-w3cvc custome signature

8 files changed, 117 insertions, 18 deletions

diff --git a/src/include/gnunet_reclaim_lib.h b/src/include/gnunet_reclaim_lib.h
index 33e42fd09..cf22711a8 100644
--- a/src/include/gnunet_reclaim_lib.h
+++ b/src/include/gnunet_reclaim_lib.h
@@ -848,7 +848,7 @@ int
 GNUNET_RECLAIM_credential_get_presentation (
                               const struct GNUNET_RECLAIM_Credential *cred,
                               const struct GNUNET_RECLAIM_AttributeList *attrs,
-                              const struct GNUNET_IDENTITY_Ego *ego,
+                              const struct GNUNET_IDENTITY_PrivateKey *pk,
                               struct GNUNET_RECLAIM_Presentation **presentation);
 
 
diff --git a/src/include/gnunet_reclaim_plugin.h b/src/include/gnunet_reclaim_plugin.h
index 163995adb..1b293e170 100644
--- a/src/include/gnunet_reclaim_plugin.h
+++ b/src/include/gnunet_reclaim_plugin.h
@@ -306,7 +306,7 @@ typedef int (*GNUNET_RECLAIM_CredentialToPresentation) (
   void *cls,
   const struct GNUNET_RECLAIM_Credential *cred,
   const struct GNUNET_RECLAIM_AttributeList *attrs,
-  const struct GNUNET_IDENTITY_Ego *ego,
+  const struct GNUNET_IDENTITY_PrivateKey *pk,
   struct GNUNET_RECLAIM_Presentation **presentation);
 
 /**
diff --git a/src/reclaim/gnunet-service-reclaim_tickets.c b/src/reclaim/gnunet-service-reclaim_tickets.c
index e9e3c3dd1..9d66ea448 100644
--- a/src/reclaim/gnunet-service-reclaim_tickets.c
+++ b/src/reclaim/gnunet-service-reclaim_tickets.c
@@ -1527,7 +1527,7 @@ filter_tickets_cb (void *cls,
         if (GNUNET_OK != GNUNET_RECLAIM_credential_get_presentation (
               cred,
               tih->attrs,
-              NULL,
+              zone,
               &presentation))
         {
           GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
diff --git a/src/reclaim/plugin_reclaim_credential_jwt.c b/src/reclaim/plugin_reclaim_credential_jwt.c
index bab8125ad..8bed9aa92 100644
--- a/src/reclaim/plugin_reclaim_credential_jwt.c
+++ b/src/reclaim/plugin_reclaim_credential_jwt.c
@@ -438,7 +438,7 @@ enum GNUNET_GenericReturnValue
 jwt_create_presentation (void *cls,
                          const struct GNUNET_RECLAIM_Credential *cred,
                          const struct GNUNET_RECLAIM_AttributeList *attrs,
-                         const struct GNUNET_IDENTITY_Ego *ego,
+                         const struct GNUNET_IDENTITY_PrivateKey *pk,
                          struct GNUNET_RECLAIM_Presentation **presentation)
 {
   if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type)
diff --git a/src/reclaim/plugin_reclaim_credential_vc.c b/src/reclaim/plugin_reclaim_credential_vc.c
index 735e33e78..647c1c8c3 100644
--- a/src/reclaim/plugin_reclaim_credential_vc.c
+++ b/src/reclaim/plugin_reclaim_credential_vc.c
@@ -29,6 +29,7 @@
 #include "gnunet_util_lib.h"
 #include "gnunet_reclaim_plugin.h"
 #include "gnunet_identity_service.h"
+#include "gnunet_signatures.h"
 #include <inttypes.h>
 #include <jansson.h>
 
@@ -447,31 +448,79 @@ vc_get_expiration_p (void *cls,
   }
 }
 
+char * 
+generate_signature_vp(json_t ** pres, 
+                      const struct GNUNET_IDENTITY_PrivateKey * pk)
+{
+    char * data;
+    json_t * proof;
+
+    struct GNUNET_IDENTITY_Signature sig;
+    ssize_t sig_size;
+
+    struct GNUNET_CRYPTO_EccSignaturePurpose * sig_purpose;
+    ssize_t sig_purpose_size;
+
+    void * sig_buf;
+    ssize_t sig_buf_size;
+
+    char * sig_str;
+    ssize_t sig_str_size;
+
+    char * sig_str_final;
+
+    // Add empty signature key-value -> encode json -> delete empty signature key-value
+    // FIXME: Needs a real Canonicalization Scheme 
+    proof = json_object_get(*pres, "proof");
+    json_object_set(proof, "signature", json_string(""));
+    data = json_dumps(*pres, JSON_COMPACT);
+    json_object_del(proof, "signature");
+
+    // Generate Signature
+    sig_purpose_size = sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) + strlen(data);
+    sig_purpose = malloc(sig_purpose_size);
+    sig_purpose->size = htonl(sig_purpose_size);
+    sig_purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_TEST); 
+    memcpy(&sig_purpose[1], (void *) data, strlen(data));
+
+    GNUNET_IDENTITY_sign_(pk, 
+                         sig_purpose, 
+                         &sig);
+                    
+    free(sig_purpose);
+
+    // Convert Signature to string
+    sig_size = GNUNET_IDENTITY_signature_get_length(&sig);
+    sig_buf = malloc(sig_size);
+    sig_buf_size = GNUNET_IDENTITY_write_signature_to_buffer(&sig, sig_buf, sig_size);
+    sig_str_size = GNUNET_STRINGS_base64_encode(sig_buf, sig_buf_size, &sig_str);
+    free(sig_buf);
+
+    // sprintf(sig_str_final, "Pls %zu help, %zu Im %zu lost\n", sig_size, sig_buf_size, sig_str_size);
+    return sig_str;
+}
 
 enum GNUNET_GenericReturnValue
 vc_create_presentation (void *cls,
                          const struct GNUNET_RECLAIM_Credential *cred,
                          const struct GNUNET_RECLAIM_AttributeList *attrs,
-                         const struct GNUNET_IDENTITY_Ego *ego,
+                         const struct GNUNET_IDENTITY_PrivateKey *pk,
                          struct GNUNET_RECLAIM_Presentation **presentation)
 {
-  // Check if Ego has a DID Docuement
-  // Get date string for now
   json_t * root;
   json_t * context_array;
   json_t * credential_array;
   json_t * credential;
   json_t * proof;
 
-  struct GNUNET_IDENTITY_PublicKey pkey;
-  GNUNET_IDENTITY_ego_get_public_key(ego, &pkey);
-  
-  printf("DEBUG - %s\n", GNUNET_IDENTITY_public_key_to_string(&pkey));
-
+  char * pk_str;
   char * json_str;
   char * presentation_str;
+  char * sig;
   const char * now;
 
+  pk_str = GNUNET_IDENTITY_private_key_to_string(pk);
+
   if (GNUNET_RECLAIM_CREDENTIAL_TYPE_VC != cred->type)
     return GNUNET_NO;
 
@@ -491,13 +540,15 @@ vc_create_presentation (void *cls,
   json_object_set(root, "verifiableCredential", credential_array);
 
   proof = json_object();
-  json_object_set(proof, "type", json_string("EDdSASignature2021"));
+  json_object_set(proof, "type", json_string("ReclaimPresentationSig2022"));
   json_object_set(proof, "created", json_string(now));
   json_object_set(proof, "proofPurpose", json_string("assertionMethod"));
   json_object_set(proof, "verificationMethod", json_string("did:reclaim:1234#key-1"));
-  json_object_set(proof, "signature", json_string("abc"));
   json_object_set(root, "proof", proof);
 
+  sig = generate_signature_vp(&root, pk);
+  json_object_set(proof, "signature", json_string(sig));
+
   // Encode JSON and append \0 character
   json_str = json_dumps(root, JSON_INDENT(2));
   presentation_str = malloc(strlen(json_str) + 1);
diff --git a/src/reclaim/reclaim_credential.c b/src/reclaim/reclaim_credential.c
index 6d4707fb1..0907dc7c6 100644
--- a/src/reclaim/reclaim_credential.c
+++ b/src/reclaim/reclaim_credential.c
@@ -1045,7 +1045,7 @@ int
 GNUNET_RECLAIM_credential_get_presentation (
   const struct GNUNET_RECLAIM_Credential *cred,
   const struct GNUNET_RECLAIM_AttributeList *attrs,
-  const struct GNUNET_IDENTITY_Ego *ego,
+  const struct GNUNET_IDENTITY_PrivateKey *pk,
   struct GNUNET_RECLAIM_Presentation **presentation)
 {
   unsigned int i;
@@ -1057,7 +1057,7 @@ GNUNET_RECLAIM_credential_get_presentation (
     if (GNUNET_OK !=  plugin->api->create_presentation (plugin->api->cls,
                                                         cred,
                                                         attrs,
-                                                        ego,
+                                                        pk,
                                                         presentation))
       continue;
     (*presentation)->credential_id = cred->id;
diff --git a/src/reclaim/reclaim_vc_embedded_proof.h b/src/reclaim/reclaim_vc_embedded_proof.h
new file mode 100644
index 000000000..87bb0cb1b
--- /dev/null
+++ b/src/reclaim/reclaim_vc_embedded_proof.h
@@ -0,0 +1,48 @@
+/*
+     This file is part of GNUnet
+     Copyright (C) 2022 GNUnet e.V.
+
+     GNUnet is free software: you can redistribute it and/or modify it
+     under the terms of the GNU Affero General Public License as published
+     by the Free Software Foundation, either version 3 of the License,
+     or (at your option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Affero General Public License for more details.
+
+     You should have received a copy of the GNU Affero General Public License
+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+
+/**
+ * @file reclaim/reclaim_vc_embedded_proof.c
+ * @author Tristan Schwieren
+ */
+
+#include "gnunet_util_lib.h"
+#include "gnunet_identity_service.h"
+#include "gnunet_signatures.h"
+#include "gnunet_strings_lib.h"
+#include <jansson.h>
+
+
+/**
+ * @brief Genereate the missing signature for a verifiable presentation
+ * @param pres A verifiable presentation with an empty signature field
+ * @param pk The private key which is used to generate the Signature
+ * @param result The verifiable presentation containing a valid signature is returned
+ */
+char * 
+generate_signature_vp(json_t * pres, 
+                      const struct GNUNET_IDENTITY_PrivateKey * pk);
+
+/**
+ * @brief Verfiy the the Proof of the verfiable presentation
+ * @return Return 1 if the verfiable Presentation has been issued by the subject and not been manipulated in any way. Return 0 if not
+ */
+int 
+verify_vp(char * vp);
\ No newline at end of file
diff --git a/src/reclaim/test_reclaim_vc.sh b/src/reclaim/test_reclaim_vc.sh
index 3412fa5c6..503b2d616 100755
--- a/src/reclaim/test_reclaim_vc.sh
+++ b/src/reclaim/test_reclaim_vc.sh
@@ -4,8 +4,8 @@ ego2="ego2_$(tr -dc a-z </dev/urandom | head -c 8 ; echo '')"
 test_vc='{"@context":["https://www.w3.org/2018/credentials/v1"],"type":["VerifiableCredential"],"issuer":"did:reclaim:1234","issuanceDate":"2018-02-24T05:28:04Z","expirationDate":"2025-02-24T00:00:00Z","credentialSubject":{"id":"did:example:abcdef1234567","name":"Tristan"},"proof":{"type":"RsaSignature2018","created":"2017-06-18T21:19:10Z","proofPurpose":"assertionMethod","verificationMethod":"did:reclaim:1234#key-1","proof":"abc"}}'
 
 # Create Identities 
-gnunet-identity -C $ego1
-gnunet-identity -C $ego2
+gnunet-identity -C $ego1 --eddsa
+gnunet-identity -C $ego2 --eddsa
 
 ego1_id=$(gnunet-identity -d | grep $ego1 | sed 's/.*- \(.*\) -.*/\1/')
 ego2_id=$(gnunet-identity -d | grep $ego2 | sed 's/.*- \(.*\) -.*/\1/')