Credential service

Credential service for Attribute-Based Decryption. More...

Collaboration diagram for Credential service:

Data Structures
struct	GNUNET_ABD_DelegationRecord
	The attribute delegation record. More...
struct	GNUNET_ABD_DelegationRecordSet
	The attribute delegation record. More...
struct	GNUNET_ABD_DelegationSet
	The attribute delegation record. More...
struct	GNUNET_ABD_Delegation
	A delegation. More...
struct	GNUNET_ABD_Delegate
	A delegate. More...

Typedefs
typedef void(*	GNUNET_ABD_CredentialResultProcessor) (void *cls, unsigned int d_count, struct GNUNET_ABD_Delegation *delegation_chain, unsigned int c_count, struct GNUNET_ABD_Delegate *delegte)
	Iterator called on obtained result for an attribute verification.
typedef void(*	GNUNET_ABD_IntermediateResultProcessor) (void *cls, struct GNUNET_ABD_Delegation *delegation, bool is_bw)
typedef void(*	GNUNET_ABD_DelegateResultProcessor) (void *cls, uint32_t success)
	Iterator called on obtained result for an attribute delegation.
typedef void(*	GNUNET_ABD_RemoveDelegateResultProcessor) (void *cls, uint32_t success)
	Iterator called on obtained result for an attribute delegation removal.

Enumerations
enum	GNUNET_ABD_CredentialFlags { GNUNET_ABD_FLAG_REVOKED =0 , GNUNET_ABD_FLAG_SUBJECT =1 , GNUNET_ABD_FLAG_ISSUER =2 }
enum	GNUNET_ABD_AlgoDirectionFlags { GNUNET_ABD_FLAG_FORWARD =1 << 0 , GNUNET_ABD_FLAG_BACKWARD =1 << 1 }

Functions
struct GNUNET_ABD_Handle *	GNUNET_ABD_connect (const struct GNUNET_CONFIGURATION_Handle *cfg)
	Initialize the connection with the Credential service.
void	GNUNET_ABD_disconnect (struct GNUNET_ABD_Handle *handle)
	Shutdown connection with the Credential service.
struct GNUNET_ABD_Request *	GNUNET_ABD_verify (struct GNUNET_ABD_Handle *handle, const struct GNUNET_CRYPTO_BlindablePublicKey *issuer_key, const char *issuer_attribute, const struct GNUNET_CRYPTO_BlindablePublicKey *subject_key, uint32_t delegate_count, const struct GNUNET_ABD_Delegate *delegates, enum GNUNET_ABD_AlgoDirectionFlags direction, GNUNET_ABD_CredentialResultProcessor proc, void *proc_cls, GNUNET_ABD_IntermediateResultProcessor, void *proc2_cls)
	Performs attribute verification.
struct GNUNET_ABD_Request *	GNUNET_ABD_collect (struct GNUNET_ABD_Handle *handle, const struct GNUNET_CRYPTO_BlindablePublicKey *issuer_key, const char *issuer_attribute, const struct GNUNET_CRYPTO_BlindablePrivateKey *subject_key, enum GNUNET_ABD_AlgoDirectionFlags direction, GNUNET_ABD_CredentialResultProcessor proc, void *proc_cls, GNUNET_ABD_IntermediateResultProcessor, void *proc2_cls)
	Performs attribute collection.
struct GNUNET_ABD_Request *	GNUNET_ABD_add_delegation (struct GNUNET_ABD_Handle *handle, struct GNUNET_IDENTITY_Ego *issuer, const char *attribute, struct GNUNET_CRYPTO_BlindablePublicKey *subject, const char *delegated_attribute, GNUNET_ABD_DelegateResultProcessor proc, void *proc_cls)
	Delegate an attribute.
struct GNUNET_ABD_Request *	GNUNET_ABD_remove_delegation (struct GNUNET_ABD_Handle *handle, struct GNUNET_IDENTITY_Ego *issuer, const char *attribute, GNUNET_ABD_RemoveDelegateResultProcessor proc, void *proc_cls)
	Remove a delegation.
struct GNUNET_ABD_Delegate *	GNUNET_ABD_delegate_issue (const struct GNUNET_CRYPTO_BlindablePrivateKey *issuer, struct GNUNET_CRYPTO_BlindablePublicKey *subject, const char *iss_attr, const char *sub_attr, struct GNUNET_TIME_Absolute *expiration)
	Issue an attribute to a subject.
void	GNUNET_ABD_request_cancel (struct GNUNET_ABD_Request *lr)
	Cancel pending lookup request.

Detailed Description

Credential service for Attribute-Based Decryption.

Typedef Documentation

GNUNET_ABD_CredentialResultProcessor

typedef void(* GNUNET_ABD_CredentialResultProcessor) (void *cls, unsigned int d_count, struct GNUNET_ABD_Delegation *delegation_chain, unsigned int c_count, struct GNUNET_ABD_Delegate *delegte)

Iterator called on obtained result for an attribute verification.

Parameters

cls	closure
d_count	the number of delegations processed
delegation_chain	the delegations processed
c_count	the number of delegates found
delegate	the delegates

Definition at line 269 of file gnunet_abd_service.h.

GNUNET_ABD_IntermediateResultProcessor

typedef void(* GNUNET_ABD_IntermediateResultProcessor) (void *cls, struct GNUNET_ABD_Delegation *delegation, bool is_bw)

Definition at line 278 of file gnunet_abd_service.h.

GNUNET_ABD_DelegateResultProcessor

typedef void(* GNUNET_ABD_DelegateResultProcessor) (void *cls, uint32_t success)

Iterator called on obtained result for an attribute delegation.

Parameters

cls	closure
success	GNUNET_YES if successful
result	the record data that can be handed to the subject

Definition at line 291 of file gnunet_abd_service.h.

GNUNET_ABD_RemoveDelegateResultProcessor

typedef void(* GNUNET_ABD_RemoveDelegateResultProcessor) (void *cls, uint32_t success)

Iterator called on obtained result for an attribute delegation removal.

Parameters

cls	closure
success	GNUNET_YES if successful
result	the record data that can be handed to the subject

Definition at line 301 of file gnunet_abd_service.h.

Enumeration Type Documentation

GNUNET_ABD_CredentialFlags

enum GNUNET_ABD_CredentialFlags

Enumerator
GNUNET_ABD_FLAG_REVOKED
GNUNET_ABD_FLAG_SUBJECT
GNUNET_ABD_FLAG_ISSUER

Definition at line 65 of file gnunet_abd_service.h.

{
 
  // Subject had credentials before, but have been revoked now
  GNUNET_ABD_FLAG_REVOKED=0,
 
  // Subject flag indicates that the subject is a holder of this credential and may present it as such
  GNUNET_ABD_FLAG_SUBJECT=1,
 
  // Issuer flag is used to signify that the subject is allowed to issue this credential and delegate issuance
  GNUNET_ABD_FLAG_ISSUER=2
 
};

GNUNET_ABD_AlgoDirectionFlags

enum GNUNET_ABD_AlgoDirectionFlags

Enumerator
GNUNET_ABD_FLAG_FORWARD
GNUNET_ABD_FLAG_BACKWARD

Definition at line 230 of file gnunet_abd_service.h.

{
 
  // Subject had credentials before, but have been revoked now
  GNUNET_ABD_FLAG_FORWARD=1 << 0,
 
  // Subject flag indicates that the subject is a holder of this credential and may present it as such
  GNUNET_ABD_FLAG_BACKWARD=1 << 1
 
};

Function Documentation

GNUNET_ABD_connect()

struct GNUNET_ABD_Handle * GNUNET_ABD_connect

(

const struct GNUNET_CONFIGURATION_Handle *

cfg

)

Initialize the connection with the Credential service.

Parameters

cfg	configuration to use

Returns

handle to the Credential service, or NULL on error

Initialize the connection with the Credential service.

Parameters

cfg	configuration to use

Returns

handle to the ABD service, or NULL on error

Definition at line 354 of file abd_api.c.

{
  struct GNUNET_ABD_Handle *handle;
 
  handle = GNUNET_new (struct GNUNET_ABD_Handle);
  handle->cfg = cfg;
  reconnect (handle);
  if (NULL == handle->mq)
  {
    GNUNET_free (handle);
    return NULL;
  }
  return handle;
}

References cfg, GNUNET_VPN_Handle::cfg, GNUNET_free, GNUNET_new, handle, GNUNET_VPN_Handle::mq, and reconnect().

Referenced by run().

Here is the call graph for this function:

Here is the caller graph for this function:

GNUNET_ABD_disconnect()

void GNUNET_ABD_disconnect

(

struct GNUNET_ABD_Handle *

handle

)

Shutdown connection with the Credential service.

Parameters

handle

connection to shut down

Shutdown connection with the Credential service.

Parameters

handle

handle of the ABD connection to stop

Definition at line 376 of file abd_api.c.

{
  if (NULL != handle->mq)
  {
    GNUNET_MQ_destroy (handle->mq);
    handle->mq = NULL;
  }
  if (NULL != handle->reconnect_task)
  {
    GNUNET_SCHEDULER_cancel (handle->reconnect_task);
    handle->reconnect_task = NULL;
  }
  GNUNET_assert (NULL == handle->request_head);
  GNUNET_free (handle);
}

References GNUNET_assert, GNUNET_free, GNUNET_MQ_destroy(), GNUNET_SCHEDULER_cancel(), handle, and GNUNET_VPN_Handle::mq.

Referenced by do_shutdown().

Here is the call graph for this function:

Here is the caller graph for this function:

GNUNET_ABD_verify()

struct GNUNET_ABD_Request * GNUNET_ABD_verify	(	struct GNUNET_ABD_Handle *	handle,
		const struct GNUNET_CRYPTO_BlindablePublicKey *	issuer_key,
		const char *	issuer_attribute,
		const struct GNUNET_CRYPTO_BlindablePublicKey *	subject_key,
		uint32_t	delegate_count,
		const struct GNUNET_ABD_Delegate *	delegates,
		enum GNUNET_ABD_AlgoDirectionFlags	direction,
		GNUNET_ABD_CredentialResultProcessor	proc,
		void *	proc_cls,
		GNUNET_ABD_IntermediateResultProcessor	proc2,
		void *	proc2_cls
	)

Performs attribute verification.

Checks if there is a delegation chain from attribute issuer_attribute'' issued by the issuer with public keyissuer_key'' maps to the attribute subject_attribute'' claimed by the subject with key subject_key''

Parameters

handle	handle to the Credential service
issuer_key	the issuer public key
issuer_attribute	the issuer attribute
subject_key	the subject public key
delegate_count	number of delegates
delegates	the subject delegates
proc	function to call on result
proc_cls	closure for processor

Returns

handle to the queued request

Checks if there is a delegation chain from attribute issuer_attribute'' issued by the issuer with public keyissuer_key'' maps to the attribute subject_attribute'' claimed by the subject with key subject_key''

Parameters

handle	handle to the Credential service
issuer_key	the issuer public key
issuer_attribute	the issuer attribute
subject_key	the subject public key
delegate_count	number of delegates provided
delegates	subject delegates
proc	function to call on result
proc_cls	closure for processor

Returns

handle to the queued request

Definition at line 497 of file abd_api.c.

{
  /* IPC to shorten abd names, return shorten_handle */
  struct VerifyMessage *v_msg;
  struct GNUNET_ABD_Request *vr;
  size_t nlen;
  size_t clen;
 
  if ((NULL == issuer_attribute) || (NULL == delegates))
  {
    GNUNET_break (0);
    return NULL;
  }
 
  clen = GNUNET_ABD_delegates_get_size (delegate_count, delegates);
 
  // DEBUG LOG
  LOG (GNUNET_ERROR_TYPE_DEBUG,
       "Trying to verify `%s' in ABD\n",
       issuer_attribute);
  nlen = strlen (issuer_attribute) + 1 + clen;
  if (nlen >= GNUNET_MAX_MESSAGE_SIZE - sizeof (*vr))
  {
    GNUNET_break (0);
    return NULL;
  }
  vr = GNUNET_new (struct GNUNET_ABD_Request);
  vr->abd_handle = handle;
  vr->verify_proc = proc;
  vr->proc_cls = proc_cls;
  vr->int_proc =  proc2;
  vr->proc2_cls = proc2_cls;
  vr->r_id = handle->r_id_gen++;
  vr->env =
    GNUNET_MQ_msg_extra (v_msg, nlen, GNUNET_MESSAGE_TYPE_ABD_VERIFY);
  v_msg->id = htonl (vr->r_id);
  v_msg->subject_key = *subject_key;
  v_msg->d_count = htonl (delegate_count);
  v_msg->issuer_key = *issuer_key;
  v_msg->issuer_attribute_len = htons (strlen (issuer_attribute));
  v_msg->resolution_algo = htons (direction);
 
  GNUNET_memcpy (&v_msg[1], issuer_attribute, strlen (issuer_attribute));
  GNUNET_ABD_delegates_serialize (delegate_count,
                                  delegates,
                                  clen,
                                  ((char *) &v_msg[1])
                                  + strlen (issuer_attribute) + 1);
  GNUNET_CONTAINER_DLL_insert (handle->request_head, handle->request_tail, vr);
  if (NULL != handle->mq)
    GNUNET_MQ_send_copy (handle->mq, vr->env);
  return vr;
}

References GNUNET_ABD_Request::abd_handle, VerifyMessage::d_count, direction, GNUNET_ABD_Request::env, GNUNET_ABD_delegates_get_size(), GNUNET_ABD_delegates_serialize(), GNUNET_break, GNUNET_CONTAINER_DLL_insert, GNUNET_ERROR_TYPE_DEBUG, GNUNET_MAX_MESSAGE_SIZE, GNUNET_memcpy, GNUNET_MESSAGE_TYPE_ABD_VERIFY, GNUNET_MQ_msg_extra, GNUNET_MQ_send_copy(), GNUNET_new, handle, VerifyMessage::id, GNUNET_ABD_Request::int_proc, VerifyMessage::issuer_attribute_len, VerifyMessage::issuer_key, issuer_key, LOG, GNUNET_VPN_Handle::mq, GNUNET_ABD_Request::proc2_cls, GNUNET_ABD_Request::proc_cls, GNUNET_ABD_Request::r_id, VerifyMessage::resolution_algo, VerifyMessage::subject_key, and GNUNET_ABD_Request::verify_proc.

Referenced by run().

Here is the call graph for this function:

Here is the caller graph for this function:

GNUNET_ABD_collect()

struct GNUNET_ABD_Request * GNUNET_ABD_collect	(	struct GNUNET_ABD_Handle *	handle,
		const struct GNUNET_CRYPTO_BlindablePublicKey *	issuer_key,
		const char *	issuer_attribute,
		const struct GNUNET_CRYPTO_BlindablePrivateKey *	subject_key,
		enum GNUNET_ABD_AlgoDirectionFlags	direction,
		GNUNET_ABD_CredentialResultProcessor	proc,
		void *	proc_cls,
		GNUNET_ABD_IntermediateResultProcessor	proc2,
		void *	proc2_cls
	)

Performs attribute collection.

Collects all abds of subject to fulfill the attribute, if possible

Parameters

handle	handle to the Credential service
issuer_key	the issuer public key
issuer_attribute	the issuer attribute
subject_key	the subject public key
proc	function to call on result
proc_cls	closure for processor

Returns

handle to the queued request

Definition at line 423 of file abd_api.c.

{
  /* IPC to shorten abd names, return shorten_handle */
  struct CollectMessage *c_msg;
  struct GNUNET_ABD_Request *vr;
  size_t nlen;
 
  if (NULL == issuer_attribute)
  {
    GNUNET_break (0);
    return NULL;
  }
 
  // DEBUG LOG
  LOG (GNUNET_ERROR_TYPE_DEBUG,
       "Trying to collect `%s' in ABD\n",
       issuer_attribute);
  nlen = strlen (issuer_attribute) + 1;
  if (nlen >= GNUNET_MAX_MESSAGE_SIZE - sizeof (*vr))
  {
    GNUNET_break (0);
    return NULL;
  }
  vr = GNUNET_new (struct GNUNET_ABD_Request);
  vr->abd_handle = handle;
  vr->verify_proc = proc;
  vr->proc_cls = proc_cls;
  vr->int_proc =  proc2;
  vr->proc2_cls = proc2_cls;
  vr->r_id = handle->r_id_gen++;
  vr->env =
    GNUNET_MQ_msg_extra (c_msg, nlen, GNUNET_MESSAGE_TYPE_ABD_COLLECT);
  c_msg->id = htonl (vr->r_id);
  c_msg->subject_key = *subject_key;
  c_msg->issuer_key = *issuer_key;
  c_msg->issuer_attribute_len = htons (strlen (issuer_attribute));
  c_msg->resolution_algo = htons (direction);
 
  GNUNET_memcpy (&c_msg[1], issuer_attribute, strlen (issuer_attribute));
  GNUNET_CONTAINER_DLL_insert (handle->request_head, handle->request_tail, vr);
  if (NULL != handle->mq)
    GNUNET_MQ_send_copy (handle->mq, vr->env);
  return vr;
}

References GNUNET_ABD_Request::abd_handle, direction, GNUNET_ABD_Request::env, GNUNET_break, GNUNET_CONTAINER_DLL_insert, GNUNET_ERROR_TYPE_DEBUG, GNUNET_MAX_MESSAGE_SIZE, GNUNET_memcpy, GNUNET_MESSAGE_TYPE_ABD_COLLECT, GNUNET_MQ_msg_extra, GNUNET_MQ_send_copy(), GNUNET_new, handle, CollectMessage::id, GNUNET_ABD_Request::int_proc, CollectMessage::issuer_attribute_len, CollectMessage::issuer_key, issuer_key, LOG, GNUNET_VPN_Handle::mq, GNUNET_ABD_Request::proc2_cls, GNUNET_ABD_Request::proc_cls, GNUNET_ABD_Request::r_id, CollectMessage::resolution_algo, CollectMessage::subject_key, and GNUNET_ABD_Request::verify_proc.

Referenced by identity_cb().

Here is the call graph for this function:

Here is the caller graph for this function:

GNUNET_ABD_add_delegation()

struct GNUNET_ABD_Request * GNUNET_ABD_add_delegation	(	struct GNUNET_ABD_Handle *	handle,
		struct GNUNET_IDENTITY_Ego *	issuer,
		const char *	attribute,
		struct GNUNET_CRYPTO_BlindablePublicKey *	subject,
		const char *	delegated_attribute,
		GNUNET_ABD_DelegateResultProcessor	proc,
		void *	proc_cls
	)

Delegate an attribute.

Parameters

handle	handle to the Credential service
issuer	the ego that should be used to delegate the attribute
attribute	the name of the attribute to delegate
subject	the subject of the delegation
delegated_attribute	the name of the attribute that is delegated to
proc	the result callback
proc_cls	the result closure context

Returns

handle to the queued request

GNUNET_ABD_remove_delegation()

struct GNUNET_ABD_Request * GNUNET_ABD_remove_delegation	(	struct GNUNET_ABD_Handle *	handle,
		struct GNUNET_IDENTITY_Ego *	issuer,
		const char *	attribute,
		GNUNET_ABD_RemoveDelegateResultProcessor	proc,
		void *	proc_cls
	)

Remove a delegation.

Parameters

handle	handle to the Credential service
issuer	the ego that was used to delegate the attribute
attribute	the name of the attribute that is delegated
proc	the callback
proc_cls	callback closure

Returns

handle to the queued request

GNUNET_ABD_delegate_issue()

struct GNUNET_ABD_Delegate * GNUNET_ABD_delegate_issue	(	const struct GNUNET_CRYPTO_BlindablePrivateKey *	issuer,
		struct GNUNET_CRYPTO_BlindablePublicKey *	subject,
		const char *	iss_attr,
		const char *	sub_attr,
		struct GNUNET_TIME_Absolute *	expiration
	)

Issue an attribute to a subject.

Parameters

issuer	the ego that should be used to issue the attribute
subject	the subject of the attribute
iss_attr	the name of the attribute
expiration	the TTL of the credential

Returns

handle to the queued request

Definition at line 200 of file delegate_misc.c.

{
  struct DelegateEntry *del;
  struct GNUNET_ABD_Delegate *dele;
  size_t size;
  int attr_len;
 
  if (NULL == sub_attr)
  {
    // +1 for \0
    attr_len = strlen (iss_attr) + 1;
  }
  else
  {
    // +2 for both strings need to be terminated with \0
    attr_len = strlen (iss_attr) + strlen (sub_attr) + 2;
  }
  size = sizeof (struct DelegateEntry) + attr_len;
 
  {
    char tmp_str[attr_len];
    GNUNET_memcpy (tmp_str, iss_attr, strlen (iss_attr));
    if (NULL != sub_attr)
    {
      tmp_str[strlen (iss_attr)] = '\0';
      GNUNET_memcpy (tmp_str + strlen (iss_attr) + 1,
                     sub_attr,
                     strlen (sub_attr));
    }
    tmp_str[attr_len - 1] = '\0';
 
    del = GNUNET_malloc (size);
    del->purpose.size =
      htonl (size - sizeof (struct GNUNET_CRYPTO_BlindableKeySignature));
    del->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_DELEGATE);
    GNUNET_CRYPTO_blindable_key_get_public (issuer, &del->issuer_key);
    del->subject_key = *subject;
    del->expiration = GNUNET_htonll (expiration->abs_value_us);
    del->issuer_attribute_len = htonl (strlen (iss_attr) + 1);
    if (NULL == sub_attr)
    {
      del->subject_attribute_len = htonl (0);
    }
    else
    {
      del->subject_attribute_len = htonl (strlen (sub_attr) + 1);
    }
 
    GNUNET_memcpy (&del[1], tmp_str, attr_len);
    GNUNET_CRYPTO_blinded_key_sign_ (issuer, &del->purpose, &del->signature);
 
    dele = GNUNET_malloc (sizeof (struct GNUNET_ABD_Delegate) + attr_len);
    dele->signature = del->signature;
    dele->expiration = *expiration;
    GNUNET_CRYPTO_blindable_key_get_public (issuer, &dele->issuer_key);
 
    dele->subject_key = *subject;
 
    // Copy the combined string at the part in the memory where the struct ends
    GNUNET_memcpy (&dele[1], tmp_str, attr_len);
  }
 
  dele->issuer_attribute = (char *) &dele[1];
  dele->issuer_attribute_len = strlen (iss_attr);
  if (NULL == sub_attr)
  {
    dele->subject_attribute = NULL;
    dele->subject_attribute_len = 0;
  }
  else
  {
    dele->subject_attribute = (char *) &dele[1] + strlen (iss_attr) + 1;
    dele->subject_attribute_len = strlen (sub_attr);
  }
 
  GNUNET_free (del);
  return dele;
}

References del, expiration, GNUNET_ABD_Delegate::expiration, GNUNET_CRYPTO_blindable_key_get_public(), GNUNET_CRYPTO_blinded_key_sign_(), GNUNET_free, GNUNET_htonll(), GNUNET_malloc, GNUNET_memcpy, GNUNET_SIGNATURE_PURPOSE_DELEGATE, GNUNET_ABD_Delegate::issuer_attribute, GNUNET_ABD_Delegate::issuer_attribute_len, GNUNET_ABD_Delegate::issuer_key, GNUNET_ABD_Delegate::signature, size, subject, GNUNET_ABD_Delegate::subject_attribute, GNUNET_ABD_Delegate::subject_attribute_len, and GNUNET_ABD_Delegate::subject_key.

Referenced by sign_cb().

Here is the call graph for this function:

Here is the caller graph for this function:

GNUNET_ABD_request_cancel()

void GNUNET_ABD_request_cancel

(

struct GNUNET_ABD_Request *

lr

)

Cancel pending lookup request.

Parameters

lr	the lookup request to cancel

Cancel pending lookup request.

Parameters

lr	the verify request to cancel

Definition at line 399 of file abd_api.c.

{
  struct GNUNET_ABD_Handle *handle = lr->abd_handle;
 
  GNUNET_CONTAINER_DLL_remove (handle->request_head, handle->request_tail, lr);
  GNUNET_MQ_discard (lr->env);
  GNUNET_free (lr);
}

References GNUNET_CONTAINER_DLL_remove, GNUNET_free, GNUNET_MQ_discard(), handle, and lr.

Referenced by do_shutdown().

Here is the call graph for this function:

Here is the caller graph for this function: