123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575 |
- /*
- This file is part of GNUnet
- Copyright (C) 2013, 2014, 2016 GNUnet e.V.
- GNUnet is free software: you can redistribute it and/or modify it
- under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License,
- or (at your option) any later version.
- GNUnet is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Affero General Public License for more details.
- You should have received a copy of the GNU Affero General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
- SPDX-License-Identifier: AGPL3.0-or-later
- */
- /**
- * @file reclaim/plugin_reclaim_credential_pabc.c
- * @brief reclaim-credential-plugin-pabc attribute plugin to provide the API for
- * pabc credentials.
- *
- * @author Martin Schanzenbach
- */
- #include "platform.h"
- #include "gnunet_util_lib.h"
- #include "gnunet_reclaim_plugin.h"
- #include <inttypes.h>
- #include <jansson.h>
- #include <pabc/pabc.h>
- #include "pabc_helper.h"
- /**
- * Convert the 'value' of an credential to a string.
- *
- * @param cls closure, unused
- * @param type type of the credential
- * @param data value in binary encoding
- * @param data_size number of bytes in @a data
- * @return NULL on error, otherwise human-readable representation of the value
- */
- static char *
- pabc_value_to_string (void *cls,
- uint32_t type,
- const void *data,
- size_t data_size)
- {
- switch (type)
- {
- case GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC:
- return GNUNET_strndup (data, data_size);
- default:
- return NULL;
- }
- }
- /**
- * Convert human-readable version of a 'value' of an credential to the binary
- * representation.
- *
- * @param cls closure, unused
- * @param type type of the credential
- * @param s human-readable string
- * @param data set to value in binary encoding (will be allocated)
- * @param data_size set to number of bytes in @a data
- * @return #GNUNET_OK on success
- */
- static int
- pabc_string_to_value (void *cls,
- uint32_t type,
- const char *s,
- void **data,
- size_t *data_size)
- {
- if (NULL == s)
- return GNUNET_SYSERR;
- switch (type)
- {
- case GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC:
- *data = GNUNET_strdup (s);
- *data_size = strlen (s) + 1;
- return GNUNET_OK;
- default:
- return GNUNET_SYSERR;
- }
- }
- /**
- * Mapping of credential type numbers to human-readable
- * credential type names.
- */
- static struct
- {
- const char *name;
- uint32_t number;
- } pabc_cred_name_map[] = { { "PABC", GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC },
- { NULL, UINT32_MAX } };
- /**
- * Convert a type name to the corresponding number.
- *
- * @param cls closure, unused
- * @param pabc_typename name to convert
- * @return corresponding number, UINT32_MAX on error
- */
- static uint32_t
- pabc_typename_to_number (void *cls, const char *pabc_typename)
- {
- unsigned int i;
- i = 0;
- while ((NULL != pabc_cred_name_map[i].name) &&
- (0 != strcasecmp (pabc_typename, pabc_cred_name_map[i].name)))
- i++;
- return pabc_cred_name_map[i].number;
- }
- /**
- * Convert a type number (i.e. 1) to the corresponding type string
- *
- * @param cls closure, unused
- * @param type number of a type to convert
- * @return corresponding typestring, NULL on error
- */
- static const char *
- pabc_number_to_typename (void *cls, uint32_t type)
- {
- unsigned int i;
- i = 0;
- while ((NULL != pabc_cred_name_map[i].name) && (type !=
- pabc_cred_name_map[i].
- number))
- i++;
- return pabc_cred_name_map[i].name;
- }
- static void
- inspect_attrs (char const *const key,
- char const *const value,
- void *ctx)
- {
- struct GNUNET_RECLAIM_AttributeList *attrs = ctx;
- if (NULL == value)
- return;
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Found attribue in PABC credential: `%s': `%s'\n",
- key, value);
- if (0 == strcmp (key, "expiration"))
- return;
- if (0 == strcmp (key, "issuer"))
- return;
- if (0 == strcmp (key, "subject"))
- return;
- GNUNET_RECLAIM_attribute_list_add (attrs,
- key,
- NULL,
- GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,
- value,
- strlen (value));
- }
- /**
- * Parse a pabc and return the respective claim value as Attribute
- *
- * @param cls the plugin
- * @param cred the pabc credential
- * @return a GNUNET_RECLAIM_Attribute, containing the new value
- */
- struct GNUNET_RECLAIM_AttributeList *
- pabc_parse_attributes (void *cls,
- const char *data,
- size_t data_size)
- {
- struct GNUNET_RECLAIM_AttributeList *attrs;
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Collecting PABC attributes...\n");
- attrs = GNUNET_new (struct GNUNET_RECLAIM_AttributeList);
- GNUNET_assert (PABC_OK ==
- pabc_cred_inspect_credential (data,
- &inspect_attrs, attrs));
- return attrs;
- }
- /**
- * Parse a pabc and return the respective claim value as Attribute
- *
- * @param cls the plugin
- * @param cred the pabc credential
- * @return a GNUNET_RECLAIM_Attribute, containing the new value
- */
- struct GNUNET_RECLAIM_AttributeList *
- pabc_parse_attributes_c (void *cls,
- const struct GNUNET_RECLAIM_Credential *cred)
- {
- if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC)
- return NULL;
- return pabc_parse_attributes (cls, cred->data, cred->data_size);
- }
- /**
- * Parse a pabc and return the respective claim value as Attribute
- *
- * @param cls the plugin
- * @param cred the pabc credential
- * @return a GNUNET_RECLAIM_Attribute, containing the new value
- */
- struct GNUNET_RECLAIM_AttributeList *
- pabc_parse_attributes_p (void *cls,
- const struct GNUNET_RECLAIM_Presentation *cred)
- {
- if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC)
- return NULL;
- return pabc_parse_attributes (cls, cred->data, cred->data_size);
- }
- /**
- * Parse a pabc and return the issuer
- *
- * @param cls the plugin
- * @param cred the pabc credential
- * @return a string, containing the isser
- */
- char*
- pabc_get_issuer (void *cls,
- const char *data,
- size_t data_size)
- {
- char *res;
- if (PABC_OK != pabc_cred_get_attr_by_name_from_cred (data,
- "issuer",
- &res))
- return NULL;
- return res;
- }
- /**
- * Parse a pabc and return the issuer
- *
- * @param cls the plugin
- * @param cred the pabc credential
- * @return a string, containing the isser
- */
- char *
- pabc_get_issuer_c (void *cls,
- const struct GNUNET_RECLAIM_Credential *cred)
- {
- if (GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC != cred->type)
- return NULL;
- return pabc_get_issuer (cls, cred->data, cred->data_size);
- }
- /**
- * Parse a pabc and return the issuer
- *
- * @param cls the plugin
- * @param cred the pabc credential
- * @return a string, containing the isser
- */
- char *
- pabc_get_issuer_p (void *cls,
- const struct GNUNET_RECLAIM_Presentation *cred)
- {
- if (GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC != cred->type)
- return NULL;
- return pabc_get_issuer (cls, cred->data, cred->data_size);
- }
- /**
- * Parse a pabc and return the expiration
- *
- * @param cls the plugin
- * @param cred the pabc credential
- * @return a string, containing the isser
- */
- int
- pabc_get_expiration (void *cls,
- const char *data,
- size_t data_size,
- struct GNUNET_TIME_Absolute *exp)
- {
- uint64_t exp_i;
- char *exp_str;
- if (PABC_OK != pabc_cred_get_attr_by_name_from_cred (data,
- "expiration",
- &exp_str))
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Unable to retrive expiration from credential\n");
- return GNUNET_SYSERR;
- }
- if (1 != sscanf (exp_str, "%llu", &exp_i))
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Invalid expiration `%s'\n", exp_str);
- GNUNET_free (exp_str);
- return GNUNET_SYSERR;
- }
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Converted expiration string `%s' to %llu",
- exp_str, exp_i);
- GNUNET_free (exp_str);
- exp->abs_value_us = exp_i * 1000 * 1000;
- return GNUNET_OK;
- }
- /**
- * Parse a pabc and return the expiration
- *
- * @param cls the plugin
- * @param cred the pabc credential
- * @return a string, containing the isser
- */
- enum GNUNET_GenericReturnValue
- pabc_get_expiration_c (void *cls,
- const struct GNUNET_RECLAIM_Credential *cred,
- struct GNUNET_TIME_Absolute *exp)
- {
- if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC)
- return GNUNET_NO;
- return pabc_get_expiration (cls, cred->data, cred->data_size, exp);
- }
- /**
- * Parse a pabc and return the expiration
- *
- * @param cls the plugin
- * @param cred the pabc credential
- * @return a string, containing the isser
- */
- enum GNUNET_GenericReturnValue
- pabc_get_expiration_p (void *cls,
- const struct GNUNET_RECLAIM_Presentation *cred,
- struct GNUNET_TIME_Absolute *exp)
- {
- if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC)
- return GNUNET_NO;
- return pabc_get_expiration (cls, cred->data, cred->data_size, exp);
- }
- int
- pabc_create_presentation (void *cls,
- const struct GNUNET_RECLAIM_Credential *credential,
- const struct GNUNET_RECLAIM_AttributeList *attrs,
- struct GNUNET_RECLAIM_Presentation **pres)
- {
- struct pabc_context *ctx = NULL;
- struct pabc_user_context *usr_ctx = NULL;
- struct pabc_public_parameters *pp = NULL;
- struct pabc_credential *cred = NULL;
- struct pabc_blinded_proof *proof = NULL;
- struct GNUNET_RECLAIM_AttributeListEntry *ale;
- char *issuer;
- char *subject;
- enum pabc_status status;
- if (GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC != credential->type)
- return GNUNET_NO;
- PABC_ASSERT (pabc_new_ctx (&ctx));
- issuer = pabc_get_issuer_c (cls, credential);
- if (NULL == issuer)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "No issuer found in credential\n");
- pabc_free_ctx (&ctx);
- return GNUNET_SYSERR;
- }
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Got issuer for credential: %s\n", issuer);
- status = PABC_load_public_parameters (ctx, issuer, &pp);
- if (status != PABC_OK)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Failed to read public parameters.\n");
- pabc_free_ctx (&ctx);
- GNUNET_free (issuer);
- return GNUNET_SYSERR;
- }
- if (PABC_OK != pabc_cred_get_attr_by_name_from_cred (credential->data,
- "subject",
- &subject))
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Failed to get subject.\n");
- pabc_free_ctx (&ctx);
- GNUNET_free (issuer);
- return GNUNET_SYSERR;
- }
- status = PABC_read_usr_ctx (subject, issuer, ctx, pp, &usr_ctx);
- GNUNET_free (issuer);
- GNUNET_free (subject);
- if (PABC_OK != status)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Failed to read user context.\n");
- pabc_free_public_parameters (ctx, &pp);
- return GNUNET_SYSERR;
- }
- status = pabc_new_credential (ctx, pp, &cred);
- if (status != PABC_OK)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Failed to allocate credential.\n");
- pabc_free_user_context (ctx, pp, &usr_ctx);
- pabc_free_public_parameters (ctx, &pp);
- return GNUNET_SYSERR;
- }
- status = pabc_decode_credential (ctx, pp, cred, credential->data);
- if (status != PABC_OK)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Failed to decode credential.\n");
- pabc_free_credential (ctx, pp, &cred);
- pabc_free_user_context (ctx, pp, &usr_ctx);
- pabc_free_public_parameters (ctx, &pp);
- return GNUNET_SYSERR;
- }
- status = pabc_new_proof (ctx, pp, &proof);
- if (status != PABC_OK)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Failed to allocate proof.\n");
- pabc_free_credential (ctx, pp, &cred);
- pabc_free_user_context (ctx, pp, &usr_ctx);
- pabc_free_public_parameters (ctx, &pp);
- return GNUNET_SYSERR;
- }
- // now we can parse the attributes to disclose and configure the proof
- for (ale = attrs->list_head; NULL != ale; ale = ale->next)
- {
- status = pabc_set_disclosure_by_attribute_name (ctx, pp, proof,
- ale->attribute->name,
- PABC_DISCLOSED, cred);
- if (status != PABC_OK)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Failed to configure proof.\n");
- pabc_free_credential (ctx, pp, &cred);
- pabc_free_user_context (ctx, pp, &usr_ctx);
- pabc_free_public_parameters (ctx, &pp);
- return GNUNET_SYSERR;
- }
- }
- // and finally -> sign the proof
- status = pabc_gen_proof (ctx, usr_ctx, pp, proof, cred);
- if (status != PABC_OK)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Failed to sign proof.\n");
- pabc_free_proof (ctx, pp, &proof);
- pabc_free_credential (ctx, pp, &cred);
- pabc_free_user_context (ctx, pp, &usr_ctx);
- pabc_free_public_parameters (ctx, &pp);
- return GNUNET_SYSERR;
- }
- // print the result
- char *json = NULL;
- char *ppid = NULL;
- char *userid = NULL;
- GNUNET_assert (PABC_OK == pabc_cred_get_userid_from_cred (credential->data,
- &userid));
- GNUNET_assert (PABC_OK == pabc_cred_get_ppid_from_cred (credential->data,
- &ppid));
- pabc_cred_encode_proof (ctx, pp, proof, userid, ppid, &json);
- GNUNET_free (ppid);
- GNUNET_free (userid);
- if (PABC_OK != status)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Failed to serialize proof.\n");
- pabc_free_proof (ctx, pp, &proof);
- pabc_free_credential (ctx, pp, &cred);
- pabc_free_user_context (ctx, pp, &usr_ctx);
- pabc_free_public_parameters (ctx, &pp);
- return GNUNET_SYSERR;
- }
- char *json_enc;
- GNUNET_STRINGS_base64_encode (json,
- strlen (json) + 1,
- &json_enc);
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Presentation: %s\n", json_enc);
- // clean up
- *pres = GNUNET_RECLAIM_presentation_new (GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC,
- json_enc,
- strlen (json_enc) + 1);
- GNUNET_free (json_enc);
- PABC_FREE_NULL (json);
- pabc_free_proof (ctx, pp, &proof);
- pabc_free_credential (ctx, pp, &cred);
- pabc_free_user_context (ctx, pp, &usr_ctx);
- pabc_free_public_parameters (ctx, &pp);
- return GNUNET_OK;
- }
- /**
- * Entry point for the plugin.
- *
- * @param cls NULL
- * @return the exported block API
- */
- void *
- libgnunet_plugin_reclaim_credential_pabc_init (void *cls)
- {
- struct GNUNET_RECLAIM_CredentialPluginFunctions *api;
- api = GNUNET_new (struct GNUNET_RECLAIM_CredentialPluginFunctions);
- api->value_to_string = &pabc_value_to_string;
- api->string_to_value = &pabc_string_to_value;
- api->typename_to_number = &pabc_typename_to_number;
- api->number_to_typename = &pabc_number_to_typename;
- api->get_attributes = &pabc_parse_attributes_c;
- api->get_issuer = &pabc_get_issuer_c;
- api->get_expiration = &pabc_get_expiration_c;
- api->value_to_string_p = &pabc_value_to_string;
- api->string_to_value_p = &pabc_string_to_value;
- api->typename_to_number_p = &pabc_typename_to_number;
- api->number_to_typename_p = &pabc_number_to_typename;
- api->get_attributes_p = &pabc_parse_attributes_p;
- api->get_issuer_p = &pabc_get_issuer_p;
- api->get_expiration_p = &pabc_get_expiration_p;
- api->create_presentation = &pabc_create_presentation;
- return api;
- }
- /**
- * Exit point from the plugin.
- *
- * @param cls the return value from #libgnunet_plugin_block_test_init()
- * @return NULL
- */
- void *
- libgnunet_plugin_reclaim_credential_pabc_done (void *cls)
- {
- struct GNUNET_RECLAIM_CredentialPluginFunctions *api = cls;
- GNUNET_free (api);
- return NULL;
- }
- /* end of plugin_reclaim_credential_type_pabc.c */
|