From fad73f2435336733ae585c7a018df860bec3bdf1 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Sun, 20 Nov 2016 17:49:04 +0100 Subject: [PATCH] - add missing API; no impl --- src/credential/credential_api.c | 49 ++--- src/credential/gnunet-credential.c | 108 +++++------ src/credential/gnunet-service-credential.c | 10 +- src/credential/plugin_gnsrecord_credential.c | 8 +- src/include/gnunet_credential_service.h | 191 +++++++++++++++---- 5 files changed, 233 insertions(+), 133 deletions(-) diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index 4864d54d0..8ff66c574 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c @@ -38,18 +38,18 @@ /** * Handle to a verify request */ -struct GNUNET_CREDENTIAL_VerifyRequest +struct GNUNET_CREDENTIAL_Request { /** * DLL */ - struct GNUNET_CREDENTIAL_VerifyRequest *next; + struct GNUNET_CREDENTIAL_Request *next; /** * DLL */ - struct GNUNET_CREDENTIAL_VerifyRequest *prev; + struct GNUNET_CREDENTIAL_Request *prev; /** * handle to credential service @@ -98,12 +98,12 @@ struct GNUNET_CREDENTIAL_Handle /** * Head of linked list of active verify requests. */ - struct GNUNET_CREDENTIAL_VerifyRequest *verify_head; + struct GNUNET_CREDENTIAL_Request *verify_head; /** * Tail of linked list of active verify requests. */ - struct GNUNET_CREDENTIAL_VerifyRequest *verify_tail; + struct GNUNET_CREDENTIAL_Request *verify_tail; /** * Reconnect task @@ -210,16 +210,13 @@ handle_result (void *cls, const struct VerifyResultMessage *vr_msg) { struct GNUNET_CREDENTIAL_Handle *handle = cls; - uint32_t ad_count = ntohl (vr_msg->ad_count); - struct GNUNET_CREDENTIAL_RecordData ad[ad_count]; uint32_t r_id = ntohl (vr_msg->id); - struct GNUNET_CREDENTIAL_VerifyRequest *vr; + struct GNUNET_CREDENTIAL_Request *vr; GNUNET_CREDENTIAL_VerifyResultProcessor proc; void *proc_cls; LOG (GNUNET_ERROR_TYPE_DEBUG, - "Received verify reply from CREDENTIAL service (%u credentials)\n", - (unsigned int) ad_count); + "Received verify reply from CREDENTIAL service\n"); for (vr = handle->verify_head; NULL != vr; vr = vr->next) if (vr->r_id == r_id) break; @@ -240,8 +237,7 @@ handle_result (void *cls, */ proc (proc_cls, NULL, - ad_count, - ad); // TODO + GNUNET_NO); // TODO } @@ -260,7 +256,7 @@ reconnect (struct GNUNET_CREDENTIAL_Handle *handle) NULL), GNUNET_MQ_handler_end () }; - struct GNUNET_CREDENTIAL_VerifyRequest *vr; + struct GNUNET_CREDENTIAL_Request *vr; GNUNET_assert (NULL == handle->mq); LOG (GNUNET_ERROR_TYPE_DEBUG, @@ -330,7 +326,7 @@ GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle) * @param lr the verify request to cancel */ void -GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_VerifyRequest *vr) +GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_Request *vr) { struct GNUNET_CREDENTIAL_Handle *handle = vr->credential_handle; @@ -341,30 +337,35 @@ GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_VerifyRequest *vr) GNUNET_free (vr); } - /** - * Perform an asynchronous verify operation for a credential. + * Performs attribute verification. + * Checks if there is a delegation chain from + * attribute ``issuer_attribute'' issued by the issuer + * with public key ``issuer_key'' maps to the attribute + * ``subject_attribute'' claimed by the subject with key + * ``subject_key'' * * @param handle handle to the Credential service - * @param credential the credential to look up - * @param subject Ego to check the credential for + * @param issuer_key the issuer public key + * @param issuer_attribute the issuer attribute + * @param subject_key the subject public key + * @param subject_attribute the attribute claimed by the subject * @param proc function to call on result * @param proc_cls closure for processor * @return handle to the queued request */ -struct GNUNET_CREDENTIAL_VerifyRequest* +struct GNUNET_CREDENTIAL_Request* GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, + const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, const char *issuer_attribute, - const char *subject_attribute, const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key, - const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, - uint32_t credential_flags, + const char *subject_attribute, GNUNET_CREDENTIAL_VerifyResultProcessor proc, void *proc_cls) { /* IPC to shorten credential names, return shorten_handle */ struct VerifyMessage *v_msg; - struct GNUNET_CREDENTIAL_VerifyRequest *vr; + struct GNUNET_CREDENTIAL_Request *vr; size_t nlen; if (NULL == issuer_attribute) @@ -382,7 +383,7 @@ GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, GNUNET_break (0); return NULL; } - vr = GNUNET_new (struct GNUNET_CREDENTIAL_VerifyRequest); + vr = GNUNET_new (struct GNUNET_CREDENTIAL_Request); vr->credential_handle = handle; vr->verify_proc = proc; vr->proc_cls = proc_cls; diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index 94a4b3899..31cd4fd8f 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c @@ -50,7 +50,7 @@ static char *lookup_credential; /** * Handle to verify request */ -static struct GNUNET_CREDENTIAL_VerifyRequest *verify_request; +static struct GNUNET_CREDENTIAL_Request *verify_request; /** * Lookup an ego with the identity service. @@ -82,11 +82,6 @@ static char *subject_key; */ static char *issuer_key; -/* - * Credential flags - */ -static int credential_flags; - /** @@ -158,20 +153,18 @@ do_timeout (void *cls) */ static void handle_verify_result (void *cls, - struct GNUNET_IDENTITY_Ego *issuer, - uint16_t issuer_len, - const struct GNUNET_CREDENTIAL_RecordData *data) + struct GNUNET_CRYPTO_EcdsaPublicKey *issuer, + uint32_t status) { - + verify_request = NULL; - if (0 == issuer_len) - printf ("No results.\n"); + if (GNUNET_NO == status) + printf ("Verify failed.\n"); else - printf ("%u\n", - issuer_len); + printf ("Successful.\n"); + - GNUNET_SCHEDULER_shutdown (); } @@ -188,7 +181,7 @@ handle_verify_result (void *cls, static void lookup_credentials (struct GNUNET_IDENTITY_Ego *ego) { - + struct GNUNET_CRYPTO_EcdsaPublicKey subject_pkey; struct GNUNET_CRYPTO_EcdsaPublicKey issuer_pkey; @@ -217,21 +210,20 @@ lookup_credentials (struct GNUNET_IDENTITY_Ego *ego) GNUNET_SCHEDULER_shutdown (); return; } - - verify_request = GNUNET_CREDENTIAL_verify(credential, - "", - lookup_credential, - &subject_pkey, - &issuer_pkey, - credential_flags, - &handle_verify_result, - NULL); - return; + + verify_request = GNUNET_CREDENTIAL_verify(credential, + &issuer_pkey, + "test", //TODO argument + &subject_pkey, + lookup_credential, + &handle_verify_result, + NULL); + return; } else { fprintf (stderr, - _("Please specify name to lookup, subject key and issuer key!\n")); + _("Please specify name to lookup, subject key and issuer key!\n")); GNUNET_SCHEDULER_shutdown (); return; } @@ -252,23 +244,23 @@ lookup_credentials (struct GNUNET_IDENTITY_Ego *ego) */ static void identity_master_cb (void *cls, - struct GNUNET_IDENTITY_Ego *ego, - void **ctx, - const char *name) + struct GNUNET_IDENTITY_Ego *ego, + void **ctx, + const char *name) { - + id_op = NULL; if (NULL == ego) { fprintf (stderr, - _("Ego for `gns-master' not found, cannot perform lookup. Did you run gnunet-gns-import.sh?\n")); + _("Ego for `gns-master' not found, cannot perform lookup. Did you run gnunet-gns-import.sh?\n")); GNUNET_SCHEDULER_shutdown (); return; } lookup_credentials(ego); - + } @@ -286,41 +278,41 @@ run (void *cls, const char *cfgfile, const struct GNUNET_CONFIGURATION_Handle *c) { - + cfg = c; credential = GNUNET_CREDENTIAL_connect (cfg); identity = GNUNET_IDENTITY_connect (cfg, NULL, NULL); - - + + if (NULL == credential) { fprintf (stderr, - _("Failed to connect to CREDENTIAL\n")); + _("Failed to connect to CREDENTIAL\n")); return; } if (NULL == identity) { fprintf (stderr, - _("Failed to connect to IDENTITY\n")); + _("Failed to connect to IDENTITY\n")); return; } tt = GNUNET_SCHEDULER_add_delayed (timeout, - &do_timeout, NULL); + &do_timeout, NULL); GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); - - - GNUNET_break (NULL == id_op); - id_op = GNUNET_IDENTITY_get (identity, - "gns-master",//# TODO: Create credential-master - &identity_master_cb, - cls); - GNUNET_assert (NULL != id_op); - + GNUNET_break (NULL == id_op); + id_op = GNUNET_IDENTITY_get (identity, + "gns-master",//# TODO: Create credential-master + &identity_master_cb, + cls); + GNUNET_assert (NULL != id_op); + + + } @@ -339,15 +331,15 @@ main (int argc, char *const *argv) {'u', "lookup", "CREDENTIAL", gettext_noop ("Lookup a record for the given credential"), 1, &GNUNET_GETOPT_set_string, &lookup_credential}, - /** { 'T', "timeout", "DELAY", + /** { 'T', "timeout", "DELAY", gettext_noop ("Specify timeout for the lookup"), 1, &GNUNET_GETOPT_set_relative_time, &timeout }, - {'t', "type", "TYPE", + {'t', "type", "TYPE", gettext_noop ("Specify the type of the record to lookup"), 1, - &GNUNET_GETOPT_set_string, &lookup_type},**/ + &GNUNET_GETOPT_set_string, &lookup_type},**/ {'z', "zone", "NAME", - gettext_noop ("Specify the name of the ego of the zone to lookup the record in"), 1, - &GNUNET_GETOPT_set_string, &zone_ego_name}, + gettext_noop ("Specify the name of the ego of the zone to lookup the record in"), 1, + &GNUNET_GETOPT_set_string, &zone_ego_name}, {'s', "subject", "PKEY", gettext_noop ("Specify the public key of the subject to lookup the credential for"), 1, &GNUNET_GETOPT_set_string, &subject_key}, @@ -364,11 +356,11 @@ main (int argc, char *const *argv) GNUNET_log_setup ("gnunet-credential", "WARNING", NULL); ret = - (GNUNET_OK == - GNUNET_PROGRAM_run (argc, argv, "gnunet-credential", - _("GNUnet credential resolver tool"), - options, - &run, NULL)) ? 0 : 1; + (GNUNET_OK == + GNUNET_PROGRAM_run (argc, argv, "gnunet-credential", + _("GNUnet credential resolver tool"), + options, + &run, NULL)) ? 0 : 1; GNUNET_free ((void*) argv); return ret; } diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index 114041be1..58be7853b 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -61,7 +61,7 @@ struct AttributeRecordEntry /** * Payload */ - struct GNUNET_CREDENTIAL_RecordData record_data; + struct GNUNET_CREDENTIAL_AttributeRecordData record_data; }; /** @@ -231,7 +231,7 @@ send_lookup_response (void* cls, int attr_record_count; struct GNUNET_MQ_Envelope *env; struct VerifyResultMessage *rmsg; - const struct GNUNET_CREDENTIAL_RecordData *ard; + const struct GNUNET_CREDENTIAL_AttributeRecordData *ard; struct AttributeRecordEntry *ar_entry; attr_record_count = 0; @@ -260,7 +260,7 @@ send_lookup_response (void* cls, /** * Get serialized record data size */ - len = attr_record_count * sizeof (struct GNUNET_CREDENTIAL_RecordData); + len = attr_record_count * sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData); /** * Prepare a lookup result response message for the client @@ -277,12 +277,12 @@ send_lookup_response (void* cls, * Append at the end of rmsg */ i = 0; - struct GNUNET_CREDENTIAL_RecordData *tmp_record = (struct GNUNET_CREDENTIAL_RecordData*) &rmsg[1]; + struct GNUNET_CREDENTIAL_AttributeRecordData *tmp_record = (struct GNUNET_CREDENTIAL_AttributeRecordData*) &rmsg[1]; for (ar_entry = vrh->attr_chain_head; NULL != ar_entry; ar_entry = ar_entry->next) { memcpy (tmp_record, &ar_entry->record_data, - sizeof (struct GNUNET_CREDENTIAL_RecordData)); + sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData)); tmp_record++; } GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(vrh->client), diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index 3ff00737b..cc645468d 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c @@ -53,12 +53,12 @@ credential_value_to_string (void *cls, { case GNUNET_GNSRECORD_TYPE_CREDENTIAL: { - struct GNUNET_CREDENTIAL_RecordData cred; + struct GNUNET_CREDENTIAL_AttributeRecordData cred; char *cred_str; char *subject_pkey; char *issuer_pkey; uint32_t cf; // Credential flags - if (data_size < sizeof (struct GNUNET_CREDENTIAL_RecordData)) + if (data_size < sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData)) return NULL; /* malformed */ memcpy (&cred, data, @@ -111,7 +111,7 @@ credential_string_to_value (void *cls, { case GNUNET_GNSRECORD_TYPE_CREDENTIAL: { - struct GNUNET_CREDENTIAL_RecordData *cred; + struct GNUNET_CREDENTIAL_AttributeRecordData *cred; unsigned int cf; // credential flags size_t enclen = (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8; @@ -134,7 +134,7 @@ credential_string_to_value (void *cls, s); return GNUNET_SYSERR; } - *data_size = sizeof (struct GNUNET_CREDENTIAL_RecordData) + strlen (name) + 1; + *data_size = sizeof (struct GNUNET_CREDENTIAL_AttributeRecordData) + strlen (name) + 1; *data = cred = GNUNET_malloc (*data_size); GNUNET_CRYPTO_ecdsa_public_key_from_string (subject_pkey, strlen (subject_pkey), diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h index 739e6fe95..84cc68146 100644 --- a/src/include/gnunet_credential_service.h +++ b/src/include/gnunet_credential_service.h @@ -53,7 +53,7 @@ struct GNUNET_CREDENTIAL_Handle; /** * Handle to control a lookup operation. */ -struct GNUNET_CREDENTIAL_LookupRequest; +struct GNUNET_CREDENTIAL_Request; /* * Enum used for checking whether the issuer has the authority to issue credentials or is just a subject @@ -72,23 +72,59 @@ enum GNUNET_CREDENTIAL_CredentialFlags { }; GNUNET_NETWORK_STRUCT_BEGIN -/* -* Data stored in the credential record -*/ -struct GNUNET_CREDENTIAL_RecordData { +/** + * The attribute record + */ +struct GNUNET_CREDENTIAL_AttributeRecordData { - /* - * Key of the - */ + /** + * Public key of the subject this credential was issued to + */ struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; + /** + * Public key of the issuer + */ struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; - + /** + * Flags for this credential + */ uint32_t credential_flags GNUNET_PACKED; + /** + * Expiration time of this credential + */ + uint64_t expiration GNUNET_PACKED; + + /** + * The signature for this credential by the issuer + */ + struct GNUNET_CRYPTO_EcdsaSignature sig; + + /** + * Followed by the attribute string + */ +}; + + +/** + * The attribute delegation record +*/ +struct GNUNET_CREDENTIAL_AttributeDelegationRecordData { + + /** + * Public key of the subject this attribute was delegated to + */ + struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; + + /** + * Followed by the attribute that was delegated to as string + */ }; + + GNUNET_NETWORK_STRUCT_END @@ -113,58 +149,129 @@ GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle); /** - * Iterator called on obtained result for a Credential lookup. + * Iterator called on obtained result for an attribute verification. * * @param cls closure - * @param issuer the issuer chain - * @param issuer_len length of issuer chain + * @param issuer the issuer of the attribute NULL if verification failed + * @param result the result of the verification * @param rd the records in reply */ typedef void (*GNUNET_CREDENTIAL_VerifyResultProcessor) (void *cls, - struct GNUNET_IDENTITY_Ego *issuer, - uint16_t issuer_len, - const struct GNUNET_CREDENTIAL_RecordData *data); + struct GNUNET_CRYPTO_EcdsaPublicKey *issuer, + uint32_t result); + +/** + * Iterator called on obtained result for an attribute issuance. + * + * @param cls closure + * @param result the record data that can be handed to the subject + */ +typedef void (*GNUNET_CREDENTIAL_IssueResultProcessor) (void *cls, + struct GNUNET_CREDENTIAL_AttributeRecordData *data); + +/** + * Iterator called on obtained result for an attribute delegation. + * + * @param cls closure + * @param success GNUNET_YES if successful + * @param result the record data that can be handed to the subject + */ +typedef void (*GNUNET_CREDENTIAL_DelegateResultProcessor) (void *cls, + uint32_t success); + +/** + * Iterator called on obtained result for an attribute delegation removal. + * + * @param cls closure + * @param success GNUNET_YES if successful + * @param result the record data that can be handed to the subject + */ +typedef void (*GNUNET_CREDENTIAL_RemoveDelegateResultProcessor) (void *cls, + uint32_t success); + + /** - * Perform an asynchronous lookup operation for a credential. + * Performs attribute verification. + * Checks if there is a delegation chain from + * attribute ``issuer_attribute'' issued by the issuer + * with public key ``issuer_key'' maps to the attribute + * ``subject_attribute'' claimed by the subject with key + * ``subject_key'' * * @param handle handle to the Credential service - * @param credential the credential to look up - * @param subject Ego to check the credential for + * @param issuer_key the issuer public key + * @param issuer_attribute the issuer attribute + * @param subject_key the subject public key + * @param subject_attribute the attribute claimed by the subject * @param proc function to call on result * @param proc_cls closure for processor * @return handle to the queued request */ -struct GNUNET_CREDENTIAL_VerifyRequest* +struct GNUNET_CREDENTIAL_Request* GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, + const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, const char *issuer_attribute, - const char *subject_attribute, const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key, - const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, - uint32_t credential_flags, + const char *subject_attribute, GNUNET_CREDENTIAL_VerifyResultProcessor proc, void *proc_cls); /** - * Issue a credential to an identity + * Delegate an attribute * * @param handle handle to the Credential service - * @param issuer the identity that issues the credential - * @param subject the subject of the credential - * @param credential the name of the credential - * @param data the data of the credential + * @param issuer the ego that should be used to delegate the attribute + * @param attribute the name of the attribute to delegate + * @param subject the subject of the delegation + * @param delegated_attribute the name of the attribute that is delegated to + * @return handle to the queued request + */ +struct GNUNET_CREDENTIAL_Request * +GNUNET_CREDENTIAL_add_delegation (struct GNUNET_CREDENTIAL_Handle *handle, + struct GNUNET_IDENTITY_Ego *issuer, + const char *attribute, + struct GNUNET_CRYPTO_EcdsaPublicKey *subject, + const char *delegated_attribute, + GNUNET_CREDENTIAL_DelegateResultProcessor proc, + void *proc_cls); + +/** + * Remove a delegation + * + * @param handle handle to the Credential service + * @param issuer the ego that was used to delegate the attribute + * @param attribute the name of the attribute that is delegated * @return handle to the queued request */ -/**struct GNUNET_CREDENTIAL_IssueRequest * +struct GNUNET_CREDENTIAL_Request * +GNUNET_CREDENTIAL_remove_delegation (struct GNUNET_CREDENTIAL_Handle *handle, + struct GNUNET_IDENTITY_Ego *issuer, + const char *attribute, + GNUNET_CREDENTIAL_RemoveDelegateResultProcessor proc, + void *proc_cls); + + + +/** + * Issue an attribute to a subject + * + * @param handle handle to the Credential service + * @param issuer the ego that should be used to issue the attribute + * @param subject the subject of the attribute + * @param attribute the name of the attribute + * @return handle to the queued request + */ +struct GNUNET_CREDENTIAL_Request * GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle, struct GNUNET_IDENTITY_Ego *issuer, - struct GNUNET_IDENTITY_Ego *subject, - const char *credential, - struct GNUNET_CREDENTIAL_Data *data, + struct GNUNET_CRYPTO_EcdsaPublicKey *subject, + const char *attribute, GNUNET_CREDENTIAL_IssueResultProcessor proc, void *proc_cls); -*/ + + /** * Remove a credential * @@ -174,15 +281,15 @@ GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle, * @param credential the name of the credential * @return handle to the queued request */ - /** -struct GNUNET_CREDENTIAL_IssueRequest * -GNUNET_CREDENTIAL_remove (struct GNUNET_CREDENTIAL_Handle *handle, - struct GNUNET_IDENTITY_Ego *issuer, - struct GNUNET_IDENTITY_Ego *subject, - const char *credential, - GNUNET_CREDENTIAL_IssueResultProcessor proc, - void *proc_cls); -*/ +/** + struct GNUNET_CREDENTIAL_IssueRequest * + GNUNET_CREDENTIAL_remove (struct GNUNET_CREDENTIAL_Handle *handle, + struct GNUNET_IDENTITY_Ego *issuer, + struct GNUNET_IDENTITY_Ego *subject, + const char *credential, + GNUNET_CREDENTIAL_IssueResultProcessor proc, + void *proc_cls); + */ /** @@ -191,7 +298,7 @@ GNUNET_CREDENTIAL_remove (struct GNUNET_CREDENTIAL_Handle *handle, * @param lr the lookup request to cancel */ void -GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_VerifyRequest *vr); +GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_Request *vr); #if 0 /* keep Emacsens' auto-indent happy */ -- 2.25.1