*/
static char* consume_ticket;
+/**
+ * Ticket to revoke
+ */
+static char* revoke_ticket;
+
/**
* Ego name
*/
GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
}
+static void
+process_rvk (void *cls, int success, const char* msg)
+{
+ if (GNUNET_OK != success)
+ GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
+ "Revocation failed.\n");
+ else
+ GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
+ "Revocation successful.\n");
+ GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
+}
+
static void
iter_finished (void *cls)
{
struct GNUNET_IDENTITY_PROVIDER_Attribute *attr;
attr_iterator = NULL;
- if (list) {
+ if (list)
+ {
GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
return;
}
- if (issue_attrs) {
+ if (issue_attrs)
+ {
idp_op = GNUNET_IDENTITY_PROVIDER_ticket_issue (idp_handle,
pkey,
&rp_key,
NULL);
return;
}
- if (consume_ticket) {
+ if (consume_ticket)
+ {
idp_op = GNUNET_IDENTITY_PROVIDER_ticket_consume (idp_handle,
pkey,
&ticket,
NULL);
return;
}
+ if (revoke_ticket)
+ {
+ idp_op = GNUNET_IDENTITY_PROVIDER_ticket_revoke (idp_handle,
+ pkey,
+ &ticket,
+ &process_rvk,
+ NULL);
+ return;
+ }
attr = GNUNET_IDENTITY_PROVIDER_attribute_new (attr_name,
GNUNET_IDENTITY_PROVIDER_AT_STRING,
attr_value,
strlen (consume_ticket),
&ticket,
sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
+ if (NULL != revoke_ticket)
+ GNUNET_STRINGS_string_to_data (revoke_ticket,
+ strlen (revoke_ticket),
+ &ticket,
+ sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
+
attr_list = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList);
NULL,
gettext_noop ("Consume a ticket"),
&consume_ticket),
+ GNUNET_GETOPT_option_string ('R',
+ "revoke",
+ NULL,
+ gettext_noop ("Revoke a ticket"),
+ &revoke_ticket),
GNUNET_GETOPT_OPTION_END
};
return GNUNET_PROGRAM_run (argc, argv, "ct",
struct IdpClient *client;
/**
- * Attributes to issue
+ * Attributes to reissue
*/
struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs;
+ /**
+ * Attributes to revoke
+ */
+ struct GNUNET_IDENTITY_PROVIDER_AttributeList *rvk_attrs;
+
/**
* Issuer Key
*/
rd,
&bootstrap_store_cont,
abh);
+ GNUNET_free ((void*)rd[0].data);
}
/**
enc_keyinfo,
enc_size);
GNUNET_free (enc_keyinfo);
+ GNUNET_free (buf);
return sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)+enc_size;
}
GNUNET_free (label);
GNUNET_free (attrs);
GNUNET_free (code_record_data);
+ GNUNET_CRYPTO_cpabe_delete_master_key (abe_key);
+ GNUNET_CRYPTO_cpabe_delete_key (rp_key);
}
{
if (NULL != handle->attrs)
attribute_list_destroy (handle->attrs);
+ if (NULL != handle->rvk_attrs)
+ attribute_list_destroy (handle->rvk_attrs);
if (NULL != handle->abe_key)
- GNUNET_free (handle->abe_key);
+ GNUNET_CRYPTO_cpabe_delete_master_key (handle->abe_key);
if (NULL != handle->ns_qe)
GNUNET_NAMESTORE_cancel (handle->ns_qe);
if (NULL != handle->ns_it)
GNUNET_CONTAINER_DLL_remove (rh->client->revocation_list_head,
rh->client->revocation_list_tail,
rh);
- cleanup_revoke_ticket_handle (rh);
}
const char *emsg)
{
struct TicketRevocationHandle *rh = cls;
+ int ret;
rh->ns_qe = NULL;
if (GNUNET_SYSERR == success)
cleanup_revoke_ticket_handle (rh);
return;
}
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Continue DB iteration\n");
rh->offset++;
- GNUNET_assert (GNUNET_SYSERR !=
+ GNUNET_assert (GNUNET_SYSERR != (ret =
TKT_database->iterate_tickets (TKT_database->cls,
&rh->ticket.identity,
GNUNET_NO,
rh->offset,
&ticket_reissue_proc,
- rh));
+ rh)));
+ if (GNUNET_NO == ret)
+ {
+ send_revocation_finished (rh, GNUNET_OK);
+ cleanup_revoke_ticket_handle (rh);
+ }
}
const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs)
{
struct TicketRevocationHandle *rh = cls;
- const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs_to_reissue;
struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le;
struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey;
struct GNUNET_GNSRECORD_Data code_record[1];
}
//Create new ABE key for RP
attrs_len = 0;
- attrs_to_reissue = attrs;
/* If this is the RP we want to revoke attributes of, the do so */
- if (0 == memcmp (&ticket->audience,
- &rh->ticket.audience,
- sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
- attrs_to_reissue = rh->attrs;
- for (le = attrs_to_reissue->list_head; NULL != le; le = le->next)
+ for (le = attrs->list_head; NULL != le; le = le->next)
attrs_len++;
attr_arr = GNUNET_malloc ((attrs_len + 1)*sizeof (char*));
i = 0;
- for (le = attrs_to_reissue->list_head; NULL != le; le = le->next) {
+ for (le = attrs->list_head; NULL != le; le = le->next) {
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Recreating key with %s\n", (char*) le->attribute->name);
attr_arr[i] = (char*) le->attribute->name;
i++;
}
//TODO review this wireformat
code_record_len = serialize_abe_keyinfo2 (&rh->ticket,
- rh->attrs,
+ attrs,
rp_key,
&ecdhe_privkey,
&code_record_data);
GNUNET_free (label);
GNUNET_free (attr_arr);
GNUNET_free (code_record_data);
-
+ GNUNET_CRYPTO_cpabe_delete_key (rp_key);
}
-
-
/* Prototype for below function */
static void
attr_reenc_cont (void *cls,
int32_t success,
const char *emsg);
+static void
+revocation_reissue_tickets (struct TicketRevocationHandle *rh)
+{
+ int ret;
+ /* Done, issue new keys */
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Revocation Phase IV: Reissuing Tickets\n");
+ if (GNUNET_SYSERR == (ret = TKT_database->iterate_tickets (TKT_database->cls,
+ &rh->ticket.identity,
+ GNUNET_NO,
+ rh->offset,
+ &ticket_reissue_proc,
+ rh)))
+ {
+ GNUNET_break (0);
+ }
+ if (GNUNET_NO == ret)
+ {
+ send_revocation_finished (rh, GNUNET_OK);
+ cleanup_revoke_ticket_handle (rh);
+ }
+
+}
+
/**
* Revoke next attribte by reencryption with
* new ABE master
{
struct GNUNET_GNSRECORD_Data rd[1];
char* buf;
+ char* enc_buf;
size_t buf_size;
+ if (NULL == rh->attrs->list_head)
+ {
+ revocation_reissue_tickets (rh);
+ return;
+ }
+
buf_size = attribute_serialize_get_size (rh->attrs->list_head->attribute);
buf = GNUNET_malloc (buf_size);
buf_size,
rh->attrs->list_head->attribute->name, //Policy
rh->abe_key,
- (void**)&rd[0].data);
+ (void**)&enc_buf);
GNUNET_free (buf);
+ rd[0].data = enc_buf;
rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR;
rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane?
rd,
&attr_reenc_cont,
rh);
- GNUNET_free ((void*)rd[0].data);
+ GNUNET_free (enc_buf);
}
{
struct TicketRevocationHandle *rh = cls;
struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le;
- int ret;
if (GNUNET_SYSERR == success)
{
GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);
return;
}
+ if (NULL == rh->attrs->list_head)
+ {
+ revocation_reissue_tickets (rh);
+ return;
+ }
le = rh->attrs->list_head;
GNUNET_CONTAINER_DLL_remove (rh->attrs->list_head,
rh->attrs->list_tail,
- rh->attrs->list_head);
+ le);
GNUNET_free (le->attribute);
GNUNET_free (le);
- if (NULL == rh->attrs->list_head)
- {
- /* Done, issue new keys */
- GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
- "Revocation Phase IV: Reissuing Tickets\n");
- if (GNUNET_SYSERR ==
- (ret = TKT_database->iterate_tickets (TKT_database->cls,
- &rh->ticket.identity,
- GNUNET_NO,
- rh->offset,
- &ticket_reissue_proc,
- rh)))
- {
- GNUNET_break (0);
- }
- return;
- }
+
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Re-encrypting next attribute\n");
reenc_next_attribute (rh);
cleanup_revoke_ticket_handle (rh);
return;
} else {
- GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Revocation Phase III: Re-encrypting attributes\n");
reenc_next_attribute (rh);
}
{
struct TicketRevocationHandle *rh = cls;
rh->ns_it = NULL;
- GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Revocation Phase II: Invalidating old ABE Master\n");
/* Bootstrap new abe key */
bootstrap_abe (&rh->identity, &reenc_after_abe_bootstrap, rh, GNUNET_YES);
"Attribute to reencrypt: %s\n", label);
le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry);
le->attribute = attribute_deserialize (attr_ser, attr_len);
+ GNUNET_free (attr_ser);
GNUNET_CONTAINER_DLL_insert_tail (rh->attrs->list_head,
rh->attrs->list_tail,
le);
{
struct TicketRevocationHandle *rh = cls;
- rh->abe_key = cls;
+ rh->abe_key = abe_key;
GNUNET_assert (NULL != abe_key);
- GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Revocation Phase I: Collecting attributes\n");
/* Reencrypt all attributes with new key */
rh->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle,
attrs_len = ntohs (rm->attrs_len);
ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket*)&rm[1];
if (0 < attrs_len)
- rh->attrs = attribute_list_deserialize ((char*)&ticket[1], attrs_len);
+ rh->rvk_attrs = attribute_list_deserialize ((char*)&ticket[1], attrs_len);
+ rh->attrs = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList);
rh->ticket = *ticket;
rh->r_id = ntohl (rm->id);
rh->client = idp;
if (NULL != handle->attribute)
GNUNET_free (handle->attribute);
if (NULL != handle->abe_key)
- GNUNET_free (handle->abe_key);
+ GNUNET_CRYPTO_cpabe_delete_master_key (handle->abe_key);
GNUNET_free (handle);
}
cleanup_consume_ticket_handle (struct ConsumeTicketHandle *handle)
{
if (NULL != handle->key)
- GNUNET_free (handle->key);
+ GNUNET_CRYPTO_cpabe_delete_key (handle->key);
GNUNET_free (handle);
}
projects / oweals / gnunet.git / commitdiff