This file is part of GNUnet.
Copyright (C) 2009-2013, 2016 GNUnet e.V.
- GNUnet is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published
- by the Free Software Foundation; either version 3, or (at your
- option) any later version.
+ GNUnet is free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published
+ by the Free Software Foundation, either version 3 of the License,
+ or (at your option) any later version.
GNUnet is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with GNUnet; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
- Boston, MA 02110-1301, USA.
+ Affero General Public License for more details.
*/
/**
* @file credential/credential_api.c
* @brief library to access the CREDENTIAL service
- * @author Adnan Husain
+ * @author Martin Schanzenbach
*/
#include "platform.h"
#include "gnunet_util_lib.h"
#include "gnunet_arm_service.h"
#include "gnunet_hello_lib.h"
#include "gnunet_protocols.h"
+#include "gnunet_signatures.h"
#include "credential.h"
+#include "credential_serialization.h"
#include "gnunet_credential_service.h"
#include "gnunet_identity_service.h"
#define LOG(kind,...) GNUNET_log_from (kind, "credential-api",__VA_ARGS__)
/**
- * Handle to a lookup request
+ * Handle to a verify request
*/
-struct GNUNET_CREDENTIAL_LookupRequest
+struct GNUNET_CREDENTIAL_Request
{
/**
* DLL
*/
- struct GNUNET_CREDENTIAL_LookupRequest *next;
+ struct GNUNET_CREDENTIAL_Request *next;
/**
* DLL
*/
- struct GNUNET_CREDENTIAL_LookupRequest *prev;
+ struct GNUNET_CREDENTIAL_Request *prev;
/**
* handle to credential service
struct GNUNET_CREDENTIAL_Handle *credential_handle;
/**
- * processor to call on lookup result
+ * processor to call on verify result
*/
- GNUNET_CREDENTIAL_LookupResultProcessor lookup_proc;
+ GNUNET_CREDENTIAL_CredentialResultProcessor verify_proc;
/**
- * @e lookup_proc closure
+ * @e verify_proc closure
*/
void *proc_cls;
struct GNUNET_MQ_Handle *mq;
/**
- * Head of linked list of active lookup requests.
+ * Head of linked list of active verify requests.
*/
- struct GNUNET_CREDENTIAL_LookupRequest *lookup_head;
+ struct GNUNET_CREDENTIAL_Request *request_head;
/**
- * Tail of linked list of active lookup requests.
+ * Tail of linked list of active verify requests.
*/
- struct GNUNET_CREDENTIAL_LookupRequest *lookup_tail;
+ struct GNUNET_CREDENTIAL_Request *request_tail;
/**
* Reconnect task
force_reconnect (handle);
}
-
/**
* Check validity of message received from the CREDENTIAL service
*
* @param cls the `struct GNUNET_CREDENTIAL_Handle *`
- * @param loookup_msg the incoming message
+ * @param vr_msg the incoming message
*/
static int
check_result (void *cls,
- const struct LookupResultMessage *lookup_msg)
+ const struct DelegationChainResultMessage *vr_msg)
{
//TODO
return GNUNET_OK;
* Handler for messages received from the CREDENTIAL service
*
* @param cls the `struct GNUNET_CREDENTIAL_Handle *`
- * @param loookup_msg the incoming message
+ * @param vr_msg the incoming message
*/
static void
handle_result (void *cls,
- const struct LookupResultMessage *lookup_msg)
+ const struct DelegationChainResultMessage *vr_msg)
{
struct GNUNET_CREDENTIAL_Handle *handle = cls;
- uint32_t cd_count = ntohl (lookup_msg->cd_count);
- struct GNUNET_CREDENTIAL_RecordData cd[cd_count];
- uint32_t r_id = ntohl (lookup_msg->id);
- struct GNUNET_CREDENTIAL_LookupRequest *lr;
- GNUNET_CREDENTIAL_LookupResultProcessor proc;
+ uint32_t r_id = ntohl (vr_msg->id);
+ struct GNUNET_CREDENTIAL_Request *vr;
+ size_t mlen = ntohs (vr_msg->header.size) - sizeof (*vr_msg);
+ uint32_t d_count = ntohl (vr_msg->d_count);
+ uint32_t c_count = ntohl (vr_msg->c_count);
+ struct GNUNET_CREDENTIAL_Delegation d_chain[d_count];
+ struct GNUNET_CREDENTIAL_Credential creds[c_count];
+ GNUNET_CREDENTIAL_CredentialResultProcessor proc;
void *proc_cls;
LOG (GNUNET_ERROR_TYPE_DEBUG,
- "Received lookup reply from CREDENTIAL service (%u credentials)\n",
- (unsigned int) cd_count);
- for (lr = handle->lookup_head; NULL != lr; lr = lr->next)
- if (lr->r_id == r_id)
+ "Received verify reply from CREDENTIAL service\n");
+ for (vr = handle->request_head; NULL != vr; vr = vr->next)
+ if (vr->r_id == r_id)
break;
- if (NULL == lr)
+ if (NULL == vr)
return;
- proc = lr->lookup_proc;
- proc_cls = lr->proc_cls;
- GNUNET_CONTAINER_DLL_remove (handle->lookup_head,
- handle->lookup_tail,
- lr);
- GNUNET_free (lr);
- /**
+ proc = vr->verify_proc;
+ proc_cls = vr->proc_cls;
+ GNUNET_CONTAINER_DLL_remove (handle->request_head,
+ handle->request_tail,
+ vr);
+ GNUNET_MQ_discard (vr->env);
+ GNUNET_free (vr);
GNUNET_assert (GNUNET_OK ==
- GNUNET_CREDENTIAL_records_deserialize (mlen,
- (const char*) &lookup_msg[1],
- rd_count,
- rd));
- */
- proc (proc_cls,
- NULL,
- cd_count,
- cd); // TODO
+ GNUNET_CREDENTIAL_delegation_chain_deserialize (mlen,
+ (const char*) &vr_msg[1],
+ d_count,
+ d_chain,
+ c_count,
+ creds));
+ if (GNUNET_NO == ntohl (vr_msg->cred_found))
+ {
+ proc (proc_cls,
+ 0,
+ NULL,
+ 0,
+ NULL); // TODO
+ } else {
+ proc (proc_cls,
+ d_count,
+ d_chain,
+ c_count,
+ creds);
+ }
}
{
struct GNUNET_MQ_MessageHandler handlers[] = {
GNUNET_MQ_hd_var_size (result,
- GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP_RESULT,
- struct LookupResultMessage,
- NULL),
+ GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT,
+ struct DelegationChainResultMessage,
+ handle),
+ GNUNET_MQ_hd_var_size (result,
+ GNUNET_MESSAGE_TYPE_CREDENTIAL_COLLECT_RESULT,
+ struct DelegationChainResultMessage,
+ handle),
GNUNET_MQ_handler_end ()
};
- struct GNUNET_CREDENTIAL_LookupRequest *lh;
+ struct GNUNET_CREDENTIAL_Request *vr;
GNUNET_assert (NULL == handle->mq);
LOG (GNUNET_ERROR_TYPE_DEBUG,
"Trying to connect to CREDENTIAL\n");
- handle->mq = GNUNET_CLIENT_connecT (handle->cfg,
+ handle->mq = GNUNET_CLIENT_connect (handle->cfg,
"credential",
handlers,
&mq_error_handler,
handle);
if (NULL == handle->mq)
return;
- for (lh = handle->lookup_head; NULL != lh; lh = lh->next)
+ for (vr = handle->request_head; NULL != vr; vr = vr->next)
GNUNET_MQ_send_copy (handle->mq,
- lh->env);
+ vr->env);
}
GNUNET_SCHEDULER_cancel (handle->reconnect_task);
handle->reconnect_task = NULL;
}
- GNUNET_assert (NULL == handle->lookup_head);
+ GNUNET_assert (NULL == handle->request_head);
GNUNET_free (handle);
}
/**
- * Cancel pending lookup request
+ * Cancel pending verify request
*
- * @param lr the lookup request to cancel
+ * @param lr the verify request to cancel
*/
void
-GNUNET_CREDENTIAL_lookup_cancel (struct GNUNET_CREDENTIAL_LookupRequest *lr)
+GNUNET_CREDENTIAL_request_cancel (struct GNUNET_CREDENTIAL_Request *lr)
{
struct GNUNET_CREDENTIAL_Handle *handle = lr->credential_handle;
- GNUNET_CONTAINER_DLL_remove (handle->lookup_head,
- handle->lookup_tail,
+ GNUNET_CONTAINER_DLL_remove (handle->request_head,
+ handle->request_tail,
lr);
GNUNET_MQ_discard (lr->env);
GNUNET_free (lr);
/**
- * Perform an asynchronous lookup operation for a credential.
+ * Performs attribute collection.
+ * Collects all credentials of subject to fulfill the
+ * attribute, if possible
*
* @param handle handle to the Credential service
- * @param credential the credential to look up
- * @param subject Ego to check the credential for
+ * @param issuer_key the issuer public key
+ * @param issuer_attribute the issuer attribute
+ * @param subject_key the subject public key
* @param proc function to call on result
* @param proc_cls closure for processor
* @return handle to the queued request
*/
-struct GNUNET_CREDENTIAL_LookupRequest*
-GNUNET_CREDENTIAL_lookup (struct GNUNET_CREDENTIAL_Handle *handle,
- const char *credential,
- const struct GNUNET_IDENTITY_Ego *subject,
- const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key,
+struct GNUNET_CREDENTIAL_Request*
+GNUNET_CREDENTIAL_collect (struct GNUNET_CREDENTIAL_Handle *handle,
+ const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key,
+ const char *issuer_attribute,
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *subject_key,
+ GNUNET_CREDENTIAL_CredentialResultProcessor proc,
+ void *proc_cls)
+{
+ /* IPC to shorten credential names, return shorten_handle */
+ struct CollectMessage *c_msg;
+ struct GNUNET_CREDENTIAL_Request *vr;
+ size_t nlen;
+
+ if (NULL == issuer_attribute)
+ {
+ GNUNET_break (0);
+ return NULL;
+ }
+
+ //DEBUG LOG
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "Trying to collect `%s' in CREDENTIAL\n",
+ issuer_attribute);
+ nlen = strlen (issuer_attribute) + 1;
+ if (nlen >= GNUNET_MAX_MESSAGE_SIZE - sizeof (*vr))
+ {
+ GNUNET_break (0);
+ return NULL;
+ }
+ vr = GNUNET_new (struct GNUNET_CREDENTIAL_Request);
+ vr->credential_handle = handle;
+ vr->verify_proc = proc;
+ vr->proc_cls = proc_cls;
+ vr->r_id = handle->r_id_gen++;
+ vr->env = GNUNET_MQ_msg_extra (c_msg,
+ nlen,
+ GNUNET_MESSAGE_TYPE_CREDENTIAL_COLLECT);
+ c_msg->id = htonl (vr->r_id);
+ c_msg->subject_key = *subject_key;
+ c_msg->issuer_key = *issuer_key;
+ c_msg->issuer_attribute_len = htons(strlen(issuer_attribute));
+ GNUNET_memcpy (&c_msg[1],
+ issuer_attribute,
+ strlen (issuer_attribute));
+ GNUNET_CONTAINER_DLL_insert (handle->request_head,
+ handle->request_tail,
+ vr);
+ if (NULL != handle->mq)
+ GNUNET_MQ_send_copy (handle->mq,
+ vr->env);
+ return vr;
+}
+/**
+ * Performs attribute verification.
+ * Checks if there is a delegation chain from
+ * attribute ``issuer_attribute'' issued by the issuer
+ * with public key ``issuer_key'' maps to the attribute
+ * ``subject_attribute'' claimed by the subject with key
+ * ``subject_key''
+ *
+ * @param handle handle to the Credential service
+ * @param issuer_key the issuer public key
+ * @param issuer_attribute the issuer attribute
+ * @param subject_key the subject public key
+ * @param credential_count number of credentials provided
+ * @param credentials subject credentials
+ * @param proc function to call on result
+ * @param proc_cls closure for processor
+ * @return handle to the queued request
+ */
+struct GNUNET_CREDENTIAL_Request*
+GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle,
const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key,
- uint32_t credential_flags,
- uint32_t max_delegation_depth,
- GNUNET_CREDENTIAL_LookupResultProcessor proc,
+ const char *issuer_attribute,
+ const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key,
+ uint32_t credential_count,
+ const struct GNUNET_CREDENTIAL_Credential *credentials,
+ GNUNET_CREDENTIAL_CredentialResultProcessor proc,
void *proc_cls)
{
/* IPC to shorten credential names, return shorten_handle */
- struct LookupMessage *lookup_msg;
- struct GNUNET_CREDENTIAL_LookupRequest *lr;
+ struct VerifyMessage *v_msg;
+ struct GNUNET_CREDENTIAL_Request *vr;
size_t nlen;
+ size_t clen;
- if (NULL == credential)
+ if (NULL == issuer_attribute || NULL == credentials)
{
GNUNET_break (0);
return NULL;
}
+
+ clen = GNUNET_CREDENTIAL_credentials_get_size (credential_count,
+ credentials);
+
//DEBUG LOG
LOG (GNUNET_ERROR_TYPE_DEBUG,
- "Trying to lookup `%s' in CREDENTIAL\n",
- credential);
- nlen = strlen (credential) + 1;
- if (nlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (*lr))
+ "Trying to verify `%s' in CREDENTIAL\n",
+ issuer_attribute);
+ nlen = strlen (issuer_attribute) + 1 + clen;
+ if (nlen >= GNUNET_MAX_MESSAGE_SIZE - sizeof (*vr))
{
GNUNET_break (0);
return NULL;
}
- lr = GNUNET_new (struct GNUNET_CREDENTIAL_LookupRequest);
- lr->credential_handle = handle;
- lr->lookup_proc = proc;
- lr->proc_cls = proc_cls;
- lr->r_id = handle->r_id_gen++;
- lr->env = GNUNET_MQ_msg_extra (lookup_msg,
+ vr = GNUNET_new (struct GNUNET_CREDENTIAL_Request);
+ vr->credential_handle = handle;
+ vr->verify_proc = proc;
+ vr->proc_cls = proc_cls;
+ vr->r_id = handle->r_id_gen++;
+ vr->env = GNUNET_MQ_msg_extra (v_msg,
nlen,
- GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP);
- lookup_msg->id = htonl (lr->r_id);
- lookup_msg->subject_key = *subject_key;
- lookup_msg->issuer_key = *issuer_key;
- GNUNET_memcpy (&lookup_msg[1],
- credential,
- nlen);
- GNUNET_CONTAINER_DLL_insert (handle->lookup_head,
- handle->lookup_tail,
- lr);
+ GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY);
+ v_msg->id = htonl (vr->r_id);
+ v_msg->subject_key = *subject_key;
+ v_msg->c_count = htonl(credential_count);
+ v_msg->issuer_key = *issuer_key;
+ v_msg->issuer_attribute_len = htons(strlen(issuer_attribute));
+ GNUNET_memcpy (&v_msg[1],
+ issuer_attribute,
+ strlen (issuer_attribute));
+ GNUNET_CREDENTIAL_credentials_serialize (credential_count,
+ credentials,
+ clen,
+ ((char*)&v_msg[1])
+ + strlen (issuer_attribute) + 1);
+ GNUNET_CONTAINER_DLL_insert (handle->request_head,
+ handle->request_tail,
+ vr);
if (NULL != handle->mq)
GNUNET_MQ_send_copy (handle->mq,
- lr->env);
- return lr;
+ vr->env);
+ return vr;
}
-
/* end of credential_api.c */