X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=src%2Fcredential%2Fcredential_api.c;h=ca54137add34139cc5fcc99ea8e6bc27666f76f0;hb=1eb75229e02e5bd678f1a99eae9a6062330ecb46;hp=1efe2d0892dcc76f3588ca06553cf655269f6ea2;hpb=39981eee3163a1795026e8670ac5b669426f268b;p=oweals%2Fgnunet.git diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index 1efe2d089..ca54137ad 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c @@ -28,7 +28,9 @@ #include "gnunet_arm_service.h" #include "gnunet_hello_lib.h" #include "gnunet_protocols.h" +#include "gnunet_signatures.h" #include "credential.h" +#include "credential_serialization.h" #include "gnunet_credential_service.h" #include "gnunet_identity_service.h" @@ -36,20 +38,20 @@ #define LOG(kind,...) GNUNET_log_from (kind, "credential-api",__VA_ARGS__) /** - * Handle to a lookup request + * Handle to a verify request */ -struct GNUNET_CREDENTIAL_LookupRequest +struct GNUNET_CREDENTIAL_Request { /** * DLL */ - struct GNUNET_CREDENTIAL_LookupRequest *next; + struct GNUNET_CREDENTIAL_Request *next; /** * DLL */ - struct GNUNET_CREDENTIAL_LookupRequest *prev; + struct GNUNET_CREDENTIAL_Request *prev; /** * handle to credential service @@ -57,12 +59,12 @@ struct GNUNET_CREDENTIAL_LookupRequest struct GNUNET_CREDENTIAL_Handle *credential_handle; /** - * processor to call on lookup result + * processor to call on verify result */ - GNUNET_CREDENTIAL_LookupResultProcessor lookup_proc; + GNUNET_CREDENTIAL_CredentialResultProcessor verify_proc; /** - * @e lookup_proc closure + * @e verify_proc closure */ void *proc_cls; @@ -96,14 +98,14 @@ struct GNUNET_CREDENTIAL_Handle struct GNUNET_MQ_Handle *mq; /** - * Head of linked list of active lookup requests. + * Head of linked list of active verify requests. */ - struct GNUNET_CREDENTIAL_LookupRequest *lookup_head; + struct GNUNET_CREDENTIAL_Request *request_head; /** - * Tail of linked list of active lookup requests. + * Tail of linked list of active verify requests. */ - struct GNUNET_CREDENTIAL_LookupRequest *lookup_tail; + struct GNUNET_CREDENTIAL_Request *request_tail; /** * Reconnect task @@ -183,7 +185,6 @@ mq_error_handler (void *cls, force_reconnect (handle); } - /** * Check validity of message received from the CREDENTIAL service * @@ -192,7 +193,7 @@ mq_error_handler (void *cls, */ static int check_result (void *cls, - const struct LookupResultMessage *lookup_msg) + const struct DelegationChainResultMessage *vr_msg) { //TODO return GNUNET_OK; @@ -207,41 +208,54 @@ check_result (void *cls, */ static void handle_result (void *cls, - const struct LookupResultMessage *lookup_msg) + const struct DelegationChainResultMessage *vr_msg) { struct GNUNET_CREDENTIAL_Handle *handle = cls; - uint32_t cd_count = ntohl (lookup_msg->cd_count); - struct GNUNET_CREDENTIAL_RecordData cd[cd_count]; - uint32_t r_id = ntohl (lookup_msg->id); - struct GNUNET_CREDENTIAL_LookupRequest *lr; - GNUNET_CREDENTIAL_LookupResultProcessor proc; + uint32_t r_id = ntohl (vr_msg->id); + struct GNUNET_CREDENTIAL_Request *vr; + size_t mlen = ntohs (vr_msg->header.size) - sizeof (*vr_msg); + uint32_t d_count = ntohl (vr_msg->d_count); + uint32_t c_count = ntohl (vr_msg->c_count); + struct GNUNET_CREDENTIAL_Delegation d_chain[d_count]; + struct GNUNET_CREDENTIAL_Credential creds[c_count]; + GNUNET_CREDENTIAL_CredentialResultProcessor proc; void *proc_cls; LOG (GNUNET_ERROR_TYPE_DEBUG, - "Received lookup reply from CREDENTIAL service (%u credentials)\n", - (unsigned int) cd_count); - for (lr = handle->lookup_head; NULL != lr; lr = lr->next) - if (lr->r_id == r_id) + "Received verify reply from CREDENTIAL service\n"); + for (vr = handle->request_head; NULL != vr; vr = vr->next) + if (vr->r_id == r_id) break; - if (NULL == lr) + if (NULL == vr) return; - proc = lr->lookup_proc; - proc_cls = lr->proc_cls; - GNUNET_CONTAINER_DLL_remove (handle->lookup_head, - handle->lookup_tail, - lr); - GNUNET_free (lr); - /** + proc = vr->verify_proc; + proc_cls = vr->proc_cls; + GNUNET_CONTAINER_DLL_remove (handle->request_head, + handle->request_tail, + vr); + GNUNET_MQ_discard (vr->env); + GNUNET_free (vr); GNUNET_assert (GNUNET_OK == - GNUNET_CREDENTIAL_records_deserialize (mlen, - (const char*) &lookup_msg[1], - rd_count, - rd)); - */ - proc (proc_cls, - NULL, - cd_count, - cd); // TODO + GNUNET_CREDENTIAL_delegation_chain_deserialize (mlen, + (const char*) &vr_msg[1], + d_count, + d_chain, + c_count, + creds)); + if (GNUNET_NO == ntohl (vr_msg->cred_found)) + { + proc (proc_cls, + 0, + NULL, + 0, + NULL); // TODO + } else { + proc (proc_cls, + d_count, + d_chain, + c_count, + creds); + } } @@ -255,26 +269,30 @@ reconnect (struct GNUNET_CREDENTIAL_Handle *handle) { struct GNUNET_MQ_MessageHandler handlers[] = { GNUNET_MQ_hd_var_size (result, - GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP_RESULT, - struct LookupResultMessage, - NULL), + GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT, + struct DelegationChainResultMessage, + handle), + GNUNET_MQ_hd_var_size (result, + GNUNET_MESSAGE_TYPE_CREDENTIAL_COLLECT_RESULT, + struct DelegationChainResultMessage, + handle), GNUNET_MQ_handler_end () }; - struct GNUNET_CREDENTIAL_LookupRequest *lh; + struct GNUNET_CREDENTIAL_Request *vr; GNUNET_assert (NULL == handle->mq); LOG (GNUNET_ERROR_TYPE_DEBUG, "Trying to connect to CREDENTIAL\n"); - handle->mq = GNUNET_CLIENT_connecT (handle->cfg, + handle->mq = GNUNET_CLIENT_connect (handle->cfg, "credential", handlers, &mq_error_handler, handle); if (NULL == handle->mq) return; - for (lh = handle->lookup_head; NULL != lh; lh = lh->next) + for (vr = handle->request_head; NULL != vr; vr = vr->next) GNUNET_MQ_send_copy (handle->mq, - lh->env); + vr->env); } @@ -319,92 +337,177 @@ GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle) GNUNET_SCHEDULER_cancel (handle->reconnect_task); handle->reconnect_task = NULL; } - GNUNET_assert (NULL == handle->lookup_head); + GNUNET_assert (NULL == handle->request_head); GNUNET_free (handle); } /** - * Cancel pending lookup request + * Cancel pending verify request * - * @param lr the lookup request to cancel + * @param lr the verify request to cancel */ void -GNUNET_CREDENTIAL_lookup_cancel (struct GNUNET_CREDENTIAL_LookupRequest *lr) +GNUNET_CREDENTIAL_request_cancel (struct GNUNET_CREDENTIAL_Request *vr) { - struct GNUNET_CREDENTIAL_Handle *handle = lr->credential_handle; + struct GNUNET_CREDENTIAL_Handle *handle = vr->credential_handle; - GNUNET_CONTAINER_DLL_remove (handle->lookup_head, - handle->lookup_tail, - lr); - GNUNET_MQ_discard (lr->env); - GNUNET_free (lr); + GNUNET_CONTAINER_DLL_remove (handle->request_head, + handle->request_tail, + vr); + GNUNET_MQ_discard (vr->env); + GNUNET_free (vr); } /** - * Perform an asynchronous lookup operation for a credential. + * Performs attribute collection. + * Collects all credentials of subject to fulfill the + * attribute, if possible * * @param handle handle to the Credential service - * @param credential the credential to look up - * @param subject Ego to check the credential for + * @param issuer_key the issuer public key + * @param issuer_attribute the issuer attribute + * @param subject_key the subject public key + * @param credential_count number of credentials provided + * @param credentials subject credentials * @param proc function to call on result * @param proc_cls closure for processor * @return handle to the queued request */ -struct GNUNET_CREDENTIAL_LookupRequest* -GNUNET_CREDENTIAL_lookup (struct GNUNET_CREDENTIAL_Handle *handle, - const char *credential, - const struct GNUNET_IDENTITY_Ego *subject, - const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key, +struct GNUNET_CREDENTIAL_Request* +GNUNET_CREDENTIAL_collect (struct GNUNET_CREDENTIAL_Handle *handle, + const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, + const char *issuer_attribute, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *subject_key, + GNUNET_CREDENTIAL_CredentialResultProcessor proc, + void *proc_cls) +{ + /* IPC to shorten credential names, return shorten_handle */ + struct CollectMessage *c_msg; + struct GNUNET_CREDENTIAL_Request *vr; + size_t nlen; + + if (NULL == issuer_attribute) + { + GNUNET_break (0); + return NULL; + } + + //DEBUG LOG + LOG (GNUNET_ERROR_TYPE_DEBUG, + "Trying to collect `%s' in CREDENTIAL\n", + issuer_attribute); + nlen = strlen (issuer_attribute) + 1; + if (nlen >= GNUNET_MAX_MESSAGE_SIZE - sizeof (*vr)) + { + GNUNET_break (0); + return NULL; + } + vr = GNUNET_new (struct GNUNET_CREDENTIAL_Request); + vr->credential_handle = handle; + vr->verify_proc = proc; + vr->proc_cls = proc_cls; + vr->r_id = handle->r_id_gen++; + vr->env = GNUNET_MQ_msg_extra (c_msg, + nlen, + GNUNET_MESSAGE_TYPE_CREDENTIAL_COLLECT); + c_msg->id = htonl (vr->r_id); + c_msg->subject_key = *subject_key; + c_msg->issuer_key = *issuer_key; + c_msg->issuer_attribute_len = htons(strlen(issuer_attribute)); + GNUNET_memcpy (&c_msg[1], + issuer_attribute, + strlen (issuer_attribute)); + GNUNET_CONTAINER_DLL_insert (handle->request_head, + handle->request_tail, + vr); + if (NULL != handle->mq) + GNUNET_MQ_send_copy (handle->mq, + vr->env); + return vr; +} +/** + * Performs attribute verification. + * Checks if there is a delegation chain from + * attribute ``issuer_attribute'' issued by the issuer + * with public key ``issuer_key'' maps to the attribute + * ``subject_attribute'' claimed by the subject with key + * ``subject_key'' + * + * @param handle handle to the Credential service + * @param issuer_key the issuer public key + * @param issuer_attribute the issuer attribute + * @param subject_key the subject public key + * @param credential_count number of credentials provided + * @param credentials subject credentials + * @param proc function to call on result + * @param proc_cls closure for processor + * @return handle to the queued request + */ +struct GNUNET_CREDENTIAL_Request* +GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, - uint32_t credential_flags, - uint32_t max_delegation_depth, - GNUNET_CREDENTIAL_LookupResultProcessor proc, + const char *issuer_attribute, + const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key, + uint32_t credential_count, + const struct GNUNET_CREDENTIAL_Credential *credentials, + GNUNET_CREDENTIAL_CredentialResultProcessor proc, void *proc_cls) { /* IPC to shorten credential names, return shorten_handle */ - struct LookupMessage *lookup_msg; - struct GNUNET_CREDENTIAL_LookupRequest *lr; + struct VerifyMessage *v_msg; + struct GNUNET_CREDENTIAL_Request *vr; size_t nlen; + size_t clen; - if (NULL == credential) + if (NULL == issuer_attribute || NULL == credentials) { GNUNET_break (0); return NULL; } + + clen = GNUNET_CREDENTIAL_credentials_get_size (credential_count, + credentials); + //DEBUG LOG LOG (GNUNET_ERROR_TYPE_DEBUG, - "Trying to lookup `%s' in CREDENTIAL\n", - credential); - nlen = strlen (credential) + 1; - if (nlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (*lr)) + "Trying to verify `%s' in CREDENTIAL\n", + issuer_attribute); + nlen = strlen (issuer_attribute) + 1 + clen; + if (nlen >= GNUNET_MAX_MESSAGE_SIZE - sizeof (*vr)) { GNUNET_break (0); return NULL; } - lr = GNUNET_new (struct GNUNET_CREDENTIAL_LookupRequest); - lr->credential_handle = handle; - lr->lookup_proc = proc; - lr->proc_cls = proc_cls; - lr->r_id = handle->r_id_gen++; - lr->env = GNUNET_MQ_msg_extra (lookup_msg, + vr = GNUNET_new (struct GNUNET_CREDENTIAL_Request); + vr->credential_handle = handle; + vr->verify_proc = proc; + vr->proc_cls = proc_cls; + vr->r_id = handle->r_id_gen++; + vr->env = GNUNET_MQ_msg_extra (v_msg, nlen, - GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP); - lookup_msg->id = htonl (lr->r_id); - lookup_msg->subject_key = *subject_key; - lookup_msg->issuer_key = *issuer_key; - GNUNET_memcpy (&lookup_msg[1], - credential, - nlen); - GNUNET_CONTAINER_DLL_insert (handle->lookup_head, - handle->lookup_tail, - lr); + GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY); + v_msg->id = htonl (vr->r_id); + v_msg->subject_key = *subject_key; + v_msg->c_count = htonl(credential_count); + v_msg->issuer_key = *issuer_key; + v_msg->issuer_attribute_len = htons(strlen(issuer_attribute)); + GNUNET_memcpy (&v_msg[1], + issuer_attribute, + strlen (issuer_attribute)); + GNUNET_CREDENTIAL_credentials_serialize (credential_count, + credentials, + clen, + ((char*)&v_msg[1]) + + strlen (issuer_attribute) + 1); + GNUNET_CONTAINER_DLL_insert (handle->request_head, + handle->request_tail, + vr); if (NULL != handle->mq) GNUNET_MQ_send_copy (handle->mq, - lr->env); - return lr; + vr->env); + return vr; } - /* end of credential_api.c */