diff options
| author | Tristan Schwieren <tristan.schwieren@tum.de> | 2022-08-26 17:34:13 +0200 |
|---|---|---|
| committer | Tristan Schwieren <tristan.schwieren@tum.de> | 2022-08-26 17:49:08 +0200 |
| commit | 2a46a30bdbfbcf07a755bd83a876ef9a7e7643fb (patch) | |
| tree | 4b7d602b2f2dd7b0c4458792805fe9106f933116 | |
| parent | 7777cef05fedae221bf4b82c6b5a1de87a7d101e (diff) | |
- finished test for signature rest endpointdev/trizuz/siop
| -rw-r--r-- | src/identity/plugin_rest_identity.c | 2 | ||||
| -rwxr-xr-x | src/identity/test_plugin_rest_identity_signature.sh | 101 | ||||
| -rw-r--r-- | src/util/crypto_ecc.c | 4 |
3 files changed, 57 insertions, 50 deletions
diff --git a/src/identity/plugin_rest_identity.c b/src/identity/plugin_rest_identity.c index 15e0987f2..f46de1091 100644 --- a/src/identity/plugin_rest_identity.c +++ b/src/identity/plugin_rest_identity.c @@ -1236,7 +1236,7 @@ ego_sign_data_cb (void *cls, struct GNUNET_IDENTITY_Ego *ego) return; } - sig_str = malloc (64); + sig_str = malloc (128); GNUNET_CRYPTO_eddsa_signature_encode ( (const struct GNUNET_CRYPTO_EddsaSignature *) &sig, &sig_str); diff --git a/src/identity/test_plugin_rest_identity_signature.sh b/src/identity/test_plugin_rest_identity_signature.sh index 6b3470388..a4d5fa5d7 100755 --- a/src/identity/test_plugin_rest_identity_signature.sh +++ b/src/identity/test_plugin_rest_identity_signature.sh @@ -2,25 +2,16 @@ # https://www.rfc-editor.org/rfc/rfc7515#appendix-A.3 -header='{"alg":"ES256"}' -payload='{"iss":"joe",\r\n "exp":1300819380,\r\n "http://example.com/is_root":true}' - -key='{"kty":"EC", - "crv":"P-256", - "x":"f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU", - "y":"x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0", - "d":"jpsQnnGQmL-YBIffH1136cspYG6-0iY7X1fCE9-E9LI" - }' - -header_payload_test=( - 101 121 74 104 98 71 99 105 79 105 74 70 85 122 73 - 49 78 105 74 57 46 101 121 74 112 99 51 77 105 79 105 - 74 113 98 50 85 105 76 65 48 75 73 67 74 108 101 72 - 65 105 79 106 69 122 77 68 65 52 77 84 107 122 79 68 - 65 115 68 81 111 103 73 109 104 48 100 72 65 54 76 - 121 57 108 101 71 70 116 99 71 120 108 76 109 78 118 - 98 83 57 112 99 49 57 121 98 50 57 48 73 106 112 48 - 99 110 86 108 102 81) +header='{"alg":"EdDSA"}' +payload='Example of Ed25519 signing' +key='{ "kty":"OKP", + "crv":"Ed25519", + "d":"nWGxne_9WmC6hEr0kuwsxERJxWl7MmkZcDusAxyuf2A", + "x":"11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo" + }' + +header_payload_test="eyJhbGciOiJFZERTQSJ9.RXhhbXBsZSBvZiBFZDI1NTE5IHNpZ25pbmc" +signature_test="hgyY0il_MGCjP0JzlnLWG1PPOt7-09PGcvMg3AIbQR6dWbhijcNR4ki4iylGjg5BhVsPt9g7sVvpAr_MuM0KAg" base64url_add_padding() { for i in $( seq 1 $(( 4 - ${#1} % 4 )) ); do padding+="="; done @@ -33,42 +24,58 @@ base64url_encode () { base64url_decode () { padded_input=$(base64url_add_padding "$1") - echo -n "$padded_input" | tr '_-' '/+' | base64 -w0 --decode + echo -n "$padded_input" | basenc --base64url -d } base32crockford_encode () { - echo -n "$i" | basenc --base32hex | tr 'IJKLMNOPQRSTUV' 'JKMNPQRSTVWXYZ' + echo -n -e "$1" | basenc --base32hex | tr 'IJKLMNOPQRSTUV' 'JKMNPQRSTVWXYZ' } -header_enc=$(base64url_encode "$header") -payload_enc=$(base64url_encode "$payload") +echo -n "jwk: " +echo $key | jq + +# Create Header +# 65556 (decimal) +# = 00000000-00000001-00000000-00010100 (binary little endian) +# = 00-01-00-14 (hex little endian) +header_hex=("00" "01" "00" "14") + +# Convert secret JWK to HEX array +key_hex=( $( base64url_decode $( echo -n "$key" | jq -r '.d' ) | xxd -p | tr -d '\n' | fold -w 2 | tr '\n' ' ' ) ) -# encode header_payload test vektor -for i in "${header_payload_test[@]}" -do - header_payload_test_enc+=$(printf "\x$(printf %x $i)") -done +# Concat header and key +header_key_hex=(${header_hex[@]} ${key_hex[@]}) -# test base64url encoding and header-payload concatenation -if [ "$header_enc.$payload_enc" != $header_payload_test_enc ] ; +# Encode with Base32Crogford +key_gnunet=$(echo -n "${header_key_hex[*]}" | tr -d " " | xxd -p -r | basenc --base32hex | tr 'IJKLMNOPQRSTUV' 'JKMNPQRSTVWXYZ' | tr -d "=") +echo "gnunet skey: $key_gnunet" + +# Create ego +gnunet-identity -C ego9696595726 -X -P "$key_gnunet" + +# Test base64url encoding and header.payload generation +header_payload_enc="$(base64url_encode "$header").$(base64url_encode "$payload")" +if [ $header_payload_enc != $header_payload_test ] ; then exit 1 fi +echo "header.payload: $header_payload_enc" + +# Sign JWT +signature_enc=$(curl -s "localhost:7776/sign?user=ego9696595726&data=$header_payload_enc" | jq -r '.signature') +jwt="$header_payload_enc.$signature_enc" +echo "header.payload.signature: $jwt" + +gnunet-identity -D ego9696595726 + +if [ $signature_enc != $signature_test ] +then + echo "Signature does not check out:" + echo "$signature_enc" + echo "$signature_test" + exit 1 +else + echo "Signature does check out!" + exit 1 +fi -signature_enc=$(curl -s "localhost:7776/sign?user=tristan&data=$header_payload_enc" | jq -r '.signature') -jwt="$header_enc.$payload_enc.$signature_enc" -echo $jwt - -# Convert secret JWK to GNUnet skey -key_dec=$(base64url_decode $( echo -n "$key" | jq -r '.d')) -for i in $(echo -n $key_dec | xxd -p | tr -d '\n' | fold -w 2) -do - echo -n "$i " -done -echo "" - -# TODO: Test Signature - # Gen key: Public Key GNS zone type value + d in crockford encoding - # Create new ego with key - # Check if signaure is valid using openssh - # Check if signaure is valid with test vektor diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c index 0ac6e2865..b8374537f 100644 --- a/src/util/crypto_ecc.c +++ b/src/util/crypto_ecc.c @@ -621,7 +621,7 @@ GNUNET_CRYPTO_eddsa_signature_encode ( { return GNUNET_STRINGS_base64url_encode ( (void*) sig, - 32, + 64, sig_str); } @@ -643,7 +643,7 @@ GNUNET_CRYPTO_ecdsa_signature_encode ( { return GNUNET_STRINGS_base64url_encode ( (void*) sig, - 32, + 64, sig_str); } |