[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] branch master updated: backend work
|
From: |
gnunet |
|
Subject: |
[taler-anastasis] branch master updated: backend work |
|
Date: |
Mon, 12 Oct 2020 18:15:44 +0200 |
This is an automated email from the git hooks/post-receive script.
ds-meister pushed a commit to branch master
in repository anastasis.
The following commit(s) were added to refs/heads/master by this push:
new 7f2f9e7 backend work
7f2f9e7 is described below
commit 7f2f9e729641ea339cff41f921379157695520d6
Author: Dominik Meister <dominik.meister@hotmail.ch>
AuthorDate: Mon Oct 12 18:15:24 2020 +0200
backend work
---
doc/ypsomed/ypsomed.tex | 23 +--
src/backend/anastasis-httpd_truth.c | 60 +++++++-
src/backend/anastasis_authorization_plugin_file.c | 174 ++++++++++++++++++++++
src/include/anastasis_database_lib.h | 18 ++-
src/stasis/plugin_anastasis_postgres.c | 5 -
5 files changed, 249 insertions(+), 31 deletions(-)
diff --git a/doc/ypsomed/ypsomed.tex b/doc/ypsomed/ypsomed.tex
index d041643..dcc293c 100644
--- a/doc/ypsomed/ypsomed.tex
+++ b/doc/ypsomed/ypsomed.tex
@@ -31,7 +31,17 @@ Dennis Neufeld (\texttt{dennis-neufeld@gmx.de})}
\tableofcontents
\clearpage
-\section{Introduction}
+\section{About the author and the team members}
+My name is Dominik Meister and I recently completed my Bachelor's degree in IT
Security.\\
+The design and implementation of Anastasis was the topic of my bachelor thesis.
+During the thesis I could successfully develop a proof of concept of the
software.
+I am responsible for the development of the backend and the deployment of the
software.\\
+
+Dennis Neufeld was my partner during the bachelor thesis. He also recently
completed his bachelor's degree in IT security.
+He is also a developer and is responsible for the integration of Anastasis
into other products.\\
+
+
+\section{Problem statement}
Users of cryptography are frequently facing the challenge to secure their core
secrets (private keys), and the
contemporary default of asking them to remember strong passphrases is
inadequate for mass adoption. The loss
of such a core secret can cause severe data and financial losses for a user.
Our project was conceived as a solution
@@ -45,7 +55,7 @@ data also face this well-known issue. The problem is
simultaneously assuring ava
instead of trading one for the other.
We designed Anastasis to address this common problem of cryptographic consumer
products.
-\section{Solution}
+\section{Summary of the work accomplished}
Anastasis is a key recovery system that allows the user to securely deposit
shares of a core secret with an open set of escrow
providers, and to recover the secret if the user lost it. The main objective
of Anastasis is to ensure that the user
can reliably recover the core secret, while making this as difficult as
possible for everyone else. The core secret
@@ -171,14 +181,6 @@ Besides that we are currently developing a client with a
graphical user interfac
Another open point is the integration of the software into other applications
(Taler, PEP).
For a more detailed overview of the open work see the project plan below.
-\section{Team}
-My name is Dominik Meister and I recently completed my Bachelor's degree in IT
Security.\\
-The design and implementation of Anastasis was the topic of my bachelor thesis.
-During the thesis I could successfully develop a proof of concept of the
software.
-I am responsible for the development of the backend and the deployment of the
software.\\
-
-Dennis Neufeld was my partner during the bachelor thesis. He also recently
completed his bachelor's degree in IT security.
-He is also a developer and is responsible for the integration of Anastasis
into other products.\\
\section{Project plan}
A key challenge for Anastasis is that we need to offer a diverse set of
authentication methods, as required from
@@ -201,7 +203,6 @@ Additionally, we would always look out for new customers
and clients who could b
\includegraphics[scale=0.34]{plan.png}
\end{center}
-
\section{Business model}
We are currently in the process of building a start-up for the
Anastasis application. This business model shows an overview how we
diff --git a/src/backend/anastasis-httpd_truth.c
b/src/backend/anastasis-httpd_truth.c
index eb5d3e2..b22a62c 100644
--- a/src/backend/anastasis-httpd_truth.c
+++ b/src/backend/anastasis-httpd_truth.c
@@ -761,6 +761,7 @@ AH_handler_truth_get (struct MHD_Connection *connection,
/* Not security question, check for answer in DB */
if (NULL != challenge_response_s)
{
+ enum ANASTASIS_DB_QueryStatus qs;
unsigned long long code;
char dummy;
@@ -773,15 +774,29 @@ AH_handler_truth_get (struct MHD_Connection *connection,
GNUNET_free (decrypted_truth);
return MHD_NO;
}
- // FIXME: check code against database
- if (1)
+
+ qs = db->verify_challenge_code (gc,
+ &truth_public_key,
+ code);
+
+ switch (qs)
{
- /* code was wrong */
- // FIXME: queue PROPER reply...
+ case ANASTASIS_DB_STATUS_HARD_ERROR:
+ GNUNET_free (decrypted_truth);
+ return MHD_NO;
+ case ANASTASIS_DB_STATUS_SOFT_ERROR:
+ GNUNET_free (decrypted_truth);
+ return MHD_NO;
+ case ANASTASIS_DB_STATUS_NO_RESULTS:
+ GNUNET_free (decrypted_truth);
+ return MHD_NO;
+ case ANASTASIS_DB_STATUS_SUCCESS_ONE_RESULT:
+ break;
+ default:
GNUNET_free (decrypted_truth);
return MHD_NO;
}
- // IF OK:
+
return return_key_share (&truth_public_key,
connection);
}
@@ -793,7 +808,7 @@ AH_handler_truth_get (struct MHD_Connection *connection,
struct ANASTASIS_AUTHORIZATION_State *as;
uint64_t code;
enum ANASTASIS_AUTHORIZATION_Result aret;
-
+ enum ANASTASIS_DB_QueryStatus qs;
authorization = auth_plugin_load (method);
if (NULL == authorization)
{
@@ -821,8 +836,37 @@ AH_handler_truth_get (struct MHD_Connection *connection,
}
// FIXME:
code = 42; // RANDOM! -- or from DB if recent one in DB!
- // FIXME: *if*
- // db->insert (truth_public_key, code, now, expiration, etc.);
+
+ // FIXME TIME where to put this?
+ // FIXME retry counter where to put it?
+
+ qs = db->store_challenge_code (authorization->cls,
+ &truth_public_key,
+ code,
+ GNUNET_TIME_relative_multiply (
+ GNUNET_TIME_UNIT_HOURS, 2),
+ 3);
+ switch (qs)
+ {
+ case ANASTASIS_DB_STATUS_HARD_ERROR:
+ /* data invalid, reply was NOT queued */
+ GNUNET_free (decrypted_truth);
+ return MHD_NO;
+ case ANASTASIS_DB_STATUS_SOFT_ERROR:
+ /* data invalid, reply was NOT queued */
+ GNUNET_free (decrypted_truth);
+ return MHD_NO;
+ case ANASTASIS_DB_STATUS_VALID_CODE_STORED:
+ /*FIXME already code stored message */
+ return MHD_NO;
+ case ANASTASIS_DB_STATUS_SUCCESS_ONE_RESULT:
+ /*challengecode was stored successfully*/
+ break;
+ default:
+ GNUNET_free (decrypted_truth);
+ return MHD_NO;
+ }
+
as = authorization->start (authorization->cls,
&truth_public_key,
code,
diff --git a/src/backend/anastasis_authorization_plugin_file.c
b/src/backend/anastasis_authorization_plugin_file.c
new file mode 100644
index 0000000..97b0359
--- /dev/null
+++ b/src/backend/anastasis_authorization_plugin_file.c
@@ -0,0 +1,174 @@
+/*
+ This file is part of Anastasis
+ Copyright (C) 2019 Taler Systems SA
+
+ Anastasis is free software; you can redistribute it and/or modify it under
the
+ terms of the GNU Lesser General Public License as published by the Free
Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Anastasis; see the file COPYING.GPL. If not, see
<http://www.gnu.org/licenses/>
+*/
+/**
+ * @file include/anastasis_authorization_plugin_file.c
+ * @brief authorization plugin file based for testing
+ * @author Dominik Meister
+ */
+#ifndef ANASTASIS_AUTHORIZATION_PLUGIN_H
+#define ANASTASIS_AUTHORIZATION_PLUGIN_H
+
+#include <gnunet/gnunet_util_lib.h>
+#include <anastasis_error_codes.h>
+#include "anastasis_service.h"
+#include <jansson.h>
+#include <taler/taler_util.h>
+
+/**
+ * Saves the State of a authorization process
+ */
+
+struct ANASTASIS_AUTHORIZATION_State
+{
+ /**
+ * Public key of the challenge which is authorised
+ */
+ const struct ANASTASIS_CRYPTO_TruthPublicKeyP truth_public_key;
+ /**
+ * Code which is sent to the user (here saved into a file)
+ */
+ uint64_t code;
+ /**
+ * holds the truth information
+ */
+ char *data;
+ /**
+ * Size of the data
+ */
+ size_t data_length;
+ /**
+ * closure
+ */
+ void *cls;
+};
+
+
+/**
+ * Validate @a data is a well-formed input into the challenge method,
+ * i.e. @a data is a well-formed phone number for sending an SMS, or
+ * a well-formed e-mail address for sending an e-mail. Not expected to
+ * check that the phone number or e-mail account actually exists.
+ *
+ * To be possibly used before issuing a 402 payment required to the client.
+ *
+ * @param cls closure
+ * @param connection HTTP client request (for queuing response)
+ * @param data input to validate (i.e. is it a valid phone number, etc.)
+ * @param data_length number of bytes in @a data
+ * @return #GNUNET_OK if @a data is valid,
+ * #GNUNET_NO if @a data is invalid and a reply was successfully
queued on @a connection
+ * #GNUNET_SYSERR if @a data invalid but we failed to queue a reply on
@a connection
+ */
+enum GNUNET_GenericReturnValue
+file_validate (void *cls,
+ struct MHD_Connection *connection,
+ const char *data,
+ size_t data_length)
+{
+ if (data != NULL)
+ {
+ return GNUNET_OK;
+ }
+ return GNUNET_NO;
+}
+
+/**
+ * Begin issuing authentication challenge to user based on @a data.
+ * I.e. start to send SMS or e-mail or launch video identification.
+ *
+ * @param cls closure
+ * @param truth_public_key Identifier of the challenge, to be (if possible)
included in the
+ * interaction with the user
+ * @param code secret code that the user has to provide back to satisfy the
challenge in
+ * the main anastasis protocol
+ * @param data input to validate (i.e. is it a valid phone number, etc.)
+ * @param data_length number of bytes in @a data
+ * @return state to track progress on the authorization operation, NULL on
failure
+ */
+struct ANASTASIS_AUTHORIZATION_State *
+file_start (void *cls,
+ const struct ANASTASIS_CRYPTO_TruthPublicKeyP *truth_public_key,
+ uint64_t code,
+ const void *data,
+ size_t data_length)
+{
+ struct ANASTASIS_AUTHORIZATION_State *as;
+ as = GNUNET_new (struct ANASTASIS_AUTHORIZATION_State);
+ as->cls = cls;
+ as->truth_public_key = truth_public_key;
+ as->code = code;
+ as->data = data;
+ as->data_length = data_length;
+ return as;
+}
+
+/**
+ * Begin issuing authentication challenge to user based on @a data.
+ * I.e. start to send SMS or e-mail or launch video identification.
+ *
+ * @param as authorization state
+ * @param connection HTTP client request (for queuing response, such as
redirection to video portal)
+ * @return state of the request
+ */
+enum ANASTASIS_AUTHORIZATION_Result
+file_process (struct ANASTASIS_AUTHORIZATION_State *as,
+ struct MHD_Connection *connection)
+{
+ FILE *f = fopen ("challenge.txt", "w");
+ if (f == NULL)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Could not open file");
+ return ANASTASIS_AUTHORIZATION_RES_FAILED;
+ }
+
+ /* print challenge code to file */
+ fprintf (f, "%llu", &as->code);
+ fclose (f);
+ return ANASTASIS_AUTHORIZATION_RES_SUCCESS;
+}
+
+
+/**
+ * Free internal state associated with @a as.
+ *
+ * @param as state to clean up
+ */
+void
+file_cleanup (struct ANASTASIS_AUTHORIZATION_State *as)
+{
+ GNUNET_free (as);
+}
+
+/**
+ * Initialize File based authorization plugin
+ *
+ * @param cls a configuration instance
+ * @return NULL on error, otherwise a `struct ANASTASIS_AuthorizationPlugin`
+ */
+void *
+libanastasis_plugin_authorization_file_init (void *cls)
+{
+ struct GNUNET_CONFIGURATION_Handle *cfg = cls;
+ struct ANASTASIS_AuthorizationPlugin *plugin;
+ plugin = GNUNET_new (struct ANASTASIS_AuthorizationPlugin);
+ plugin->validate = &file_validate;
+ plugin->start = &file_start;
+ plugin->process = &file_process;
+ plugin->cleanup = &file_cleanup
+
+ return plugin;
+}
diff --git a/src/include/anastasis_database_lib.h
b/src/include/anastasis_database_lib.h
index faf1e3f..7c12495 100644
--- a/src/include/anastasis_database_lib.h
+++ b/src/include/anastasis_database_lib.h
@@ -1,20 +1,24 @@
/*
- This file is part of TALER
- Copyright (C) 2014-2017 Inria & GNUnet e.V.
+ This file is part of Anastasis
+ Copyright (C) 2019 Taler Systems SA
- TALER is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
+ Anastasis is free software; you can redistribute it and/or modify it under
the
+ terms of the GNU Lesser General Public License as published by the Free
Software
Foundation; either version 3, or (at your option) any later version.
- TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+ Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
- TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ Anastasis; see the file COPYING.GPL. If not, see
<http://www.gnu.org/licenses/>
*/
/**
- *
+ * @file include/anastasis_database_lib.h
+ * @brief database plugin loader
+ * @author Dominik Meister
+ * @author Dennis Neufeld
+ * @author Christian Grothoff
*/
#ifndef ANASTASIS_DB_LIB_H
#define ANASTASIS_DB_LIB_H
diff --git a/src/stasis/plugin_anastasis_postgres.c
b/src/stasis/plugin_anastasis_postgres.c
index b658099..70f2e83 100644
--- a/src/stasis/plugin_anastasis_postgres.c
+++ b/src/stasis/plugin_anastasis_postgres.c
@@ -1944,11 +1944,6 @@ postgres_challenge_gc (void *cls)
params);
}
-
-
-
-
-
/**
* Initialize Postgres database subsystem.
*
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [taler-anastasis] branch master updated: backend work,
gnunet <=