-sign rest api + unfinished test

author: Tristan Schwieren <tristan.schwieren@tum.de> 2022-08-19 17:48:02 +0200
committer: Tristan Schwieren <tristan.schwieren@tum.de> 2022-08-26 17:49:06 +0200
commit: bece25385e2f0d4823de569b8d5c5fb5f50721d7 (patch)
tree: 53f51cf964be8c2535814e36887580ef3694bdcf
parent: 3eab839a585eb5db577a276bad7840f8c4f7c51f (diff)
download: gnunet-bece25385e2f0d4823de569b8d5c5fb5f50721d7.tar.gz
gnunet-bece25385e2f0d4823de569b8d5c5fb5f50721d7.zip
4 files changed, 102 insertions, 10 deletions
diff --git a/src/identity/plugin_rest_identity.c b/src/identity/plugin_rest_identity.c
index ba0aa82f1..06ef7a174 100644
--- a/src/identity/plugin_rest_identity.c
+++ b/src/identity/plugin_rest_identity.c
@@ -1205,8 +1205,6 @@ ego_sign_data_cb (void *cls, struct GNUNET_IDENTITY_Ego *ego)
  char *data = (char *) ((struct ego_sign_data_cls *) cls)->data; // data is url decoded
  struct MHD_Response *resp;
  struct GNUNET_CRYPTO_EcdsaSignature sig;
-  struct GNUNET_IDENTITY_Signature sig_ident;
-  void *sig_buf;
  char *sig_str;
  char *result;
@@ -1230,16 +1228,20 @@ ego_sign_data_cb (void *cls, struct GNUNET_IDENTITY_Ego *ego)
  }
  // TODO: Encode the signature 
+  sig_str = malloc(64);
+  GNUNET_CRYPTO_ecdsa_signature_encode(
+    (const struct GNUNET_CRYPTO_EcdsaSignature *) &sig, 
+    &sig_str);
  GNUNET_asprintf (&result,
-                   "{\"data\": \"%s\", \"signature\": \"%s\"}",
+                   "{\"signature\": \"%s\"}",
-                   data,
                   sig_str);
  resp = GNUNET_REST_create_response (result);
  handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
  free (data);
+  free (sig_str);
  free (result);
  free (cls);
  GNUNET_SCHEDULER_add_now (&cleanup_handle, handle);
diff --git a/src/identity/test_plugin_rest_identity_signature.sh b/src/identity/test_plugin_rest_identity_signature.sh
new file mode 100755
index 000000000..2a56996d5
--- /dev/null
+++ b/src/identity/test_plugin_rest_identity_signature.sh
@@ -0,0 +1,44 @@
+#!/usr/bin/bash
+# https://www.rfc-editor.org/rfc/rfc7515#appendix-A.3
+header='{"alg":"ES256"}'
+payload='{"iss":"joe",\r\n "exp":1300819380,\r\n "http://example.com/is_root":true}'
+header_payload_test=(
+    101 121 74 104 98 71 99 105 79 105 74 70 85 122 73
+    49 78 105 74 57 46 101 121 74 112 99 51 77 105 79 105
+    74 113 98 50 85 105 76 65 48 75 73 67 74 108 101 72
+    65 105 79 106 69 122 77 68 65 52 77 84 107 122 79 68
+    65 115 68 81 111 103 73 109 104 48 100 72 65 54 76
+    121 57 108 101 71 70 116 99 71 120 108 76 109 78 118
+    98 83 57 112 99 49 57 121 98 50 57 48 73 106 112 48
+    99 110 86 108 102 81)
+base64url_encode () {
+    echo -n -e "$1" | base64 -w0 | tr '+/' '-_' | tr -d '='
+}
+# encode header_payload test vektor
+for i in "${header_payload_test[@]}"
+do 
+    header_payload_test_enc+=$(printf "\x$(printf %x $i)")
+done
+header_enc=$(base64url_encode "$header")
+payload_enc=$(base64url_encode "$payload")
+# test base64url encoding and header & payload concatenation
+if [ "$header_enc.$payload_enc" != $header_payload_test_enc ] ; 
+then 
+    exit 1
+fi
+signature_enc=$(curl -s "localhost:7776/sign?user=tristan&data=$header_payload_enc" | jq -r '.signature')
+echo "$header_enc.$payload_enc.$signature_enc"
+# TODO: Test Signature
+    # Gen key: Public Key GNS zone type value + d in crockford encoding
+    # Create new ego with key
+    # Check if signaure is valid using openssh
+    # Check if signaure is valid with test vektor
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 69ecf8432..1d5722450 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -1962,6 +1962,30 @@ GNUNET_CRYPTO_ecdsa_sign_raw (
  struct GNUNET_CRYPTO_EcdsaSignature *sig);
 /**
+ * @brief 
+ * 
+ * @param sig 
+ * @param sig_str 
+ * @return enum GNUNET_GenericReturnValue 
+ */
+size_t
+GNUNET_CRYPTO_ecdsa_signature_encode(
+  const struct GNUNET_CRYPTO_EcdsaSignature *sig,
+  char **sig_str);
+/**
+ * @brief 
+ * 
+ * @param sig_str 
+ * @param sig 
+ * @return enum GNUNET_GenericReturnValue 
+ */
+size_t
+GNUNET_CRYPTO_ecdsa_signature_decode(
+  const char *sig_str,
+  struct GNUNET_CRYPTO_EcdsaSignature *sig);
+/**
 * @ingroup crypto
 * @brief ECDSA sign a given block.
 *
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c
index 11e882de1..36945e291 100644
--- a/src/util/crypto_ecc.c
+++ b/src/util/crypto_ecc.c
@@ -595,7 +595,7 @@ GNUNET_CRYPTO_ecdsa_sign_ (
 }
 // TODO: Code reuse with GNUNET_CRYPTO_ecdsa_sign_
-// Refactor above as a wrapper around raw 
+// Refactor above as a wrapper around raw
 enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecdsa_sign_raw (
  const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
@@ -616,11 +616,11 @@ GNUNET_CRYPTO_ecdsa_sign_raw (
  // Hash data
  GNUNET_CRYPTO_hash (data, len, &hash_code);
  if (0 != (error = gcry_sexp_build (&data_sexp,
-                                  NULL,
+                                     NULL,
-                                  "(data(flags rfc6979)(hash %s %b))",
+                                     "(data(flags rfc6979)(hash %s %b))",
-                                  "sha512",
+                                     "sha512",
-                                  (int) sizeof(hash_code),
+                                     (int) sizeof(hash_code),
-                                  &hash_code)))
+                                     &hash_code)))
  {
    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", error);
    return GNUNET_SYSERR;
@@ -658,6 +658,28 @@ GNUNET_CRYPTO_ecdsa_sign_raw (
  return GNUNET_OK;
 }
+size_t
+GNUNET_CRYPTO_ecdsa_signature_encode (
+  const struct GNUNET_CRYPTO_EcdsaSignature *sig,
+  char **sig_str)
+{
+  return GNUNET_STRINGS_base64url_encode (
+    (void*) sig,
+    32,
+    sig_str);
+}
+size_t
+GNUNET_CRYPTO_ecdsa_signature_decode (
+  const char *sig_str,
+  struct GNUNET_CRYPTO_EcdsaSignature *sig)
+{
+  return GNUNET_STRINGS_base64url_decode (
+    sig_str, 
+    strlen (sig_str),
+    (void **) &sig);
+}
 enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_eddsa_sign_ (
author	Tristan Schwieren <tristan.schwieren@tum.de>	2022-08-19 17:48:02 +0200
committer	Tristan Schwieren <tristan.schwieren@tum.de>	2022-08-26 17:49:06 +0200
commit	bece25385e2f0d4823de569b8d5c5fb5f50721d7 (patch)
tree	53f51cf964be8c2535814e36887580ef3694bdcf
parent	3eab839a585eb5db577a276bad7840f8c4f7c51f (diff)
download	gnunet-bece25385e2f0d4823de569b8d5c5fb5f50721d7.tar.gz gnunet-bece25385e2f0d4823de569b8d5c5fb5f50721d7.zip

diff --git a/src/identity/plugin_rest_identity.c b/src/identity/plugin_rest_identity.c index ba0aa82f1..06ef7a174 100644 --- a/src/identity/plugin_rest_identity.c +++ b/src/identity/plugin_rest_identity.c
@@ -1205,8 +1205,6 @@ ego_sign_data_cb (void cls, struct GNUNET_IDENTITY_Ego ego)
1205	char data = (char ) ((struct ego_sign_data_cls *) cls)->data; // data is url decoded	1205	char data = (char ) ((struct ego_sign_data_cls *) cls)->data; // data is url decoded
1206	struct MHD_Response *resp;	1206	struct MHD_Response *resp;
1207	struct GNUNET_CRYPTO_EcdsaSignature sig;	1207	struct GNUNET_CRYPTO_EcdsaSignature sig;
1208	struct GNUNET_IDENTITY_Signature sig_ident;
1209	void *sig_buf;
1210	char *sig_str;	1208	char *sig_str;
1211	char *result;	1209	char *result;
1212		1210
@@ -1230,16 +1228,20 @@ ego_sign_data_cb (void cls, struct GNUNET_IDENTITY_Ego ego)
1230	}	1228	}
1231		1229
1232	// TODO: Encode the signature	1230	// TODO: Encode the signature
		1231	sig_str = malloc(64);
		1232	GNUNET_CRYPTO_ecdsa_signature_encode(
		1233	(const struct GNUNET_CRYPTO_EcdsaSignature *) &sig,
		1234	&sig_str);
1233		1235
1234	GNUNET_asprintf (&result,	1236	GNUNET_asprintf (&result,
1235	"{\"data\": \"%s\", \"signature\": \"%s\"}",	1237	"{\"signature\": \"%s\"}",
1236	data,
1237	sig_str);	1238	sig_str);
1238		1239
1239	resp = GNUNET_REST_create_response (result);	1240	resp = GNUNET_REST_create_response (result);
1240	handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);	1241	handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
1241		1242
1242	free (data);	1243	free (data);
		1244	free (sig_str);
1243	free (result);	1245	free (result);
1244	free (cls);	1246	free (cls);
1245	GNUNET_SCHEDULER_add_now (&cleanup_handle, handle);	1247	GNUNET_SCHEDULER_add_now (&cleanup_handle, handle);


diff --git a/src/identity/test_plugin_rest_identity_signature.sh b/src/identity/test_plugin_rest_identity_signature.sh new file mode 100755 index 000000000..2a56996d5 --- /dev/null +++ b/src/identity/test_plugin_rest_identity_signature.sh
@@ -0,0 +1,44 @@
		1	#!/usr/bin/bash
		2
		3	# https://www.rfc-editor.org/rfc/rfc7515#appendix-A.3
		4
		5	header='{"alg":"ES256"}'
		6	payload='{"iss":"joe",\r\n "exp":1300819380,\r\n "http://example.com/is_root":true}'
		7
		8	header_payload_test=(
		9	101 121 74 104 98 71 99 105 79 105 74 70 85 122 73
		10	49 78 105 74 57 46 101 121 74 112 99 51 77 105 79 105
		11	74 113 98 50 85 105 76 65 48 75 73 67 74 108 101 72
		12	65 105 79 106 69 122 77 68 65 52 77 84 107 122 79 68
		13	65 115 68 81 111 103 73 109 104 48 100 72 65 54 76
		14	121 57 108 101 71 70 116 99 71 120 108 76 109 78 118
		15	98 83 57 112 99 49 57 121 98 50 57 48 73 106 112 48
		16	99 110 86 108 102 81)
		17
		18	base64url_encode () {
		19	echo -n -e "$1" \| base64 -w0 \| tr '+/' '-_' \| tr -d '='
		20	}
		21
		22	# encode header_payload test vektor
		23	for i in "${header_payload_test[@]}"
		24	do
		25	header_payload_test_enc+=$(printf "\x$(printf %x $i)")
		26	done
		27
		28	header_enc=$(base64url_encode "$header")
		29	payload_enc=$(base64url_encode "$payload")
		30
		31	# test base64url encoding and header & payload concatenation
		32	if [ "$header_enc.$payload_enc" != $header_payload_test_enc ] ;
		33	then
		34	exit 1
		35	fi
		36
		37	signature_enc=$(curl -s "localhost:7776/sign?user=tristan&data=$header_payload_enc" \| jq -r '.signature')
		38	echo "$header_enc.$payload_enc.$signature_enc"
		39
		40	# TODO: Test Signature
		41	# Gen key: Public Key GNS zone type value + d in crockford encoding
		42	# Create new ego with key
		43	# Check if signaure is valid using openssh
		44	# Check if signaure is valid with test vektor


diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 69ecf8432..1d5722450 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h
@@ -1962,6 +1962,30 @@ GNUNET_CRYPTO_ecdsa_sign_raw (
1962	struct GNUNET_CRYPTO_EcdsaSignature *sig);	1962	struct GNUNET_CRYPTO_EcdsaSignature *sig);
1963		1963
1964	/**	1964	/**
		1965	* @brief
		1966	*
		1967	* @param sig
		1968	* @param sig_str
		1969	* @return enum GNUNET_GenericReturnValue
		1970	*/
		1971	size_t
		1972	GNUNET_CRYPTO_ecdsa_signature_encode(
		1973	const struct GNUNET_CRYPTO_EcdsaSignature *sig,
		1974	char **sig_str);
		1975
		1976	/**
		1977	* @brief
		1978	*
		1979	* @param sig_str
		1980	* @param sig
		1981	* @return enum GNUNET_GenericReturnValue
		1982	*/
		1983	size_t
		1984	GNUNET_CRYPTO_ecdsa_signature_decode(
		1985	const char *sig_str,
		1986	struct GNUNET_CRYPTO_EcdsaSignature *sig);
		1987
		1988	/**
1965	* @ingroup crypto	1989	* @ingroup crypto
1966	* @brief ECDSA sign a given block.	1990	* @brief ECDSA sign a given block.
1967	*	1991	*


diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c index 11e882de1..36945e291 100644 --- a/src/util/crypto_ecc.c +++ b/src/util/crypto_ecc.c
@@ -595,7 +595,7 @@ GNUNET_CRYPTO_ecdsa_sign_ (
595	}	595	}
596		596
597	// TODO: Code reuse with GNUNET_CRYPTO_ecdsa_sign_	597	// TODO: Code reuse with GNUNET_CRYPTO_ecdsa_sign_
598	// Refactor above as a wrapper around raw	598	// Refactor above as a wrapper around raw
599	enum GNUNET_GenericReturnValue	599	enum GNUNET_GenericReturnValue
600	GNUNET_CRYPTO_ecdsa_sign_raw (	600	GNUNET_CRYPTO_ecdsa_sign_raw (
601	const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,	601	const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
@@ -616,11 +616,11 @@ GNUNET_CRYPTO_ecdsa_sign_raw (
616	// Hash data	616	// Hash data
617	GNUNET_CRYPTO_hash (data, len, &hash_code);	617	GNUNET_CRYPTO_hash (data, len, &hash_code);
618	if (0 != (error = gcry_sexp_build (&data_sexp,	618	if (0 != (error = gcry_sexp_build (&data_sexp,
619	NULL,	619	NULL,
620	"(data(flags rfc6979)(hash %s %b))",	620	"(data(flags rfc6979)(hash %s %b))",
621	"sha512",	621	"sha512",
622	(int) sizeof(hash_code),	622	(int) sizeof(hash_code),
623	&hash_code)))	623	&hash_code)))
624	{	624	{
625	LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", error);	625	LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", error);
626	return GNUNET_SYSERR;	626	return GNUNET_SYSERR;
@@ -658,6 +658,28 @@ GNUNET_CRYPTO_ecdsa_sign_raw (
658	return GNUNET_OK;	658	return GNUNET_OK;
659	}	659	}
660		660
		661	size_t
		662	GNUNET_CRYPTO_ecdsa_signature_encode (
		663	const struct GNUNET_CRYPTO_EcdsaSignature *sig,
		664	char **sig_str)
		665	{
		666	return GNUNET_STRINGS_base64url_encode (
		667	(void*) sig,
		668	32,
		669	sig_str);
		670	}
		671
		672	size_t
		673	GNUNET_CRYPTO_ecdsa_signature_decode (
		674	const char *sig_str,
		675	struct GNUNET_CRYPTO_EcdsaSignature *sig)
		676	{
		677	return GNUNET_STRINGS_base64url_decode (
		678	sig_str,
		679	strlen (sig_str),
		680	(void **) &sig);
		681	}
		682
661		683
662	enum GNUNET_GenericReturnValue	684	enum GNUNET_GenericReturnValue
663	GNUNET_CRYPTO_eddsa_sign_ (	685	GNUNET_CRYPTO_eddsa_sign_ (