/**
* Function to handle call request from the client
*
* @param cls the `struct Line` the message is about
* @param msg the message from the client
*/
static void
handle_client_call_message (void *cls,
const struct ClientCallMessage *msg)
{
struct Line *line = cls;
struct Channel *ch;
struct GNUNET_MQ_Envelope *e;
struct CadetPhoneRingMessage *ring;
struct CadetPhoneRingInfoPS rs;
line->line_port = msg->line_port;
rs.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CONVERSATION_RING);
rs.purpose.size = htonl (sizeof (struct CadetPhoneRingInfoPS));
rs.line_port = line->line_port;
rs.target_peer = msg->target;
rs.expiration_time
= GNUNET_TIME_absolute_hton (GNUNET_TIME_relative_to_absolute (RING_TIMEOUT));
ch = GNUNET_new (struct Channel);
ch->line = line;
GNUNET_CONTAINER_DLL_insert (line->channel_head,
line->channel_tail,
ch);
ch->status = CS_CALLER_CALLING;
ch->channel = GNUNET_CADET_channel_create (cadet,
ch,
&msg->target,
&msg->line_port,
GNUNET_CADET_OPTION_RELIABLE);
ch->mq = GNUNET_CADET_mq_create (ch->channel);
e = GNUNET_MQ_msg (ring,
GNUNET_MESSAGE_TYPE_CONVERSATION_CADET_PHONE_RING);
GNUNET_CRYPTO_ecdsa_key_get_public (&msg->caller_id,
&ring->caller_id);
ring->expiration_time = rs.expiration_time;
GNUNET_assert (GNUNET_OK ==
GNUNET_CRYPTO_ecdsa_sign (&msg->caller_id,
&rs.purpose,
&ring->signature));
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Sending RING message via CADET\n");
GNUNET_MQ_send (ch->mq,
e);
GNUNET_SERVICE_client_continue (line->client);
}
/**
* Publish a UBlock.
*
* @param h handle to the file sharing subsystem
* @param dsh datastore handle to use for storage operation
* @param label identifier to use
* @param ulabel update label to use, may be an empty string for none
* @param ns namespace to publish in
* @param meta metadata to use
* @param uri URI to refer to in the UBlock
* @param bo per-block options
* @param options publication options
* @param cont continuation
* @param cont_cls closure for @a cont
* @return NULL on error (@a cont will still be called)
*/
struct GNUNET_FS_PublishUblockContext *
GNUNET_FS_publish_ublock_ (struct GNUNET_FS_Handle *h,
struct GNUNET_DATASTORE_Handle *dsh,
const char *label,
const char *ulabel,
const struct GNUNET_CRYPTO_EcdsaPrivateKey *ns,
const struct GNUNET_CONTAINER_MetaData *meta,
const struct GNUNET_FS_Uri *uri,
const struct GNUNET_FS_BlockOptions *bo,
enum GNUNET_FS_PublishOptions options,
GNUNET_FS_UBlockContinuation cont, void *cont_cls)
{
struct GNUNET_FS_PublishUblockContext *uc;
struct GNUNET_HashCode query;
struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
struct GNUNET_CRYPTO_SymmetricSessionKey skey;
struct GNUNET_CRYPTO_EcdsaPrivateKey *nsd;
struct GNUNET_CRYPTO_EcdsaPublicKey pub;
char *uris;
size_t size;
char *kbe;
char *sptr;
ssize_t mdsize;
size_t slen;
size_t ulen;
struct UBlock *ub_plain;
struct UBlock *ub_enc;
/* compute ublock to publish */
if (NULL == meta)
mdsize = 0;
else
mdsize = GNUNET_CONTAINER_meta_data_get_serialized_size (meta);
GNUNET_assert (mdsize >= 0);
uris = GNUNET_FS_uri_to_string (uri);
slen = strlen (uris) + 1;
if (NULL == ulabel)
ulen = 1;
else
ulen = strlen (ulabel) + 1;
size = mdsize + sizeof (struct UBlock) + slen + ulen;
if (size > MAX_UBLOCK_SIZE)
{
size = MAX_UBLOCK_SIZE;
mdsize = size - sizeof (struct UBlock) - (slen + ulen);
}
ub_plain = GNUNET_malloc (size);
kbe = (char *) &ub_plain[1];
if (NULL != ulabel)
memcpy (kbe, ulabel, ulen);
kbe += ulen;
memcpy (kbe, uris, slen);
kbe += slen;
GNUNET_free (uris);
sptr = kbe;
if (NULL != meta)
mdsize =
GNUNET_CONTAINER_meta_data_serialize (meta, &sptr, mdsize,
GNUNET_CONTAINER_META_DATA_SERIALIZE_PART);
if (-1 == mdsize)
{
GNUNET_break (0);
GNUNET_free (ub_plain);
cont (cont_cls, _("Internal error."));
return NULL;
}
size = sizeof (struct UBlock) + slen + mdsize + ulen;
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Publishing under identifier `%s'\n",
label);
/* get public key of the namespace */
GNUNET_CRYPTO_ecdsa_key_get_public (ns,
&pub);
derive_ublock_encryption_key (&skey, &iv,
label, &pub);
/* encrypt ublock */
ub_enc = GNUNET_malloc (size);
GNUNET_CRYPTO_symmetric_encrypt (&ub_plain[1],
ulen + slen + mdsize,
&skey, &iv,
&ub_enc[1]);
GNUNET_free (ub_plain);
ub_enc->purpose.size = htonl (ulen + slen + mdsize +
sizeof (struct UBlock)
- sizeof (struct GNUNET_CRYPTO_EcdsaSignature));
ub_enc->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_FS_UBLOCK);
/* derive signing-key from 'label' and public key of the namespace */
nsd = GNUNET_CRYPTO_ecdsa_private_key_derive (ns, label, "fs-ublock");
GNUNET_CRYPTO_ecdsa_key_get_public (nsd,
&ub_enc->verification_key);
GNUNET_assert (GNUNET_OK ==
GNUNET_CRYPTO_ecdsa_sign (nsd,
&ub_enc->purpose,
&ub_enc->signature));
GNUNET_CRYPTO_hash (&ub_enc->verification_key,
sizeof (ub_enc->verification_key),
&query);
GNUNET_free (nsd);
uc = GNUNET_new (struct GNUNET_FS_PublishUblockContext);
uc->cont = cont;
uc->cont_cls = cont_cls;
uc->qre =
GNUNET_DATASTORE_put (dsh, 0, &query,
ulen + slen + mdsize + sizeof (struct UBlock),
ub_enc, GNUNET_BLOCK_TYPE_FS_UBLOCK,
bo->content_priority, bo->anonymity_level,
bo->replication_level, bo->expiration_time,
-2, 1, GNUNET_CONSTANTS_SERVICE_TIMEOUT,
&ublock_put_cont, uc);
return uc;
}
/**
* This function updates the old token with new attributes,
* removes deleted attributes and expiration times.
*
* @param cls the ego entry
* @param tc task context
*/
static void
handle_token_update (void *cls,
const struct GNUNET_SCHEDULER_TaskContext *tc)
{
char *token_header;
char *token_payload;
char *token_payload_json;
char *new_token;
char *new_payload_str;
char *new_payload_base64;
char *sig_str;
char *key;
char *padding;
const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
struct EgoEntry *ego_entry = cls;
struct GNUNET_GNSRECORD_Data token_record;
struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
struct GNUNET_CRYPTO_EcdsaSignature sig;
struct GNUNET_HashCode key_hash;
struct GNUNET_TIME_Relative token_rel_exp;
struct GNUNET_TIME_Relative token_ttl;
struct GNUNET_TIME_Absolute token_exp;
struct GNUNET_TIME_Absolute token_nbf;
struct GNUNET_TIME_Absolute new_exp;
struct GNUNET_TIME_Absolute new_iat;
struct GNUNET_TIME_Absolute new_nbf;
json_t *payload_json;
json_t *value;
json_t *cur_value;
json_t *new_payload_json;
json_t *token_nbf_json;
json_t *token_exp_json;
json_error_t json_err;
priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
//Note: We need the token expiration time here. Not the record expiration
//time.
//There are two types of tokens: Token that expire on GNS level with
//an absolute expiration time. Those are basically tokens that will
//be automatically revoked on (record)expiration.
//Tokens stored with relative expiration times will expire on the token level (token expiration)
//but this service will reissue new tokens that can be retrieved from GNS
//automatically.
token_header = strtok (token, ".");
token_payload = strtok (NULL, ".");
GNUNET_STRINGS_base64_decode (token_payload,
strlen (token_payload),
&token_payload_json);
payload_json = json_loads (token_payload_json, JSON_DECODE_ANY, &json_err);
GNUNET_free (token_payload_json);
token_exp_json = json_object_get (payload_json, "exp");
token_nbf_json = json_object_get (payload_json, "nbf");
token_exp.abs_value_us = json_integer_value(token_exp_json);
token_nbf.abs_value_us = json_integer_value(token_nbf_json);
token_rel_exp = GNUNET_TIME_absolute_get_difference (token_nbf, token_exp);
token_ttl = GNUNET_TIME_absolute_get_remaining (token_exp);
if (0 != GNUNET_TIME_absolute_get_remaining (token_exp).rel_value_us)
{
//This token is not yet expired! Save and skip
if (min_rel_exp.rel_value_us > token_ttl.rel_value_us)
{
min_rel_exp = token_ttl;
}
json_decref (payload_json);
GNUNET_free (token);
token = NULL;
GNUNET_free (label);
label = NULL;
GNUNET_NAMESTORE_zone_iterator_next (ns_it);
return;
}
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Token is expired. Create a new one\n");
new_exp = GNUNET_TIME_relative_to_absolute (token_rel_exp);
new_nbf = GNUNET_TIME_absolute_get ();
new_iat = new_nbf;
new_payload_json = json_object();
json_object_foreach(payload_json, key, value) {
if (0 == strcmp (key, "exp"))
{
json_object_set_new (new_payload_json, key, json_integer (new_exp.abs_value_us));
}
else if (0 == strcmp (key, "nbf"))
{
json_object_set_new (new_payload_json, key, json_integer (new_nbf.abs_value_us));
}
else if (0 == strcmp (key, "iat"))
{
json_object_set_new (new_payload_json, key, json_integer (new_iat.abs_value_us));
}
else if ((0 == strcmp (key, "iss"))
|| (0 == strcmp (key, "aud"))
|| (0 == strcmp (key, "sub"))
|| (0 == strcmp (key, "rnl")))
{
json_object_set (new_payload_json, key, value);
}
else {
GNUNET_CRYPTO_hash (key,
strlen (key),
&key_hash);
//Check if attr still exists. omit of not
if (GNUNET_NO != GNUNET_CONTAINER_multihashmap_contains (ego_entry->attr_map,
&key_hash))
{
cur_value = GNUNET_CONTAINER_multihashmap_get (ego_entry->attr_map,
&key_hash);
json_object_set (new_payload_json, key, cur_value);
}
}
}
// reassemble and set
new_payload_str = json_dumps (new_payload_json, JSON_COMPACT);
json_decref (payload_json);
json_decref (new_payload_json);
GNUNET_STRINGS_base64_encode (new_payload_str,
strlen (new_payload_str),
&new_payload_base64);
//Remove padding
padding = strtok(new_payload_base64, "=");
while (NULL != padding)
padding = strtok(NULL, "=");
GNUNET_asprintf (&new_token, "%s,%s", token_header, new_payload_base64);
purpose =
GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
strlen (new_token));
purpose->size =
htonl (strlen (new_token) + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose));
purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN);
memcpy (&purpose[1], new_token, strlen (new_token));
if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_sign (priv_key,
purpose,
&sig))
GNUNET_break(0);
GNUNET_free (new_token);
sig_str = GNUNET_STRINGS_data_to_string_alloc (&sig,
sizeof (struct GNUNET_CRYPTO_EcdsaSignature));
GNUNET_asprintf (&new_token, "%s.%s.%s",
token_header, new_payload_base64, sig_str);
GNUNET_free (sig_str);
GNUNET_free (new_payload_str);
GNUNET_free (new_payload_base64);
GNUNET_free (purpose);
token_record.data = new_token;
token_record.data_size = strlen (new_token);
token_record.expiration_time = new_exp.abs_value_us;
token_record.record_type = GNUNET_GNSRECORD_TYPE_ID_TOKEN;
token_record.flags = GNUNET_GNSRECORD_RF_NONE | GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
priv_key,
label,
1,
&token_record,
&store_token_cont,
ego_entry);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, ">>> Updating Token w/ %s\n", new_token);
GNUNET_free (new_token);
GNUNET_free (token);
token = NULL;
GNUNET_free (label);
label = NULL;
}
/**
* Sign name and records
*
* @param key the private key
* @param expire block expiration
* @param label the name for the records
* @param rd record data
* @param rd_count number of records
* @return NULL on error (block too large)
*/
struct GNUNET_GNSRECORD_Block *
GNUNET_GNSRECORD_block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
struct GNUNET_TIME_Absolute expire,
const char *label,
const struct GNUNET_GNSRECORD_Data *rd,
unsigned int rd_count)
{
size_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count, rd);
char payload[sizeof (uint32_t) + payload_len];
struct GNUNET_GNSRECORD_Block *block;
struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
struct GNUNET_CRYPTO_EcdsaPrivateKey *dkey;
struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
struct GNUNET_CRYPTO_SymmetricSessionKey skey;
struct GNUNET_GNSRECORD_Data rdc[rd_count];
uint32_t rd_count_nbo;
unsigned int i;
struct GNUNET_TIME_Absolute now;
if (payload_len > GNUNET_GNSRECORD_MAX_BLOCK_SIZE)
return NULL;
/* convert relative to absolute times */
now = GNUNET_TIME_absolute_get ();
for (i=0;i<rd_count;i++)
{
rdc[i] = rd[i];
if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
{
struct GNUNET_TIME_Relative t;
/* encrypted blocks must never have relative expiration times, convert! */
rdc[i].flags &= ~GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
t.rel_value_us = rdc[i].expiration_time;
rdc[i].expiration_time = GNUNET_TIME_absolute_add (now, t).abs_value_us;
}
}
/* serialize */
rd_count_nbo = htonl (rd_count);
memcpy (payload, &rd_count_nbo, sizeof (uint32_t));
GNUNET_assert (payload_len ==
GNUNET_GNSRECORD_records_serialize (rd_count, rdc,
payload_len, &payload[sizeof (uint32_t)]));
block = GNUNET_malloc (sizeof (struct GNUNET_GNSRECORD_Block) +
sizeof (uint32_t) + payload_len);
block->purpose.size = htonl (sizeof (uint32_t) + payload_len +
sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
sizeof (struct GNUNET_TIME_AbsoluteNBO));
block->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN);
block->expiration_time = GNUNET_TIME_absolute_hton (expire);
/* encrypt and sign */
dkey = GNUNET_CRYPTO_ecdsa_private_key_derive (key,
label,
"gns");
GNUNET_CRYPTO_ecdsa_key_get_public (dkey,
&block->derived_key);
GNUNET_CRYPTO_ecdsa_key_get_public (key,
&pkey);
derive_block_aes_key (&iv, &skey, label, &pkey);
GNUNET_break (payload_len + sizeof (uint32_t) ==
GNUNET_CRYPTO_symmetric_encrypt (payload, payload_len + sizeof (uint32_t),
&skey, &iv,
&block[1]));
if (GNUNET_OK !=
GNUNET_CRYPTO_ecdsa_sign (dkey,
&block->purpose,
&block->signature))
{
GNUNET_break (0);
GNUNET_free (dkey);
GNUNET_free (block);
return NULL;
}
GNUNET_free (dkey);
return block;
}
