- siop for reclaim; A rest endpoint that signs stuff

5 files changed, 261 insertions, 0 deletions

diff --git a/src/identity/plugin_rest_identity.c b/src/identity/plugin_rest_identity.c
index d7cd0e826..ba0aa82f1 100644
--- a/src/identity/plugin_rest_identity.c
+++ b/src/identity/plugin_rest_identity.c
@@ -28,6 +28,8 @@
 #include "gnunet_rest_plugin.h"
 #include "gnunet_identity_service.h"
 #include "gnunet_rest_lib.h"
+#include "identity.h"
+#include "gnunet_crypto_lib.h"
 #include "microhttpd.h"
 #include <jansson.h>
 
@@ -52,6 +54,11 @@
 #define GNUNET_REST_API_NS_IDENTITY_SUBSYSTEM "/identity/subsystem"
 
 /**
+ * Identity Namespace with sign specifier
+ */
+#define GNUNET_REST_API_NS_SIGN "/sign"
+
+/**
  * Parameter public key
  */
 #define GNUNET_REST_IDENTITY_PARAM_PUBKEY "pubkey"
@@ -1185,6 +1192,117 @@ ego_delete_name (struct GNUNET_REST_RequestHandle *con_handle,
                                        handle);
 }
 
+struct ego_sign_data_cls
+{
+  void *data;
+  struct RequestHandle *handle;
+};
+
+void
+ego_sign_data_cb (void *cls, struct GNUNET_IDENTITY_Ego *ego)
+{
+  struct RequestHandle *handle = ((struct ego_sign_data_cls *) cls)->handle;
+  char *data = (char *) ((struct ego_sign_data_cls *) cls)->data; // data is url decoded
+  struct MHD_Response *resp;
+  struct GNUNET_CRYPTO_EcdsaSignature sig;
+  struct GNUNET_IDENTITY_Signature sig_ident;
+  void *sig_buf;
+  char *sig_str;
+  char *result;
+
+  if (ego == NULL)
+  {
+    handle->response_code = MHD_HTTP_BAD_REQUEST;
+    handle->emsg = GNUNET_strdup ("Ego not found");
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return;
+  }
+
+  if ( GNUNET_OK != GNUNET_CRYPTO_ecdsa_sign_raw (&(ego->pk.ecdsa_key),
+                                                  (void *) data,
+                                                  strlen (data),
+                                                  &sig))
+  {
+    handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+    handle->emsg = GNUNET_strdup ("Signature creation failed");
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return;
+  }
+
+  // TODO: Encode the signature 
+
+  GNUNET_asprintf (&result,
+                   "{\"data\": \"%s\", \"signature\": \"%s\"}",
+                   data,
+                   sig_str);
+
+  resp = GNUNET_REST_create_response (result);
+  handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
+
+  free (data);
+  free (result);
+  free (cls);
+  GNUNET_SCHEDULER_add_now (&cleanup_handle, handle);
+}
+
+/**
+ *
+ * @param con_handle the connection handle
+ * @param url the url
+ * @param cls the RequestHandle
+ */
+void
+ego_sign_data (struct GNUNET_REST_RequestHandle *con_handle,
+               const char *url,
+               void *cls)
+{
+  // TODO: replace with precompiler #define
+  const char *username_key = "user";
+  const char *data_key = "data";
+
+  struct RequestHandle *handle = cls;
+  struct MHD_Response *resp;
+  struct GNUNET_HashCode cache_key_username;
+  struct GNUNET_HashCode cache_key_data;
+  char *username;
+  char *data;
+  char *result;
+
+  struct ego_sign_data_cls *cls2;
+
+  GNUNET_CRYPTO_hash (username_key, strlen (username_key), &cache_key_username);
+  GNUNET_CRYPTO_hash (data_key, strlen (data_key), &cache_key_data);
+
+  if ((GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (
+         handle->rest_handle->url_param_map,
+         &cache_key_username)) ||
+      (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (
+         handle->rest_handle->url_param_map,
+         &cache_key_data)))
+  {
+    handle->response_code = MHD_HTTP_BAD_REQUEST;
+    handle->emsg = GNUNET_strdup ("URL parameter missing");
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return;
+  }
+
+  username = (char *) GNUNET_CONTAINER_multihashmap_get (
+    handle->rest_handle->url_param_map,
+    &cache_key_username);
+
+  data = (char *) GNUNET_CONTAINER_multihashmap_get (
+    handle->rest_handle->url_param_map,
+    &cache_key_data);
+
+  cls2 = malloc (sizeof(struct ego_sign_data_cls));
+  cls2->data = (void *) GNUNET_strdup (data);
+  cls2->handle = handle;
+
+  GNUNET_IDENTITY_ego_lookup (cfg,
+                              username,
+                              ego_sign_data_cb,
+                              cls2);
+}
 
 /**
  * Respond to OPTIONS request
@@ -1335,6 +1453,7 @@ rest_process_request (struct GNUNET_REST_RequestHandle *rest_handle,
       GNUNET_REST_API_NS_IDENTITY_NAME,
       &ego_delete_name },
     { MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY, &options_cont },
+    { MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_SIGN, &ego_sign_data},
     GNUNET_REST_HANDLER_END };
 
 
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 2737ee0e9..69ecf8432 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -1945,6 +1945,21 @@ GNUNET_CRYPTO_ecdsa_sign_ (
   const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
   struct GNUNET_CRYPTO_EcdsaSignature *sig);
 
+/**
+ * @brief 
+ * 
+ * @param priv 
+ * @param data 
+ * @param len 
+ * @param sig 
+ * @return enum GNUNET_GenericReturnValue 
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_ecdsa_sign_raw (
+  const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
+  void *data,
+  size_t len,
+  struct GNUNET_CRYPTO_EcdsaSignature *sig);
 
 /**
  * @ingroup crypto
diff --git a/src/util/Makefile.am b/src/util/Makefile.am
index 9cb7da15b..b86fa0f12 100644
--- a/src/util/Makefile.am
+++ b/src/util/Makefile.am
@@ -292,6 +292,7 @@ check_PROGRAMS = \
  test_container_heap \
  test_crypto_symmetric \
  test_crypto_crc \
+ test_crypto_ecc \
  test_crypto_cs \
  test_crypto_ecdsa \
  test_crypto_eddsa \
@@ -460,6 +461,11 @@ test_crypto_cs_LDADD = \
  libgnunetutil.la \
  -lsodium
 
+test_crypto_ecc_SOURCES = \
+ test_crypto_ecc.c
+test_crypto_ecc_LDADD = \
+ libgnunetutil.la
+
 test_crypto_ecdsa_SOURCES = \
  test_crypto_ecdsa.c
 test_crypto_ecdsa_LDADD = \
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c
index 5b1b579ec..11e882de1 100644
--- a/src/util/crypto_ecc.c
+++ b/src/util/crypto_ecc.c
@@ -594,6 +594,70 @@ GNUNET_CRYPTO_ecdsa_sign_ (
   return GNUNET_OK;
 }
 
+// TODO: Code reuse with GNUNET_CRYPTO_ecdsa_sign_
+// Refactor above as a wrapper around raw 
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_ecdsa_sign_raw (
+  const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
+  void *data,
+  size_t len,
+  struct GNUNET_CRYPTO_EcdsaSignature *sig)
+{
+  struct GNUNET_HashCode hash_code;
+  gcry_sexp_t skey_sexp;
+  gcry_sexp_t sig_sexp;
+  gcry_sexp_t data_sexp;
+  gcry_error_t error;
+  gcry_mpi_t rs[2];
+
+  // Decode private key
+  skey_sexp = decode_private_ecdsa_key (priv);
+
+  // Hash data
+  GNUNET_CRYPTO_hash (data, len, &hash_code);
+  if (0 != (error = gcry_sexp_build (&data_sexp,
+                                  NULL,
+                                  "(data(flags rfc6979)(hash %s %b))",
+                                  "sha512",
+                                  (int) sizeof(hash_code),
+                                  &hash_code)))
+  {
+    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", error);
+    return GNUNET_SYSERR;
+  }
+
+  // Sign Hash
+  if (0 != (error = gcry_pk_sign (&sig_sexp, data_sexp, skey_sexp)))
+  {
+    LOG (GNUNET_ERROR_TYPE_WARNING,
+         _ ("ECC signing failed at %s:%d: %s\n"),
+         __FILE__,
+         __LINE__,
+         gcry_strerror (error));
+    gcry_sexp_release (data_sexp);
+    gcry_sexp_release (skey_sexp);
+    return GNUNET_SYSERR;
+  }
+  gcry_sexp_release (skey_sexp);
+  gcry_sexp_release (data_sexp);
+
+  /* extract 'r' and 's' values from sexpression 'sig_sexp' and store in
+     'signature' */
+  if (0 != (error = key_from_sexp (rs, sig_sexp, "sig-val", "rs")))
+  {
+    GNUNET_break (0);
+    gcry_sexp_release (sig_sexp);
+    return GNUNET_SYSERR;
+  }
+  gcry_sexp_release (sig_sexp);
+  GNUNET_CRYPTO_mpi_print_unsigned (sig->r, sizeof(sig->r), rs[0]);
+  GNUNET_CRYPTO_mpi_print_unsigned (sig->s, sizeof(sig->s), rs[1]);
+  gcry_mpi_release (rs[0]);
+  gcry_mpi_release (rs[1]);
+
+  return GNUNET_OK;
+}
+
 
 enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_eddsa_sign_ (
diff --git a/src/util/test_crypto_ecc.c b/src/util/test_crypto_ecc.c
new file mode 100644
index 000000000..ebfa04c45
--- /dev/null
+++ b/src/util/test_crypto_ecc.c
@@ -0,0 +1,57 @@
+/*
+     This file is part of GNUnet.
+     Copyright (C) 2002-2015 GNUnet e.V.
+
+     GNUnet is free software: you can redistribute it and/or modify it
+     under the terms of the GNU Affero General Public License as published
+     by the Free Software Foundation, either version 3 of the License,
+     or (at your option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Affero General Public License for more details.
+
+     You should have received a copy of the GNU Affero General Public License
+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+     SPDX-License-Identifier: AGPL3.0-or-later
+
+ */
+/**
+ * @file util/test_crypto_ecc.c
+ * @brief test case for crypto_ecc.c GNUNET_CRYPTO_ecdsa_sign_raw() function
+ * @author Tristan Schwieren
+ */
+#include "platform.h"
+#include "gnunet_util_lib.h"
+
+static int
+test_GNUNET_CRYPTO_ecdsa_sign_raw ()
+{
+  struct GNUNET_CRYPTO_EcdsaPrivateKey skey;
+  struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
+  struct GNUNET_CRYPTO_EcdsaSignature sig;
+  const char *test_data = "Hello World!";
+
+  /* Generate keys */
+  GNUNET_CRYPTO_ecdsa_key_create (&skey);
+  GNUNET_CRYPTO_ecdsa_key_get_public (&skey, &pkey);
+
+  GNUNET_assert (GNUNET_OK ==
+                 GNUNET_CRYPTO_ecdsa_sign_raw (&skey,
+                                               test_data,
+                                               strlen (test_data),
+                                               &sig));
+
+  return 0;
+}
+
+int
+main (int argc, char *argv[])
+{
+        return test_GNUNET_CRYPTO_ecdsa_sign_raw ();
+}
+
+
+/* end of test_crypto_ecc.c */