert (NULL != le->credential); + len = GNUNET_RECLAIM_credential_serialize (le->credential, write_ptr); + total_len += len; + write_ptr += len; + } + return total_len; +} + + +/** + * Deserialize an credential list + * + * @param data the serialized attribute list + * @param data_size the length of the serialized data + * @return a GNUNET_IDENTITY_PROVIDER_AttributeList, must be free'd by caller + */ +struct GNUNET_RECLAIM_CredentialList * +GNUNET_RECLAIM_credential_list_deserialize (const char *data, size_t data_size) +{ + struct GNUNET_RECLAIM_CredentialList *al; + struct GNUNET_RECLAIM_CredentialListEntry *ale; + size_t att_len; + const char *read_ptr; + + al = GNUNET_new (struct GNUNET_RECLAIM_CredentialList); + + if ((data_size < sizeof(struct + Credential) + + sizeof(struct GNUNET_RECLAIM_CredentialListEntry))) + return al; + + read_ptr = data; + while (((data + data_size) - read_ptr) >= sizeof(struct Credential)) + { + ale = GNUNET_new (struct GNUNET_RECLAIM_CredentialListEntry); + ale->credential = + GNUNET_RECLAIM_credential_deserialize (read_ptr, + data_size - (read_ptr - data)); + if (NULL == ale->credential) + { + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "Failed to deserialize malformed credential.\n"); + GNUNET_free (ale); + return al; + } + GNUNET_CONTAINER_DLL_insert (al->list_head, al->list_tail, ale); + att_len = GNUNET_RECLAIM_credential_serialize_get_size (ale->credential); + read_ptr += att_len; + } + return al; +} + + +/** + * Make a (deep) copy of the credential list + * @param attrs claim list to copy + * @return copied claim list + */ +struct GNUNET_RECLAIM_CredentialList * +GNUNET_RECLAIM_credential_list_dup ( + const struct GNUNET_RECLAIM_CredentialList *al) +{ + struct GNUNET_RECLAIM_CredentialListEntry *ale; + struct GNUNET_RECLAIM_CredentialListEntry *result_ale; + struct GNUNET_RECLAIM_CredentialList *result; + + result = GNUNET_new (struct GNUNET_RECLAIM_CredentialList); + for (ale = al->list_head; NULL != ale; ale = ale->next) + { + result_ale = GNUNET_new (struct GNUNET_RECLAIM_CredentialListEntry); + GNUNET_assert (NULL != ale->credential); + result_ale->credential = + GNUNET_RECLAIM_credential_new (ale->credential->name, + ale->credential->type, + ale->credential->data, + ale->credential->data_size); + result_ale->credential->id = ale->credential->id; + GNUNET_CONTAINER_DLL_insert (result->list_head, + result->list_tail, + result_ale); + } + return result; +} + + +/** + * Destroy credential list + * + * @param attrs list to destroy + */ +void +GNUNET_RECLAIM_credential_list_destroy ( + struct GNUNET_RECLAIM_CredentialList *al) +{ + struct GNUNET_RECLAIM_CredentialListEntry *ale; + struct GNUNET_RECLAIM_CredentialListEntry *tmp_ale; + + for (ale = al->list_head; NULL != ale;) + { + if (NULL != ale->credential) + GNUNET_free (ale->credential); + tmp_ale = ale; + ale = ale->next; + GNUNET_free (tmp_ale); + } + GNUNET_free (al); +} + + +/** + * Get required size for serialization buffer + * + * @param attr the credential to serialize + * @return the required buffer size + */ +size_t +GNUNET_RECLAIM_credential_serialize_get_size ( + const struct GNUNET_RECLAIM_Credential *credential) +{ + return sizeof(struct Credential) + strlen (credential->name) + + credential->data_size; +} + + +/** + * Serialize an credential + * + * @param attr the credential to serialize + * @param result the serialized credential + * @return length of serialized data + */ +size_t +GNUNET_RECLAIM_credential_serialize ( + const struct GNUNET_RECLAIM_Credential *credential, + char *result) +{ + size_t data_len_ser; + size_t name_len; + struct Credential *atts; + char *write_ptr; + + atts = (struct Credential *) result; + atts->credential_type = htons (credential->type); + atts->credential_flag = htonl (credential->flag); + atts->credential_id = credential->id; + name_len = strlen (credential->name); + atts->name_len = htons (name_len); + write_ptr = (char *) &atts[1]; + GNUNET_memcpy (write_ptr, credential->name, name_len); + write_ptr += name_len; + // TODO plugin-ize + // data_len_ser = plugin->serialize_attribute_value (attr, + // &attr_ser[1]); + data_len_ser = credential->data_size; + GNUNET_memcpy (write_ptr, credential->data, credential->data_size); + atts->data_size = htons (data_len_ser); + + return sizeof(struct Credential) + strlen (credential->name) + + credential->data_size; +} + + +/** + * Deserialize an credential + * + * @param data the serialized credential + * @param data_size the length of the serialized data + * + * @return a GNUNET_IDENTITY_PROVIDER_Attribute, must be free'd by caller + */ +struct GNUNET_RECLAIM_Credential * +GNUNET_RECLAIM_credential_deserialize (const char *data, size_t data_size) +{ + struct GNUNET_RECLAIM_Credential *credential; + struct Credential *atts; + size_t data_len; + size_t name_len; + char *write_ptr; + + if (data_size < sizeof(struct Credential)) + return NULL; + + atts = (struct Credential *) data; + data_len = ntohs (atts->data_size); + name_len = ntohs (atts->name_len); + if (data_size < sizeof(struct Credential) + data_len + name_len) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Buffer too small to deserialize\n"); + return NULL; + } + credential = GNUNET_malloc (sizeof(struct GNUNET_RECLAIM_Credential) + + data_len + name_len + 1); + credential->type = ntohs (atts->credential_type); + credential->flag = ntohl (atts->credential_flag); + credential->id = atts->credential_id; + credential->data_size = data_len; + + write_ptr = (char *) &credential[1]; + GNUNET_memcpy (write_ptr, &atts[1], name_len); + write_ptr[name_len] = '\0'; + credential->name = write_ptr; + + write_ptr += name_len + 1; + GNUNET_memcpy (write_ptr, (char *) &atts[1] + name_len, + credential->data_size); + credential->data = write_ptr; + return credential; +} + + +struct GNUNET_RECLAIM_AttributeList* +GNUNET_RECLAIM_credential_get_attributes (const struct + GNUNET_RECLAIM_Credential *credential) +{ + unsigned int i; + struct Plugin *plugin; + struct GNUNET_RECLAIM_AttributeList *ret; + init (); + for (i = 0; i < num_plugins; i++) + { + plugin = credential_plugins[i]; + if (NULL != + (ret = plugin->api->get_attributes (plugin->api->cls, + credential))) + return ret; + } + return NULL; +} + + +char* +GNUNET_RECLAIM_credential_get_issuer (const struct + GNUNET_RECLAIM_Credential *credential) +{ + unsigned int i; + struct Plugin *plugin; + char *ret; + init (); + for (i = 0; i < num_plugins; i++) + { + plugin = credential_plugins[i]; + if (NULL != + (ret = plugin->api->get_issuer (plugin->api->cls, + credential))) + return ret; + } + return NULL; +} + + +int +GNUNET_RECLAIM_credential_get_expiration (const struct + GNUNET_RECLAIM_Credential *credential, + struct GNUNET_TIME_Absolute*exp) +{ + unsigned int i; + struct Plugin *plugin; + init (); + for (i = 0; i < num_plugins; i++) + { + plugin = credential_plugins[i]; + if (GNUNET_OK != plugin->api->get_expiration (plugin->api->cls, + credential, + exp)) + continue; + return GNUNET_OK; + } + return GNUNET_SYSERR; +} diff --git a/src/reclaim/reclaim_credential.h b/src/reclaim/reclaim_credential.h new file mode 100644 index 000000000..cd3a9539a --- /dev/null +++ b/src/reclaim/reclaim_credential.h @@ -0,0 +1,64 @@ +/* + This file is part of GNUnet. + Copyright (C) 2012-2015 GNUnet e.V. + + GNUnet is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, + or (at your option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + + SPDX-License-Identifier: AGPL3.0-or-later + */ +/** + * @author Martin Schanzenbach + * @file reclaim/reclaim_credential.h + * @brief GNUnet reclaim identity attribute credentials + * + */ +#ifndef RECLAIM_CREDENTIAL_H +#define RECLAIM_CREDENTIAL_H + +#include "gnunet_reclaim_service.h" + +/** + * Serialized credential claim + */ +struct Credential +{ + /** + * Credential type + */ + uint32_t credential_type; + + /** + * Credential flag + */ + uint32_t credential_flag; + + /** + * Credential ID + */ + struct GNUNET_RECLAIM_Identifier credential_id; + + /** + * Name length + */ + uint32_t name_len; + + /** + * Data size + */ + uint32_t data_size; + + // followed by data_size Credential value data +}; + +#endif -- cgit v1.2.3