diff options
author | Tristan Schwieren <tristan.schwieren@tum.de> | 2022-08-19 17:48:02 +0200 |
---|---|---|
committer | Tristan Schwieren <tristan.schwieren@tum.de> | 2022-08-26 17:49:06 +0200 |
commit | bece25385e2f0d4823de569b8d5c5fb5f50721d7 (patch) | |
tree | 53f51cf964be8c2535814e36887580ef3694bdcf | |
parent | 3eab839a585eb5db577a276bad7840f8c4f7c51f (diff) | |
download | gnunet-bece25385e2f0d4823de569b8d5c5fb5f50721d7.tar.gz gnunet-bece25385e2f0d4823de569b8d5c5fb5f50721d7.zip |
-sign rest api + unfinished test
-rw-r--r-- | src/identity/plugin_rest_identity.c | 10 | ||||
-rwxr-xr-x | src/identity/test_plugin_rest_identity_signature.sh | 44 | ||||
-rw-r--r-- | src/include/gnunet_crypto_lib.h | 24 | ||||
-rw-r--r-- | src/util/crypto_ecc.c | 34 |
4 files changed, 102 insertions, 10 deletions
diff --git a/src/identity/plugin_rest_identity.c b/src/identity/plugin_rest_identity.c index ba0aa82f1..06ef7a174 100644 --- a/src/identity/plugin_rest_identity.c +++ b/src/identity/plugin_rest_identity.c | |||
@@ -1205,8 +1205,6 @@ ego_sign_data_cb (void *cls, struct GNUNET_IDENTITY_Ego *ego) | |||
1205 | char *data = (char *) ((struct ego_sign_data_cls *) cls)->data; // data is url decoded | 1205 | char *data = (char *) ((struct ego_sign_data_cls *) cls)->data; // data is url decoded |
1206 | struct MHD_Response *resp; | 1206 | struct MHD_Response *resp; |
1207 | struct GNUNET_CRYPTO_EcdsaSignature sig; | 1207 | struct GNUNET_CRYPTO_EcdsaSignature sig; |
1208 | struct GNUNET_IDENTITY_Signature sig_ident; | ||
1209 | void *sig_buf; | ||
1210 | char *sig_str; | 1208 | char *sig_str; |
1211 | char *result; | 1209 | char *result; |
1212 | 1210 | ||
@@ -1230,16 +1228,20 @@ ego_sign_data_cb (void *cls, struct GNUNET_IDENTITY_Ego *ego) | |||
1230 | } | 1228 | } |
1231 | 1229 | ||
1232 | // TODO: Encode the signature | 1230 | // TODO: Encode the signature |
1231 | sig_str = malloc(64); | ||
1232 | GNUNET_CRYPTO_ecdsa_signature_encode( | ||
1233 | (const struct GNUNET_CRYPTO_EcdsaSignature *) &sig, | ||
1234 | &sig_str); | ||
1233 | 1235 | ||
1234 | GNUNET_asprintf (&result, | 1236 | GNUNET_asprintf (&result, |
1235 | "{\"data\": \"%s\", \"signature\": \"%s\"}", | 1237 | "{\"signature\": \"%s\"}", |
1236 | data, | ||
1237 | sig_str); | 1238 | sig_str); |
1238 | 1239 | ||
1239 | resp = GNUNET_REST_create_response (result); | 1240 | resp = GNUNET_REST_create_response (result); |
1240 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | 1241 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); |
1241 | 1242 | ||
1242 | free (data); | 1243 | free (data); |
1244 | free (sig_str); | ||
1243 | free (result); | 1245 | free (result); |
1244 | free (cls); | 1246 | free (cls); |
1245 | GNUNET_SCHEDULER_add_now (&cleanup_handle, handle); | 1247 | GNUNET_SCHEDULER_add_now (&cleanup_handle, handle); |
diff --git a/src/identity/test_plugin_rest_identity_signature.sh b/src/identity/test_plugin_rest_identity_signature.sh new file mode 100755 index 000000000..2a56996d5 --- /dev/null +++ b/src/identity/test_plugin_rest_identity_signature.sh | |||
@@ -0,0 +1,44 @@ | |||
1 | #!/usr/bin/bash | ||
2 | |||
3 | # https://www.rfc-editor.org/rfc/rfc7515#appendix-A.3 | ||
4 | |||
5 | header='{"alg":"ES256"}' | ||
6 | payload='{"iss":"joe",\r\n "exp":1300819380,\r\n "http://example.com/is_root":true}' | ||
7 | |||
8 | header_payload_test=( | ||
9 | 101 121 74 104 98 71 99 105 79 105 74 70 85 122 73 | ||
10 | 49 78 105 74 57 46 101 121 74 112 99 51 77 105 79 105 | ||
11 | 74 113 98 50 85 105 76 65 48 75 73 67 74 108 101 72 | ||
12 | 65 105 79 106 69 122 77 68 65 52 77 84 107 122 79 68 | ||
13 | 65 115 68 81 111 103 73 109 104 48 100 72 65 54 76 | ||
14 | 121 57 108 101 71 70 116 99 71 120 108 76 109 78 118 | ||
15 | 98 83 57 112 99 49 57 121 98 50 57 48 73 106 112 48 | ||
16 | 99 110 86 108 102 81) | ||
17 | |||
18 | base64url_encode () { | ||
19 | echo -n -e "$1" | base64 -w0 | tr '+/' '-_' | tr -d '=' | ||
20 | } | ||
21 | |||
22 | # encode header_payload test vektor | ||
23 | for i in "${header_payload_test[@]}" | ||
24 | do | ||
25 | header_payload_test_enc+=$(printf "\x$(printf %x $i)") | ||
26 | done | ||
27 | |||
28 | header_enc=$(base64url_encode "$header") | ||
29 | payload_enc=$(base64url_encode "$payload") | ||
30 | |||
31 | # test base64url encoding and header & payload concatenation | ||
32 | if [ "$header_enc.$payload_enc" != $header_payload_test_enc ] ; | ||
33 | then | ||
34 | exit 1 | ||
35 | fi | ||
36 | |||
37 | signature_enc=$(curl -s "localhost:7776/sign?user=tristan&data=$header_payload_enc" | jq -r '.signature') | ||
38 | echo "$header_enc.$payload_enc.$signature_enc" | ||
39 | |||
40 | # TODO: Test Signature | ||
41 | # Gen key: Public Key GNS zone type value + d in crockford encoding | ||
42 | # Create new ego with key | ||
43 | # Check if signaure is valid using openssh | ||
44 | # Check if signaure is valid with test vektor | ||
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 69ecf8432..1d5722450 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h | |||
@@ -1962,6 +1962,30 @@ GNUNET_CRYPTO_ecdsa_sign_raw ( | |||
1962 | struct GNUNET_CRYPTO_EcdsaSignature *sig); | 1962 | struct GNUNET_CRYPTO_EcdsaSignature *sig); |
1963 | 1963 | ||
1964 | /** | 1964 | /** |
1965 | * @brief | ||
1966 | * | ||
1967 | * @param sig | ||
1968 | * @param sig_str | ||
1969 | * @return enum GNUNET_GenericReturnValue | ||
1970 | */ | ||
1971 | size_t | ||
1972 | GNUNET_CRYPTO_ecdsa_signature_encode( | ||
1973 | const struct GNUNET_CRYPTO_EcdsaSignature *sig, | ||
1974 | char **sig_str); | ||
1975 | |||
1976 | /** | ||
1977 | * @brief | ||
1978 | * | ||
1979 | * @param sig_str | ||
1980 | * @param sig | ||
1981 | * @return enum GNUNET_GenericReturnValue | ||
1982 | */ | ||
1983 | size_t | ||
1984 | GNUNET_CRYPTO_ecdsa_signature_decode( | ||
1985 | const char *sig_str, | ||
1986 | struct GNUNET_CRYPTO_EcdsaSignature *sig); | ||
1987 | |||
1988 | /** | ||
1965 | * @ingroup crypto | 1989 | * @ingroup crypto |
1966 | * @brief ECDSA sign a given block. | 1990 | * @brief ECDSA sign a given block. |
1967 | * | 1991 | * |
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c index 11e882de1..36945e291 100644 --- a/src/util/crypto_ecc.c +++ b/src/util/crypto_ecc.c | |||
@@ -595,7 +595,7 @@ GNUNET_CRYPTO_ecdsa_sign_ ( | |||
595 | } | 595 | } |
596 | 596 | ||
597 | // TODO: Code reuse with GNUNET_CRYPTO_ecdsa_sign_ | 597 | // TODO: Code reuse with GNUNET_CRYPTO_ecdsa_sign_ |
598 | // Refactor above as a wrapper around raw | 598 | // Refactor above as a wrapper around raw |
599 | enum GNUNET_GenericReturnValue | 599 | enum GNUNET_GenericReturnValue |
600 | GNUNET_CRYPTO_ecdsa_sign_raw ( | 600 | GNUNET_CRYPTO_ecdsa_sign_raw ( |
601 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, | 601 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, |
@@ -616,11 +616,11 @@ GNUNET_CRYPTO_ecdsa_sign_raw ( | |||
616 | // Hash data | 616 | // Hash data |
617 | GNUNET_CRYPTO_hash (data, len, &hash_code); | 617 | GNUNET_CRYPTO_hash (data, len, &hash_code); |
618 | if (0 != (error = gcry_sexp_build (&data_sexp, | 618 | if (0 != (error = gcry_sexp_build (&data_sexp, |
619 | NULL, | 619 | NULL, |
620 | "(data(flags rfc6979)(hash %s %b))", | 620 | "(data(flags rfc6979)(hash %s %b))", |
621 | "sha512", | 621 | "sha512", |
622 | (int) sizeof(hash_code), | 622 | (int) sizeof(hash_code), |
623 | &hash_code))) | 623 | &hash_code))) |
624 | { | 624 | { |
625 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", error); | 625 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", error); |
626 | return GNUNET_SYSERR; | 626 | return GNUNET_SYSERR; |
@@ -658,6 +658,28 @@ GNUNET_CRYPTO_ecdsa_sign_raw ( | |||
658 | return GNUNET_OK; | 658 | return GNUNET_OK; |
659 | } | 659 | } |
660 | 660 | ||
661 | size_t | ||
662 | GNUNET_CRYPTO_ecdsa_signature_encode ( | ||
663 | const struct GNUNET_CRYPTO_EcdsaSignature *sig, | ||
664 | char **sig_str) | ||
665 | { | ||
666 | return GNUNET_STRINGS_base64url_encode ( | ||
667 | (void*) sig, | ||
668 | 32, | ||
669 | sig_str); | ||
670 | } | ||
671 | |||
672 | size_t | ||
673 | GNUNET_CRYPTO_ecdsa_signature_decode ( | ||
674 | const char *sig_str, | ||
675 | struct GNUNET_CRYPTO_EcdsaSignature *sig) | ||
676 | { | ||
677 | return GNUNET_STRINGS_base64url_decode ( | ||
678 | sig_str, | ||
679 | strlen (sig_str), | ||
680 | (void **) &sig); | ||
681 | } | ||
682 | |||
661 | 683 | ||
662 | enum GNUNET_GenericReturnValue | 684 | enum GNUNET_GenericReturnValue |
663 | GNUNET_CRYPTO_eddsa_sign_ ( | 685 | GNUNET_CRYPTO_eddsa_sign_ ( |