[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] branch master updated: first refactor of recovery logi
|
From: |
gnunet |
|
Subject: |
[taler-anastasis] branch master updated: first refactor of recovery logic |
|
Date: |
Sat, 06 Feb 2021 15:44:57 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository anastasis.
The following commit(s) were added to refs/heads/master by this push:
new 8cb9e6c first refactor of recovery logic
8cb9e6c is described below
commit 8cb9e6cea93fb7f399d3a08cab2198fd215b6a9d
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sat Feb 6 15:44:55 2021 +0100
first refactor of recovery logic
---
src/include/anastasis.h | 72 ++--
src/include/anastasis_service.h | 2 +-
src/lib/anastasis_recovery.c | 558 +++++++++++----------------
src/reducer/anastasis_api_redux.c | 14 +-
src/restclient/anastasis_api_policy_lookup.c | 9 +-
src/testing/testing_cmd_recover_secret.c | 8 +-
src/util/anastasis_crypto.c | 17 +-
7 files changed, 301 insertions(+), 379 deletions(-)
diff --git a/src/include/anastasis.h b/src/include/anastasis.h
index 1493281..a94093c 100644
--- a/src/include/anastasis.h
+++ b/src/include/anastasis.h
@@ -32,6 +32,12 @@
/* ********************* Recovery api *********************** */
+/**
+ * Challenge struct contains the public key's needed for the recovery process
and a reference to
+ * ANASTASIS_Recovery.
+ */
+struct ANASTASIS_Challenge;
+
/**
* Defines a Decryption Policy with multiple escrow methods
@@ -89,23 +95,53 @@ struct ANASTASIS_RecoveryInformation
/**
- * Core Secret Callback is opened at the begin of a recovery process, it
passes back the core secret of
- * the user after the recovery process is completed.
+ * Possible outcomes of a recovery process.
+ */
+enum ANASTASIS_RecoveryStatus
+{
+
+ /**
+ * Recovery succeeded.
+ */
+ ANASTASIS_RS_SUCCESS = 0,
+
+ /**
+ * The HTTP download of the policy failed.
+ */
+ ANASTASIS_RS_POLICY_DOWNLOAD_FAILED,
+
+ /**
+ * We did not get a valid policy document.
+ */
+ ANASTASIS_RS_POLICY_DOWNLOAD_NO_POLICY,
+
+ /**
+ * The decompressed policy document was not in JSON.
+ */
+ ANASTASIS_RS_POLICY_DOWNLOAD_NO_JSON,
+
+ /**
+ * The decompressed policy document was in malformed JSON.
+ */
+ ANASTASIS_RS_POLICY_MALFORMED_JSON,
+};
+
+
+/**
+ * This function is called whenever the recovery process ends.
+ * On success, the secret is returned in @a secret.
+ *
* @param cls handle for the callback
+ * @param ec error code
* @param secret contains the core secret which is passed to the user
* @param secret_size defines the size of the core secret
*/
typedef void
(*ANASTASIS_CoreSecretCallback)(void *cls,
+ enum ANASTASIS_RecoveryStatus rc,
const void *secret,
size_t secret_size);
-/**
- * Challenge struct contains the public key's needed for the recovery process
and a reference to
- * ANASTASIS_Recovery.
- */
-struct ANASTASIS_Challenge;
-
/**
* The answer feedback defines the callback for an escrow challenge e.g.
(wrong SMS Pin)
*
@@ -290,17 +326,16 @@ ANASTASIS_challenge_start (struct GNUNET_CURL_Context
*ctx,
/**
- * Callback which passes back the recovery document and its possible policies.
Also passes
- * back the version of the document for the user to check.
+ * Callback which passes back the recovery document and its possible
+ * policies. Also passes back the version of the document for the user
+ * to check.
*
* @param cls closure for the callback
- * @param ri recovery information struct which contains the policies (NULL if
all provider candidates gave us 404/errors)
- * @param ecs array of error codes, one per provider, #TALER_EC_NONE-terminated
+ * @param ri recovery information struct which contains the policies
*/
typedef void
(*ANASTASIS_PolicyCallback)(void *cls,
- const struct ANASTASIS_RecoveryInformation *ri,
- const enum TALER_ErrorCode ec);
+ const struct ANASTASIS_RecoveryInformation *ri);
/**
@@ -342,15 +377,6 @@ void
ANASTASIS_recovery_abort (struct ANASTASIS_Recovery *r);
-/**
- * Frees the recovery struct
- *
- * @param r handle to the recovery struct
- */
-void
-ANASTASIS_recovery_free (struct ANASTASIS_Recovery *r);
-
-
/* ************************* Backup API ***************************** */
diff --git a/src/include/anastasis_service.h b/src/include/anastasis_service.h
index 9951905..4f0de4d 100644
--- a/src/include/anastasis_service.h
+++ b/src/include/anastasis_service.h
@@ -370,7 +370,7 @@ ANASTASIS_policy_lookup_version (
const struct ANASTASIS_CRYPTO_AccountPublicKeyP *anastasis_pub,
ANASTASIS_PolicyLookupCallback cb,
void *cb_cls,
- uint32_t *version);
+ unsigned int version);
/**
diff --git a/src/lib/anastasis_recovery.c b/src/lib/anastasis_recovery.c
index a21e3c5..9333de4 100644
--- a/src/lib/anastasis_recovery.c
+++ b/src/lib/anastasis_recovery.c
@@ -19,7 +19,6 @@
* @author Dominik Meister
* @author Dennis Neufeld
*/
-
#include "anastasis.h"
#include <taler/taler_json_lib.h>
#include <gnunet/gnunet_util_lib.h>
@@ -72,11 +71,6 @@ struct ANASTASIS_Recovery
*/
struct ANASTASIS_PolicyLookupOperation *plo;
- /**
- * Encrypted recovery document, only used for the description
- */
- void *encrypted_recovery_document;
-
/**
* size of the ecrypted recovery document
*/
@@ -120,7 +114,7 @@ struct ANASTASIS_Recovery
/**
* Recovery information which is sent to the user
*/
- struct ANASTASIS_RecoveryInformation *ri;
+ struct ANASTASIS_RecoveryInformation ri;
/**
* Identity data to user id from.
@@ -136,104 +130,104 @@ struct ANASTASIS_Recovery
struct ANASTASIS_Challenge
{
/**
- * Callback which gives back the instructions and a status code of the
request to the user
+ * Payment identifier.
*/
- ANASTASIS_ChallengeCallback cc;
+ struct ANASTASIS_PaymentSecretP payment_secret;
/**
- * Closure for the challenge callback
+ * truth public key which identifies this challenge
*/
- void *cc_cls;
+ struct ANASTASIS_CRYPTO_TruthPublicKeyP truth_public_key;
/**
- * Callback which gives back the instructions and a status code of the
request to the user
+ * nonce which identifies the challenge
*/
- ANASTASIS_AnswerFeedback af;
+ struct ANASTASIS_CRYPTO_NonceP nonce;
/**
- * Closure for the challenge callback
+ * Key used to encrypt the truth passed to the server
*/
- void *af_cls;
+ struct ANASTASIS_CRYPTO_TruthKeyP truth_key;
/**
- * Reference to the recovery process which is ongoing
+ * Salt used to encrypt the truth
*/
- struct ANASTASIS_Recovery *recovery;
+ struct ANASTASIS_CRYPTO_PowSalt truth_salt;
/**
- * url to the escrow provider for this challenge
+ * Cost for authentication
*/
- const char *url;
+ struct TALER_Amount cost;
/**
- * truth public key which identifies this challenge
+ * Payment order ID we got back, if any. Otherwise NULL.
*/
- struct ANASTASIS_CRYPTO_TruthPublicKeyP truth_public_key;
+ char *payment_order_id;
/**
- * nonce which identifies the challenge
+ * Payment order ID we are to provide in the request, may be NULL.
*/
- struct ANASTASIS_CRYPTO_NonceP nonce;
+ const char *payment_order_req;
/**
- * Key used to encrypt the truth passed to the server
+ * Callback which gives back the instructions and a status code of the
request to the user
*/
- struct ANASTASIS_CRYPTO_TruthKeyP truth_key;
+ ANASTASIS_ChallengeCallback cc;
/**
- * Salt used to encrypt the truth
+ * Closure for the challenge callback
*/
- struct ANASTASIS_CRYPTO_PowSalt truth_salt;
+ void *cc_cls;
/**
- * plaintext challenge which is sent to the client
+ * Callback which gives back the instructions and a status code of the
request to the user
*/
- void *challenge;
+ ANASTASIS_AnswerFeedback af;
/**
- * size of the challenge
+ * Closure for the challenge callback
*/
- size_t challenge_size;
+ void *af_cls;
/**
- * method of the challenge
+ * Reference to the recovery process which is ongoing
*/
- const char *escrow_method;
+ struct ANASTASIS_Recovery *recovery;
/**
- * keyshare lookup operation
+ * url to the escrow provider for this challenge
*/
- struct ANASTASIS_KeyShareLookupOperation *kslo;
+ char *url;
/**
- * Curl context
+ * plaintext challenge which is sent to the client
*/
- struct GNUNET_CURL_Context *ctx;
+ void *challenge;
/**
- * Encrypted key share
+ * method of the challenge
*/
- struct ANASTASIS_CRYPTO_KeyShareP *key_share;
+ char *escrow_method;
/**
- * Status of the challenge 0 pending, 1 solved
+ * keyshare lookup operation
*/
- unsigned int solved;
+ struct ANASTASIS_KeyShareLookupOperation *kslo;
/**
- * Expected http status
+ * Curl context
*/
- unsigned int http_status;
+ struct GNUNET_CURL_Context *ctx;
/**
- * Challenge instructions
+ * Encrypted key share
*/
- const char *instructions;
+ struct ANASTASIS_CRYPTO_KeyShareP *key_share;
/**
- * Cost for authentication
+ * Challenge instructions
*/
- struct TALER_Amount cost;
+ char *instructions;
/**
* Passes back the payment information for the current challenge
@@ -261,19 +255,19 @@ struct ANASTASIS_Challenge
void *csc_cls;
/**
- * Payment identifier.
+ * size of the challenge
*/
- struct ANASTASIS_PaymentSecretP payment_secret;
+ size_t challenge_size;
/**
- * Payment order ID we got back, if any. Otherwise NULL.
+ * Status of the challenge 0 pending, 1 solved
*/
- char *payment_order_id;
+ unsigned int solved;
/**
- * Payment order ID we are to provide in the request, may be NULL.
+ * Expected http status
*/
- const char *payment_order_req;
+ unsigned int http_status;
};
@@ -297,6 +291,7 @@ keyshare_lookup_cb (void *cls,
const struct ANASTASIS_KeyShareDownloadDetails *dd)
{
struct ANASTASIS_Challenge *c = cls;
+
c->kslo = NULL;
if (http_status != c->http_status)
{
@@ -312,11 +307,6 @@ keyshare_lookup_cb (void *cls,
ANASTASIS_CRYPTO_keyshare_decrypt (dd->encrypted_key_share,
&id,
&c->key_share);
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "At %s:%d decrypted keyshare is %s-%llu b\n", __FILE__, __LINE__,
- TALER_B2S (&c->key_share),
- (unsigned long long) sizeof (c->key_share));
-
c->recovery->solved_challenges[c->recovery->solved_challenge_pos] = *c;
c->recovery->solved_challenge_pos++;
c->af (c->af_cls,
@@ -332,14 +322,14 @@ keyshare_lookup_cb (void *cls,
*/
unsigned int success = UINT_MAX;
- for (unsigned int i = 0; i < c->recovery->ri->dps_len; i++)
+ for (unsigned int i = 0; i < c->recovery->ri.dps_len; i++)
{
- for (unsigned int j = 0; j < c->recovery->ri->dps[i].nonces_length; j++)
+ for (unsigned int j = 0; j < c->recovery->ri.dps[i].nonces_length; j++)
{
missing = true;
for (unsigned int k = 0; k < c->recovery->solved_challenge_pos; k++)
{
- if (0 == memcmp (&c->recovery->ri->dps[i].nonces[j],
+ if (0 == memcmp (&c->recovery->ri.dps[i].nonces[j],
&c->recovery->solved_challenges[k].nonce,
sizeof(struct ANASTASIS_CRYPTO_NonceP)))
{
@@ -361,19 +351,17 @@ keyshare_lookup_cb (void *cls,
if (success != UINT_MAX)
{
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "At %s:%d policy was solved \n", __FILE__, __LINE__);
void *core_secret;
size_t core_secret_size;
struct ANASTASIS_CRYPTO_KeyShareP
- key_shares[c->recovery->ri->dps[success].nonces_length];
+ key_shares[c->recovery->ri.dps[success].nonces_length];
struct ANASTASIS_CRYPTO_PolicyKeyP policy_key;
- for (unsigned int l = 0; l < c->recovery->ri->dps[success].nonces_length;
+ for (unsigned int l = 0; l < c->recovery->ri.dps[success].nonces_length;
l++)
{
for (unsigned int m = 0; m < c->recovery->solved_challenge_pos; m++)
{
- if (0 == memcmp (&c->recovery->ri->dps[success].nonces[l],
+ if (0 == memcmp (&c->recovery->ri.dps[success].nonces[l],
&c->recovery->solved_challenges[m].nonce,
sizeof(struct ANASTASIS_CRYPTO_NonceP)))
{
@@ -388,55 +376,29 @@ keyshare_lookup_cb (void *cls,
}
}
ANASTASIS_CRYPTO_policy_key_derive (key_shares,
- c->recovery->ri->dps[success].
+ c->recovery->ri.dps[success].
nonces_length,
- &c->recovery->ri->dps[success].salt,
+ &c->recovery->ri.dps[success].salt,
&policy_key);
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "At %s:%d the policy key is %s-%llu b\n", __FILE__, __LINE__,
- TALER_B2S (&policy_key),
- (unsigned long long) sizeof (policy_key));
-
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "At %s:%d encrypted core secret is %s-%llu b\n", __FILE__,
- __LINE__,
- TALER_b2s (c->recovery->enc_core_secret,
- c->recovery->enc_core_secret_size),
- (unsigned long long) c->recovery->enc_core_secret_size);
-
- ANASTASIS_CRYPTO_core_secret_recover (&c->recovery->ri->dps[success].emk,
+ ANASTASIS_CRYPTO_core_secret_recover (&c->recovery->ri.dps[success].emk,
policy_key,
c->recovery->enc_core_secret,
c->recovery->enc_core_secret_size,
&core_secret,
&core_secret_size);
-
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "At %s:%d decrypted core secret is %s-%llu b\n", __FILE__,
- __LINE__,
- TALER_b2s (core_secret,
- core_secret_size),
- (unsigned long long) core_secret_size);
c->recovery->csc (c->recovery->csc_cls,
+ ANASTASIS_RS_SUCCESS,
core_secret,
core_secret_size);
}
}
-/**
- * Cancel a challenge answer operation.
- *
- * @param pso the challenge answer operation to cancel
- */
void
-ANASTASIS_challenge_answer_cancel (struct
- ANASTASIS_ChallengeAnswerOperation *cao)
+ANASTASIS_challenge_answer_cancel (
+ struct ANASTASIS_ChallengeAnswerOperation *cao)
{
- if (NULL != cao->c)
- {
- GNUNET_free (cao->c);
- }
+ GNUNET_free (cao->c);
GNUNET_free (cao);
}
@@ -526,7 +488,6 @@ ANASTASIS_get_challenge (struct ANASTASIS_Challenge
*challenge)
ci->instructions = challenge->instructions;
ci->solved = challenge->solved;
ci->challenge = challenge;
-
return ci;
}
@@ -534,10 +495,10 @@ ANASTASIS_get_challenge (struct ANASTASIS_Challenge
*challenge)
struct ANASTASIS_Challenge *
ANASTASIS_json_to_challenge (json_t *challenge)
{
- GNUNET_assert (json_is_object (challenge));
const char *challenge_str;
struct ANASTASIS_Challenge *c = NULL;
+ GNUNET_assert (json_is_object (challenge));
challenge_str =
json_string_value (
json_object_get (challenge,
@@ -553,8 +514,8 @@ ANASTASIS_json_to_challenge (json_t *challenge)
json_t *
-ANASTASIS_challenge_information_to_json (const struct
- ANASTASIS_ChallengeInformation *ci)
+ANASTASIS_challenge_information_to_json (
+ const struct ANASTASIS_ChallengeInformation *ci)
{
return json_pack ("{s:o,s:s,s:s,s:o,s:s:s:I,s:o}",
"truth_public_key",
@@ -587,8 +548,8 @@ challenge_run_cb (void *cls,
char *response_string)
{
struct ANASTASIS_Challenge *c = cls;
- c->cro = NULL;
+ c->cro = NULL;
if (http_status == MHD_HTTP_PAYMENT_REQUIRED)
{
const char *m;
@@ -636,7 +597,6 @@ challenge_run_cb (void *cls,
c->csc (c->csc_cls,
response_string,
http_status);
- return;
}
@@ -654,7 +614,7 @@ ANASTASIS_challenge_start (struct GNUNET_CURL_Context *ctx,
c->cpc = cpc;
c->cpc_cls = cpc_cls;
- if (c->payment_order_id != NULL)
+ if (NULL != c->payment_order_id)
{
GNUNET_STRINGS_string_to_data (c->payment_order_id,
strlen (c->payment_order_id),
@@ -695,26 +655,24 @@ policy_lookup_cb (void *cls,
struct ANASTASIS_Recovery *r = cls;
void *plaintext;
size_t size_plaintext;
- json_t *recovery_document;
json_error_t json_error;
json_t *dec_policies;
json_t *esc_methods;
r->response_code = http_status;
- r->ri = GNUNET_new (struct ANASTASIS_RecoveryInformation);
r->plo = NULL;
- if (http_status != r->http_status)
+ if (MHD_HTTP_OK != http_status)
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Unexpected response code %u in %s:%u\n",
http_status,
__FILE__,
__LINE__);
-
- r->pc (r->pc_cls,
- r->ri,
- TALER_EC_INVALID); // FIXME: Error Code
- // r->pc = NULL;
+ // FIXME: should differenciate by @a http_status here!
+ r->csc (r->csc_cls,
+ ANASTASIS_RS_POLICY_DOWNLOAD_FAILED,
+ NULL,
+ 0);
ANASTASIS_recovery_abort (r);
return;
}
@@ -722,10 +680,10 @@ policy_lookup_cb (void *cls,
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"No recovery data available");
- r->pc (r->pc_cls,
- r->ri,
- TALER_EC_INVALID); // FIXME: Error Code
- // r->pc = NULL;
+ r->csc (r->csc_cls,
+ ANASTASIS_RS_POLICY_DOWNLOAD_NO_POLICY,
+ NULL,
+ 0);
ANASTASIS_recovery_abort (r);
return;
}
@@ -734,226 +692,189 @@ policy_lookup_cb (void *cls,
dd->policy_size,
&plaintext,
&size_plaintext);
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "At %s:%d rec doc after enc is %s \n",
- __FILE__, __LINE__,
- TALER_b2s (plaintext, size_plaintext));
- // FIXME COMPRESSION
-
- recovery_document = json_loadb ((char *) plaintext,
- size_plaintext,
- JSON_DECODE_ANY,
- &json_error);
- GNUNET_free (plaintext);
- if (NULL == recovery_document)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Failed to read JSON input: %s at %d:%s (offset: %d)\n",
- json_error.text,
- json_error.line,
- json_error.source,
- json_error.position);
- GNUNET_break_op (0);
- r->pc (r->pc_cls,
- r->ri,
- TALER_EC_INVALID); // FIXME: Error Code
- ANASTASIS_recovery_abort (r);
- return;
- }
+ // FIXME: DECOMPRESSION
- struct GNUNET_JSON_Specification spec[] = {
- GNUNET_JSON_spec_json ("policies",
- &dec_policies),
- GNUNET_JSON_spec_json ("escrow_methods",
- &esc_methods),
- GNUNET_JSON_spec_varsize ("core_secret",
- &r->enc_core_secret,
- &r->enc_core_secret_size),
- GNUNET_JSON_spec_end ()
- };
-
- if (GNUNET_OK !=
- GNUNET_JSON_parse (recovery_document,
- spec,
- NULL, NULL))
{
- GNUNET_break_op (0);
+ json_t *recovery_document;
+
+ recovery_document = json_loadb ((char *) plaintext,
+ size_plaintext,
+ JSON_DECODE_ANY,
+ &json_error);
+ GNUNET_free (plaintext);
+ if (NULL == recovery_document)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Failed to read JSON input: %s at %d:%s (offset: %d)\n",
+ json_error.text,
+ json_error.line,
+ json_error.source,
+ json_error.position);
+ GNUNET_break_op (0);
+ r->csc (r->csc_cls,
+ ANASTASIS_RS_POLICY_DOWNLOAD_NO_JSON,
+ NULL,
+ 0);
+ ANASTASIS_recovery_abort (r);
+ return;
+ }
+
+ {
+ struct GNUNET_JSON_Specification spec[] = {
+ GNUNET_JSON_spec_json ("policies",
+ &dec_policies),
+ GNUNET_JSON_spec_json ("escrow_methods",
+ &esc_methods),
+ GNUNET_JSON_spec_varsize ("core_secret",
+ &r->enc_core_secret,
+ &r->enc_core_secret_size),
+ GNUNET_JSON_spec_end ()
+ };
+
+ if (GNUNET_OK !=
+ GNUNET_JSON_parse (recovery_document,
+ spec,
+ NULL, NULL))
+ {
+ GNUNET_break_op (0);
+ json_decref (recovery_document);
+ r->csc (r->csc_cls,
+ ANASTASIS_RS_POLICY_MALFORMED_JSON,
+ NULL,
+ 0);
+ ANASTASIS_recovery_abort (r);
+ return;
+ }
+ }
json_decref (recovery_document);
- recovery_document = NULL;
- GNUNET_JSON_parse_free (spec);
- r->pc (r->pc_cls,
- r->ri,
- TALER_EC_INVALID); // FIXME: Error Code
- ANASTASIS_recovery_abort (r);
- return;
}
- json_decref (recovery_document);
- recovery_document = NULL;
- r->ri->cs_len = json_array_size (esc_methods);
- r->ri->dps_len = json_array_size (dec_policies);
- r->ri->dps = GNUNET_new_array (r->ri->dps_len,
- struct ANASTASIS_DecryptionPolicy);
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "At %s:%d encrypted core secret is %s-%llu b\n", __FILE__,
- __LINE__,
- TALER_b2s (r->enc_core_secret,
- r->enc_core_secret_size),
- (unsigned long long) r->enc_core_secret_size);
- r->solved_challenges = GNUNET_new_array (r->ri->cs_len,
+ r->ri.cs_len = json_array_size (esc_methods);
+ r->ri.dps_len = json_array_size (dec_policies);
+ r->ri.dps = GNUNET_new_array (r->ri.dps_len,
+ struct ANASTASIS_DecryptionPolicy);
+ r->solved_challenges = GNUNET_new_array (r->ri.cs_len,
struct ANASTASIS_Challenge);
-
- struct ANASTASIS_Challenge **cs = GNUNET_new_array (r->ri->cs_len,
- struct
ANASTASIS_Challenge
- *);
- for (unsigned int i = 0; i < r->ri->cs_len; i++)
+ r->ri.cs = GNUNET_new_array (r->ri.cs_len,
+ struct ANASTASIS_Challenge *);
+ for (unsigned int i = 0; i < r->ri.cs_len; i++)
{
- cs[i] = GNUNET_new (struct ANASTASIS_Challenge);
+ struct ANASTASIS_Challenge *cs = GNUNET_new (struct ANASTASIS_Challenge);
+ const char *instructions;
+ const char *url;
+ const char *escrow_method;
struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_fixed_auto ("nonce",
- &cs[i]->nonce),
+ &cs->nonce),
GNUNET_JSON_spec_string ("url",
- &cs[i]->url),
+ &url),
GNUNET_JSON_spec_string ("instructions",
- &cs[i]->instructions),
+ &instructions),
GNUNET_JSON_spec_fixed_auto ("truth_key",
- &cs[i]->truth_key),
+ &cs->truth_key),
GNUNET_JSON_spec_fixed_auto ("salt",
- &cs[i]->truth_salt),
+ &cs->truth_salt),
GNUNET_JSON_spec_string ("escrow_method",
- &cs[i]->escrow_method),
+ &escrow_method),
GNUNET_JSON_spec_end ()
};
+
+ r->ri.cs[i] = cs;
+ cs->recovery = r;
if (GNUNET_OK !=
- GNUNET_JSON_parse (json_array_get (esc_methods, i),
+ GNUNET_JSON_parse (json_array_get (esc_methods,
+ i),
spec,
NULL, NULL))
{
GNUNET_break_op (0);
json_decref (esc_methods);
- GNUNET_JSON_parse_free (spec);
- r->pc (r->pc_cls,
- r->ri,
- TALER_EC_INVALID); // FIXME: Error Code
+ json_decref (dec_policies);
+ r->csc (r->csc_cls,
+ ANASTASIS_RS_POLICY_MALFORMED_JSON,
+ NULL,
+ 0);
ANASTASIS_recovery_abort (r);
return;
}
- ANASTASIS_CRYPTO_truth_public_key_derive (&cs[i]->nonce,
- &cs[i]->truth_public_key);
- cs[i]->recovery = r;
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "At %s:%d challenge public key is %s-%llu b\n", __FILE__,
- __LINE__,
- TALER_B2S (&cs[i]->truth_public_key),
- (unsigned long long) sizeof (cs[i]->truth_public_key));
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "At %s:%d url is %s\n", __FILE__, __LINE__,
- cs[i]->url);
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "At %s:%d truth key is %s-%llu b\n", __FILE__, __LINE__,
- TALER_B2S (&cs[i]->truth_key),
- (unsigned long long) sizeof (cs[i]->truth_key));
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "At %s:%d truth_salt is %s-%llu b\n", __FILE__, __LINE__,
- TALER_B2S (&cs[i]->truth_salt),
- (unsigned long long) sizeof (cs[i]->truth_salt));
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "At %s:%d escrow method is %s\n", __FILE__, __LINE__,
- cs[i]->escrow_method);
+ cs->url = GNUNET_strdup (url);
+ cs->instructions = GNUNET_strdup (instructions);
+ cs->escrow_method = GNUNET_strdup (escrow_method);
+ ANASTASIS_CRYPTO_truth_public_key_derive (&cs->nonce,
+ &cs->truth_public_key);
}
+ json_decref (esc_methods);
- for (unsigned int j = 0; j < r->ri->dps_len; j++)
+ for (unsigned int j = 0; j < r->ri.dps_len; j++)
{
- size_t n_index;
- json_t *nonces;
+ struct ANASTASIS_DecryptionPolicy *dp = &r->ri.dps[j];
+ json_t *nonces = NULL;
json_t *nonce;
+ size_t n_index;
struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_fixed_auto ("master_key",
- &r->ri->dps[j].emk),
+ &dp->emk),
GNUNET_JSON_spec_fixed_auto ("salt",
- &r->ri->dps[j].salt),
- GNUNET_JSON_spec_uint32 ("nonces_length",
- &r->ri->dps[j].nonces_length),
+ &dp->salt),
+ GNUNET_JSON_spec_json ("nonces",
+ &nonces),
GNUNET_JSON_spec_end ()
};
- nonces = json_object_get (json_array_get (dec_policies, j),
- "nonces");
- GNUNET_assert (json_is_array (nonces));
- if (GNUNET_OK !=
- GNUNET_JSON_parse (json_array_get (dec_policies, j),
- spec,
- NULL, NULL))
+ if ( (GNUNET_OK !=
+ GNUNET_JSON_parse (json_array_get (dec_policies,
+ j),
+ spec,
+ NULL, NULL)) ||
+ (! json_is_array (nonces)) )
{
GNUNET_break_op (0);
- GNUNET_JSON_parse_free (spec);
+ json_decref (nonces);
json_decref (dec_policies);
- r->pc (r->pc_cls,
- r->ri,
- TALER_EC_INVALID); // FIXME: Error Code
+ r->csc (r->csc_cls,
+ ANASTASIS_RS_POLICY_MALFORMED_JSON,
+ NULL,
+ 0);
ANASTASIS_recovery_abort (r);
return;
}
- r->ri->dps[j].nonces = GNUNET_new_array (r->ri->dps[j].nonces_length,
- struct ANASTASIS_CRYPTO_NonceP);
-
+ dp->nonces_length = json_array_size (nonces);
+ dp->nonces = GNUNET_new_array (dp->nonces_length,
+ struct ANASTASIS_CRYPTO_NonceP);
json_array_foreach (nonces, n_index, nonce)
{
const char *nonce_str = json_string_value (nonce);
- GNUNET_STRINGS_string_to_data (nonce_str,
- strlen (nonce_str),
- &r->ri->dps[j].nonces[n_index],
- sizeof (struct ANASTASIS_CRYPTO_NonceP));
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "At %s:%d escrow nonce is %s-%llu b\n",
- __FILE__, __LINE__,
- TALER_B2S (&r->ri->dps[j].nonces[n_index]),
- (unsigned long long) sizeof (r->ri->dps[j].nonces[n_index]));
- }
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "At %s:%d encrypted master key is %s-%llu b\n",
- __FILE__, __LINE__,
- TALER_B2S (&r->ri->dps[j].emk),
- (unsigned long long) sizeof (r->ri->dps[j].emk));
-
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "At %s:%d policy salt is %s-%llu b\n",
- __FILE__, __LINE__,
- TALER_B2S (&r->ri->dps[j].salt),
- (unsigned long long) sizeof (r->ri->dps[j].salt));
- }
- r->solved_challenge_pos = 0;
- r->ri->cs = cs;
- // SETUP POLICY CALLBACK
- if (NULL != r->pc)
- {
- r->pc (r->pc_cls,
- r->ri,
- TALER_EC_NONE); // FIXME: Error Code
- // r->pc = NULL;
+ if ( (NULL == nonce_str) ||
+ (GNUNET_OK !=
+ GNUNET_STRINGS_string_to_data (nonce_str,
+ strlen (nonce_str),
+ &dp->nonces[n_index],
+ sizeof (struct
+ ANASTASIS_CRYPTO_NonceP))) )
+ {
+ GNUNET_break_op (0);
+ json_decref (dec_policies);
+ json_decref (nonces);
+ r->csc (r->csc_cls,
+ ANASTASIS_RS_POLICY_MALFORMED_JSON,
+ NULL,
+ 0);
+ ANASTASIS_recovery_abort (r);
+ return;
+ }
+ }
+ json_decref (nonces);
}
- json_decref (esc_methods);
json_decref (dec_policies);
+ r->solved_challenge_pos = 0;
+ r->pc (r->pc_cls,
+ &r->ri);
}
-/**
-* Starts the recovery process by opening callbacks for the coresecret and a
policy callback. A list of
-* providers is checked for policies and passed back to the client.
-*
-* @param ctx the CURL context used to connect to the backend
-* @param id_data contains the users identity, (user account on providers)
-* @param version defines the version which will be downloaded NULL for latest
version
-* @param anastasis_provider_url NULL terminated list of possible provider urls
-* @param salt the server salt
-* @param pc opens the policy call back which holds the downloaded version and
the policies
-* @param pc_cls closure for callback
-* @param csc core secret callback is opened, with this the core secert is
passed to the client after the authentication
-* @param csc_cls handle for the callback
-*/
struct ANASTASIS_Recovery *
ANASTASIS_recovery_begin (struct GNUNET_CURL_Context *ctx,
const json_t *id_data,
@@ -974,36 +895,19 @@ ANASTASIS_recovery_begin (struct GNUNET_CURL_Context *ctx,
r->pc_cls = pc_cls;
r->ctx = ctx;
r->id_data = id_data;
- r->http_status = MHD_HTTP_OK;
ANASTASIS_CRYPTO_user_identifier_derive (id_data,
salt,
&r->id);
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "At %s:%d user_identfier is %s-%llu b\n",
- __FILE__, __LINE__,
- TALER_B2S (&r->id),
- (unsigned long long) sizeof (r->id));
ANASTASIS_CRYPTO_account_public_key_derive (&r->id,
&r->pub_key);
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "At %s:%d public key is %s-%llu b\n",
- __FILE__, __LINE__,
- TALER_B2S (&r->pub_key),
- (unsigned long long) sizeof (r->pub_key));
-
- if (version != 0)
+ if (0 != version)
{
r->plo = ANASTASIS_policy_lookup_version (r->ctx,
anastasis_provider_url,
&r->pub_key,
&policy_lookup_cb,
r,
- &version);
- if (NULL == r->plo)
- {
- GNUNET_break (0);
- return NULL;
- }
+ version);
}
else
{
@@ -1012,42 +916,36 @@ ANASTASIS_recovery_begin (struct GNUNET_CURL_Context
*ctx,
&r->pub_key,
&policy_lookup_cb,
r);
- if (NULL == r->plo)
- {
- GNUNET_break (0);
- return NULL;
- }
}
-
+ if (NULL == r->plo)
+ {
+ GNUNET_break (0);
+ ANASTASIS_recovery_abort (r);
+ return NULL;
+ }
return r;
}
-void
-ANASTASIS_recovery_free (struct ANASTASIS_Recovery *r)
-{
- GNUNET_free (r->solved_challenges);
- GNUNET_free (r->encrypted_recovery_document);
- GNUNET_free (r->ri->dps);
- GNUNET_free (r->ri->cs);
- GNUNET_free (r->ri);
- GNUNET_free (r);
-}
-
-
-/**
-* Cancels the recovery process
-* @param r handle to the recovery struct
-*/
void
ANASTASIS_recovery_abort (struct ANASTASIS_Recovery *r)
{
if (NULL != r->plo)
{
- GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
- "policy lookup aborted");
ANASTASIS_policy_lookup_cancel (r->plo);
r->plo = NULL;
}
- ANASTASIS_recovery_free (r);
+ GNUNET_free (r->solved_challenges);
+ GNUNET_free (r->ri.dps);
+ for (unsigned int i = 0; i < r->ri.cs_len; i++)
+ {
+ struct ANASTASIS_Challenge *cs = r->ri.cs[i];
+
+ GNUNET_free (cs->url);
+ GNUNET_free (cs->instructions);
+ GNUNET_free (cs->escrow_method);
+ GNUNET_free (cs);
+ }
+ GNUNET_free (r->ri.cs);
+ GNUNET_free (r);
}
diff --git a/src/reducer/anastasis_api_redux.c
b/src/reducer/anastasis_api_redux.c
index 626663d..873bdd2 100644
--- a/src/reducer/anastasis_api_redux.c
+++ b/src/reducer/anastasis_api_redux.c
@@ -882,23 +882,13 @@ unselect_continent (json_t *state,
static void
policy_lookup_cb (void *cls,
- const struct ANASTASIS_RecoveryInformation *ri,
- const enum TALER_ErrorCode ec)
+ const struct ANASTASIS_RecoveryInformation *ri)
{
+ struct RecoverSecretState *rss = cls;
json_t *policies;
json_t *challenges;
json_t *recovery_information;
- struct RecoverSecretState *rss = cls;
- if (ec != TALER_EC_NONE) // FIXME: Error code
- {
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Unexpected response code %u in %s:%u\n",
- ec,
- __FILE__,
- __LINE__);
- return;
- }
recovery_information = json_object_get (rss->state,
"recovery_information");
if (NULL == recovery_information)
diff --git a/src/restclient/anastasis_api_policy_lookup.c
b/src/restclient/anastasis_api_policy_lookup.c
index fbe1f92..4b9eb11 100644
--- a/src/restclient/anastasis_api_policy_lookup.c
+++ b/src/restclient/anastasis_api_policy_lookup.c
@@ -327,12 +327,13 @@ ANASTASIS_policy_lookup_version (
const struct ANASTASIS_CRYPTO_AccountPublicKeyP *anastasis_pub,
ANASTASIS_PolicyLookupCallback cb,
void *cb_cls,
- uint32_t *version)
+ unsigned int version)
{
struct ANASTASIS_PolicyLookupOperation *plo;
CURL *eh;
char *acc_pub_str;
char *path;
+ char version_s[14];
plo = GNUNET_new (struct ANASTASIS_PolicyLookupOperation);
plo->account_pub = *anastasis_pub;
@@ -342,10 +343,14 @@ ANASTASIS_policy_lookup_version (
"policy/%s",
acc_pub_str);
GNUNET_free (acc_pub_str);
+ GNUNET_snprintf (version_s,
+ sizeof (version_s),
+ "%u",
+ version);
plo->url = TALER_url_join (backend_url,
path,
"version",
- version,
+ version_s,
NULL);
GNUNET_free (path);
eh = ANASTASIS_curl_easy_get_ (plo->url);
diff --git a/src/testing/testing_cmd_recover_secret.c
b/src/testing/testing_cmd_recover_secret.c
index 364e496..005eee5 100644
--- a/src/testing/testing_cmd_recover_secret.c
+++ b/src/testing/testing_cmd_recover_secret.c
@@ -96,10 +96,10 @@ struct RecoverSecretState
static void
policy_lookup_cb (void *cls,
- const struct ANASTASIS_RecoveryInformation *ri,
- const enum TALER_ErrorCode ec)
+ const struct ANASTASIS_RecoveryInformation *ri)
{
struct RecoverSecretState *rss = cls;
+
rss->ri = (struct ANASTASIS_RecoveryInformation *) ri;
if (NULL == ri)
{
@@ -113,14 +113,12 @@ policy_lookup_cb (void *cls,
static void
core_secret_cb (void *cls,
+ enum ANASTASIS_RecoveryStatus rc,
const void *secret,
size_t secret_size)
{
struct RecoverSecretState *rss = cls;
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "At %s:%d arrived at core secret cb \n", __FILE__, __LINE__);
-
rss->recovery = NULL;
if (0 != memcmp (secret, rss->core_secret, secret_size))
{
diff --git a/src/util/anastasis_crypto.c b/src/util/anastasis_crypto.c
index 17a6852..ccae283 100644
--- a/src/util/anastasis_crypto.c
+++ b/src/util/anastasis_crypto.c
@@ -656,10 +656,11 @@ ANASTASIS_CRYPTO_policy_key_derive (
/**
- * The core secret is the user provided secret which will be saved with
Anastasis.
- * The secret will be encrypted with the master key, the master key is a
random key which will
- * be generated. The master key afterwards will be encrypted with the
different policy keys.
- * Encryption is performed with AES256
+ * The core secret is the user provided secret which will be saved
+ * with Anastasis. The secret will be encrypted with the master key,
+ * the master key is a random key which will be generated. The master
+ * key afterwards will be encrypted with the different policy keys.
+ * Encryption is performed with AES256.
*
* @param policy_keys an array of policy keys which are used to encrypt the
master key
* @param policy_keys_length defines the amount of policy keys and also the
amount of encrypted master keys
@@ -686,7 +687,9 @@ ANASTASIS_CRYPTO_core_secret_encrypt (
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
&master_key,
sizeof (struct GNUNET_HashCode));
- GNUNET_CRYPTO_hash_to_aes_key (&master_key, &sk, &iv);
+ GNUNET_CRYPTO_hash_to_aes_key (&master_key,
+ &sk,
+ &iv);
GNUNET_assert (GNUNET_SYSERR !=
GNUNET_CRYPTO_symmetric_encrypt (core_secret,
core_secret_size,
@@ -698,7 +701,9 @@ ANASTASIS_CRYPTO_core_secret_encrypt (
struct GNUNET_CRYPTO_SymmetricSessionKey i_sk;
struct GNUNET_CRYPTO_SymmetricInitializationVector i_iv;
- GNUNET_CRYPTO_hash_to_aes_key (&policy_keys[i].key, &i_sk, &i_iv);
+ GNUNET_CRYPTO_hash_to_aes_key (&policy_keys[i].key,
+ &i_sk,
+ &i_iv);
GNUNET_assert (
GNUNET_SYSERR !=
GNUNET_CRYPTO_symmetric_encrypt (&master_key,
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-anastasis] branch master updated: first refactor of recovery logic,
gnunet <=