[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] branch master updated: secret share process
|
From: |
gnunet |
|
Subject: |
[taler-anastasis] branch master updated: secret share process |
|
Date: |
Thu, 23 Apr 2020 18:01:07 +0200 |
This is an automated email from the git hooks/post-receive script.
ds-meister pushed a commit to branch master
in repository anastasis.
The following commit(s) were added to refs/heads/master by this push:
new 53df5eb secret share process
53df5eb is described below
commit 53df5ebe2132c60e62085d5bb7936a8ac9a50389
Author: Dominik Meister <address@hidden>
AuthorDate: Thu Apr 23 18:00:55 2020 +0200
secret share process
---
src/include/anastasis_crypto_lib.h | 10 ++
src/lib/anastasis.c | 254 ++++++++++++++++++++++++++++++-------
src/util/anastasis_crypto.c | 2 +-
3 files changed, 216 insertions(+), 50 deletions(-)
diff --git a/src/include/anastasis_crypto_lib.h
b/src/include/anastasis_crypto_lib.h
index 2aeb776..902606c 100644
--- a/src/include/anastasis_crypto_lib.h
+++ b/src/include/anastasis_crypto_lib.h
@@ -179,6 +179,16 @@ ANASTASIS_CRYPTO_account_public_key_derive (
const struct ANASTASIS_CRYPTO_UserIdentifier *id,
struct ANASTASIS_CRYPTO_AccountPublicKey *pub_key);
+/**
+ * //FIXME combine these two
+ * Generates the eddsa public Key used as the account identifier on the
providers
+ * @param id holds a hashed user secret which is used as entropy source for
the public key generation
+ * @param priv_key[out] handle for the generated private key
+ */
+void
+ANASTASIS_CRYPTO_account_private_key_derive (
+ const struct ANASTASIS_CRYPTO_UserIdentifier *id,
+ struct GNUNET_CRYPTO_EddsaPrivateKey *priv_key);
/**
* Encrypt and signs the recovery document with AES256, the recovery document
is
diff --git a/src/lib/anastasis.c b/src/lib/anastasis.c
index 399f206..22d3cab 100644
--- a/src/lib/anastasis.c
+++ b/src/lib/anastasis.c
@@ -751,28 +751,94 @@ struct ANASTASIS_SecretShare
*/
void *src_cls;
/**
- * The /policy POST operation handle.
+ * Closure for the Result Callback
*/
- struct ANASTASIS_PolicyStoreOperation *pso;
+ struct GNUNET_CURL_Context *ctx;
+ /**
+ * References for the upload states and operations (size of truths passed)
+ */
+ struct PolicyStoreState **pss;
+ /**
+ * Closure for the Result Callback
+ */
+ unsigned int pss_length;
+};
+
+/**
+ * State for a "policy store" CMD.
+ */
+struct PolicyStoreState
+{
+ /**
+ * User identifier used as entropy source for the account public key
+ */
+ struct ANASTASIS_CRYPTO_UserIdentifier id;
+ /**
+ * Struct to obtain the salt from the server
+ */
+ struct SaltState *st;
+ /**
+ * The policy data.
+ */
+ void *recovery_data;
+ /**
+ * Number of bytes in @e recovery_data
+ */
+ size_t recovery_data_size;
+ /**
+ * Expected status code.
+ */
+ unsigned int http_status;
+ /**
+ * Eddsa Publickey.
+ */
+ struct ANASTASIS_CRYPTO_AccountPublicKey anastasis_pub;
+ /**
+ * Eddsa Privatekey.
+ */
+ struct GNUNET_CRYPTO_EddsaPrivateKey anastasis_priv;
+ /**
+ * Hash of the previous upload (maybe bogus if
+ * #ANASTASIS_TESTING_UO_PREV_HASH_WRONG is set in @e uo).
+ * Maybe all zeros if there was no previous upload.
+ */
+ struct GNUNET_HashCode prev_hash;
/**
* Hash of the current upload.
*/
struct GNUNET_HashCode curr_hash;
/**
- * Identity key material used for the derivation of keys
-*/
- struct ANASTASIS_CRYPTO_UserIdentifier id;
+ * The /policy POST operation handle.
+ */
+ struct ANASTASIS_PolicyStoreOperation *pso;
/**
- * Public key for a request
- */
- struct ANASTASIS_CRYPTO_AccountPrivateKey priv_key;
+ * URL of the anastasis backend.
+ */
+ const char *anastasis_url;
/**
- * Curl context
- */
- struct GNUNET_CURL_Context *ctx;
- // FIXME not sure how to do payment
+ * Payment identifier.
+ */
+ struct ANASTASIS_PaymentSecretP payment_id;
+ /**
+ * Previous upload, or NULL for none. Used to calculate what THIS
+ * upload is based on.
+ */
+ const char *prev_upload;
+ /**
+ * Last upload, or NULL for none, usually same as @e prev_upload.
+ * Used to check the response on #MHD_HTTP_CONFLICT.
+ */
+ const char *last_upload;
+ /**
+ * Payment order ID we got back, if any. Otherwise NULL.
+ */
+ char *payment_order_id;
+ /**
+ * Payment order ID we are to provide in the request, may be NULL.
+ */
+ const char *payment_order_req;
+
int payment_requested;
- const char *payment_order_id;
};
static void
@@ -781,7 +847,89 @@ policy_store_cb (void *cls,
unsigned int http_status,
const struct ANASTASIS_UploadDetails *ud)
{
- // FIXME
+ struct PolicyStoreState *pss = cls;
+ pss->pso = NULL;
+ if (http_status != pss->http_status)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Unexpected response code %u/%d in %s:%u\n",
+ http_status,
+ (int) ec,
+ __FILE__,
+ __LINE__);
+ GNUNET_break (0);
+ return;
+ }
+ if (NULL != ud)
+ {
+ switch (ud->us)
+ {
+ case ANASTASIS_US_SUCCESS:
+ if (0 != GNUNET_memcmp (&pss->curr_hash,
+ ud->details.curr_backup_hash))
+ {
+ GNUNET_break (0);
+ return;
+ }
+ break;
+ case ANASTASIS_US_PAYMENT_REQUIRED:
+ {
+ /* FIXME: Payment required handling */
+ const char *m;
+
+ if (0 != strncmp (ud->details.payment_request,
+ "taler://pay/http",
+ strlen ("taler://pay/http")))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Did not find `%s' in `%s'\n",
+ "/-/-/",
+ ud->details.payment_request);
+ GNUNET_break (0);
+ return;
+ }
+ m = strstr (ud->details.payment_request, "/-/-/");
+ if (NULL == m)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Did not find `%s' in `%s'\n",
+ "/-/-/",
+ ud->details.payment_request);
+ /* NOTE: The above is a simplifying assumption for the
+ test-logic, hitting this code merely means that
+ the assumptions for the test (i.e. no instance) are
+ not satisfied, it is not inherently the case that
+ the above token must appear in the payment request!
+
+ So if you hit this, you might just want to modify
+ the code here to handle this better! */return;
+ }
+ pss->payment_order_id = GNUNET_strdup (&m[strlen ("/-/-/")]);
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "Order ID from Anastasis service is `%s'\n",
+ pss->payment_order_id);
+
+ memset (&pss->curr_hash,
+ 0,
+ sizeof (struct GNUNET_HashCode));
+ }
+ break;
+ case ANASTASIS_US_CONFLICTING_POLICY:
+ GNUNET_break (0);
+ return;
+ case ANASTASIS_US_HTTP_ERROR:
+ break;
+ case ANASTASIS_US_CLIENT_ERROR:
+ GNUNET_break (0);
+ return;
+ case ANASTASIS_US_SERVER_ERROR:
+ GNUNET_break (0);
+ return;
+ default:
+ GNUNET_break (0);
+ return;
+ }
+ }
}
@@ -816,17 +964,13 @@ ANASTASIS_secret_share (const json_t *id_data,
struct ANASTASIS_SecretShare *ss;
ss = GNUNET_new (struct ANASTASIS_SecretShare);
-
+ struct PolicyStoreState pss[truths_len];
+ ss->pss = &pss;
+ ss->pss_length = truths_len;
struct ANASTASIS_CRYPTO_EncryptedMasterKey
encrypted_master_keys[policies_len];
struct ANASTASIS_CRYPTO_PolicyKey policy_keys[policies_len];
- struct SaltState *st = src_cls;
- st->http_status = MHD_HTTP_OK;
-
void *encrypted_core_secret;
- void *enc_rec_doc;
- size_t enc_rec_doc_size;
-
// Recovery document contains the array decryption policies and the array
escrow methods
json_t *recovery_document;
@@ -867,6 +1011,7 @@ ANASTASIS_secret_share (const json_t *id_data,
// FIXME CHALLENGE
for (unsigned int l = 0; l < truths_len; l++)
{
+ // creates a json array for saving
json_t *esc_method = json_pack ("{s:o," /* truth uuid */
" s:s," /* provider url */
" s:o," /* truth key */
@@ -882,6 +1027,9 @@ ANASTASIS_secret_share (const json_t *id_data,
truths[l]->salt),
"escrow_method", truths[l]->method);
json_array_append_new (esc_methods, esc_method);
+ // prepares policy store operation
+ ss->pss[l]->anastasis_url = truths[l]->url;
+ ss->pss[l]->prev_hash = *last_etag;
}
recovery_document = json_pack (
@@ -893,36 +1041,44 @@ ANASTASIS_secret_share (const json_t *id_data,
"core_secret", GNUNET_JSON_from_data (&encrypted_core_secret,
core_secret_size));
+ // FIXME COMPRESSION
- st->so = ANASTASIS_salt (ss->ctx,
- truths[0]->url,
- &salt_cb,
- st);
- ANASTASIS_CRYPTO_user_identifier_derive (id_data,
- &st->so->salt,
- &ss->id);
- salt_cleanup (st);
-
- // ANASTASIS_CRYPTO_account_private_key_derive (&ss->id,
- // &ss->priv_key);
-
- ANASTASIS_CRYPTO_recovery_document_encrypt (&ss->id,
- recovery_document,
- sizeof(recovery_document),//
FIXME
- &enc_rec_doc,
- &enc_rec_doc_size);
-
- ss->pso = ANASTASIS_policy_store (ss->ctx,
- truths[0]->url,
- &ss->priv_key,
- last_etag,
- enc_rec_doc,
- enc_rec_doc_size,
- ss->payment_requested,
- ss->payment_order_id,
- &policy_store_cb,
- ss);
+ for (unsigned int l = 0; l < truths_len; l++)
+ {
+ ss->pss[l]->http_status = MHD_HTTP_NO_CONTENT;
+ ss->pss[l]->st->http_status = MHD_HTTP_OK;
+ ss->pss[l]->st->so = ANASTASIS_salt (ss->ctx,
+ ss->pss[l]->anastasis_url,
+ &salt_cb,
+ ss->pss[l]->st);
+
+ ANASTASIS_CRYPTO_user_identifier_derive (id_data,
+ &ss->pss[l]->st->so->salt,
+ &ss->pss[l]->id);
+ salt_cleanup (ss->pss[l]->st);
+
+ ANASTASIS_CRYPTO_account_private_key_derive (&ss->pss[l]->id,
+ &ss->pss[l]->anastasis_priv);
+
+ ANASTASIS_CRYPTO_recovery_document_encrypt (&ss->pss[l]->id,
+ recovery_document,
+ sizeof(recovery_document), //
FIXME
+ &ss->pss[l]->recovery_data,
+
&ss->pss[l]->recovery_data_size);
+
+ ss->pss[l]->pso = ANASTASIS_policy_store (ss->ctx,
+ ss->pss[l]->anastasis_url,
+ &ss->pss[l]->anastasis_priv,
+ last_etag,
+ ss->pss[l]->recovery_data,
+ ss->pss[l]->recovery_data_size,
+ ss->pss[l]->payment_requested,
+ ss->pss[l]->payment_order_id,
+ &policy_store_cb,
+ ss->pss[l]);
+ }
+
// Callback handle
return ss;
}
diff --git a/src/util/anastasis_crypto.c b/src/util/anastasis_crypto.c
index 582f221..3d06624 100644
--- a/src/util/anastasis_crypto.c
+++ b/src/util/anastasis_crypto.c
@@ -304,7 +304,7 @@ ANASTASIS_CRYPTO_user_identifier_derive (
* @param id holds a hashed user secret which is used as entropy source for
the public key generation
* @param priv_key[out] handle for the generated private key
*/
-static void
+void
ANASTASIS_CRYPTO_account_private_key_derive (
const struct ANASTASIS_CRYPTO_UserIdentifier *id,
struct GNUNET_CRYPTO_EddsaPrivateKey *priv_key)
--
To stop receiving notification emails like this one, please contact
address@hidden.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-anastasis] branch master updated: secret share process,
gnunet <=