From 1cfa320f0cb213aed0a3a04577d065a65f847d49 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Tue, 10 Oct 2017 16:01:14 +0200 Subject: [PATCH] -bugfixes, fix memleaks --- src/identity-provider/gnunet-idp.c | 29 +-- .../gnunet-service-identity-provider.c | 183 +++++++++++------- src/identity-provider/identity_attribute.c | 3 + src/identity-provider/identity_attribute.h | 5 + src/identity-provider/identity_provider_api.c | 15 +- src/identity-provider/test_idp.conf | 2 +- src/identity-provider/test_idp_consume.sh | 6 +- src/identity-provider/test_idp_revoke.sh | 41 +++- src/include/gnunet_crypto_lib.h | 3 +- src/util/crypto_abe.c | 23 ++- 10 files changed, 211 insertions(+), 99 deletions(-) diff --git a/src/identity-provider/gnunet-idp.c b/src/identity-provider/gnunet-idp.c index 6940220d7..0efe6eaa9 100644 --- a/src/identity-provider/gnunet-idp.c +++ b/src/identity-provider/gnunet-idp.c @@ -31,6 +31,11 @@ #include "gnunet_identity_service.h" #include "gnunet_signatures.h" +/** + * return value + */ +static int ret; + /** * List attribute flag */ @@ -154,10 +159,6 @@ store_attr_cont (void *cls, if (GNUNET_SYSERR == success) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", emsg); - } else { - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - "Successfully added identity attribute %s=%s\n", - attr_name, attr_value); } GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); } @@ -172,6 +173,11 @@ process_attrs (void *cls, GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); return; } + if (NULL == attr) + { + ret = 1; + return; + } GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, "%s: %s\n", attr->name, (char*)attr->data); } @@ -190,11 +196,11 @@ static void process_rvk (void *cls, int success, const char* msg) { if (GNUNET_OK != success) + { GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, "Revocation failed.\n"); - else - GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, - "Revocation successful.\n"); + ret = 1; + } GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); } @@ -335,7 +341,7 @@ run (void *cls, const char *cfgfile, const struct GNUNET_CONFIGURATION_Handle *c) { - + ret = 0; if (NULL == ego_name) { GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, @@ -400,7 +406,8 @@ main(int argc, char *const argv[]) &revoke_ticket), GNUNET_GETOPT_OPTION_END }; - return GNUNET_PROGRAM_run (argc, argv, "ct", - "ct", options, - &run, NULL); + GNUNET_PROGRAM_run (argc, argv, "ct", + "ct", options, + &run, NULL); + return ret; } diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 6d99e8467..85291d69a 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -903,6 +903,7 @@ serialize_abe_keyinfo2 (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, GNUNET_memcpy (write_ptr, serialized_key, size); + GNUNET_free (serialized_key); // ECDH keypair E = eG *ecdh_privkey = GNUNET_CRYPTO_ecdhe_key_create(); GNUNET_CRYPTO_ecdhe_key_get_public (*ecdh_privkey, @@ -944,6 +945,7 @@ issue_ticket_after_abe_bootstrap (void *cls, char *code_record_data; char **attrs; char *label; + char *policy; int attrs_len; int i; size_t code_record_len; @@ -955,7 +957,13 @@ issue_ticket_after_abe_bootstrap (void *cls, attrs = GNUNET_malloc ((attrs_len + 1)*sizeof (char*)); i = 0; for (le = ih->attrs->list_head; NULL != le; le = le->next) { - attrs[i] = (char*) le->attribute->name; + GNUNET_asprintf (&policy, "%s_%lu", + le->attribute->name, + le->attribute->attribute_version); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Adding attribute to key: %s\n", + policy); + attrs[i] = policy; i++; } attrs[i] = NULL; @@ -984,12 +992,15 @@ issue_ticket_after_abe_bootstrap (void *cls, code_record, &store_ticket_issue_cont, ih); + //for (; i > 0; i--) + // GNUNET_free (attrs[i-1]); GNUNET_free (ecdhe_privkey); GNUNET_free (label); GNUNET_free (attrs); GNUNET_free (code_record_data); + GNUNET_CRYPTO_cpabe_delete_key (rp_key, + GNUNET_YES); GNUNET_CRYPTO_cpabe_delete_master_key (abe_key); - GNUNET_CRYPTO_cpabe_delete_key (rp_key); } @@ -1107,6 +1118,16 @@ ticket_reissue_proc (void *cls, const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs); +static void +revocation_reissue_tickets (struct TicketRevocationHandle *rh); + + +static void reissue_next (void *cls) +{ + struct TicketRevocationHandle *rh = cls; + revocation_reissue_tickets (rh); +} + static void reissue_ticket_cont (void *cls, @@ -1114,7 +1135,6 @@ reissue_ticket_cont (void *cls, const char *emsg) { struct TicketRevocationHandle *rh = cls; - int ret; rh->ns_qe = NULL; if (GNUNET_SYSERR == success) @@ -1125,25 +1145,10 @@ reissue_ticket_cont (void *cls, cleanup_revoke_ticket_handle (rh); return; } - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Continue DB iteration\n"); rh->offset++; - GNUNET_assert (GNUNET_SYSERR != (ret = - TKT_database->iterate_tickets (TKT_database->cls, - &rh->ticket.identity, - GNUNET_NO, - rh->offset, - &ticket_reissue_proc, - rh))); - if (GNUNET_NO == ret) - { - send_revocation_finished (rh, GNUNET_OK); - cleanup_revoke_ticket_handle (rh); - } + GNUNET_SCHEDULER_add_now (&reissue_next, rh); } -static void -revocation_reissue_tickets (struct TicketRevocationHandle *rh); - /** * Process ticket from database @@ -1177,8 +1182,18 @@ ticket_reissue_proc (void *cls, { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Iteration done\n"); - send_revocation_finished (rh, GNUNET_OK); - cleanup_revoke_ticket_handle (rh); + return; + } + + if (0 == memcmp (&ticket->audience, + &rh->ticket.audience, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) + { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Do not reissue for this identity.!\n"); + + rh->offset++; + GNUNET_SCHEDULER_add_now (&reissue_next, rh); return; } @@ -1196,19 +1211,20 @@ ticket_reissue_proc (void *cls, le->attribute->name)) { reissue_ticket = GNUNET_YES; - break; + le->attribute->attribute_version = le_rollover->attribute->attribute_version; } } - if (GNUNET_YES == reissue_ticket) - break; } if (GNUNET_NO == reissue_ticket) { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Skipping ticket.\n"); + rh->offset++; - revocation_reissue_tickets (rh); + GNUNET_SCHEDULER_add_now (&reissue_next, rh); + + return; } @@ -1222,7 +1238,7 @@ ticket_reissue_proc (void *cls, attr_arr = GNUNET_malloc ((attrs_len + 1)*sizeof (char*)); i = 0; for (le = attrs->list_head; NULL != le; le = le->next) { - GNUNET_asprintf (&policy, "%s:%lu", + GNUNET_asprintf (&policy, "%s_%lu", le->attribute->name, le->attribute->attribute_version); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, @@ -1235,7 +1251,7 @@ ticket_reissue_proc (void *cls, attr_arr); //TODO review this wireformat - code_record_len = serialize_abe_keyinfo2 (&rh->ticket, + code_record_len = serialize_abe_keyinfo2 (ticket, attrs, rp_key, &ecdhe_privkey, @@ -1256,13 +1272,13 @@ ticket_reissue_proc (void *cls, code_record, &reissue_ticket_cont, rh); - for (; i > 0; i--) - GNUNET_free (attr_arr[i-1]); + //for (; i > 0; i--) + // GNUNET_free (attr_arr[i-1]); GNUNET_free (ecdhe_privkey); GNUNET_free (label); GNUNET_free (attr_arr); GNUNET_free (code_record_data); - GNUNET_CRYPTO_cpabe_delete_key (rp_key); + GNUNET_CRYPTO_cpabe_delete_key (rp_key, GNUNET_YES); } @@ -1278,7 +1294,7 @@ revocation_reissue_tickets (struct TicketRevocationHandle *rh) int ret; /* Done, issue new keys */ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Revocation Phase IV: Reissuing Tickets\n"); + "Revocation Phase III: Reissuing Tickets\n"); if (GNUNET_SYSERR == (ret = TKT_database->iterate_tickets (TKT_database->cls, &rh->ticket.identity, GNUNET_NO, @@ -1292,8 +1308,8 @@ revocation_reissue_tickets (struct TicketRevocationHandle *rh) { send_revocation_finished (rh, GNUNET_OK); cleanup_revoke_ticket_handle (rh); + return; } - } /** @@ -1322,9 +1338,11 @@ reenc_next_attribute (struct TicketRevocationHandle *rh) attribute_serialize (rh->attrs->list_head->attribute, buf); rh->attrs->list_head->attribute->attribute_version++; - GNUNET_asprintf (&policy, "%s:%lu", + GNUNET_asprintf (&policy, "%s_%lu", rh->attrs->list_head->attribute->name, rh->attrs->list_head->attribute->attribute_version); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Encrypting with policy %s\n", policy); /** * Encrypt the attribute value and store in namestore */ @@ -1388,6 +1406,7 @@ attr_reenc_cont (void *cls, GNUNET_CONTAINER_DLL_remove (rh->attrs->list_head, rh->attrs->list_tail, le); + GNUNET_assert (NULL != rh->rvk_attrs); GNUNET_CONTAINER_DLL_insert (rh->rvk_attrs->list_head, rh->rvk_attrs->list_tail, le); @@ -1476,13 +1495,9 @@ handle_revoke_ticket_message (void *cls, struct TicketRevocationHandle *rh; struct IdpClient *idp = cls; struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket; - size_t attrs_len; rh = GNUNET_new (struct TicketRevocationHandle); - attrs_len = ntohs (rm->attrs_len); ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket*)&rm[1]; - if (0 < attrs_len) - rh->rvk_attrs = attribute_list_deserialize ((char*)&ticket[1], attrs_len); rh->rvk_attrs = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList); rh->ticket = *ticket; rh->r_id = ntohl (rm->id); @@ -1500,15 +1515,18 @@ handle_revoke_ticket_message (void *cls, static void -cleanup_as_handle (struct AttributeStoreHandle *handle) +cleanup_consume_ticket_handle (struct ConsumeTicketHandle *handle) { - if (NULL != handle->attribute) - GNUNET_free (handle->attribute); - if (NULL != handle->abe_key) - GNUNET_CRYPTO_cpabe_delete_master_key (handle->abe_key); + if (NULL != handle->key) + GNUNET_CRYPTO_cpabe_delete_key (handle->key, + GNUNET_YES); + if (NULL != handle->attrs) + attribute_list_destroy (handle->attrs); GNUNET_free (handle); } + + /** * Checks a ticket consume message * @@ -1544,7 +1562,7 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count, struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *attr_le; char *data; char *data_tmp; - size_t attr_len; + ssize_t attr_len; size_t attrs_len; GNUNET_CONTAINER_DLL_remove (handle->parallel_lookups_head, @@ -1560,14 +1578,17 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count, rd->data_size - sizeof (uint32_t), handle->key, (void**)&data); - attr_le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry); - attr_le->attribute = attribute_deserialize (data, - attr_len); - attr_le->attribute->attribute_version = ntohl(*(uint32_t*)rd->data); - GNUNET_CONTAINER_DLL_insert (handle->attrs->list_head, - handle->attrs->list_tail, - attr_le); - GNUNET_free (data); + if (GNUNET_SYSERR != attr_len) + { + attr_le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry); + attr_le->attribute = attribute_deserialize (data, + attr_len); + attr_le->attribute->attribute_version = ntohl(*(uint32_t*)rd->data); + GNUNET_CONTAINER_DLL_insert (handle->attrs->list_head, + handle->attrs->list_tail, + attr_le); + GNUNET_free (data); + } } if (NULL != handle->parallel_lookups_head) return; //Wait for more @@ -1595,6 +1616,7 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count, attribute_list_serialize (handle->attrs, data_tmp); GNUNET_MQ_send (handle->client->mq, env); + cleanup_consume_ticket_handle (handle); } void @@ -1625,14 +1647,6 @@ abort_parallel_lookups2 (void *cls) } -static void -cleanup_consume_ticket_handle (struct ConsumeTicketHandle *handle) -{ - if (NULL != handle->key) - GNUNET_CRYPTO_cpabe_delete_key (handle->key); - GNUNET_free (handle); -} - static void process_consume_abe_key (void *cls, uint32_t rd_count, @@ -1713,6 +1727,8 @@ process_consume_abe_key (void *cls, uint32_t rd_count, parallel_lookup); GNUNET_free (lookup_query); } + GNUNET_free (scopes); + GNUNET_free (buf); handle->kill_task = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_MINUTES,3), &abort_parallel_lookups2, handle); @@ -1765,6 +1781,16 @@ handle_consume_ticket_message (void *cls, GNUNET_SERVICE_client_continue (idp->client); } +static void +cleanup_as_handle (struct AttributeStoreHandle *handle) +{ + if (NULL != handle->attribute) + GNUNET_free (handle->attribute); + if (NULL != handle->abe_key) + GNUNET_CRYPTO_cpabe_delete_master_key (handle->abe_key); + GNUNET_free (handle); +} + static void attr_store_cont (void *cls, int32_t success, @@ -1779,6 +1805,7 @@ attr_store_cont (void *cls, GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to store attribute %s\n", emsg); + cleanup_as_handle (as_handle); GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); return; } @@ -1816,9 +1843,11 @@ attr_store_task (void *cls) buf); GNUNET_asprintf (&policy, - "%s:%lu", + "%s_%lu", as_handle->attribute->name, as_handle->attribute->attribute_version); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Encrypting with policy %s\n", policy); /** * Encrypt the attribute value and store in namestore */ @@ -1926,7 +1955,7 @@ static void cleanup_iter_handle (struct AttributeIterator *ai) { if (NULL != ai->abe_key) - GNUNET_free (ai->abe_key); + GNUNET_CRYPTO_cpabe_delete_master_key (ai->abe_key); GNUNET_CONTAINER_DLL_remove (ai->client->op_head, ai->client->op_tail, ai); @@ -1936,10 +1965,11 @@ cleanup_iter_handle (struct AttributeIterator *ai) static void attr_iter_error (void *cls) { - //struct AttributeIterator *ai = cls; + struct AttributeIterator *ai = cls; //TODO GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to iterate over attributes\n"); + cleanup_iter_handle (ai); GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); } @@ -1974,6 +2004,7 @@ attr_iter_cb (void *cls, char* attrs[2]; char* data_tmp; char* policy; + uint32_t attr_ver; if (rd_count != 1) { @@ -1985,8 +2016,9 @@ attr_iter_cb (void *cls, GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it); return; } - GNUNET_asprintf (&policy, "%s:%lu", - label, *(uint32_t*)rd->data); + attr_ver = ntohl(*((uint32_t*)rd->data)); + GNUNET_asprintf (&policy, "%s_%lu", + label, attr_ver); attrs[0] = policy; attrs[1] = 0; key = GNUNET_CRYPTO_cpabe_create_key (ai->abe_key, @@ -1995,8 +2027,10 @@ attr_iter_cb (void *cls, rd->data_size-sizeof (uint32_t), key, (void**)&attr_ser); - GNUNET_CRYPTO_cpabe_delete_key (key); - GNUNET_free (policy); + + GNUNET_CRYPTO_cpabe_delete_key (key, + GNUNET_YES); + //GNUNET_free (policy); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found attribute: %s\n", label); env = GNUNET_MQ_msg_extra (arm, @@ -2012,6 +2046,8 @@ attr_iter_cb (void *cls, msg_extra_len); GNUNET_MQ_send (ai->client->mq, env); GNUNET_free (attr_ser); + GNUNET_CRYPTO_cpabe_delete_master_key (ai->abe_key); + ai->abe_key = NULL; } @@ -2031,6 +2067,16 @@ iterate_after_abe_bootstrap (void *cls, ai); } +void +iterate_next_after_abe_bootstrap (void *cls, + struct GNUNET_CRYPTO_AbeMasterKey *abe_key) +{ + struct AttributeIterator *ai = cls; + ai->abe_key = abe_key; + GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it); +} + + /** * Handles a #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ITERATION_START message @@ -2121,7 +2167,10 @@ handle_iteration_next (void *cls, GNUNET_SERVICE_client_drop (idp->client); return; } - GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it); + bootstrap_abe (&ai->identity, + &iterate_next_after_abe_bootstrap, + ai, + GNUNET_NO); GNUNET_SERVICE_client_continue (idp->client); } diff --git a/src/identity-provider/identity_attribute.c b/src/identity-provider/identity_attribute.c index a8d2b27e6..c7e833326 100644 --- a/src/identity-provider/identity_attribute.c +++ b/src/identity-provider/identity_attribute.c @@ -142,6 +142,7 @@ attribute_list_dup (const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs) GNUNET_memcpy (result_le->attribute, le->attribute, len); + result_le->attribute->name = (const char*)&result_le->attribute[1]; GNUNET_CONTAINER_DLL_insert (result->list_head, result->list_tail, result_le); @@ -186,6 +187,7 @@ attribute_serialize (const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr, attr_ser = (struct Attribute*)result; attr_ser->attribute_type = htons (attr->attribute_type); + attr_ser->attribute_version = htonl (attr->attribute_version); name_len = strlen (attr->name); attr_ser->name_len = htons (name_len); write_ptr = (char*)&attr_ser[1]; @@ -221,6 +223,7 @@ attribute_deserialize (const char* data, attr = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_Attribute) + data_len + name_len + 1); attr->attribute_type = ntohs (attr_ser->attribute_type); + attr->attribute_version = ntohl (attr_ser->attribute_version); attr->data_size = ntohs (attr_ser->data_size); write_ptr = (char*)&attr[1]; diff --git a/src/identity-provider/identity_attribute.h b/src/identity-provider/identity_attribute.h index 8a8da12f1..3e8fadccf 100644 --- a/src/identity-provider/identity_attribute.h +++ b/src/identity-provider/identity_attribute.h @@ -35,6 +35,11 @@ struct Attribute */ uint32_t attribute_type; + /** + * Attribute version + */ + uint32_t attribute_version; + /** * Name length */ diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c index 99faf0ecd..6d28709df 100644 --- a/src/identity-provider/identity_provider_api.c +++ b/src/identity-provider/identity_provider_api.c @@ -501,12 +501,21 @@ handle_consume_ticket_result (void *cls, attrs_len); if (NULL != op->ar_cb) { - for (le = attrs->list_head; NULL != le; le = le->next) + if (NULL == attrs) + { op->ar_cb (op->cls, &msg->identity, - le->attribute); + NULL); + } + else + { + for (le = attrs->list_head; NULL != le; le = le->next) + op->ar_cb (op->cls, + &msg->identity, + le->attribute); + attribute_list_destroy (attrs); + } } - attribute_list_destroy (attrs); op->ar_cb (op->cls, NULL, NULL); diff --git a/src/identity-provider/test_idp.conf b/src/identity-provider/test_idp.conf index 9669bef7e..e5d1c7186 100644 --- a/src/identity-provider/test_idp.conf +++ b/src/identity-provider/test_idp.conf @@ -15,7 +15,7 @@ PLUGINS = [identity-provider] AUTOSTART = YES -PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/idplog +PREFIX = valgrind --leak-check=full --show-leak-kinds=all --track-origins=yes --log-file=/tmp/idplog [gns] #PREFIX = valgrind --leak-check=full --track-origins=yes diff --git a/src/identity-provider/test_idp_consume.sh b/src/identity-provider/test_idp_consume.sh index ab437c0e8..e47c13da6 100755 --- a/src/identity-provider/test_idp_consume.sh +++ b/src/identity-provider/test_idp_consume.sh @@ -29,10 +29,10 @@ gnunet-identity -C testego -c test_idp.conf gnunet-identity -C rpego -c test_idp.conf SUBJECT_KEY=$(gnunet-identity -d -c test_idp.conf | grep rpego | awk '{print $3}') TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}') -gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf > /dev/null 2>&1 -gnunet-idp -e testego -a name -V John -c test_idp.conf > /dev/null 2>&1 +gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf +gnunet-idp -e testego -a name -V John -c test_idp.conf TICKET=$(gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf | awk '{print $1}') echo "Consuming ticket $TICKET" gnunet-idp -e rpego -C $TICKET -c test_idp.conf curl http://localhost:7776/idp/tickets/testego -#gnunet-arm -e -c test_idp.conf +gnunet-arm -e -c test_idp.conf diff --git a/src/identity-provider/test_idp_revoke.sh b/src/identity-provider/test_idp_revoke.sh index 57872c5b9..d5c2c3f77 100755 --- a/src/identity-provider/test_idp_revoke.sh +++ b/src/identity-provider/test_idp_revoke.sh @@ -24,14 +24,37 @@ which timeout &> /dev/null && DO_TIMEOUT="timeout 30" TEST_ATTR="test" gnunet-arm -s -c test_idp.conf -gnunet-identity -C testego -c test_idp.conf -gnunet-identity -C rpego -c test_idp.conf -SUBJECT_KEY=$(gnunet-identity -d -c test_idp.conf | grep rpego | awk '{print $3}') -TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}') -gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf -gnunet-idp -e testego -a name -V John -c test_idp.conf -#gnunet-idp -e testego -D -c test_idp.conf -TICKET=$(gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf | awk '{print $1}') +gnunet-identity -C alice -c test_idp.conf +gnunet-identity -C bob -c test_idp.conf +gnunet-identity -C eve -c test_idp.conf +ALICE_KEY=$(gnunet-identity -d -c test_idp.conf | grep alice | awk '{print $3}') +BOB_KEY=$(gnunet-identity -d -c test_idp.conf | grep bob | awk '{print $3}') +EVE_KEY=$(gnunet-identity -d -c test_idp.conf | grep eve | awk '{print $3}') + +gnunet-idp -e alice -a email -V john@doe.gnu -c test_idp.conf +gnunet-idp -e alice -a name -V John -c test_idp.conf +TICKET_BOB=$(gnunet-idp -e alice -i "email,name" -r $BOB_KEY -c test_idp.conf | awk '{print $1}') +#gnunet-idp -e bob -C $TICKET_BOB -c test_idp.conf +TICKET_EVE=$(gnunet-idp -e alice -i "email" -r $EVE_KEY -c test_idp.conf | awk '{print $1}') + + #echo "Consuming $TICKET" -gnunet-idp -e testego -R $TICKET -c test_idp.conf +#gnunet-idp -e eve -C $TICKET_EVE -c test_idp.conf +gnunet-idp -e alice -R $TICKET_EVE -c test_idp.conf + +gnunet-idp -e eve -C $TICKET_EVE -c test_idp.conf > /dev/null 2>&1 +if test $? == 0 +then + echo "Eve can still resolve attributes..." + gnunet-arm -e -c test_idp.conf + exit 1 +fi +gnunet-idp -e bob -C $TICKET_BOB -c test_idp.conf > /dev/null 2>&1 +if test $? != 0 +then + echo "Bob cannot resolve attributes..." + gnunet-arm -e -c test_idp.conf + exit 1 +fi + gnunet-arm -e -c test_idp.conf diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 78d31a9ec..2b6718557 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h @@ -2151,7 +2151,8 @@ struct GNUNET_CRYPTO_AbeKey * GNUNET_CRYPTO_cpabe_create_key (struct GNUNET_CRYPTO_AbeMasterKey *msk, char **attrs); void -GNUNET_CRYPTO_cpabe_delete_key (struct GNUNET_CRYPTO_AbeKey *key); +GNUNET_CRYPTO_cpabe_delete_key (struct GNUNET_CRYPTO_AbeKey *key, + int delete_pub); /** diff --git a/src/util/crypto_abe.c b/src/util/crypto_abe.c index f52cd5213..fcaa826ed 100644 --- a/src/util/crypto_abe.c +++ b/src/util/crypto_abe.c @@ -159,7 +159,10 @@ GNUNET_CRYPTO_cpabe_create_master_key (void) void GNUNET_CRYPTO_cpabe_delete_master_key (struct GNUNET_CRYPTO_AbeMasterKey *key) { - gabe_msk_free (key->msk); //For some reason free of pub implicit? + gabe_msk_free (key->msk); + gabe_pub_free (key->pub); + //GNUNET_free (key->msk); + //gabe_msk_free (key->msk); //For some reason free of pub implicit? GNUNET_free (key); } @@ -175,15 +178,19 @@ GNUNET_CRYPTO_cpabe_create_key (struct GNUNET_CRYPTO_AbeMasterKey *key, prv_key->prv = gabe_keygen(key->pub, key->msk, attrs); size = gabe_pub_serialize(key->pub, &tmp); prv_key->pub = gabe_pub_unserialize(tmp, size); + GNUNET_free (tmp); GNUNET_assert (NULL != prv_key->prv); return prv_key; } void -GNUNET_CRYPTO_cpabe_delete_key (struct GNUNET_CRYPTO_AbeKey *key) +GNUNET_CRYPTO_cpabe_delete_key (struct GNUNET_CRYPTO_AbeKey *key, + int delete_pub) { //Memory management in gabe is buggy - //gabe_prv_free (prv); + gabe_prv_free (key->prv); + if (GNUNET_YES == delete_pub) + gabe_pub_free (key->pub); GNUNET_free (key); } @@ -266,6 +273,7 @@ GNUNET_CRYPTO_cpabe_encrypt (const void *block, cph_buf_len = gabe_cph_serialize(cph, &cph_buf); gabe_cph_free(cph); + GNUNET_free (cph); plt = GNUNET_memdup (block, size); aes_buf_len = aes_128_cbc_encrypt(plt, size, m, &aes_buf); GNUNET_free (plt); @@ -293,14 +301,21 @@ GNUNET_CRYPTO_cpabe_decrypt (const void *block, read_cpabe(block, &cph_buf, &cph_buf_size, &aes_buf, &aes_buf_size); cph = gabe_cph_unserialize(key->pub, cph_buf, cph_buf_size); if( !gabe_dec(key->pub, key->prv, cph, m) ) { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "%s\n", gabe_error()); + GNUNET_free (aes_buf); + GNUNET_free (cph_buf); gabe_cph_free(cph); + GNUNET_free (cph); + element_clear (m); return GNUNET_SYSERR; } gabe_cph_free(cph); + GNUNET_free (cph); plt_len = aes_128_cbc_decrypt(aes_buf, aes_buf_size, m, (char**)result); + GNUNET_free (cph_buf); GNUNET_free (aes_buf); + element_clear (m); //freeing is buggy in gabe //gabe_prv_free (prv); //gabe_pub_free (pub); -- 2.25.1