From: Schanzenbach, Martin Date: Sat, 19 Nov 2016 23:23:49 +0000 (+0100) Subject: - move towards verification X-Git-Tag: gnunet-0.11.0rc0~24^2~147 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=18f106166cf64cc72206cd35301276aa21ca100a;p=oweals%2Fgnunet.git - move towards verification --- diff --git a/src/credential/credential.h b/src/credential/credential.h index 597c34a3d..2acaf73a5 100644 --- a/src/credential/credential.h +++ b/src/credential/credential.h @@ -30,12 +30,12 @@ GNUNET_NETWORK_STRUCT_BEGIN /** - * Message from client to Credential service to lookup credentials. + * Message from client to Credential service to verify attributes. */ -struct LookupMessage +struct VerifyMessage { /** - * Header of type #GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP + * Header of type #GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY */ struct GNUNET_MessageHeader header; @@ -54,7 +54,7 @@ struct LookupMessage */ uint32_t id GNUNET_PACKED; - /* Followed by the zero-terminated credential to look up */ + /* Followed by the zero-terminated attributes to look up */ }; @@ -62,10 +62,10 @@ struct LookupMessage /** * Message from CREDENTIAL service to client: new results. */ -struct LookupResultMessage +struct VerifyResultMessage { /** - * Header of type #GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP_RESULT + * Header of type #GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT */ struct GNUNET_MessageHeader header; @@ -78,9 +78,9 @@ struct LookupResultMessage /** * The number of credentials in the response */ - uint32_t cd_count GNUNET_PACKED; + uint32_t ad_count GNUNET_PACKED; - /* followed by cd_count GNUNET_CREDENTIAL_RecordData structs*/ + /* followed by ad_count GNUNET_CREDENTIAL_RecordData structs*/ }; diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index 1efe2d089..4864d54d0 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c @@ -36,20 +36,20 @@ #define LOG(kind,...) GNUNET_log_from (kind, "credential-api",__VA_ARGS__) /** - * Handle to a lookup request + * Handle to a verify request */ -struct GNUNET_CREDENTIAL_LookupRequest +struct GNUNET_CREDENTIAL_VerifyRequest { /** * DLL */ - struct GNUNET_CREDENTIAL_LookupRequest *next; + struct GNUNET_CREDENTIAL_VerifyRequest *next; /** * DLL */ - struct GNUNET_CREDENTIAL_LookupRequest *prev; + struct GNUNET_CREDENTIAL_VerifyRequest *prev; /** * handle to credential service @@ -57,12 +57,12 @@ struct GNUNET_CREDENTIAL_LookupRequest struct GNUNET_CREDENTIAL_Handle *credential_handle; /** - * processor to call on lookup result + * processor to call on verify result */ - GNUNET_CREDENTIAL_LookupResultProcessor lookup_proc; + GNUNET_CREDENTIAL_VerifyResultProcessor verify_proc; /** - * @e lookup_proc closure + * @e verify_proc closure */ void *proc_cls; @@ -96,14 +96,14 @@ struct GNUNET_CREDENTIAL_Handle struct GNUNET_MQ_Handle *mq; /** - * Head of linked list of active lookup requests. + * Head of linked list of active verify requests. */ - struct GNUNET_CREDENTIAL_LookupRequest *lookup_head; + struct GNUNET_CREDENTIAL_VerifyRequest *verify_head; /** - * Tail of linked list of active lookup requests. + * Tail of linked list of active verify requests. */ - struct GNUNET_CREDENTIAL_LookupRequest *lookup_tail; + struct GNUNET_CREDENTIAL_VerifyRequest *verify_tail; /** * Reconnect task @@ -192,7 +192,7 @@ mq_error_handler (void *cls, */ static int check_result (void *cls, - const struct LookupResultMessage *lookup_msg) + const struct VerifyResultMessage *vr_msg) { //TODO return GNUNET_OK; @@ -207,30 +207,30 @@ check_result (void *cls, */ static void handle_result (void *cls, - const struct LookupResultMessage *lookup_msg) + const struct VerifyResultMessage *vr_msg) { struct GNUNET_CREDENTIAL_Handle *handle = cls; - uint32_t cd_count = ntohl (lookup_msg->cd_count); - struct GNUNET_CREDENTIAL_RecordData cd[cd_count]; - uint32_t r_id = ntohl (lookup_msg->id); - struct GNUNET_CREDENTIAL_LookupRequest *lr; - GNUNET_CREDENTIAL_LookupResultProcessor proc; + uint32_t ad_count = ntohl (vr_msg->ad_count); + struct GNUNET_CREDENTIAL_RecordData ad[ad_count]; + uint32_t r_id = ntohl (vr_msg->id); + struct GNUNET_CREDENTIAL_VerifyRequest *vr; + GNUNET_CREDENTIAL_VerifyResultProcessor proc; void *proc_cls; LOG (GNUNET_ERROR_TYPE_DEBUG, - "Received lookup reply from CREDENTIAL service (%u credentials)\n", - (unsigned int) cd_count); - for (lr = handle->lookup_head; NULL != lr; lr = lr->next) - if (lr->r_id == r_id) + "Received verify reply from CREDENTIAL service (%u credentials)\n", + (unsigned int) ad_count); + for (vr = handle->verify_head; NULL != vr; vr = vr->next) + if (vr->r_id == r_id) break; - if (NULL == lr) + if (NULL == vr) return; - proc = lr->lookup_proc; - proc_cls = lr->proc_cls; - GNUNET_CONTAINER_DLL_remove (handle->lookup_head, - handle->lookup_tail, - lr); - GNUNET_free (lr); + proc = vr->verify_proc; + proc_cls = vr->proc_cls; + GNUNET_CONTAINER_DLL_remove (handle->verify_head, + handle->verify_tail, + vr); + GNUNET_free (vr); /** GNUNET_assert (GNUNET_OK == GNUNET_CREDENTIAL_records_deserialize (mlen, @@ -240,8 +240,8 @@ handle_result (void *cls, */ proc (proc_cls, NULL, - cd_count, - cd); // TODO + ad_count, + ad); // TODO } @@ -255,12 +255,12 @@ reconnect (struct GNUNET_CREDENTIAL_Handle *handle) { struct GNUNET_MQ_MessageHandler handlers[] = { GNUNET_MQ_hd_var_size (result, - GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP_RESULT, - struct LookupResultMessage, + GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT, + struct VerifyResultMessage, NULL), GNUNET_MQ_handler_end () }; - struct GNUNET_CREDENTIAL_LookupRequest *lh; + struct GNUNET_CREDENTIAL_VerifyRequest *vr; GNUNET_assert (NULL == handle->mq); LOG (GNUNET_ERROR_TYPE_DEBUG, @@ -272,9 +272,9 @@ reconnect (struct GNUNET_CREDENTIAL_Handle *handle) handle); if (NULL == handle->mq) return; - for (lh = handle->lookup_head; NULL != lh; lh = lh->next) + for (vr = handle->verify_head; NULL != vr; vr = vr->next) GNUNET_MQ_send_copy (handle->mq, - lh->env); + vr->env); } @@ -319,31 +319,31 @@ GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle) GNUNET_SCHEDULER_cancel (handle->reconnect_task); handle->reconnect_task = NULL; } - GNUNET_assert (NULL == handle->lookup_head); + GNUNET_assert (NULL == handle->verify_head); GNUNET_free (handle); } /** - * Cancel pending lookup request + * Cancel pending verify request * - * @param lr the lookup request to cancel + * @param lr the verify request to cancel */ void -GNUNET_CREDENTIAL_lookup_cancel (struct GNUNET_CREDENTIAL_LookupRequest *lr) +GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_VerifyRequest *vr) { - struct GNUNET_CREDENTIAL_Handle *handle = lr->credential_handle; + struct GNUNET_CREDENTIAL_Handle *handle = vr->credential_handle; - GNUNET_CONTAINER_DLL_remove (handle->lookup_head, - handle->lookup_tail, - lr); - GNUNET_MQ_discard (lr->env); - GNUNET_free (lr); + GNUNET_CONTAINER_DLL_remove (handle->verify_head, + handle->verify_tail, + vr); + GNUNET_MQ_discard (vr->env); + GNUNET_free (vr); } /** - * Perform an asynchronous lookup operation for a credential. + * Perform an asynchronous verify operation for a credential. * * @param handle handle to the Credential service * @param credential the credential to look up @@ -352,58 +352,57 @@ GNUNET_CREDENTIAL_lookup_cancel (struct GNUNET_CREDENTIAL_LookupRequest *lr) * @param proc_cls closure for processor * @return handle to the queued request */ -struct GNUNET_CREDENTIAL_LookupRequest* -GNUNET_CREDENTIAL_lookup (struct GNUNET_CREDENTIAL_Handle *handle, - const char *credential, - const struct GNUNET_IDENTITY_Ego *subject, +struct GNUNET_CREDENTIAL_VerifyRequest* +GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, + const char *issuer_attribute, + const char *subject_attribute, const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key, const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, uint32_t credential_flags, - uint32_t max_delegation_depth, - GNUNET_CREDENTIAL_LookupResultProcessor proc, + GNUNET_CREDENTIAL_VerifyResultProcessor proc, void *proc_cls) { /* IPC to shorten credential names, return shorten_handle */ - struct LookupMessage *lookup_msg; - struct GNUNET_CREDENTIAL_LookupRequest *lr; + struct VerifyMessage *v_msg; + struct GNUNET_CREDENTIAL_VerifyRequest *vr; size_t nlen; - if (NULL == credential) + if (NULL == issuer_attribute) { GNUNET_break (0); return NULL; } //DEBUG LOG LOG (GNUNET_ERROR_TYPE_DEBUG, - "Trying to lookup `%s' in CREDENTIAL\n", - credential); - nlen = strlen (credential) + 1; - if (nlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (*lr)) + "Trying to verify `%s' in CREDENTIAL\n", + issuer_attribute); + nlen = strlen (issuer_attribute) + 1; + if (nlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (*vr)) { GNUNET_break (0); return NULL; } - lr = GNUNET_new (struct GNUNET_CREDENTIAL_LookupRequest); - lr->credential_handle = handle; - lr->lookup_proc = proc; - lr->proc_cls = proc_cls; - lr->r_id = handle->r_id_gen++; - lr->env = GNUNET_MQ_msg_extra (lookup_msg, + vr = GNUNET_new (struct GNUNET_CREDENTIAL_VerifyRequest); + vr->credential_handle = handle; + vr->verify_proc = proc; + vr->proc_cls = proc_cls; + vr->r_id = handle->r_id_gen++; + vr->env = GNUNET_MQ_msg_extra (v_msg, nlen, - GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP); - lookup_msg->id = htonl (lr->r_id); - lookup_msg->subject_key = *subject_key; - lookup_msg->issuer_key = *issuer_key; - GNUNET_memcpy (&lookup_msg[1], - credential, + GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY); + v_msg->id = htonl (vr->r_id); + v_msg->subject_key = *subject_key; + v_msg->issuer_key = *issuer_key; + GNUNET_memcpy (&v_msg[1], + subject_attribute, nlen); - GNUNET_CONTAINER_DLL_insert (handle->lookup_head, - handle->lookup_tail, - lr); + GNUNET_CONTAINER_DLL_insert (handle->verify_head, + handle->verify_tail, + vr); if (NULL != handle->mq) GNUNET_MQ_send_copy (handle->mq, - lr->env); - return lr; + vr->env); + return vr; } diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index 363ed03fc..94a4b3899 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c @@ -48,9 +48,9 @@ static struct GNUNET_TIME_Relative timeout; static char *lookup_credential; /** - * Handle to lookup request + * Handle to verify request */ -static struct GNUNET_CREDENTIAL_LookupRequest *lookup_request; +static struct GNUNET_CREDENTIAL_VerifyRequest *verify_request; /** * Lookup an ego with the identity service. @@ -87,11 +87,6 @@ static char *issuer_key; */ static int credential_flags; -/* - * Maximum delegation depth - */ -static int max_delegation_depth; - /** @@ -118,10 +113,10 @@ do_shutdown (void *cls) GNUNET_IDENTITY_cancel (id_op); id_op = NULL; } - if (NULL != lookup_request) + if (NULL != verify_request) { - GNUNET_CREDENTIAL_lookup_cancel (lookup_request); - lookup_request = NULL; + GNUNET_CREDENTIAL_verify_cancel (verify_request); + verify_request = NULL; } if (NULL != identity) { @@ -162,14 +157,14 @@ do_timeout (void *cls) * @param cd array of @a cd_count records with the results */ static void -handle_lookup_result (void *cls, +handle_verify_result (void *cls, struct GNUNET_IDENTITY_Ego *issuer, uint16_t issuer_len, const struct GNUNET_CREDENTIAL_RecordData *data) { - lookup_request = NULL; + verify_request = NULL; if (0 == issuer_len) printf ("No results.\n"); else @@ -223,14 +218,13 @@ lookup_credentials (struct GNUNET_IDENTITY_Ego *ego) return; } - lookup_request = GNUNET_CREDENTIAL_lookup(credential, + verify_request = GNUNET_CREDENTIAL_verify(credential, + "", lookup_credential, - ego, &subject_pkey, &issuer_pkey, credential_flags, - max_delegation_depth, - &handle_lookup_result, + &handle_verify_result, NULL); return; } diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index de0592637..114041be1 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -45,17 +45,17 @@ /** * DLL for record */ -struct CredentialRecordEntry +struct AttributeRecordEntry { /** * DLL */ - struct CredentialRecordEntry *next; + struct AttributeRecordEntry *next; /** * DLL */ - struct CredentialRecordEntry *prev; + struct AttributeRecordEntry *prev; /** @@ -67,18 +67,18 @@ struct CredentialRecordEntry /** * Handle to a lookup operation from api */ -struct ClientLookupHandle +struct VerifyRequestHandle { /** * We keep these in a DLL. */ - struct ClientLookupHandle *next; + struct VerifyRequestHandle *next; /** * We keep these in a DLL. */ - struct ClientLookupHandle *prev; + struct VerifyRequestHandle *prev; /** * Handle to the requesting client @@ -91,19 +91,24 @@ struct ClientLookupHandle struct GNUNET_GNS_LookupRequest *lookup_request; /** - * Authority public key + * Issuer public key */ struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; /** - * Credential Chain + * Subject public key */ - struct CredentialRecordEntry *cred_chain_head; + struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; /** - * Credential Chain + * Attribute Chain */ - struct CredentialRecordEntry *cred_chain_tail; + struct AttributeRecordEntry *attr_chain_head; + + /** + * Attribute Chain + */ + struct AttributeRecordEntry *attr_chain_tail; /** * request id @@ -116,12 +121,12 @@ struct ClientLookupHandle /** * Head of the DLL. */ -static struct ClientLookupHandle *clh_head; +static struct VerifyRequestHandle *vrh_head; /** * Tail of the DLL. */ -static struct ClientLookupHandle *clh_tail; +static struct VerifyRequestHandle *vrh_tail; /** * Handle to the statistics service @@ -144,17 +149,17 @@ static struct GNUNET_GNS_Handle *gns; static void shutdown_task (void *cls) { - struct ClientLookupHandle *clh; + struct VerifyRequestHandle *vrh; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Shutting down!\n"); - while (NULL != (clh = clh_head)) + while (NULL != (vrh = vrh_head)) { //CREDENTIAL_resolver_lookup_cancel (clh->lookup); - GNUNET_CONTAINER_DLL_remove (clh_head, - clh_tail, - clh); - GNUNET_free (clh); + GNUNET_CONTAINER_DLL_remove (vrh_head, + vrh_tail, + vrh); + GNUNET_free (vrh); } @@ -168,28 +173,38 @@ shutdown_task (void *cls) } /** - * Checks a #GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP message + * Checks a #GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY message * * @param cls client sending the message - * @param l_msg message of type `struct LookupMessage` - * @return #GNUNET_OK if @a l_msg is well-formed + * @param v_msg message of type `struct VerifyMessage` + * @return #GNUNET_OK if @a v_msg is well-formed */ static int -check_lookup (void *cls, - const struct LookupMessage *l_msg) +check_verify (void *cls, + const struct VerifyMessage *v_msg) { size_t msg_size; - const char* cred; + size_t attr_len; + const char* s_attr; + const char* i_attr; - msg_size = ntohs (l_msg->header.size); - if (msg_size < sizeof (struct LookupMessage)) + msg_size = ntohs (v_msg->header.size); + if (msg_size < sizeof (struct VerifyMessage)) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + i_attr = (const char *) &v_msg[1]; + if ( ('\0' != i_attr[v_msg->header.size - sizeof (struct VerifyMessage) - 1]) || + (strlen (i_attr) > GNUNET_CREDENTIAL_MAX_LENGTH) ) { GNUNET_break (0); return GNUNET_SYSERR; } - cred = (const char *) &l_msg[1]; - if ( ('\0' != cred[l_msg->header.size - sizeof (struct LookupMessage) - 1]) || - (strlen (cred) > GNUNET_CREDENTIAL_MAX_LENGTH) ) + attr_len = strlen (i_attr); + s_attr = ((const char *) &v_msg[1]) + attr_len + 1; + if ( ('\0' != s_attr[v_msg->header.size - sizeof (struct VerifyMessage) - 1]) || + (strlen (s_attr) > GNUNET_CREDENTIAL_MAX_LENGTH) ) { GNUNET_break (0); return GNUNET_SYSERR; @@ -199,7 +214,7 @@ check_lookup (void *cls, /** - * Reply to client with the result from our lookup. + * Result from GNS lookup. * * @param cls the closure (our client lookup handle) * @param rd_count the number of records in @a rd @@ -210,139 +225,147 @@ send_lookup_response (void* cls, uint32_t rd_count, const struct GNUNET_GNSRECORD_Data *rd) { - struct ClientLookupHandle *clh = cls; + struct VerifyRequestHandle *vrh = cls; size_t len; int i; - int cred_record_count; + int attr_record_count; struct GNUNET_MQ_Envelope *env; - struct LookupResultMessage *rmsg; - const struct GNUNET_CREDENTIAL_RecordData *crd; - struct CredentialRecordEntry *cr_entry; + struct VerifyResultMessage *rmsg; + const struct GNUNET_CREDENTIAL_RecordData *ard; + struct AttributeRecordEntry *ar_entry; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Sending LOOKUP_RESULT message with %u results\n", - (unsigned int) rd_count); - - cred_record_count = 0; + attr_record_count = 0; for (i=0; i < rd_count; i++) { - if (GNUNET_GNSRECORD_TYPE_CREDENTIAL != rd[i].record_type) + if (GNUNET_GNSRECORD_TYPE_ATTRIBUTE != rd[i].record_type) continue; - cred_record_count++; - crd = rd[i].data; + attr_record_count++; + ard = rd[i].data; /** - * TODO: Check for: - * - First time we come here subject must be subject prvided by client - * - After that is has to be the prev issuer - * - Terminate condition: issuer is clh->authority_key - * - * In any case: - * Append crd to result list of RecordData + * TODO: + * Check if we have already found our credential here + * If so return success + * Else + * Save all found attributes/issues and prepare forward + * resolution of issuer attribute */ - cr_entry = GNUNET_new (struct CredentialRecordEntry); - cr_entry->record_data = *crd; - GNUNET_CONTAINER_DLL_insert_tail (clh->cred_chain_head, - clh->cred_chain_tail, - cr_entry); + ar_entry = GNUNET_new (struct AttributeRecordEntry); + ar_entry->record_data = *ard; + GNUNET_CONTAINER_DLL_insert_tail (vrh->attr_chain_head, + vrh->attr_chain_tail, + ar_entry); } /** * Get serialized record data size */ - len = cred_record_count * sizeof (struct GNUNET_CREDENTIAL_RecordData); - + len = attr_record_count * sizeof (struct GNUNET_CREDENTIAL_RecordData); + /** * Prepare a lookup result response message for the client */ env = GNUNET_MQ_msg_extra (rmsg, len, - GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP_RESULT); + GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT); //Assign id so that client can find associated request - rmsg->id = clh->request_id; - rmsg->cd_count = htonl (cred_record_count); - + rmsg->id = vrh->request_id; + rmsg->ad_count = htonl (attr_record_count); + /** * Get serialized record data * Append at the end of rmsg */ i = 0; struct GNUNET_CREDENTIAL_RecordData *tmp_record = (struct GNUNET_CREDENTIAL_RecordData*) &rmsg[1]; - for (cr_entry = clh->cred_chain_head; NULL != cr_entry; cr_entry = cr_entry->next) + for (ar_entry = vrh->attr_chain_head; NULL != ar_entry; ar_entry = ar_entry->next) { memcpy (tmp_record, - &cr_entry->record_data, + &ar_entry->record_data, sizeof (struct GNUNET_CREDENTIAL_RecordData)); tmp_record++; } - GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(clh->client), + GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(vrh->client), env); - GNUNET_CONTAINER_DLL_remove (clh_head, clh_tail, clh); - + GNUNET_CONTAINER_DLL_remove (vrh_head, vrh_tail, vrh); + /** * TODO: * - Free DLL * - Refactor into cleanup_handle() function for this */ - GNUNET_free (clh); + GNUNET_free (vrh); GNUNET_STATISTICS_update (statistics, - "Completed lookups", 1, + "Completed verifications", 1, GNUNET_NO); GNUNET_STATISTICS_update (statistics, - "Records resolved", + "Attributes resolved", rd_count, GNUNET_NO); } /** - * Handle lookup requests from client + * Handle attribute verification requests from client * * @param cls the closure * @param client the client * @param message the message */ static void -handle_lookup (void *cls, - const struct LookupMessage *l_msg) +handle_verify (void *cls, + const struct VerifyMessage *v_msg) { - char credential[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; - struct ClientLookupHandle *clh; + char issuer_attribute[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; + char subject_attribute[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; + size_t issuer_attribute_len; + struct VerifyRequestHandle *vrh; struct GNUNET_SERVICE_Client *client = cls; - char *credentialptr = credential; + char *attrptr = issuer_attribute; const char *utf_in; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Received LOOKUP message\n"); - - utf_in = (const char *) &l_msg[1]; - GNUNET_STRINGS_utf8_tolower (utf_in, credentialptr); - clh = GNUNET_new (struct ClientLookupHandle); - GNUNET_CONTAINER_DLL_insert (clh_head, clh_tail, clh); - clh->client = client; - clh->request_id = l_msg->id; - clh->issuer_key = l_msg->issuer_key; - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Sending LOOKUP_RESULT message with >%u results\n", - 0); - - if (NULL == credential) + "Received VERIFY message\n"); + + utf_in = (const char *) &v_msg[1]; + GNUNET_STRINGS_utf8_tolower (utf_in, attrptr); + issuer_attribute_len = strlen (utf_in); + utf_in = (const char *) (&v_msg[1] + issuer_attribute_len + 1); + attrptr = subject_attribute; + GNUNET_STRINGS_utf8_tolower (utf_in, attrptr); + vrh = GNUNET_new (struct VerifyRequestHandle); + GNUNET_CONTAINER_DLL_insert (vrh_head, vrh_tail, vrh); + vrh->client = client; + vrh->request_id = v_msg->id; + vrh->issuer_key = v_msg->issuer_key; + vrh->subject_key = v_msg->subject_key; + + if (NULL == subject_attribute) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "No credential provided\n"); - send_lookup_response (clh, 0, NULL); + "No subject attribute provided!\n"); + send_lookup_response (vrh, 0, NULL); return; } - clh->lookup_request = GNUNET_GNS_lookup (gns, - credential, - &l_msg->subject_key, //subject_pkey, - GNUNET_GNSRECORD_TYPE_CREDENTIAL, - GNUNET_GNS_LO_DEFAULT, //TODO configurable? credential.conf + if (NULL == issuer_attribute) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "No issuer attribute provided!\n"); + send_lookup_response (vrh, 0, NULL); + return; + } + /** + * First, get attribute from subject + */ + vrh->lookup_request = GNUNET_GNS_lookup (gns, + subject_attribute, + &v_msg->subject_key, //subject_pkey, + GNUNET_GNSRECORD_TYPE_ATTRIBUTE, + GNUNET_GNS_LO_DEFAULT, NULL, //shorten_key, always NULL &send_lookup_response, - clh); + vrh); } @@ -416,9 +439,9 @@ GNUNET_SERVICE_MAIN &client_connect_cb, &client_disconnect_cb, NULL, - GNUNET_MQ_hd_var_size (lookup, - GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP, - struct LookupMessage, + GNUNET_MQ_hd_var_size (verify, + GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY, + struct VerifyMessage, NULL), GNUNET_MQ_handler_end()); diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index 6ae3b8980..3ff00737b 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c @@ -58,7 +58,6 @@ credential_value_to_string (void *cls, char *subject_pkey; char *issuer_pkey; uint32_t cf; // Credential flags - uint32_t mdd; // Max delegation depth if (data_size < sizeof (struct GNUNET_CREDENTIAL_RecordData)) return NULL; /* malformed */ memcpy (&cred, @@ -68,14 +67,12 @@ credential_value_to_string (void *cls, subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.subject_key); issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.issuer_key); cf = ntohl (cred.credential_flags); - mdd = ntohl (cred.max_delegation_depth); GNUNET_asprintf (&cred_str, - "%s %s %u %u %s", + "%s %s %u %s", subject_pkey, issuer_pkey, (unsigned int) cf, - (unsigned int) mdd, &cdata[sizeof (cred)]); GNUNET_free (subject_pkey); GNUNET_free (issuer_pkey); @@ -112,26 +109,24 @@ credential_string_to_value (void *cls, return GNUNET_SYSERR; switch (type) { - case GNUNET_GNSRECORD_TYPE_CREDENTIAL: - { - struct GNUNET_CREDENTIAL_RecordData *cred; - unsigned int cf; // credential flags - unsigned int mdd; // max delegation depth + case GNUNET_GNSRECORD_TYPE_CREDENTIAL: + { + struct GNUNET_CREDENTIAL_RecordData *cred; + unsigned int cf; // credential flags - size_t enclen = (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8; + size_t enclen = (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8; if (enclen % 5 > 0) enclen += 5 - enclen % 5; enclen /= 5; /* 260/5 = 52 */ - char subject_pkey[enclen + 1]; - char issuer_pkey[enclen + 1]; - char name[253 + 1]; + char subject_pkey[enclen + 1]; + char issuer_pkey[enclen + 1]; + char name[253 + 1]; - if (5 != SSCANF (s, - "%52s %52s %u %u %253s", + if (5 != SSCANF (s, + "%52s %52s %u %253s", subject_pkey, issuer_pkey, &cf, - &mdd, name)) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, @@ -148,18 +143,17 @@ credential_string_to_value (void *cls, strlen (issuer_pkey), &cred->issuer_key); cred->credential_flags = htonl (cf); - cred->max_delegation_depth = htonl (mdd); GNUNET_memcpy (&cred[1], name, strlen (name)); - *data = GNUNET_strdup (s); - *data_size = strlen (s); - return GNUNET_OK; - } - default: - return GNUNET_SYSERR; + *data = GNUNET_strdup (s); + *data_size = strlen (s); + return GNUNET_OK; + } + default: + return GNUNET_SYSERR; } } @@ -186,13 +180,13 @@ static struct { */ static uint32_t credential_typename_to_number (void *cls, - const char *gns_typename) + const char *gns_typename) { unsigned int i; i=0; while ( (name_map[i].name != NULL) && - (0 != strcasecmp (gns_typename, name_map[i].name)) ) + (0 != strcasecmp (gns_typename, name_map[i].name)) ) i++; return name_map[i].number; } @@ -207,13 +201,13 @@ credential_typename_to_number (void *cls, */ static const char * credential_number_to_typename (void *cls, - uint32_t type) + uint32_t type) { unsigned int i; i=0; while ( (name_map[i].name != NULL) && - (type != name_map[i].number) ) + (type != name_map[i].number) ) i++; return name_map[i].name; } diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h index 55deb786e..739e6fe95 100644 --- a/src/include/gnunet_credential_service.h +++ b/src/include/gnunet_credential_service.h @@ -87,7 +87,6 @@ struct GNUNET_CREDENTIAL_RecordData { uint32_t credential_flags GNUNET_PACKED; - uint32_t max_delegation_depth GNUNET_PACKED; }; GNUNET_NETWORK_STRUCT_END @@ -121,7 +120,7 @@ GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle); * @param issuer_len length of issuer chain * @param rd the records in reply */ -typedef void (*GNUNET_CREDENTIAL_LookupResultProcessor) (void *cls, +typedef void (*GNUNET_CREDENTIAL_VerifyResultProcessor) (void *cls, struct GNUNET_IDENTITY_Ego *issuer, uint16_t issuer_len, const struct GNUNET_CREDENTIAL_RecordData *data); @@ -137,17 +136,15 @@ typedef void (*GNUNET_CREDENTIAL_LookupResultProcessor) (void *cls, * @param proc_cls closure for processor * @return handle to the queued request */ -struct GNUNET_CREDENTIAL_LookupRequest * -GNUNET_CREDENTIAL_lookup (struct GNUNET_CREDENTIAL_Handle *handle, - const char *credential, - const struct GNUNET_IDENTITY_Ego *subject, - const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key, - const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, - uint32_t credential_flags, - uint32_t max_delegation_depth, - GNUNET_CREDENTIAL_LookupResultProcessor proc, - void *proc_cls); - +struct GNUNET_CREDENTIAL_VerifyRequest* +GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, + const char *issuer_attribute, + const char *subject_attribute, + const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key, + const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, + uint32_t credential_flags, + GNUNET_CREDENTIAL_VerifyResultProcessor proc, + void *proc_cls); /** * Issue a credential to an identity @@ -194,7 +191,7 @@ GNUNET_CREDENTIAL_remove (struct GNUNET_CREDENTIAL_Handle *handle, * @param lr the lookup request to cancel */ void -GNUNET_CREDENTIAL_lookup_cancel (struct GNUNET_CREDENTIAL_LookupRequest *lr); +GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_VerifyRequest *vr); #if 0 /* keep Emacsens' auto-indent happy */ diff --git a/src/include/gnunet_gnsrecord_lib.h b/src/include/gnunet_gnsrecord_lib.h index 7e0a1a9e9..4f96d50d5 100644 --- a/src/include/gnunet_gnsrecord_lib.h +++ b/src/include/gnunet_gnsrecord_lib.h @@ -118,6 +118,10 @@ extern "C" */ #define GNUNET_GNSRECORD_TYPE_REVERSE 65548 +/** + * Record type for reverse lookups + */ +#define GNUNET_GNSRECORD_TYPE_ATTRIBUTE 65549 /** diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h index 3e16350c1..c11792054 100644 --- a/src/include/gnunet_protocols.h +++ b/src/include/gnunet_protocols.h @@ -2612,9 +2612,9 @@ extern "C" * * CREDENTIAL MESSAGE TYPES */ -#define GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP 971 +#define GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY 971 -#define GNUNET_MESSAGE_TYPE_CREDENTIAL_LOOKUP_RESULT 972 +#define GNUNET_MESSAGE_TYPE_CREDENTIAL_VERIFY_RESULT 972 /******************************************************************************/