diff options
author | Tristan Schwieren <tristan.schwieren@tum.de> | 2022-01-11 20:56:29 +0100 |
---|---|---|
committer | Tristan Schwieren <tristan.schwieren@tum.de> | 2022-01-11 20:56:29 +0100 |
commit | 42d6905e3d68d9b978ec5854bf2eef6ea86ff02c (patch) | |
tree | 7ec88865a811648a367775af3e8a359cc5d7aa82 | |
parent | 0923829e896d2f06a5cbd488fc899b6455d29454 (diff) | |
download | gnunet-42d6905e3d68d9b978ec5854bf2eef6ea86ff02c.tar.gz gnunet-42d6905e3d68d9b978ec5854bf2eef6ea86ff02c.zip |
-w3cvc custome signature
-rw-r--r-- | src/include/gnunet_reclaim_lib.h | 2 | ||||
-rw-r--r-- | src/include/gnunet_reclaim_plugin.h | 2 | ||||
-rw-r--r-- | src/reclaim/gnunet-service-reclaim_tickets.c | 2 | ||||
-rw-r--r-- | src/reclaim/plugin_reclaim_credential_jwt.c | 2 | ||||
-rw-r--r-- | src/reclaim/plugin_reclaim_credential_vc.c | 71 | ||||
-rw-r--r-- | src/reclaim/reclaim_credential.c | 4 | ||||
-rw-r--r-- | src/reclaim/reclaim_vc_embedded_proof.h | 48 | ||||
-rwxr-xr-x | src/reclaim/test_reclaim_vc.sh | 4 |
8 files changed, 117 insertions, 18 deletions
diff --git a/src/include/gnunet_reclaim_lib.h b/src/include/gnunet_reclaim_lib.h index 33e42fd09..cf22711a8 100644 --- a/src/include/gnunet_reclaim_lib.h +++ b/src/include/gnunet_reclaim_lib.h | |||
@@ -848,7 +848,7 @@ int | |||
848 | GNUNET_RECLAIM_credential_get_presentation ( | 848 | GNUNET_RECLAIM_credential_get_presentation ( |
849 | const struct GNUNET_RECLAIM_Credential *cred, | 849 | const struct GNUNET_RECLAIM_Credential *cred, |
850 | const struct GNUNET_RECLAIM_AttributeList *attrs, | 850 | const struct GNUNET_RECLAIM_AttributeList *attrs, |
851 | const struct GNUNET_IDENTITY_Ego *ego, | 851 | const struct GNUNET_IDENTITY_PrivateKey *pk, |
852 | struct GNUNET_RECLAIM_Presentation **presentation); | 852 | struct GNUNET_RECLAIM_Presentation **presentation); |
853 | 853 | ||
854 | 854 | ||
diff --git a/src/include/gnunet_reclaim_plugin.h b/src/include/gnunet_reclaim_plugin.h index 163995adb..1b293e170 100644 --- a/src/include/gnunet_reclaim_plugin.h +++ b/src/include/gnunet_reclaim_plugin.h | |||
@@ -306,7 +306,7 @@ typedef int (*GNUNET_RECLAIM_CredentialToPresentation) ( | |||
306 | void *cls, | 306 | void *cls, |
307 | const struct GNUNET_RECLAIM_Credential *cred, | 307 | const struct GNUNET_RECLAIM_Credential *cred, |
308 | const struct GNUNET_RECLAIM_AttributeList *attrs, | 308 | const struct GNUNET_RECLAIM_AttributeList *attrs, |
309 | const struct GNUNET_IDENTITY_Ego *ego, | 309 | const struct GNUNET_IDENTITY_PrivateKey *pk, |
310 | struct GNUNET_RECLAIM_Presentation **presentation); | 310 | struct GNUNET_RECLAIM_Presentation **presentation); |
311 | 311 | ||
312 | /** | 312 | /** |
diff --git a/src/reclaim/gnunet-service-reclaim_tickets.c b/src/reclaim/gnunet-service-reclaim_tickets.c index e9e3c3dd1..9d66ea448 100644 --- a/src/reclaim/gnunet-service-reclaim_tickets.c +++ b/src/reclaim/gnunet-service-reclaim_tickets.c | |||
@@ -1527,7 +1527,7 @@ filter_tickets_cb (void *cls, | |||
1527 | if (GNUNET_OK != GNUNET_RECLAIM_credential_get_presentation ( | 1527 | if (GNUNET_OK != GNUNET_RECLAIM_credential_get_presentation ( |
1528 | cred, | 1528 | cred, |
1529 | tih->attrs, | 1529 | tih->attrs, |
1530 | NULL, | 1530 | zone, |
1531 | &presentation)) | 1531 | &presentation)) |
1532 | { | 1532 | { |
1533 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 1533 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
diff --git a/src/reclaim/plugin_reclaim_credential_jwt.c b/src/reclaim/plugin_reclaim_credential_jwt.c index bab8125ad..8bed9aa92 100644 --- a/src/reclaim/plugin_reclaim_credential_jwt.c +++ b/src/reclaim/plugin_reclaim_credential_jwt.c | |||
@@ -438,7 +438,7 @@ enum GNUNET_GenericReturnValue | |||
438 | jwt_create_presentation (void *cls, | 438 | jwt_create_presentation (void *cls, |
439 | const struct GNUNET_RECLAIM_Credential *cred, | 439 | const struct GNUNET_RECLAIM_Credential *cred, |
440 | const struct GNUNET_RECLAIM_AttributeList *attrs, | 440 | const struct GNUNET_RECLAIM_AttributeList *attrs, |
441 | const struct GNUNET_IDENTITY_Ego *ego, | 441 | const struct GNUNET_IDENTITY_PrivateKey *pk, |
442 | struct GNUNET_RECLAIM_Presentation **presentation) | 442 | struct GNUNET_RECLAIM_Presentation **presentation) |
443 | { | 443 | { |
444 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type) | 444 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type) |
diff --git a/src/reclaim/plugin_reclaim_credential_vc.c b/src/reclaim/plugin_reclaim_credential_vc.c index 735e33e78..647c1c8c3 100644 --- a/src/reclaim/plugin_reclaim_credential_vc.c +++ b/src/reclaim/plugin_reclaim_credential_vc.c | |||
@@ -29,6 +29,7 @@ | |||
29 | #include "gnunet_util_lib.h" | 29 | #include "gnunet_util_lib.h" |
30 | #include "gnunet_reclaim_plugin.h" | 30 | #include "gnunet_reclaim_plugin.h" |
31 | #include "gnunet_identity_service.h" | 31 | #include "gnunet_identity_service.h" |
32 | #include "gnunet_signatures.h" | ||
32 | #include <inttypes.h> | 33 | #include <inttypes.h> |
33 | #include <jansson.h> | 34 | #include <jansson.h> |
34 | 35 | ||
@@ -447,31 +448,79 @@ vc_get_expiration_p (void *cls, | |||
447 | } | 448 | } |
448 | } | 449 | } |
449 | 450 | ||
451 | char * | ||
452 | generate_signature_vp(json_t ** pres, | ||
453 | const struct GNUNET_IDENTITY_PrivateKey * pk) | ||
454 | { | ||
455 | char * data; | ||
456 | json_t * proof; | ||
457 | |||
458 | struct GNUNET_IDENTITY_Signature sig; | ||
459 | ssize_t sig_size; | ||
460 | |||
461 | struct GNUNET_CRYPTO_EccSignaturePurpose * sig_purpose; | ||
462 | ssize_t sig_purpose_size; | ||
463 | |||
464 | void * sig_buf; | ||
465 | ssize_t sig_buf_size; | ||
466 | |||
467 | char * sig_str; | ||
468 | ssize_t sig_str_size; | ||
469 | |||
470 | char * sig_str_final; | ||
471 | |||
472 | // Add empty signature key-value -> encode json -> delete empty signature key-value | ||
473 | // FIXME: Needs a real Canonicalization Scheme | ||
474 | proof = json_object_get(*pres, "proof"); | ||
475 | json_object_set(proof, "signature", json_string("")); | ||
476 | data = json_dumps(*pres, JSON_COMPACT); | ||
477 | json_object_del(proof, "signature"); | ||
478 | |||
479 | // Generate Signature | ||
480 | sig_purpose_size = sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) + strlen(data); | ||
481 | sig_purpose = malloc(sig_purpose_size); | ||
482 | sig_purpose->size = htonl(sig_purpose_size); | ||
483 | sig_purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_TEST); | ||
484 | memcpy(&sig_purpose[1], (void *) data, strlen(data)); | ||
485 | |||
486 | GNUNET_IDENTITY_sign_(pk, | ||
487 | sig_purpose, | ||
488 | &sig); | ||
489 | |||
490 | free(sig_purpose); | ||
491 | |||
492 | // Convert Signature to string | ||
493 | sig_size = GNUNET_IDENTITY_signature_get_length(&sig); | ||
494 | sig_buf = malloc(sig_size); | ||
495 | sig_buf_size = GNUNET_IDENTITY_write_signature_to_buffer(&sig, sig_buf, sig_size); | ||
496 | sig_str_size = GNUNET_STRINGS_base64_encode(sig_buf, sig_buf_size, &sig_str); | ||
497 | free(sig_buf); | ||
498 | |||
499 | // sprintf(sig_str_final, "Pls %zu help, %zu Im %zu lost\n", sig_size, sig_buf_size, sig_str_size); | ||
500 | return sig_str; | ||
501 | } | ||
450 | 502 | ||
451 | enum GNUNET_GenericReturnValue | 503 | enum GNUNET_GenericReturnValue |
452 | vc_create_presentation (void *cls, | 504 | vc_create_presentation (void *cls, |
453 | const struct GNUNET_RECLAIM_Credential *cred, | 505 | const struct GNUNET_RECLAIM_Credential *cred, |
454 | const struct GNUNET_RECLAIM_AttributeList *attrs, | 506 | const struct GNUNET_RECLAIM_AttributeList *attrs, |
455 | const struct GNUNET_IDENTITY_Ego *ego, | 507 | const struct GNUNET_IDENTITY_PrivateKey *pk, |
456 | struct GNUNET_RECLAIM_Presentation **presentation) | 508 | struct GNUNET_RECLAIM_Presentation **presentation) |
457 | { | 509 | { |
458 | // Check if Ego has a DID Docuement | ||
459 | // Get date string for now | ||
460 | json_t * root; | 510 | json_t * root; |
461 | json_t * context_array; | 511 | json_t * context_array; |
462 | json_t * credential_array; | 512 | json_t * credential_array; |
463 | json_t * credential; | 513 | json_t * credential; |
464 | json_t * proof; | 514 | json_t * proof; |
465 | 515 | ||
466 | struct GNUNET_IDENTITY_PublicKey pkey; | 516 | char * pk_str; |
467 | GNUNET_IDENTITY_ego_get_public_key(ego, &pkey); | ||
468 | |||
469 | printf("DEBUG - %s\n", GNUNET_IDENTITY_public_key_to_string(&pkey)); | ||
470 | |||
471 | char * json_str; | 517 | char * json_str; |
472 | char * presentation_str; | 518 | char * presentation_str; |
519 | char * sig; | ||
473 | const char * now; | 520 | const char * now; |
474 | 521 | ||
522 | pk_str = GNUNET_IDENTITY_private_key_to_string(pk); | ||
523 | |||
475 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_VC != cred->type) | 524 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_VC != cred->type) |
476 | return GNUNET_NO; | 525 | return GNUNET_NO; |
477 | 526 | ||
@@ -491,13 +540,15 @@ vc_create_presentation (void *cls, | |||
491 | json_object_set(root, "verifiableCredential", credential_array); | 540 | json_object_set(root, "verifiableCredential", credential_array); |
492 | 541 | ||
493 | proof = json_object(); | 542 | proof = json_object(); |
494 | json_object_set(proof, "type", json_string("EDdSASignature2021")); | 543 | json_object_set(proof, "type", json_string("ReclaimPresentationSig2022")); |
495 | json_object_set(proof, "created", json_string(now)); | 544 | json_object_set(proof, "created", json_string(now)); |
496 | json_object_set(proof, "proofPurpose", json_string("assertionMethod")); | 545 | json_object_set(proof, "proofPurpose", json_string("assertionMethod")); |
497 | json_object_set(proof, "verificationMethod", json_string("did:reclaim:1234#key-1")); | 546 | json_object_set(proof, "verificationMethod", json_string("did:reclaim:1234#key-1")); |
498 | json_object_set(proof, "signature", json_string("abc")); | ||
499 | json_object_set(root, "proof", proof); | 547 | json_object_set(root, "proof", proof); |
500 | 548 | ||
549 | sig = generate_signature_vp(&root, pk); | ||
550 | json_object_set(proof, "signature", json_string(sig)); | ||
551 | |||
501 | // Encode JSON and append \0 character | 552 | // Encode JSON and append \0 character |
502 | json_str = json_dumps(root, JSON_INDENT(2)); | 553 | json_str = json_dumps(root, JSON_INDENT(2)); |
503 | presentation_str = malloc(strlen(json_str) + 1); | 554 | presentation_str = malloc(strlen(json_str) + 1); |
diff --git a/src/reclaim/reclaim_credential.c b/src/reclaim/reclaim_credential.c index 6d4707fb1..0907dc7c6 100644 --- a/src/reclaim/reclaim_credential.c +++ b/src/reclaim/reclaim_credential.c | |||
@@ -1045,7 +1045,7 @@ int | |||
1045 | GNUNET_RECLAIM_credential_get_presentation ( | 1045 | GNUNET_RECLAIM_credential_get_presentation ( |
1046 | const struct GNUNET_RECLAIM_Credential *cred, | 1046 | const struct GNUNET_RECLAIM_Credential *cred, |
1047 | const struct GNUNET_RECLAIM_AttributeList *attrs, | 1047 | const struct GNUNET_RECLAIM_AttributeList *attrs, |
1048 | const struct GNUNET_IDENTITY_Ego *ego, | 1048 | const struct GNUNET_IDENTITY_PrivateKey *pk, |
1049 | struct GNUNET_RECLAIM_Presentation **presentation) | 1049 | struct GNUNET_RECLAIM_Presentation **presentation) |
1050 | { | 1050 | { |
1051 | unsigned int i; | 1051 | unsigned int i; |
@@ -1057,7 +1057,7 @@ GNUNET_RECLAIM_credential_get_presentation ( | |||
1057 | if (GNUNET_OK != plugin->api->create_presentation (plugin->api->cls, | 1057 | if (GNUNET_OK != plugin->api->create_presentation (plugin->api->cls, |
1058 | cred, | 1058 | cred, |
1059 | attrs, | 1059 | attrs, |
1060 | ego, | 1060 | pk, |
1061 | presentation)) | 1061 | presentation)) |
1062 | continue; | 1062 | continue; |
1063 | (*presentation)->credential_id = cred->id; | 1063 | (*presentation)->credential_id = cred->id; |
diff --git a/src/reclaim/reclaim_vc_embedded_proof.h b/src/reclaim/reclaim_vc_embedded_proof.h new file mode 100644 index 000000000..87bb0cb1b --- /dev/null +++ b/src/reclaim/reclaim_vc_embedded_proof.h | |||
@@ -0,0 +1,48 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet | ||
3 | Copyright (C) 2022 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file reclaim/reclaim_vc_embedded_proof.c | ||
23 | * @author Tristan Schwieren | ||
24 | */ | ||
25 | |||
26 | #include "gnunet_util_lib.h" | ||
27 | #include "gnunet_identity_service.h" | ||
28 | #include "gnunet_signatures.h" | ||
29 | #include "gnunet_strings_lib.h" | ||
30 | #include <jansson.h> | ||
31 | |||
32 | |||
33 | /** | ||
34 | * @brief Genereate the missing signature for a verifiable presentation | ||
35 | * @param pres A verifiable presentation with an empty signature field | ||
36 | * @param pk The private key which is used to generate the Signature | ||
37 | * @param result The verifiable presentation containing a valid signature is returned | ||
38 | */ | ||
39 | char * | ||
40 | generate_signature_vp(json_t * pres, | ||
41 | const struct GNUNET_IDENTITY_PrivateKey * pk); | ||
42 | |||
43 | /** | ||
44 | * @brief Verfiy the the Proof of the verfiable presentation | ||
45 | * @return Return 1 if the verfiable Presentation has been issued by the subject and not been manipulated in any way. Return 0 if not | ||
46 | */ | ||
47 | int | ||
48 | verify_vp(char * vp); \ No newline at end of file | ||
diff --git a/src/reclaim/test_reclaim_vc.sh b/src/reclaim/test_reclaim_vc.sh index 3412fa5c6..503b2d616 100755 --- a/src/reclaim/test_reclaim_vc.sh +++ b/src/reclaim/test_reclaim_vc.sh | |||
@@ -4,8 +4,8 @@ ego2="ego2_$(tr -dc a-z </dev/urandom | head -c 8 ; echo '')" | |||
4 | test_vc='{"@context":["https://www.w3.org/2018/credentials/v1"],"type":["VerifiableCredential"],"issuer":"did:reclaim:1234","issuanceDate":"2018-02-24T05:28:04Z","expirationDate":"2025-02-24T00:00:00Z","credentialSubject":{"id":"did:example:abcdef1234567","name":"Tristan"},"proof":{"type":"RsaSignature2018","created":"2017-06-18T21:19:10Z","proofPurpose":"assertionMethod","verificationMethod":"did:reclaim:1234#key-1","proof":"abc"}}' | 4 | test_vc='{"@context":["https://www.w3.org/2018/credentials/v1"],"type":["VerifiableCredential"],"issuer":"did:reclaim:1234","issuanceDate":"2018-02-24T05:28:04Z","expirationDate":"2025-02-24T00:00:00Z","credentialSubject":{"id":"did:example:abcdef1234567","name":"Tristan"},"proof":{"type":"RsaSignature2018","created":"2017-06-18T21:19:10Z","proofPurpose":"assertionMethod","verificationMethod":"did:reclaim:1234#key-1","proof":"abc"}}' |
5 | 5 | ||
6 | # Create Identities | 6 | # Create Identities |
7 | gnunet-identity -C $ego1 | 7 | gnunet-identity -C $ego1 --eddsa |
8 | gnunet-identity -C $ego2 | 8 | gnunet-identity -C $ego2 --eddsa |
9 | 9 | ||
10 | ego1_id=$(gnunet-identity -d | grep $ego1 | sed 's/.*- \(.*\) -.*/\1/') | 10 | ego1_id=$(gnunet-identity -d | grep $ego1 | sed 's/.*- \(.*\) -.*/\1/') |
11 | ego2_id=$(gnunet-identity -d | grep $ego2 | sed 's/.*- \(.*\) -.*/\1/') | 11 | ego2_id=$(gnunet-identity -d | grep $ego2 | sed 's/.*- \(.*\) -.*/\1/') |